Skip to main content
Versa Networks

Overview of Configuration Templates

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.png For supported software information, click here.

When networks become more complex, configurations become tedious and the lifecycle management of many single-function devices is time-consuming and costly. An effective way to simplify tedious network configuration tasks and avoid unnecessary manual processes is with a template-based SD-WAN configuration. Networks also require agility in service delivery to quickly introduce new services in their portfolios. Such requirements depend on flexible methods to add services or service features instead of hard-coded, rigid service structures.

With Versa Operating SystemTM (VOSTM) SD-WAN configuration templates, you can apply the same relationships to multiple branch offices. Predefined configuration templates automate many time-consuming and repetitive tasks, and they reduce complexity by eliminating the need to know every detail to achieve a specific task. By simply selecting target elements, the template automatically applies the appropriate configurations.

You can use configuration templates to deploy configurations across an organization or across devices in an organization. Versa Director supports three types of templates:

  • Device templates—Device templates, also known as post-staging templates, are a baseline configuration that can be deployed across branches, saving time and effort in configuring and deploying similar services across many branches in a network.
  • Service templates—Services templates are service-specific configurations that can be used to configure certain services. They can then be applied to device configurations to enable the services.
  • Common templates— Common templates, also known as data store templates, are automatically created for an organization. There is only one common template for any tenant or organization. The common template is always applied by default to all devices in the tenant or organization.

The following video provides an overview of configuration templates.

Device Templates

Device templates are a baseline configurations that can be deployed across branches, saving time and effort in configuring and deploying similar configurations across multiple devices in a branch. These templates are used for devices with similar characteristics, such as the following:

  • Number of WAN ports
  • Organizations associated with a branch
  • Solution tier and service bandwidth license subscription
  • LAN ports and virtual routing and forwarding (VRF) information
  • Direct internet access (DIA) options
  • Next-generation firewall (NGFW) configuration
  • Unified threat management (UTM) configuration
  • Load-balancing configuration

Device templates allow you to preconfigure these options for the branch, so when you onboard the branch to the network, only branch-specific information such as IP addresses need to be configured.

There are two types of device template:

  • Staging templates—Staging templates are designed to redirect the device to the staging Controller device, and they are primarily used on the Versa Networks global ZTP server. Staging templates are used when you need to configure only a limited set of options that are required to follow-up when you onboard with a post-staging template. You can create staging templates for WAN interfaces only, not for LAN interfaces. Staging templates are used to create a minimal template for basic connectivity to the SD-WAN Controller device. They are used only if staging is performed at a different location (for example, in a data center or network operations center) to prepare a device, before shipping it with preconfigured information to connect to the network. For more information, see Create Staging Templates.
  • Post-staging templates—Post-staging templates are the main template that is associated with a device. Post-staging templates are mandatory for creating devices. These templates contain the complete configuration required to deploy network services on VOS branch devices. You can use post-staging templates as the second stage in branch deployment, but you can skip the staging template and use only post-staging templates. For more information, see Create Post-Staging Templates.

You create staging and post-staging templates using the Director Workflows option:

create_device_templates.png

A Director workflow is similar to a configuration wizard and allows you to create infrastructure objects and templates based on generalized user input such as organizations, controllers, various templates, and devices (CPEs). You can use workflows to create multiple template components, such as device templates, traffic-steering service templates, and uCPE service templates. A workflow links devices to device groups, and steps you through the process of creating and linking all the necessary components of device configuration. For more information, see Basic SD-WAN Configuration.

The following figure illustrates the relationship and hierarchy of dependencies of the components in a Director workflow:

Workflow_Components_Relationship.PNG

In this hierarchy:

  • Device bind data belongs to a device. It is the unique information for a device that is used to build the device configuration. Bind data is entered in fields of a form that is based on the device template variables.
  • A device is an individual CPE in a network, and it belongs to a device group.
  • A device group is associated with a device template. All devices in a device group use the same device template and, optionally, they can use the same service template or templates. The device definition in a device template defines the fields that are used to configure CPE devices. For example, if the device template has variables for one LAN port and two WAN ports, the device configuration template contains form fields for the same ports in the bind data configuration.

