Arista VeloCloud SD-WAN Operator Guide

Version 6.4

Arista Networks

Headquarters: 5453 Great America Parkway, Santa Clara, CA 95054 USA

Phone: +1-408-547-5500

Support: +1-408-547-5502 | +1-866-476-0000 | support@arista.com

Sales: +1-408-547-5501 | +1-866-497-0000 | sales@arista.com

Website: www.arista.com/en/

About Operator Guide

The Arista VeloCloud SD-WAN Operator Guide provides information on configuring and managing Customers and Partners using the Orchestrator. It is intended for Operators and Service Providers familiar with Networking and SD-WAN operations. Beginning with Release 4.4.0, Arista VeloCloud SD-WAN is offered as part of Arista SASE. For SASE documentation, see Arista SASE.

Operator User Journey:

Install SD-WAN Orchestrator
Configure SD-WAN Orchestrator Disaster Recovery
Upload Software Images
Configure System Properties
Configure Operator Users
Configure Operator Profiles
Configure Customers
Configure Partners
Configure User Agreements
Manage Edge Licensing
Provision Edges
Configure Gateways and Gateway Pools
Configure Profiles
Monitor Customers
Monitor and Troubleshoot Gateways
Troubleshoot SD-WAN Orchestrator

What's New in Version 6.4.0

Feature Role Customization Usability Improvements: The Service Permissions tab has been enhanced for better role customization.
Self-Service Orchestrator Branding: Operators can now brand the Orchestrator UI with their company's name, logo, and colors globally.

For a comprehensive list of new and modified features, refer to the VeloCloud SD-WAN 6.4.0 Release Notes.

Overview of Arista VeloCloud SD-WAN Orchestrator

The Arista VeloCloud SD-WAN Orchestrator provides centralized, enterprise-wide installation, configuration, and real-time monitoring, orchestrating data flow through the cloud network. It is available as a web-based user interface for managing Customers, Partners, Operator Users, Gateways and Gateway Pools, and Orchestrator Authentication Modes.

Supported Browsers

The Orchestrator supports the following browsers:

> >

Browser	Version
Google Chrome	77 – 79.0.3945.130
Mozilla Firefox	69.0.2 – 72.0.2
Microsoft Edge	42.17134.1.0 - 44.18362.449.0
Apple Safari	12.1.2 - 13.0.3

Note: For the best experience, Google Chrome or Mozilla Firefox are recommended. Internet Explorer support has been deprecated starting from version 4.0.0.

Operator-level UI Changes

The Arista VeloCloud SD-WAN Orchestrator UI has evolved from a single product portal to a common management system supporting multiple services like SD-WAN, Cloud Web Security, and Secure Access. Future services like Arista Private Mobile Network and Arista Edge Compute Stack will also be integrated. The UI navigation now includes an 'Enterprise Applications (Services)' drop-down menu in the global header for accessing various services and shared settings like User Management, Authentication, and Role Customization.

Software Images

For 5.3.0 and Earlier Versions: This feature moved because Edge-specific features are now under the Operator level to support multiple services. The Operator and other levels were adjusted for the Arista Edge Cloud Orchestrator (VECO) portal.

For 5.4.0 and Later Versions: This feature moved again as the Classic Orchestrator UI could not accommodate multiple services. The new Services tab now hosts SD-WAN features like Software Images, Edge Licensing, Firmware, and Application Maps.

Classic Orchestrator Location: Operator > Software Images

New Orchestrator Location: Operator > Services > Software Images

(For 5.3.0 and earlier versions: Operator > Edge Image Management > Software)

System Properties

This feature's location changed due to improved navigation and organization in the new Orchestrator UI, grouping related features under 'Orchestrator' configuration.

Classic Orchestrator Location: Operator > System Properties

New Orchestrator Location: Operator > Orchestrator > System Properties

Operator Events

This feature moved to the 'Administration' tab for better organization of Operator administration-related features.

Classic Orchestrator Location: Operator > Operator Events

New Orchestrator Location: Operator > Administration > Operator Events

Operator Profiles

This feature moved to the 'Administration' tab for better organization of Operator administration-related features.

