Prerequisites

Verify the following requirements before installing CloudVision as-a-Service.

Software Requirements

Minimum software requirements are:

  • EOS 4.20 or newer
  • TerminAttr 1.11.1 or newer

Connectivity Requirements

EOS devices need to be able to connect to arista.io on port 443 (apiserver.arista.io:443).
Note: CloudVision as-a-Service only needs port 443 to be opened to initiate a secure connection to an EOS device.

To verify proper connectivity to apiserver.arista.io:443 use the following commands:

  1. Verify proper DNS resolution.
    switch#bash nslookup apiserver.arista.io
    
    Note: If this is unsuccessful please check your DNS server configuration.If no DNS servers are available, add theip name-server configuration as follows:
    switch(config)# ip name-server 8.8.8.8
  2. Verify connectivity to CloudVision Service using the curl command:
    switch# bash 
    [admin@switch]$ curl apiserver.arista.io:443
    curl: (52) Empty reply from server 

    If multiple VRFs are configured, first change the VRF context:

    switch# bash 
    [admin@switch]$ sudo ip netns exec ns-MGMT curl apiserver.arista.io:443
    

Authentication Requirements

CloudVision as-a-Service supports OAuth 2.0 for authorization. OAuth is one of the most common methods used to pass authorization from a single sign-on (SSO) service to another cloud application. While there are many OAuth providers in the market today, CloudVision as-a-Service supports Google OAuth, OneLogin, Okta & Microsoft Azure AD.

Note that CloudVision as-a-Service is transparent to 3rd party MFA (Multi-Factor Authentication) Providers. As long as the customer is using one of the above listed OAuth Providers for identity management, CloudVision Service should be able to authorize against that OAuth provider.

Using Google OAuth or Microsoft Azure AD

Only admin email addresses are required when using Google OAuth or Azure AD as a provider.Select the Sign in with Google or Sign in with Microsoft link at: https://www.arista.io/cv

Not using Google OAuth or Microsoft Azure AD

If you are using Okta, OneLogin, or another OAuth Provider, the following information is required to onboard CloudVision as-a-Service:

  • OAuth Endpoint
  • ClientID
  • ClientSecret

Refer to the respective OAuth Provider documentation for information about obtaining this information.

Your OneLogin or Okta administrator will use this information to add CloudVision to their authorized applications and adjust user permissions to allow access to the service. If you experience any OAuth errors, open an Arista TAC support request for assistance. Provide a the full URL and a screen capture of the output,

Note: Email IDs are case sensitive when used for CloudVision Service login. If the case is First.Last@company.com, it will need to match exactly to the CloudVision Service login.

Once the CloudVision Service account is set up, an Invitation URL will be provided by Arista to login to the CloudVision Service.

For further onboarding procedures see Onboarding Authentication Providers.