From 67ab7e558eda743088b9cd76383fea57fc87d620 Mon Sep 17 00:00:00 2001 From: Radhika PC Date: Tue, 30 Jul 2013 11:00:46 +0530 Subject: [PATCH] CLOUDSTACK-3580 --- docs/en-US/vnmc-cisco.xml | 125 ++++++++++++++++++++------------------ 1 file changed, 67 insertions(+), 58 deletions(-) diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml index 6181348bb76..924806cfe13 100644 --- a/docs/en-US/vnmc-cisco.xml +++ b/docs/en-US/vnmc-cisco.xml @@ -20,16 +20,16 @@ -->
External Guest Firewall Integration for Cisco VNMC (Optional) - Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and - policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with - ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: + Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and policy + management for Cisco Network Virtual Services. When Cisco VNMC is integrated with ASA 1000v + Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: Configure Cisco ASA 1000v Firewalls - Create and apply security profiles that contain ACL policy sets for both ingress - and egress traffic, connection timeout, NAT policy sets, and TCP intercept + Create and apply security profiles that contain ACL policy sets for both ingress and + egress traffic, connection timeout, NAT policy sets, and TCP intercept &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware @@ -46,22 +46,21 @@ addCiscoAsa1000vResource. You can configure one per guest network. - A Cloud administrator creates an Isolated guest network offering by using ASA - 1000v as the service provider for Firewall, Source NAT, Port Forwarding, and Static - NAT. + A Cloud administrator creates an Isolated guest network offering by using ASA 1000v as + the service provider for Firewall, Source NAT, Port Forwarding, and Static NAT.
- Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC + <title>Using Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC in a Deployment
Prerequisites - Ensure that Cisco ASA 1000v appliance is set up externally and then registered - with &PRODUCT; by using the admin API. Typically, you can create a pool of ASA - 1000v appliances and register them with &PRODUCT;. + Ensure that Cisco ASA 1000v appliance is set up externally and then registered with + &PRODUCT; by using the admin API. Typically, you can create a pool of ASA 1000v + appliances and register them with &PRODUCT;. Specify the following to set up a Cisco ASA 1000v instance: @@ -71,17 +70,17 @@ Standalone or HA mode - Port profiles for the Management and HA network interfaces. This need to - be pre-created on Nexus dvSwitch switch. + Port profiles for the Management and HA network interfaces. This need to be + pre-created on Nexus dvSwitch switch. - Port profiles for both internal and external network interfaces. This need - to be pre-created on Nexus dvSwitch switch, and to be updated appropriately - while implementing guest networks. + Port profiles for both internal and external network interfaces. This need to be + pre-created on Nexus dvSwitch switch, and to be updated appropriately while + implementing guest networks. - The Management IP for Cisco ASA 1000v appliance. Specify the gateway such - that the VNMC IP is reachable. + The Management IP for Cisco ASA 1000v appliance. Specify the gateway such that + the VNMC IP is reachable. Administrator credentials @@ -99,11 +98,21 @@ appliances. - Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT; - when adding VMware cluster. + Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT; when + adding VMware cluster.
+
+ Guidelines + When a guest network is created with Cisco VNMC firewall provider, an additional public + IP is acquired along with the Source NAT IP. The Source NAT IP is used for the ASA outside + interface, whereas the addition IP is used to workaround an ASA limitation. Ensure that this + additional public IP is not released. You can identify this IP as soon as the network is in + implemented state and before acquiring any further public IPs. The additional IP is the one + that is not marked as Source NAT. You can find the IP used for the ASA outside interface by + looking at the Cisco VNMC used in your guest network. +
Using Cisco ASA 1000v Services @@ -120,11 +129,13 @@ See . - Create a Network Offering and use Cisco VNMC as the service provider for desired services. + Create a Network Offering and use Cisco VNMC as the service provider for desired + services. See . - Create an Isolated Guest Network by using the network offering you just created. + Create an Isolated Guest Network by using the network offering you just + created.
@@ -164,8 +175,8 @@ Host: The IP address of the VNMC instance. - Username: The user name of the account on the VNMC instance that &PRODUCT; - should use. + Username: The user name of the account on the VNMC instance that &PRODUCT; should + use. Password: The password of the account. @@ -209,16 +220,15 @@ Click the Add CiscoASA1000v Resource and provide the following: - Host: The management IP address of the ASA 1000v instance. The IP address is - used to connect to ASA 1000V. + Host: The management IP address of the ASA 1000v instance. The IP address is used + to connect to ASA 1000V. - Inside Port Profile: The Inside Port Profile configuration on Cisco - Nexus1000v dvSwitch. + Inside Port Profile: The Inside Port Profile configuration on Cisco Nexus1000v + dvSwitch. - Cluster: The VMware cluster to which you are adding the ASA 1000v - instance. + Cluster: The VMware cluster to which you are adding the ASA 1000v instance. Ensure that the cluster is Cisco Nexus 1000v dvSwitch enabled. @@ -230,8 +240,7 @@
Creating a Network Offering Using Cisco ASA 1000v - To have Cisco ASA 1000v support for a guest network, create a network offering as - follows: + To have Cisco ASA 1000v support for a guest network, create a network offering as follows: Log in to the &PRODUCT; UI as a user or admin. @@ -250,51 +259,50 @@ offering. - Description: A short description of the - offering that can be displayed to users. + Description: A short description of the offering + that can be displayed to users. - Network Rate: Allowed data transfer rate in - MB per second. + Network Rate: Allowed data transfer rate in MB + per second. - Traffic Type: The type of network traffic - that will be carried on the network. + Traffic Type: The type of network traffic that + will be carried on the network. - Guest Type: Choose whether the guest - network is isolated or shared. + Guest Type: Choose whether the guest network is + isolated or shared. - Persistent: Indicate whether the guest - network is persistent or not. The network that you can provision without having - to deploy a VM on it is termed persistent network. + Persistent: Indicate whether the guest network is + persistent or not. The network that you can provision without having to deploy a VM on + it is termed persistent network. VPC: This option indicate whether the guest - network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a - private, isolated part of &PRODUCT;. A VPC can have its own virtual network - topology that resembles a traditional physical network. For more information on - VPCs, see . + network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private, + isolated part of &PRODUCT;. A VPC can have its own virtual network topology that + resembles a traditional physical network. For more information on VPCs, see . - Specify VLAN: (Isolated guest networks - only) Indicate whether a VLAN should be specified when this offering is - used. + Specify VLAN: (Isolated guest networks only) + Indicate whether a VLAN should be specified when this offering is used. - Supported Services: Use Cisco VNMC as the - service provider for Firewall, Source NAT, Port Forwarding, and Static NAT to - create an Isolated guest network offering. + Supported Services: Use Cisco VNMC as the service + provider for Firewall, Source NAT, Port Forwarding, and Static NAT to create an + Isolated guest network offering. System Offering: Choose the system service offering that you want virtual routers to use in this network. - Conserve mode: Indicate whether to use - conserve mode. In this mode, network resources are allocated only when the first - virtual machine starts in the network. + Conserve mode: Indicate whether to use conserve + mode. In this mode, network resources are allocated only when the first virtual + machine starts in the network. @@ -303,4 +311,5 @@ The network offering is created. -
\ No newline at end of file + +