Classic Orchestrator Location: Operator > Operator Profiles

New Orchestrator Location: Operator > Administration > Operator Profiles

Operator Users

This feature moved to the 'Administration' tab for better organization of Operator administration-related features.

Classic Orchestrator Location: Operator > Operator Users

New Orchestrator Location: Operator > Administration > Operator Users

Gateway Pools

This feature moved to the 'Gateway Management' tab for a better user experience and organization of Gateway-related features.

Classic Orchestrator Location: Operator > Gateway Pools

New Orchestrator Location: Operator > Gateway Management > Gateway Pools

Gateways

This feature moved to the 'Gateway Management' tab for a better user experience and organization of Gateway-related features.

Classic Orchestrator Location: Operator > Gateways

New Orchestrator Location: Operator > Gateway Management > Gateways

Gateway Diagnostic Bundles

This feature moved to the 'Gateway Management' tab for a better user experience and organization of Gateway-related features.

Classic Orchestrator Location: Operator > Gateway Diagnostic Bundle

New Orchestrator Location: Operator > Gateway Management > Gateway Diagnostic Bundle

Application Maps

This feature moved under the 'Edge Image Management (or Services)' tab within the SD-WAN service, as it is specific to SD-WAN and the new Orchestrator UI supports multiple services.

Classic Orchestrator Location: Operator > Application Maps

New Orchestrator Location: Operator > Services > Application Maps

(For 5.3.0 and earlier versions: Operator > Edge Image Management > Application Maps)

Role Customization (Service Permissions)

Renamed to 'Service Permissions' to accommodate the new Role Builder feature. It allows customization of access levels for each service.

Classic Orchestrator Location: Operator > Role Customization

New Orchestrator Location: Operator > Administration > User Management > Service Permissions

Edge Licensing

This feature moved under the 'Edge Image Management (or Services)' tab within the SD-WAN service for better user experience.

Classic Orchestrator Location: Operator > Edge Licensing

New Orchestrator Location: Operator > Services > Edge Licensing

(For 5.3.0 and earlier versions: Operator > Edge Image Management > Edge Licensing)

CA Summary

Renamed to 'Certificate Authorities' for clearer representation of content.

Classic Orchestrator Location: Operator > CA Summary

New Orchestrator Location: Operator > Orchestrator > Certificate Authorities

Orchestrator Authentication

Reorganized under 'Administration > User Management' for Operators and Partners, and 'Global Settings' for Enterprises, for easier management of user access.

Classic Orchestrator Location: Operator > Orchestrator Authentication

New Orchestrator Location: Operator > Administration > User Management > Authentication

Replication

Moved to improve organization and hierarchy under 'Orchestrator' configuration.

Classic Orchestrator Location: Operator > Replication

New Orchestrator Location: Operator > Orchestrator > Replication

Orchestrator Diagnostics

Moved to improve organization and hierarchy under 'Orchestrator' configuration.

Classic Orchestrator Location: Operator > Orchestrator Diagnostics

New Orchestrator Location: Operator > Orchestrator > Diagnostics

Orchestrator Upgrade

Moved to improve organization and hierarchy under 'Orchestrator' configuration.

Classic Orchestrator Location: Operator > Orchestrator Upgrade

New Orchestrator Location: Operator > Orchestrator > Orchestrator Upgrade

Log in to the Orchestrator Using SSO for Operator User

This section describes how to log in to the Orchestrator using Single Sign On (SSO) as an Operator user. Prerequisites include configuring SSO authentication and setting up users, roles, and OIDC applications in your Identity Provider (IdP). A native Operator Superuser account is required as a system fallback.

Login Procedure:

Launch the Orchestrator application in a web browser.
Click Sign In With Your Identity Provider.
Enter the domain name used for SSO configuration in the Organization Domain text box and click Sign In. The IdP authenticates the user and redirects them to the configured URL.

Once logged in via SSO, users cannot log in again as native users. Users can manage Customers and Partners, configure user accounts, manage gateways, and access software/firmware images. The home page provides access to features via the Global Navigation bar, including a User icon for the 'My Account' page (user information, SSH keys, API tokens) and a Question Mark icon for the in-product Contextual Help Panel.