Workflows are a mechanism for creating the initial device configuration, but you cannot use them to maintain an existing configuration. With workflows, you can add configuration elements to a device's templates, but you cannot remove configuration elements. For example, if you configure TACACS+ or SNMP using a workflow, and if want to remove the TACACS+ or SNMP configuration later, you must perform the deletion from the template configuration menu, not from the workflow.

The video below explains how to create device templates.

Common Templates

Common templates, also known as datastore templates, are automatically created for each organization. The common template name has the format organization-name-DataStore. For example, for the organization name ServiceProvider, the common template name is ServiceProvider-DataStore, as shown in the sample screenshot below.

common_template.png

Objects defined in the common template are automatically applied to all devices, where the organization is present, even when those objects are not referenced by any policies in the device. The objects that are defined in the common template can be referenced from service and device templates associated with the organization.

Common templates are used to pass zone and other information from device templates to service templates. For example, if a device template contains a LAN zone, you can create a firewall service template with rules using that zone and pass those rules to the device. Without a common template, you have to create a zone in the service template before creating rules to use the zone.

Service Templates

Services templates are templates that are specifically for VOS services, such as QoS and next-generation firewall (NGFW). You associate service templates with device groups. In a device group, you can choose the order in which the service templates are applied.

Service templates help to segment the device configuration into smaller, manageable fragments. Security templates allow domain operators to focus only on their specific area of operation. For example, a security specialist who is primarily responsible for next-generation or stateful firewall policies can maintain just the security template. A single service template can be used by multiple templates or device groups across organizations.

Service templates provide a process to define network-wide common configurations based on specific network functions and services. Security service template can be used to define common security policies shared by multiple device templates. You can create a template once, and deploy it with customizable parameters across multiple VNFs. Using templates, thereby, reduces the administration effort drastically, as creating templates is a one time effort and can be shared across operators.

A service template can be used by multiple device templates and device groups, and all the configurations in the service template are applied to the device template or device group regardless of configuration of the device template or group. For example (here we use device templates), a firewall rule configured in a firewall service template that matches traffic from a LAN zone and allows all traffic from that zone. If this rule is applied to two devices templates, but only one device template has zone configured in the firewall, then, the device template with a matching zone passes the traffic and the device that does not specify a zone does not allow any traffic on the LAN. To resolve such a situation, you can configure common LAN zone names on both device templates, so that one rule applies for both devices or you can create one rule for each device template in the service template.

Note that each service template is independent. You cannot associate one service template with another service template.

You can create a service template using the Director Configuration or Workflow option. The following screenshot illustrates how to create a service template using the Configuration tab.

service_template_create.png

Types of Service Templates

Versa Director supports templates for a majority of SD-WAN use cases. Versa Director supports the following types of service templates:

  • Application steering—Provides a workflow to create application-based SD-WAN steering policies and basic CoS policies.
  • General—Allows you to configure all available services.
  • NGFW—Allows you to configure NGFW services, such as authentication, decryption, DoS protection, security and security settings, and secure web proxy.
  • QoS—Allows you to categorize traffic into multiple classes and to apply priority and shaping settings.
  • Secure access—Allows you to configure secure access objects such as routes, DNS resolvers, servers, profiles, portals, and gateways.
  • Service chaining—Used to service chain third-party virtualized network functionality (VNFs) and PNFs on uCPE devices. Network management systems facilitate a centralized mechanism for making configuration changes to the VNF.
  • Stateful firewall—Allows you to configure DoS protection, and security and security settings.

Associate a Device-Specific Service Template with a Device

You can associate service templates with devices, either when you add a new device or by editing an existing device. You can associate one or more templates with or without bind data device-specific configuration.

When device-specific service templates are associated with a device, the following order is followed during merge:

  1. Device group templates
  2. Device-specific service template 

This order prioritizes the order set by users for a device service template before templates at the device group level. For more information about creating service templates, see Create Service Templates.

To associate a device-specific service template with a device:

  1. In Director view, select the Workflows tab in the top menu bar.
  2. Select Devices > Devices in the horizontal menu bar.
  3. Select an organization in the horizontal menu bar.
  4. Click the + Add icon to add a device. The Add Device popup window displays.
  5. Select the Basic tab and enter information. For more information, see Create Service Templates.

    add-device-basic-tab.png
     
  6. Select the Location Information tab and enter information.

    add-device-location-tab.png
     
  7. Select the Device Service Template tab.

    Dev-Service-Temp.png
  8. Click the Configure Template Order icon to reorder the device service template. The Configure Template Order popup window displays.

