Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
SD-WAN Support in MSP Mode
The MSP Managed Service Provider. The Managed Service Provider (MSP) mode is a multi-tenant operational mode that Aruba Central accounts can be converted into, provided these accounts have subscribed to the Aruba Central app. UI groups now support Gateway management in addition to wired and wireless device management. Currently, for MSP UI groups, an MSP administrator can set the group persona to . When this MSP group is mapped to a customer default group, the configurations from the MSP group is percolated to the customer group. Ensure that the MSP account is allow-listed to support Branch Gateway Persona Group and Device type.
The inherited configuration defined at the customer default group can be overridden at the device level.
Assigning a Gateway Persona to an MSP Group
All the MSP groups are automatically assigned the persona when the admin accesses the gateway configuration tab for that group.
Mapping Scenarios for MSP Groups
The following table describes the result of mapping different types of MSP groups to a customer default group.
Table 1: Scenarios for Mapping an MSP Group to a Customer Group for SD -WAN Support
|
MSP Group Persona |
Initial Customer Group Persona |
Mapping Notes |
|---|---|---|
|
Set to Branch Gateway persona. |
No persona defined. |
Mapping is successful. |
|
Set to VPNC persona.
You cannot define a VPNC persona at the MSP level for a group. However, if a group had the VPNC persona already defined at the Enterprise mode and the account is later converted to MSP mode, the VPNC persona is preserved. |
No persona defined. |
Mapping is not allowed.
In the MSP mode, when you display the group dashboard for the VPNC persona, and then click , the following message is displayed: The group's persona is set to vpnc so any configurations made will not be percolated to the customer. |
|
No persona defined. |
No persona defined. |
Mapping is successful. |
|
Set to Branch Gateway persona. |
Set to Branch Gateway persona. |
Mapping is successful. |
|
Set to Branch Gateway persona. |
Set to VPNC persona. |
Mapping is not allowed.
The mapping fails with the following error message: Mapping of MSP to Customer default group (with VPNC persona) is not supported. |
Important Notes for SD-WAN Support in MSP Mode
- Setting the persona type to VPNC persona for an MSP group is not supported during this release.
- A single MSP group can be mapped to a customer default group, also known as a one-to-one mapping.
- Other non-default groups defined at the customer level do not inherit the MSP group configuration.
- The configuration defined at the customer default group can be overridden at the device level.
- Configurations related to SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. services, such as DC preference or SD-WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. global configurations are supported at the customer level for now.
- To see the override configuration at the tenant default group level, run the following: <fqdn>/caas/v1/showcommand/object/committed?node_name=default
- Use the audit trails at the MSP level to debug issues related to configuration percolation. If there is no percolation issue at the MSP level, then the device level configuration sync issue has to be debugged at the customer level.
- If the Gateway persona is not set at the MSP level, the group is called a no-personna group. Currently, MSP supports only the Branch Gateway persona, so if the group is defined with a Branch Gateway persona, it is called a Branch Gateway persona group.
- If an MSP administrator upgrades to the current Aruba Central version and the original configuration contains an MSP gateway group without a persona.
Priority of Configuration Percolation in MSP Mode
For IAPs and switches configured in Aruba Central MSP mode, the following is the order of priority for configuration changes: Device Level > MSP level or Tenant (customer) group level whichever is updated later. This priority order indicates that a property for an IAP or switch that is modified at the tenant level cannot be retained when changes are made at the MSP level. Similarly, the device level override is retained when the configuration is changed at the MSP level or tenant (customer) group level.
For Gateways configured in Aruba Central MSP mode, the following is the order of priority for configuration changes: Device level > Tenant (customer) group level > MSP level. This priority order indicates that a property that is modified at the device level is retained while making any changes at the tenant (customer) level and MSP Level. Similarly any property that is modified at the tenant (customer) group level is retained while making changes at the MSP group level.
For more information, see the topic listed below:
