Orchestrator administration

This section provides you the information on administrative activities that can be performed on the SD-WAN Orchestrator for On-premises platform.

Software

You can download Citrix SD-WAN appliance software version required for all the appliances in your network and stored in SD-WAN Orchestrator for On-premises. Use the stored software to upgrade your SD-WAN Orchestrator for On-premises software to the latest version.

Publish software

SD-WAN Orchestrator for On-premises allows you to download Citrix SD-WAN appliance software version required for all the appliances in your network. The published software is downloaded and stored in SD-WAN Orchestrator for On-premises. You can further deploy the published software to all the appliances managed by SD-WAN Orchestrator for On-premises.

To publish software, at the network level, navigate to Infrastructure > Orchestrator Administration > Software Images > Appliance.

Publish new software

You can choose a software version to be published from a pre-built list of software versions that are supported by the current SD-WAN Orchestrator for On-premises. For newer software versions that are not available in the list, upgrade to the latest SD-WAN Orchestrator for On-premises release which supports the new software version. For information on upgrading SD-WAN Orchestrator for On-premises, see Software upgrade.

Software versions available

SD-WAN Orchestrator for On-premises downloads Citrix SD-WAN software of the selected version for all the platforms. A progress bar indicates the progress of the publishing process.

Software publish

The published software versions are displayed under Published Software Details. At any given point SD-WAN Orchestrator for On-premises can store up to three published software versions. If you are intending to publish another software version, delete one of the three versions available before beginning the publishing process.

Successfully published software

After the publishing is successful you can deploy, stage, and activate the software to all the appliances on the network from the Network Configuration page. For more information, see Network Configuration. For a successful deployment, ensure that all the appliances are connected to SD-WAN Orchestrator for On-premises. For more details, see Connectivity with Citrix SD-WAN appliances.

Software upgrade

You can upgrade your SD-WAN Orchestrator for On-premises software to the latest version.

NOTE

Download the appropriate SD-WAN Orchestrator for On-premises software package to your local computer. You can download this package from Downloads page.

Perform the following steps to upload and install a new version of the SD-WAN Orchestrator for On-premises software:

  1. In the SD-WAN Orchestrator for On-premises UI, navigate to Infrastructure > Orchestrator Administration > Software Images > Orchestrator.

  2. Click inside the box and select the ctx-onprem-1 (latest date).tar.gz binary file that you have downloaded and saved on your local system.

    Software upgrade

  3. Click Upload to upload the selected software package to the current SD-WAN Orchestrator for On-premises virtual machine.

  4. After the upload completes, click Install.

  5. When prompted to confirm, click Install.

Management settings

Management IP and DNS

After SD-WAN Orchestrator for On-premises Virtual Machine (VM) is deployed and a management IP is configured either manually or through DHCP, you can change the Management IP and DNS settings through SD-WAN Orchestrator for On-premises GUI. SD-WAN Orchestrator for On-premises stack takes about 3 minutes to restart. Once the management IP address is changed the SSH connections get re-established.

To configure/change the management IP and DNS settings, at the network level, navigate to Infrastructure > Orchestrator Administration > Management Settings > Management IP & DNS.

Provide the following details:

  • IP Address: The IP address for SD-WAN Orchestrator for On-premises VM.
  • Gateway IP Address: The Gateway IP address that SD-WAN Orchestrator for On-premises use to communicate with external networks.
  • Subnet Mask: The subnet mask to define the network in which SD-WAN Orchestrator for On-premises is available.
  • Primary DNS: The IP address of the primary DNS server to which all DNS requests from SD-WAN Orchestrator for On-premises are forwarded to.
  • Secondary DNS: The IP address of the secondary DNS server to resolve DNS requests if the primary DNS server is not available.

Management IP address and DNS

NTP settings

You can either set the date and time manually, or use a Network Time Protocol (NTP) server to synchronize the clock time of SD-WAN Orchestrator for On-premises with Coordinated Universal Time (UTC).

To configure NTP server, at the network level, navigate to Infrastructure > Orchestrator Administration > Management Settings > NTP and enable Use NTP server.

Provide the NTP server IP address or domain name. You can provide up to four NTP servers, but ensure that at least one is configured. If one NTP server is down, SD-WAN Orchestrator for On-premises automatically synchronizes with the other NTP server. If you specify a domain name for an NTP server, ensure that the external DNS server is configured to point the domain name to the IP address.

NTP server settings

To configure date and time manually, disable the Use NTP server option and manually select the date and time.

Date and time settings

Select the time zone based on your country/city.

NOTE

Reboot the Orchestrator VM after changing the time zone. Some logs continue to use the previous time zone, until the reboot is done. For instructions, see Reboot Orchestrator VM.

Timezone settings

Remote Authentication Servers

You can configure RADIUS or TACACS+ servers for the users who are authenticated remotely. To use remote authentication, you must specify and configure at least one authentication server.

NOTE

Ensure that the required user accounts are created on the RADIUS or TACACS+ authentication server.

Remote authentication servers

To configure remote authentication, navigate to Infrastructure > Orchestrator Administration > Management Settings > Remote Auth Servers. Click + New. Enter the following details:

  • Enable: Enables remote authentication server configuration.
  • Server Name: The name of the remote authentication server.
  • Server Type: The type of remote authentication server - RADIUS or TACACS+.
  • IP Address: The host IP address for the remote authentication server.
  • Port: The port number for the remote authentication server. The default port for the RADIUS server is 1812 and the TACACS+ server is 49.
  • Server Key and Confirm Server Key: A secret key to use when connecting to the remote authentication server.
  • Authentication Type: (available only for TACACS+ server) Select the encryption method to use to send the user name and password to the TACACS+ server.
    • PAP: Uses Password Authentication Protocol (PAP) to strengthen user authentication by assigning a strong shared secret to the TACACS+ server.
    • ASCII: Uses the ASCII character set to strengthen user authentication by assigning a strong shared secret to the TACACS+ server.
  • Timeout: The time interval (in seconds) to wait for an authentication response from the remote authentication server.

Add remote authentication servers

You can also test the remote server connection. Under Test Remote Server Connection, provide your Username and Password. Select the remote authentication server and click Verify.

Database management

You can create backup of the current database running on SD-WAN Orchestrator for On-premises and later use the backed-up file to restore the same database state.

To create database backup, navigate to Infrastructure > Orchestrator Administration > Database Management. Click Backup.

Click download under the Actions column to download the backed-up database.

Click Upload to browse and upload the downloaded file. You can also drag the downloaded file and drop it on the screen.

To restore, click Restore under the Actions column.

NOTE

  • You can save only one database backup at a time. To replace an existing backup with the latest, delete the existing backup and click Backup.

  • Restore of the database must be done to the same release of Citrix SD-WAN Orchestrator on-premises from where the data backup was taken.

  • The database backup only takes the backup of configuration and statistics. It does not back up the platform related data.

Database management

Orchestrator administration