From 1fc8991d63ae03804ccfba2fb58c61550c5e683d Mon Sep 17 00:00:00 2001 From: radhikap Date: Wed, 17 Jul 2013 10:46:20 +0530 Subject: [PATCH] CLOUDSTACK-906 --- docs/en-US/hardware-firewall.xml | 1 + docs/en-US/vnmc-cisco.xml | 306 +++++++++++++++++++++++++++++++ 2 files changed, 307 insertions(+) create mode 100644 docs/en-US/vnmc-cisco.xml diff --git a/docs/en-US/hardware-firewall.xml b/docs/en-US/hardware-firewall.xml index df0568aa2c2..db480329846 100644 --- a/docs/en-US/hardware-firewall.xml +++ b/docs/en-US/hardware-firewall.xml @@ -25,5 +25,6 @@ be the default gateway for the guest networks; see . + diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml new file mode 100644 index 00000000000..6181348bb76 --- /dev/null +++ b/docs/en-US/vnmc-cisco.xml @@ -0,0 +1,306 @@ + + +%BOOK_ENTITIES; +]> + +
+ External Guest Firewall Integration for Cisco VNMC (Optional) + Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and + policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with + ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: + + + Configure Cisco ASA 1000v Firewalls + + + Create and apply security profiles that contain ACL policy sets for both ingress + and egress traffic, connection timeout, NAT policy sets, and TCP intercept + + + &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware + hypervisors. +
+ Use Cases + + + A Cloud administrator adds VNMC as a network element by using the admin API + addCiscoVnmcResource after specifying the credentials + + + A Cloud administrator adds ASA 1000v appliances by using the admin API + addCiscoAsa1000vResource. You can configure one per guest network. + + + A Cloud administrator creates an Isolated guest network offering by using ASA + 1000v as the service provider for Firewall, Source NAT, Port Forwarding, and Static + NAT. + + +
+
+ Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC + Deployment +
+ Prerequisites + + + Ensure that Cisco ASA 1000v appliance is set up externally and then registered + with &PRODUCT; by using the admin API. Typically, you can create a pool of ASA + 1000v appliances and register them with &PRODUCT;. + Specify the following to set up a Cisco ASA 1000v instance: + + + ESX host IP + + + Standalone or HA mode + + + Port profiles for the Management and HA network interfaces. This need to + be pre-created on Nexus dvSwitch switch. + + + Port profiles for both internal and external network interfaces. This need + to be pre-created on Nexus dvSwitch switch, and to be updated appropriately + while implementing guest networks. + + + The Management IP for Cisco ASA 1000v appliance. Specify the gateway such + that the VNMC IP is reachable. + + + Administrator credentials + + + VNMC credentials + + + After Cisco ASA 1000v instance is powered on, register VNMC from the ASA + console. + + + Ensure that Cisco VNMC appliance is set up externally and then registered with + &PRODUCT; by using the admin API. A single VNMC instance manages multiple ASA1000v + appliances. + + + Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT; + when adding VMware cluster. + + +
+
+ Using Cisco ASA 1000v Services + + + Ensure that all the prerequisites are met. + See . + + + Add a VNMC instance. + See . + + + Add a ASA 1000v instance. + See . + + + Create a Network Offering and use Cisco VNMC as the service provider for desired services. + See . + + + Create an Isolated Guest Network by using the network offering you just created. + + +
+
+
+ Adding a VNMC Instance + + + Log in to the &PRODUCT; UI as administrator. + + + In the left navigation bar, click Infrastructure. + + + In Zones, click View More. + + + Choose the zone you want to work with. + + + Click the Network tab. + + + In the Network Service Providers node of the diagram, click Configure. + You might have to scroll down to see this. + + + Click Cisco VNMC. + + + Click View VNMC Devices + + + Click the Add VNMC Device and provide the following: + + + Host: The IP address of the VNMC instance. + + + Username: The user name of the account on the VNMC instance that &PRODUCT; + should use. + + + Password: The password of the account. + + + + + Click OK. + + +
+
+ Adding an ASA 1000v Instance + + + Log in to the &PRODUCT; UI as administrator. + + + In the left navigation bar, click Infrastructure. + + + In Zones, click View More. + + + Choose the zone you want to work with. + + + Click the Network tab. + + + In the Network Service Providers node of the diagram, click Configure. + You might have to scroll down to see this. + + + Click Cisco VNMC. + + + Click View ASA 1000v. + + + Click the Add CiscoASA1000v Resource and provide the following: + + + Host: The management IP address of the ASA 1000v instance. The IP address is + used to connect to ASA 1000V. + + + Inside Port Profile: The Inside Port Profile configuration on Cisco + Nexus1000v dvSwitch. + + + Cluster: The VMware cluster to which you are adding the ASA 1000v + instance. + Ensure that the cluster is Cisco Nexus 1000v dvSwitch enabled. + + + + + Click OK. + + +
+
+ Creating a Network Offering Using Cisco ASA 1000v + To have Cisco ASA 1000v support for a guest network, create a network offering as + follows: + + + Log in to the &PRODUCT; UI as a user or admin. + + + From the Select Offering drop-down, choose Network Offering. + + + Click Add Network Offering. + + + In the dialog, make the following choices: + + + Name: Any desired name for the network + offering. + + + Description: A short description of the + offering that can be displayed to users. + + + Network Rate: Allowed data transfer rate in + MB per second. + + + Traffic Type: The type of network traffic + that will be carried on the network. + + + Guest Type: Choose whether the guest + network is isolated or shared. + + + Persistent: Indicate whether the guest + network is persistent or not. The network that you can provision without having + to deploy a VM on it is termed persistent network. + + + VPC: This option indicate whether the guest + network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a + private, isolated part of &PRODUCT;. A VPC can have its own virtual network + topology that resembles a traditional physical network. For more information on + VPCs, see . + + + Specify VLAN: (Isolated guest networks + only) Indicate whether a VLAN should be specified when this offering is + used. + + + Supported Services: Use Cisco VNMC as the + service provider for Firewall, Source NAT, Port Forwarding, and Static NAT to + create an Isolated guest network offering. + + + System Offering: Choose the system service + offering that you want virtual routers to use in this network. + + + Conserve mode: Indicate whether to use + conserve mode. In this mode, network resources are allocated only when the first + virtual machine starts in the network. + + + + + Click OK + The network offering is created. + + +
\ No newline at end of file