Configure Advisory Notice and Consent Warning Message

Operators can configure a security administrator-specified advisory notice and consent warning message for Operators, Partners, and Enterprises. To configure this:

Navigate to System Properties in the Operator portal.
Locate and select the login.warning.banner.message system property.
Click Actions > Modify System Property.
Ensure the Data Type is set to JSON.
In the Value text area, modify the JSON structure { "msg": "" } to include the warning message within the quotes.
Ensure Value is Password and Value is Read-only fields are set to 'No'.
Click Update.

The warning message will be displayed before user login for Operators, Partners, and Enterprises.

Monitor Customers

As an Operator, you can monitor the status of your Customers and their connected Edges. Navigate to Customers & Partners > Monitor Customers.

The Customers page displays:

Total Customers: Number of customers managed, with counts for UP, DOWN, and UNACTIVATED statuses. Clicking a status navigates to customer details.
Total Edges: Number of edges associated with customers, with counts for DOWN, DEGRADED, CONNECTED, and UNACTIVATED statuses. Clicking a status shows edge details. Hovering over the down arrow next to edge counts provides specific edge details.

Note: The Orchestrator UI does not auto-refresh; manual window refresh is required.

Manage Customers

The Manage Customers option allows creating new Customers, configuring capabilities, cloning configurations, and managing other customer settings. Navigate to Customers & Partners > Manage Customers.

Available Actions:

Search: Find customers using text or advanced search.
New Customer: Add a new customer.
Clone: Copy existing customer configurations.
Delete: Remove selected customers (ensure all associated Edges are removed first).
Edit Customer System Settings: Modify system settings for a customer.
Stage to Bastion: Stage a customer to the Bastion Orchestrator (requires Bastion Orchestrator feature activation).
More Actions: Unstage from Bastion, Edit Customer Edge Management, Transfer to Partner, Release from Partner, Send Support Email, Assign Operator Profile, Update Edge Image Management, Update Operator Alerts, Update Customer Alerts, Rebalance Gateways, Export All Customers, Export Customers Edge Inventory.

Create New Customer

Operator Super Users and Standard Admins can create new customers. To create a new customer:

Navigate to Customers & Partners > Manage Customers and click New Customer.
Customer Information: Enter Company Name, Account Number, SASE Support Access, SASE User Management Access, and Location details.
Administrative Account: Enter Username, Password, First Name, Last Name, Phone, Mobile Phone, and Contact Email.
Services: Configure global settings like Domain, Gateway Pool, and Feature Access (Role Customization, Premium Service). Configure Service Access for SD-WAN (Default Edge Authentication, Edge Licensing, Stateful Firewall) and Edge Intelligence (Analytics Nodes, Self Healing).
Click Add Customer.

Clone a Customer

Clone configurations from an existing customer to create a new one. This copies enterprise configuration profiles, network services, and objects. Distributed Cost Calculation is not copied. Certain configurations like Edge references, Partner Gateway References, Cloud Security Service, VNF, Authentication services, and NetFlow objects prevent cloning.

Navigate to Customers & Partners > Manage Customers.
Select the customer to clone and click Clone.
Configure Customer Information, Administrative Account, and Services as needed.
Click Add Customer.

Configure Customers

After creating a customer, configure feature options and settings. Navigate to SD-WAN > Global Settings > Customer Configuration.

Service Configuration: Activate or configure services like SD-WAN, Edge Intelligence, SD-WAN Client, and Symantec SSE for VeloCloud.

SD-WAN Configuration: Domain, Default Edge Authentication (Certificate Deactivated, Certificate Acquire, Certificate Required), Edge Licensing, Allow Customer to Manage Software, Operator Profile, Maximum Number of Segments.
Edge Intelligence Configuration: Domain, Analytics Nodes, Self Healing.

