diff --git a/docs/en-US/hardware-firewall.xml b/docs/en-US/hardware-firewall.xml
index df0568aa2c2..db480329846 100644
--- a/docs/en-US/hardware-firewall.xml
+++ b/docs/en-US/hardware-firewall.xml
@@ -25,5 +25,6 @@
be the default gateway for the guest networks; see .
+
diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml
new file mode 100644
index 00000000000..6181348bb76
--- /dev/null
+++ b/docs/en-US/vnmc-cisco.xml
@@ -0,0 +1,306 @@
+
+
+%BOOK_ENTITIES;
+]>
+
+
+ External Guest Firewall Integration for Cisco VNMC (Optional)
+ Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and
+ policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with
+ ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to:
+
+
+ Configure Cisco ASA 1000v Firewalls
+
+
+ Create and apply security profiles that contain ACL policy sets for both ingress
+ and egress traffic, connection timeout, NAT policy sets, and TCP intercept
+
+
+ &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware
+ hypervisors.
+
+ Use Cases
+
+
+ A Cloud administrator adds VNMC as a network element by using the admin API
+ addCiscoVnmcResource after specifying the credentials
+
+
+ A Cloud administrator adds ASA 1000v appliances by using the admin API
+ addCiscoAsa1000vResource. You can configure one per guest network.
+
+
+ A Cloud administrator creates an Isolated guest network offering by using ASA
+ 1000v as the service provider for Firewall, Source NAT, Port Forwarding, and Static
+ NAT.
+
+
+
+
+ Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC
+ Deployment
+
+ Prerequisites
+
+
+ Ensure that Cisco ASA 1000v appliance is set up externally and then registered
+ with &PRODUCT; by using the admin API. Typically, you can create a pool of ASA
+ 1000v appliances and register them with &PRODUCT;.
+ Specify the following to set up a Cisco ASA 1000v instance:
+
+
+ ESX host IP
+
+
+ Standalone or HA mode
+
+
+ Port profiles for the Management and HA network interfaces. This need to
+ be pre-created on Nexus dvSwitch switch.
+
+
+ Port profiles for both internal and external network interfaces. This need
+ to be pre-created on Nexus dvSwitch switch, and to be updated appropriately
+ while implementing guest networks.
+
+
+ The Management IP for Cisco ASA 1000v appliance. Specify the gateway such
+ that the VNMC IP is reachable.
+
+
+ Administrator credentials
+
+
+ VNMC credentials
+
+
+ After Cisco ASA 1000v instance is powered on, register VNMC from the ASA
+ console.
+
+
+ Ensure that Cisco VNMC appliance is set up externally and then registered with
+ &PRODUCT; by using the admin API. A single VNMC instance manages multiple ASA1000v
+ appliances.
+
+
+ Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT;
+ when adding VMware cluster.
+
+
+
+
+ Using Cisco ASA 1000v Services
+
+
+ Ensure that all the prerequisites are met.
+ See .
+
+
+ Add a VNMC instance.
+ See .
+
+
+ Add a ASA 1000v instance.
+ See .
+
+
+ Create a Network Offering and use Cisco VNMC as the service provider for desired services.
+ See .
+
+
+ Create an Isolated Guest Network by using the network offering you just created.
+
+
+
+
+
+ Adding a VNMC Instance
+
+
+ Log in to the &PRODUCT; UI as administrator.
+
+
+ In the left navigation bar, click Infrastructure.
+
+
+ In Zones, click View More.
+
+
+ Choose the zone you want to work with.
+
+
+ Click the Network tab.
+
+
+ In the Network Service Providers node of the diagram, click Configure.
+ You might have to scroll down to see this.
+
+
+ Click Cisco VNMC.
+
+
+ Click View VNMC Devices
+
+
+ Click the Add VNMC Device and provide the following:
+
+
+ Host: The IP address of the VNMC instance.
+
+
+ Username: The user name of the account on the VNMC instance that &PRODUCT;
+ should use.
+
+
+ Password: The password of the account.
+
+
+
+
+ Click OK.
+
+
+
+
+ Adding an ASA 1000v Instance
+
+
+ Log in to the &PRODUCT; UI as administrator.
+
+
+ In the left navigation bar, click Infrastructure.
+
+
+ In Zones, click View More.
+
+
+ Choose the zone you want to work with.
+
+
+ Click the Network tab.
+
+
+ In the Network Service Providers node of the diagram, click Configure.
+ You might have to scroll down to see this.
+
+
+ Click Cisco VNMC.
+
+
+ Click View ASA 1000v.
+
+
+ Click the Add CiscoASA1000v Resource and provide the following:
+
+
+ Host: The management IP address of the ASA 1000v instance. The IP address is
+ used to connect to ASA 1000V.
+
+
+ Inside Port Profile: The Inside Port Profile configuration on Cisco
+ Nexus1000v dvSwitch.
+
+
+ Cluster: The VMware cluster to which you are adding the ASA 1000v
+ instance.
+ Ensure that the cluster is Cisco Nexus 1000v dvSwitch enabled.
+
+
+
+
+ Click OK.
+
+
+
+
+ Creating a Network Offering Using Cisco ASA 1000v
+ To have Cisco ASA 1000v support for a guest network, create a network offering as
+ follows:
+
+
+ Log in to the &PRODUCT; UI as a user or admin.
+
+
+ From the Select Offering drop-down, choose Network Offering.
+
+
+ Click Add Network Offering.
+
+
+ In the dialog, make the following choices:
+
+
+ Name: Any desired name for the network
+ offering.
+
+
+ Description: A short description of the
+ offering that can be displayed to users.
+
+
+ Network Rate: Allowed data transfer rate in
+ MB per second.
+
+
+ Traffic Type: The type of network traffic
+ that will be carried on the network.
+
+
+ Guest Type: Choose whether the guest
+ network is isolated or shared.
+
+
+ Persistent: Indicate whether the guest
+ network is persistent or not. The network that you can provision without having
+ to deploy a VM on it is termed persistent network.
+
+
+ VPC: This option indicate whether the guest
+ network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a
+ private, isolated part of &PRODUCT;. A VPC can have its own virtual network
+ topology that resembles a traditional physical network. For more information on
+ VPCs, see .
+
+
+ Specify VLAN: (Isolated guest networks
+ only) Indicate whether a VLAN should be specified when this offering is
+ used.
+
+
+ Supported Services: Use Cisco VNMC as the
+ service provider for Firewall, Source NAT, Port Forwarding, and Static NAT to
+ create an Isolated guest network offering.
+
+
+ System Offering: Choose the system service
+ offering that you want virtual routers to use in this network.
+
+
+ Conserve mode: Indicate whether to use
+ conserve mode. In this mode, network resources are allocated only when the first
+ virtual machine starts in the network.
+
+
+
+
+ Click OK
+ The network offering is created.
+
+
+
\ No newline at end of file