Building and Managing Multi-site Networks with Ease
As a business grows, IT has to grow. When a company expands from one location to multiple sites, its IT department has to respond with a viable solution. When it comes to setting up and managing hundreds or sometimes even thousands of sites, automation is the key. Using automated tools to build and manage multiple networks will most certainly improve efficiency and alleviate workload, saving both time and money for businesses.
After an organization is created and at least one site is already up and running in NCC, users can proceed to create new sites under the same organization. When creating a new site, users can utilize the site-cloning tool to easily clone the site-wide device configuration settings from an existing site to a new site (See Image 1). This is particularly useful for chain or franchise stores where each location has the same or similar network structure. The tool enables users to clone the existing configurations from one site to another almost instantly without manually entering the same settings every time you have to set up the network for a new location.
Image 1: Site cloning enables users to clone site-wide device configurations from an existing site (London Branch) to a new site (Tokyo Branch) instantly.
The tool enables cloning of:
- Captive portal themes
- Site radio settings
- Site IGMP settings
- Voice VLANs
- Radius policies
- IP filtering rules
- PoE schedule profiles
- Content filtering
- Application patrol
- Network server settings
- Firewall rules, policy routes, and VPN settings as long as VPN is not enabled in the source site
Contrary to the AP and gateway settings that are mostly site-based, the settings for switch ports are device-based. The switch-cloning tool can be used to easily replicate the switch settings between the same model devices across different sites. That is, after the new site(s) have been cloned by using the site-cloning tool, users can proceed with the switch cloning. The switch-cloning tool, which lives under the ‘organization’ tab in the “Configuration management” page, allows users to easily copy the existing switch port settings to the newly-installed devices in the new site(s). Also, when there is a change in the settings, you can leverage this feature to replicate the change to all the devices across different sites under the same organization.
The switch-cloning tool can be used to copy the following attributes between the same model devices:
- Switch port configuration
- Link aggregates
- STP bridge priority
- Mirrored ports
- Access policies
- Port PoE schedule
- Switch IGMP settings
Here is the example (See Image 2): A search for switches of the same model has been done and selected (New York Ave branch, Downtown branch, NJ branch). The configuration of the Brooklyn branch switch will be copied to the 3 switches of the exact same model found by this search.
Image 2: The switch-cloning tool can be used to easily replicate the switch settings between the same model devices across different sites.
Backup and Restore
Once all the sites are deployed and the network is stable, users can make a backup of the settings of all sites under the same organization.
This backup and restore tool is particularly useful when doing a major change to the network. That is, prior to making a change to the network, users can take advantage of the backup feature by making a backup of all sites; and if the change somehow results in unstable network performance or unwanted changes, users can restore the settings back to the previous saved backup version.
The backup creates a snapshot of all the sites’ settings and stores it on the cloud. Users can restore the settings from an existing backup on per-site basis. For example, as shown in Image 3, London office site is restored to the backup “New sites deployed” which includes the latest running configurations
Image 3: The backup and restore tool is particularly useful when doing a major change to the network to make sure users can go back to the previous settings if the change results in unstable network performance.
Similar to switch cloning, the switch requires a dedicated backup and restore tool, which is especially useful for RMA scenarios. You can perform a backup of the original device before sending it back to the manufacturer and apply the same configuration to the replacement device as soon as you receive it to minimize network downtime. In addition, one switch backup can also be applied to many devices for mass deployment, just like the switch cloning tool. For example, as shown in Image 4, users can create a switch backup (Brooklyn deployed) after the initial configuration and then apply the backup to the same switch (Brooklyn switch) if the switch is not performing well after the later change, or to copy the backup configuration to a different switch (New York Ave branch).
Image 4: Users can perform a backup of a switch and restore the settings to many devices of the same model.
Keeping your networks updated and synchronized
At this point, your site networks are up and running with all the settings that you wanted, so what’s next? Most likely, you will have to perform changes to some of the network settings to enhance the security or to include new policies and services. Thankfully, Nebula includes some useful tools to keep your networks synced at all times. As mentioned earlier in the article, don’t forget to leverage the backup & restore features before performing changes.
The synchronization tool, part of the Organization Configuration management, provides users with an easy way to synchronize some of the settings that might change from time to time, such as:
- Site-wide general settings: Device local credentials, Captive portal re-authentication times, and SNMP communities
- SSID settings: Authentication methods, Captive portal themes, and access policies
If the credentials used while connecting through SSH to the Nebula devices need to be updated across all the sites due to security concern, you simply need to:
- Change it in one of the sites
- Access the Synchronization tool menu
- Select Settings as “Site-wide general setting”, the site that has been already modified as a source
- Select the sites that need to be synchronized, and finally click “Sync”, which will update all the selected sites simultaneously.
In the case that one of the SSID’s password, authentication method or captive portal theme needs to be updated or you need to enable a completely new SSID in the networks, the process is similar to changing Settings to “SSIDs”. One site needs to be modified first with the desired changes, and later select it as a source site (Chicago Branch), as shown in Image 5, then select the target sites (London Branch, Taipei Branch, Frankfurt Branch, New York Branch…) and click the “Sync” button. All the SSIDs will be immediately the same across the selected sites.
Image 5: The synchronization tool provides users with an easy way to sync setting, like SSIDs across different sites.
Configuration Template – (Switch global settings)
The configuration template is another tool that will help maintain multiple sites automatically synced while applying setting changes to a master template. Once your networks are deployed, you could create a template using one of the site’s configuration as a base, and bind all the sites that you need to maintain to the template.
Image 6: Creating a new template allows to copy settings from an existing site and bind the needed sites.
Once the sites are bound, every change made on the template will be replicated to these sites. A local override option can be enabled on a bound site, allowing to update its settings, and not applying further changes made on the template until the override is disabled again.
Image 7: While a site is bound and follows a template configuration, its settings are grayed-out. Override can be enabled to allow settings modification, not following the template if any change is applied.
At the time of writing this article, the Configuration template supports switch common settings only, therefore, it is recommended to use if only switch setting changes are needed. Updating the IP filtering rules, PoE schedule profiles or voice VLANs can be easily modified on the template, and instantly sync to all the bound sites without further user intervention.
The configuration template scope will be expanded to cover more settings including Site-wide, APs, Switch ports and Gateways, in the coming releases. The goal is to make it a powerful and complete tool that will help maintain all the networks completely updated under one screen, covering the features in Synchronization and Switch setting clone with automatic changes instead of requiring user interactions.
One of the most competitive advantages of Nebula cloud networking management is the ease of building and managing multi-site networks. Designed with scalability in mind, Nebula can help set up configurations within minutes and push them to thousands of APs, switches, and security gateways with just a few simple clicks.
- Configure the first site that will be used as a source
- Use the site clone tool to replicate sites' setting
- Use the switch clone tool to replicate switch ports settings
- Check if all the settings work
- Use the backup and restore tool to save working settings for sites and switches
- After doing a change, use Synchronizatin and Switch cloning tools to keep all sites updated
- Alternatively, use the configuratin template to keep switch site settings automatically updated
In addition, Nebula is also equipped with the powerful monitoring and troubleshooting tools, such as Organization Overview, VPN members with topology, change logs with alert emails, and many more other useful tools, that all aim to make the multi-site management much easier. IT admins can be ensured that, with the powerful automated and monitoring tools, they can rely on Nebula to build and manage their multi-site networks with ease.
Image 9: Organization Overview provides a quick glance of all the sites status, health, and usage.