Verify the following requirements before installing CloudVision as-a-Service.
Minimum software requirements are:
- EOS 4.20 or newer
- TerminAttr 1.11.1 or newer
To verify proper connectivity to apiserver.arista.io:443 use the following commands:
- Verify proper DNS resolution.
switch#bash nslookup apiserver.arista.ioNote: If this is unsuccessful please check your DNS server configuration.If no DNS servers are available, add theip name-server configuration as follows:
switch(config)# ip name-server 126.96.36.199
- Verify connectivity to CloudVision Service using the curl
switch# bash [admin@switch]$ curl apiserver.arista.io:443 curl: (52) Empty reply from server
If multiple VRFs are configured, first change the VRF context:
switch# bash [admin@switch]$ sudo ip netns exec ns-MGMT curl apiserver.arista.io:443
CloudVision as-a-Service supports OAuth 2.0 for authorization. OAuth is one of the most common methods used to pass authorization from a single sign-on (SSO) service to another cloud application. While there are many OAuth providers in the market today, CloudVision as-a-Service supports Google OAuth, OneLogin, Okta & Microsoft Azure AD.
Note that CloudVision as-a-Service is transparent to 3rd party MFA (Multi-Factor Authentication) Providers. As long as the customer is using one of the above listed OAuth Providers for identity management, CloudVision Service should be able to authorize against that OAuth provider.
Using Google OAuth or Microsoft Azure AD
Only admin email addresses are required when using Google OAuth or Azure AD as a provider.Select the Sign in with Google or Sign in with Microsoft link at: https://www.arista.io/cv
Not using Google OAuth or Microsoft Azure AD
If you are using Okta, OneLogin, or another OAuth Provider, the following information is required to onboard CloudVision as-a-Service:
- OAuth Endpoint
Refer to the respective OAuth Provider documentation for information about obtaining this information.
Your OneLogin or Okta administrator will use this information to add CloudVision to their authorized applications and adjust user permissions to allow access to the service. If you experience any OAuth errors, open an Arista TAC support request for assistance. Provide a the full URL and a screen capture of the output,
Once the CloudVision Service account is set up, an Invitation URL will be provided by Arista to login to the CloudVision Service.
For further onboarding procedures see Onboarding Authentication Providers.