Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
955
Views
0
Helpful
4
Replies

Transfer certificates from one vManage to other

Go to solution
Leftz
Level 4
Level 4

‎03-21-2023 08:42 AM

Hi vManage upgraded or move to a new VM. Are there documents talking about transferring something like certificates, key etc to the new VM? Looks like we can transfer these configuration easily, but for certificate, we have to take care of it in each device. Anyone like to share some information or experience? Thanks

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎03-21-2023 01:06 PM

Hi,

please, note that each node should have its own certificate - it can not be migrated. So, your standby (or newly deployed) VM should have its own certificate.

Regarding router and other controller certificates, vmanage stores only certificate file (private information like private key is stored inside router or other controller OS, vmanage does not know them) and this can be migrated.

In general, there is procedure for disaster recovery where you copy database configuration from old vmanage and restore on the second vmanage (cold standby). Below is the procedure:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/knowledge-base-book.html

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎03-22-2023 01:38 PM

Hi,

actually yes, at virtualization level if you copy/clone/snapshot then the same device will be in environment and nothing is related to be done/change on other nodes (routers ; other controllers).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kanan Huseynli
VIP
VIP

‎03-21-2023 01:06 PM

Hi,

please, note that each node should have its own certificate - it can not be migrated. So, your standby (or newly deployed) VM should have its own certificate.

Regarding router and other controller certificates, vmanage stores only certificate file (private information like private key is stored inside router or other controller OS, vmanage does not know them) and this can be migrated.

In general, there is procedure for disaster recovery where you copy database configuration from old vmanage and restore on the second vmanage (cold standby). Below is the procedure:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/knowledge-base-book.html

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
Leftz
Level 4
Level 4

‎03-22-2023 11:30 AM - edited ‎03-22-2023 11:33 AM

Thank you very much for your reply. You are right.  Once creating a new node for for whatever vManage etc, all other nodes need to make change to respond this change - vmanage change. There is another way that the link does not mention, what i mean is we can clone the the vManage vm. this way something relative with certificate would be copied too and other nodes do not need to make change. Is this right? 

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎03-22-2023 01:38 PM

Hi,

actually yes, at virtualization level if you copy/clone/snapshot then the same device will be in environment and nothing is related to be done/change on other nodes (routers ; other controllers).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
Leftz
Level 4
Level 4

‎03-23-2023 07:54 AM

Great, thank you very much!

0 Helpful
Top