Additional Configuration Settings: Global User Agreement Display, Feature Access (Enterprise Auth, Enable Premium Service, Role Customization, Route Backtracking, In-product Contextual Help Panel, Enable Firewall Logging to Orchestrator, Customizable QoE, Enable Classic Orchestrator UI), Delegate Management To Customer, Gateway Pool, Partner Hand Off, Security Policy Hash, Encryption, DH Group, PFS, IPSec SA Lifetime, IKE SA Lifetime, Secure Default Route Override, Edge Network Function Virtualization (NFV), Security VNFs, SD-WAN Settings (OFC Cost Calculation, Multiple-DSCP tags per Flow Path Calculation, Stateful Firewall, Enhanced Firewall Services).

Configure Distributed Cost Calculation

This feature distributes route cost calculation to Edges and Gateways, reducing convergence time and impact when the Orchestrator is unreachable. Requires Edges and Gateways on software version 3.4.0 or later.

Navigate to Global Settings > Customer Configuration > SD-WAN Settings > OFC Cost Calculation.
Select Distributed Cost Calculation or Use NSD Policy.
Click Save Changes.

Note: It is recommended to enable this feature during a maintenance window.

Configure Path Calculation with Multiple DSCP Labels per Flow

This feature allows path calculation for a single flow with multiple DSCP labels, useful when traffic is encapsulated (e.g., GRE/IPsec) and DSCP labels are preserved. It requires enabling the system property session.options.enableFlowParametersConfig to 'True'.

In the Operator portal, go to Orchestrator > System Properties and create the property session.options.enableFlowParametersConfig with value 'True'.
Navigate to Global Settings > Customer Configuration > SD-WAN Settings.
Select the Include DSCP value as part of flow lookup checkbox.
Click Save Changes.

Limitations: Not applicable for direct Internet traffic; intended for Edge-to-Edge tunnels (through Hub, Spoke-to-Hub, Dynamic Branch-to-Branch) and On-Premise deployments where Gateways are control plane only. LAN side NAT might not work as expected with different DSCP markings within the same flow.

Activate on a VeloCloud SD-WAN Edge

VeloCloud Edge Intelligence (EI) is an AIOps solution for enterprise Edge performance, security, and self-healing across wired/wireless LAN, SD-WAN, and SASE. Integration with EI extends visibility from SD-WAN to branch, campus, and home networks.

System Properties for EI Activation:

session.options.enableEdgeAnalytics: Set to true to activate Analytics.
service.analytics.apiURL
service.analytics.apiToken
service.analytics.configEndpoint
service.analytics.analyticsEndpointStaticIcP
service.analytics.analyticsEndpointDynIaPmaicnalytics

Activate Analytics for a New Customer

When creating a new customer, Operator Super Users and Standard Admins can activate Analytics. Ensure the above system properties are correctly set.

Activate Analytics for an Existing Customer

Operator Super Users and Standard Admins can activate Analytics for existing customers. Ensure the above system properties are correctly set.

Activate Self-Healing for a New Customer

Self-Healing enables activation and configuration of Self-Healing capabilities at Customer, Profile, and Edge levels. Prerequisites include activated EI service and specific Edge/Orchestrator software versions (Edge 5.0.1.0+, Orchestrator 4.3.1+).

Navigate to Customers & Partners > Manage Customers and click New Customer.
Under Services > Service Access, select SD-WAN and Edge Intelligence (EI).
In the Edge Intelligence section, select the Self Healing checkbox.
Click Add Customer.

EI monitors network issues and triggers remediation recommendations. Currently, only manual remediation is supported.

Activate Self-Healing for an Existing Customer

To activate Self-Healing for an existing customer:

Navigate to SD-WAN > Global Settings > Customer Configuration.
In the Edge Intelligence section, click Turn On and then Configure.
Select the Self Healing checkbox.
Click Update.

EI monitors network issues and triggers remediation recommendations. Currently, only manual remediation is supported.

Manage Partners

The Manage Partners option allows creating and managing Partners who can independently manage a group of Customers. Navigate to Customers & Partners > Manage Partners.

Available Actions:

Search: Find partners using text or advanced search.
New Partner: Add a new partner.
Edit: Configure Partner Capabilities, Available Software Images, and Gateway Pool.
Delete: Remove selected partners (ensure all associated customers are removed first).
Add Operator Profile: Assign an Operator profile to partners.
More Actions: Download partner profiles in CSV format.