    Edit_service_template_window.png
  9. If the popup window lists existing templates, reorder the templates by dragging and dropping them, if desired.
    Note: Do not change the default order in which the datastore and main templates are listed. The default order ensures that the rules in the datastore templates (common templates) are listed higher than those the main template (device template), which ensures that the final merged configuration is correct. If you change or reverse the order of these template types, datastore template general objects might overwrite objects in the main template, leading to incorrect functionality, such as misconfiguration of route distinguisher (RD) values for hub sites.

  10. If the window lists no templates, click the + Add icon to add a new device service template.

  11. In the Edit Device Service Template popup window, enter information for the following fields.

    Add-Device-Service-Template.png
     
    Field Description
    Tenant Select the name of the tenant.
    Category

    Select the service template category:

    • Stateful Firewall—Allows you to configure the following services:
      • DoS protection
      • Security and security settings
    • NextGen Firewall—Allows you to configure the following services:
      • Authentication
      • Decryption
      • DoS protection
      • Security and security settings
      • Secure web proxy
    • QoS—Allows you to configure the following services:
      • AppQoS
      • Associate interfaces and networks
      • Drop profiles
      • Forwarding class map
      • QoS profiles
      • Read-write rules
      • Schedulers
      • Scheduler maps
    • General—Allows you to configure all available services.
    • Application Steering—Allows you to configure the following services:
      • Class of service
      • CoS and SD-WAN policy
      • Zones
    • Service Chain—Allows you to configure the following objects:
      • Address
      • Address groups
      • Cloud profiles
      • Custom objects
      • Schedules
      • SNAT pools
    • Secure Access—Allows you to configure the following objects:
      • DNS resolvers
      • Secure access portals and gateways
      • Secure access profiles
      • Secure access routes
      • Secure access servers
    Template Select the template to use. The drop-down lists the templates available based on the options you select in the Tenant and Category fields.
  12. Click OK.

Associate a Service Template with a Device Group

To associate a service template with a device group:

  1. In Director view, select the Configuration tab in the top menu bar.
  2. Select Devices > Device Groups in the horizontal menu bar.

    Device_Groups_Menu.png
  3. Click the + Add icon to add a device group. The Add Device Group popup window displays.
  4. Select an organization and select a template from the Post-Staging Template drop-down list that displays the templates associated with the organization you select.

    Add_Device_Group.png
     
  5. Click the edit-post-staging-template-association-icon.png Edit icon under the Post-Staging Template Association tab to edit the template. The Edit Device Service Template popup window displays. If the window lists existing templates, reorder the templates by dragging and dropping them, if desired.

    Edit_Post_Staging_Template_Association.png
     
  6. Click the + Add icon to add a new service template for the device group.
  7. In the Add Device Service Template popup window, enter information for the following fields.

    Add_Post_Staging_Template_Association.png
     
    Field Description
    Tenant Select the name of the tenant.
    Category

    Select the category of the service template:

    • Application Steering
    • General
    • Next-Generation Firewall
    • QoS
    • Secure Access
    • Service Chain
    • Stateful Firewall

    For more information about each option, see Associate a Device-Specific Service Template with a Device.
    Template Select the template to use. The drop-down lists the templates available based on the options you select in the Tenant and Category fields.
  8. Click OK.

Parameterized Organization Templates

In Versa Director, you can parameterize an organization by creating a parameterized organization template. This template is assigned a name based on the organization name, in the format organization-name_org, for example, versa_org. You can associate parameterized organization templates with any organization in the main template.This means that you can use the same service template for different organizations. While applying the main template, the VOS template software looks for the organizations that the service template is associated and replicates the contents of the service template for each attached organization. Therefore, if you are creating a parameterized templates, it is important that the organization name is created with specific variable name. Otherwise, some of the functionalities, such as apply template, do not work.

Supported Software Information

Releases 20.2 and later support all content described in this article.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
    Product
    Director
  2. Tags
    This page has no tags.