Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Administration Portal FAQ

 

This topic presents frequently asked questions and answers about Administration Portal.

How do I get started with Administration Portal?

To get started and quickly learn the basics of Administration Portal, access the Administration Portal Getting Started guide by clicking the help ? icon and selecting Getting Started. For more information, see Administration Portal Getting Started.

How do I log in to Administration Portal?

When a Contrail Service Orchestration (CSO) account is created for you, an account activation e-mail is sent containing:

  • your username (e-mail address you used to create the CSO account).

  • a link to set your password. The link expires in 24 hours or after it is used.

  • a link to the CSO portal.

After setting the password, you can log in using the CSO portal link. You can bookmark the CSO portal link for easy access. For more information, see Accessing Administration Portal.

I forgot my password and I am unable to log in. What should I do?

You can reset your password from the CSO login page. Access the login page and enter your username in the first field (Username). Click the Forgot Password? link and follow the instructions to reset your password.

Are passwords that I configured for tenant users stored in CSO?

If the tenant authentication method is local, the passwords are stored in the CSO database. If the authentication is done by using an single sign-on (SSO) server, the passwords are not stored locally.

Is there a recommended browser for accessing CSO GUIs?

We recommend that you use Google Chrome (Version 60 or later) or Firefox (Version 78 or later) to access CSO GUIs.

What is the character limit for a tenant name?

The tenant name can contain alphanumeric characters and hyphens (-) and must not exceed 32 characters.

Can the same tenant have sites for different types of services?

Yes. While adding a tenant, a Service Provider (SP) or Operating Company (OpCo) administrator user can specify whether the tenant can add sites for one or more of the following services:

  • SD-WAN

  • Next-generation firewall

How do I navigate within Administration Portal?

You can easily navigate within Administration Portal using the left side menu (default) on every page. The actions that you can perform depends on your role and access privileges. For more information, see Administration Portal Overview.

Where can I add sites ? Which users can add sites?

OpCo administrator users can add provider hub sites in Administration Portal. Tenant administrator users can add provider hub, on-premise spoke, cloud spoke, and enterprise hub sites in Customer Portal.

What topologies do SD-WAN sites support?

SD-WAN sites support full-mesh or hub-and-spoke topology.

Where can I upload licenses for devices?

You can upload device licenses from the Licenses page (Administration > Licenses > Device Licenses). For more information, see Uploading a Device License File.

When you deploy a network service on a site, what is the difference between the Save and Deploy buttons?

When you drag and drop a service on to an attachment point, you can specify configuration parameters for the services. After specifying the parameters, click Save to save the configuration without deploying it; you can then deploy the configuration later. Click Deploy to save and deploy the configuration.

What is a provider hub?

A provider hub is a multi-tenant device that can be shared between multiple tenants of an SP Administrator or an OpCo Administrator. In releases earlier than CSO 5.0.0, provider hubs were called cloud hubs.

How can I modify device templates?

SP administrator users can modify device templates. For more information, see Configuring Template Settings in a Device Template. However, the OpCo administrator users can clone the existing device templates from the Device Templates page (Resources > Templates > Device Templates) and modify the cloned templates.

What is the difference between stage-1 and stage-2 configuration?

Stage-1 configuration is the configuration that is pushed to the device when it calls home. Stage-1 configuration enables basic connectivity from the device to CSO.

Stage 2 configuration is the configuration that is pushed to the device after it has connected to CSO.

What is the expected switchover time for traffic that breaches the SLA for WAN links of SD-WAN sites?

Average link metrics are analyzed every minute, and if the traffic violates the SLA, the link is switched in 10 seconds.

How do I monitor the progress of a device activation during stage-1 configuration?

During stage-1 configuration, you can check the progress of device activation by viewing the bootstrap logs from the Jobs page (Monitor > Jobs).

What is the significance of a loopback IP address of the CPE device in case of secure OAM connection?

For secure Operation, Administration, and Maintenance (OAM) communication, the loopback IP address of the CPE device is fixed and unique across the entire deployment, and is always reachable (from CSO) over an IPsec tunnel. Even if the WAN interfaces are behind Network Address Translation (NAT) and are assigned private IP addresses (using Dynamic Host Configuration Protocol [DHCP]), the OAM connectivity between the SD-WAN on-premise spoke site and the provider hub is not impacted. The IPsec tunnel can still be established over the Internet WAN link (including the LTE access type).

What are the prerequisites for an SP administrator to view the OpCo or OpCo tenants?

By default, an SP administrator user does not have access to view OpCos or OpCo tenants. The OpCo administrator must provide the required access privileges to the SP administrator user.

What are the different types of logs available in CSO? For how long are these logs saved?

Table 1 lists the different types of logs and the time duration for which these logs are saved.

Table 1: Logs and Their Retention Period

Log

Description

Retention Period

Apptrack Logs

Traffic logs that are generated by Junos OS devices for events such as session create, session delete, and session update.

1 day

See the Note in this table for on-premises installations.

Audit Logs

A record of activities that affected a specific operation or procedure. Audit logs are useful for tracing events and for maintaining historical data.

Retained for the duration of a tenant in CSO if not purged earlier by the tenant.

Job logs

Provide details of the tasks executed in each workflow; for example, add, edit, delete, clone, and so on.

Retained for the duration of a tenant in CSO.

Junos OS logs

Logs that are generated by the Junos OS devices for events related to firewall, web filtering, Intrusion Prevention System (IPS), and spams.

30 days

See the Note in this table for on-premises installations.

Note: For an on-premises installation, the Apptrack logs and Junos OS logs are stored for the specified number of days or till 70% of the disk space is consumed, whichever is earlier. When 70% of the disk space is consumed, the oldest log record is deleted.