Create New Partner

Operator Superusers, Standard Operators, and Business Specialist Operators can create new partners. To create a new partner:

Navigate to Customers & Partners > Manage Partners and click New Partner.
Enter Partner Information (Name, Domain, SASE Support Access, Grant Gateway Management Access, Location), Initial Partner Admin Account details, Default Properties (Gateway Pool, Software Image, Edge Licensing).
Click Add Partner.

Configure Partner

Configure partner capabilities, software images, and gateway pools. Navigate to Manage Partners and click the partner name.

Partner Capabilities: Enable Gateway Management, Edge License, Role Customization.
Classic Orchestrator Access: Control partner customer access to the Classic Orchestrator.
Available Software Images: Add or remove software images assigned to the partner.
Gateway Pool: Add or remove gateway pools assigned to the partner.
Other Settings: Configure User Agreement display settings.

Partner Settings

Configure partner-specific information like name, primary location, and contact details. Navigate to Manage Partners > Administration > Partner Settings.

Manage Operators

Operators can configure and manage Operator Profiles and Operator Users, and monitor Operator events.

Monitor Operator Events

View a list of events generated at the Operator level to determine system status. Navigate to Administration > Operator Events. Events can be filtered, searched, and downloaded in CSV format.

Manage Operator Profiles

An Operator Profile specifies network settings managed by the Orchestrator and can be assigned to Customers or Partners. Operators can upload, modify, or delete firmware and factory images.

Navigate to Administration > Operator Profiles.
Perform actions like Search, New, Duplicate, Download, Remove, or Delete profiles.
To update a profile, click the profile name to configure settings such as Profile Settings (Name, Description, Management Settings), Gateway Selection, Application Map Assignment, and Software Version/Firmware updates.

Note: Firmware and Factory image updates require specific software versions and should be performed sequentially (Software first, then Firmware/Factory).

User Management - Operator

Manage users, roles, service permissions, and authentication. Navigate to Administration > User Management.

Users

View, add, modify, or delete Operator users. Operator Super Users cannot be modified or deleted. Users can be assigned roles and have their access level (Basic/Privileged) configured.

Add New User

Operator Super Users and Standard Admins can add new users. Configure General Information, Role, and Edge Access.

API Tokens

Access Orchestrator APIs using tokens. Operator Superusers can create, revoke, and download multiple API tokens per user. Tokens have a defined lifetime and status (Pending, Enabled, Revoked, Expired).

Roles

Roles are categorized into Privileges (service-specific actions) and Roles (groups of privileges). Default roles include Operator Standard Admin, Operator Superuser, etc. Custom roles can be created by cloning existing ones or defining new ones with specific scopes and privileges.

Add Role

Create custom roles by defining Role Name, Description, Template, Scope, and assigning privileges for Global Settings & Administration, SD-WAN, SD-WAN Client, Edge Compute, and EI services.

Enterprise Security Admin Role

Enhanced in release 6.1.0 to separate network and security actions, allowing configuration of only Firewall settings. This is achieved by creating specific service permissions like 'SD-WAN Enterprise Security Admin' and 'Global Settings Enterprise Admin'.

Service Permissions

Granularly define actions (Read, Create, Update, Delete) for privileges within a Privilege Bundle. Customizations at the Enterprise level override Partner or Operator level customizations. Service permissions are version dependent.

New Permission

Customize privileges and apply them to existing permissions. Define Name, Description, Scope, Service, Privilege Bundle, and specific Privileges (Read, Create, Update, Delete).

List of User Privileges

A comprehensive list of privileges available in the Operator portal, detailing their Allow, Deny, and Customizable status for various features like Manage Customers, Manage Partners, Software Images, System Properties, Operator Events, Operator Profiles, Operator Users, API Tokens, Gateway Pools, Gateways, Edge Licensing, Orchestrator Authentication, Replication, Orchestrator Diagnostics, and Orchestrator Upgrade.

Authentication

Set authentication modes for Operators and Enterprise users (Local, Single Sign-On, RADIUS). API tokens can also be managed here. SSO configuration involves integrating with Identity Providers (IdPs) like Azure AD, Okta, OneLogin, PingIdentity, and VMware CSP.

Configure Azure Active Directory for Single Sign On

Steps to set up an OIDC-based application in Microsoft Azure Active Directory for SSO, including registering the application, obtaining Client ID and secret, configuring API permissions, and setting up app roles in the manifest.

Configure Okta for Single Sign On

Steps to set up an OIDC-based application in Okta for SSO, including creating a new app integration, configuring OpenID Connect settings, and assigning users and groups.

Configure OneLogin for Single Sign On

Steps to set up an OIDC-based application in OneLogin for SSO, including adding the OIDC app, configuring parameters, and mapping user roles.

Configure PingIdentity for Single Sign On

Steps to set up an OIDC-based application in PingIdentity for SSO, including adding an OIDC application, configuring authorization settings, and mapping user profile attributes.

Configure Arista CSP for Single Sign On

Steps to configure Arista Cloud Services Platform (CSP) for SSO, including obtaining an invitation URL, creating an OAuth application in CSP, and mapping roles.

SSH Keys

Create and revoke SSH Keys per user via the 'My Account' page.

Session Limits

Set limits on concurrent logins per user and per role, configurable via system properties.

Orchestrator Branding - Operator

Customize the Orchestrator UI with company branding (name, logo, colors) at a global level. This feature is available for dedicated Orchestrator instances only. Activate 'Operator only Branding' via system properties.

Branding Customization Options:

Operator Naming: Customize Operator Name, Login Title, EULA, and Copyright.
General Product Naming: Customize Product Name, Login Title, EULA, and Copyright for Partner and Enterprise login screens.
Support Naming: Customize Support Name and Email Address.
Logos: Upload Color Horizontal Logo, Color Square Logo, and Inverse Logo.
Header Display Name and Color: Customize Header Display Name, Header Text Color, and Header Background Color.

Changes are applied to a preview image and can be restored to default.

Manage User Agreements

Operators can create and manage End User License Agreements (EULAs). Activate the feature via system properties and configure display modes (NONE, ALL, WITH_MSPS, WITHOUT_MSPS). EULAs can be overridden at the customer level. Only Super Users can accept agreements.

Create a User Agreement

Operator Super Users and Standard Administrators can create new user agreements, setting them as enabled or disabled, defining effective dates, and customizing dialog titles, body text, and button text.

Manage Gateway Pools and Gateways

The network utilizes service Gateways deployed in data centers. Gateways can be organized into pools, which are then assigned to a network. Additional Gateway pools can be created.

Manage Gateway Pools

Operators can create, clone, manage, download, and delete Gateway pools. The Gateway Pools page displays pool names, the number of Gateways within each pool, and IP version support (IPv4 or IPv4/IPv6).

Create New Gateway Pool

Create new Gateway pools with specific names and IP version support.

Clone a Gateway Pool

Clone existing Gateway pool configurations.

Configure Gateway Pools

Configure settings for Gateway pools, including assigning Gateways and managing their properties.

Manage Gateways

Operators can manage Gateways, including creating new Gateways, configuring them, and monitoring their status. This includes options for upgrading Gateways, configuring IPv6 addresses, and managing Partner Gateways.

Create New Gateway with New Orchestrator UI

Procedure to create a new Gateway using the updated Orchestrator UI.

Configure Gateways

Configure various settings for Gateways, including IP addresses, routing, and security parameters.

Upgrade for Dual Stack Support

Information on upgrading Gateways to support dual-stack (IPv4 and IPv6).

Configure IPv6 Address on Gateways

Steps to configure IPv6 addresses on Gateways.

Partner Gateways

Manage Gateways assigned to Partners.

Monitor Gateways

Monitor the status and performance of Gateways.

Migration

Information and procedures related to migrating Gateways.

Diagnostic Bundles for Gateways

Request and manage diagnostic bundles for Gateways to aid in troubleshooting.

Request Diagnostic Bundles for Gateways with New Orchestrator UI

Procedure to request diagnostic bundles using the new Orchestrator UI.

Request Packet Capture Bundle for Gateways

Procedure to request packet capture bundles for Gateways.

Platform and Modem Firmware and Factory Images

Manage software images, including platform and modem firmware, and factory images for Edge devices. This includes uploading, assigning, and updating these images.

Software Images

Details on managing software images for Edge devices.

Edge Licensing

Manage Edge licenses for Partners and Customers. This includes assigning and managing licenses to ensure proper functionality.

Manage Edge Licenses for Partners

Procedures for Operators to manage Edge licenses for their Partners.

Manage Edge Licenses for Customers

Procedures for Operators to manage Edge licenses for their Customers.

Application Maps

Application Maps are used to identify and classify application traffic for policy enforcement and optimization.

Edge Management

Manage Edge devices, including accessing them via key-based authentication, adding SSH keys, revoking keys, and enabling secure edge access.

Access SD-WAN Edges Using Key-Based Authentication

Procedures for accessing SD-WAN Edges using SSH keys.

Add SSH Key

Steps to add an SSH key for a user.

Revoke SSH Keys

Steps to revoke existing SSH keys.

Enable Secure Edge Access for an Enterprise

Steps to enable secure access to Edges for an enterprise.

Secure Edge CLI Commands

List of secure CLI commands for Edge management.

Sample Outputs

Examples of command outputs for reference.

Configure User Account details

Users can configure their account details, including personal information, SSH keys, and API tokens.

Orchestrator Diagnostics

Perform diagnostic actions on the Orchestrator to identify and resolve issues.

Orchestrator Upgrade with New Orchestrator UI

Information and procedures for upgrading the Orchestrator using the new user interface.

Replication

Configure replication settings for disaster recovery and high availability.

System Properties

Manage system properties that control various Orchestrator functionalities and configurations.

External Certificate Authority

Configure settings related to external certificate authorities for secure communication.

Appendix

Operator-Level Orchestrator Alerts and Events

Detailed information on alerts and events generated at the Operator level within the Orchestrator.

Index

An index of topics covered in the guide.

	Arista VeloCloud SD-WAN Partner Guide Version 6.4 This guide provides Arista Partners with comprehensive information on managing Arista VeloCloud SD-WAN solutions, including customer onboarding, configuration, monitoring, and advanced features. It covers topics such as user management, gateway configuration, edge licensing, and security settings within the SASE Orchestrator.
	Arista CloudVision Configuration Guide A comprehensive guide to configuring and managing Arista's CloudVision platform for network-wide workload orchestration and workflow automation.
	Arista VeloCloud SD-WAN PCI Compliance Solution Brief This solution brief details how Arista's VeloCloud SD-WAN provides a simple, secure, and cost-effective way for businesses to achieve PCI compliance. It covers cloud-delivered and on-premises SD-WAN options, focusing on securing customer data and simplifying PCI audits.
	Arista VeloCloud SD-WAN Cloud Gateway Advantages for SaaS and IaaS Explore the benefits of Arista VeloCloud SD-WAN Cloud Gateways in optimizing application performance for SaaS and IaaS, enhancing last-mile connectivity, and aggregating WAN capacity.
	Arista 750 Series Campus Switches Datasheet: High-Performance Modular PoE Networking Comprehensive datasheet for Arista 750 Series Campus Switches, detailing 8-slot and 5-slot modular systems. Features include high-performance modular PoE, advanced security segmentation, CloudVision management, cognitive campus resilience, and extensive Layer 2/Layer 3 capabilities for modern campus networks.
	Arista VeloCloud Partner FAQs: Acquisition Information Frequently asked questions for Arista channel partners regarding the acquisition of the VeloCloud SD-WAN portfolio from Broadcom. Details on program changes, transactions, support, and logistics.
	Arista VeloCloud SD-WAN: Enterprise WAN Simplicity, Performance, and Security Arista's VeloCloud SD-WAN solution offers enterprise-grade performance, security, visibility, and control over public internet and private networks, simplifying WAN with zero-touch deployment, business policy, enhanced firewall, and cloud-based network-as-a-service for improved agility and economics.
	Arista VeloCloud SD-WAN Edge 7x0 Series Specifications Detailed specifications for the Arista VeloCloud SD-WAN Edge 7x0 Series, covering hardware, software, performance, and cloud integration capabilities.