Guest

Cisco UCS Express

Services Ready Engine Virtualization (SRE-V) Self Training Guide (Powered by VMware vSphere Hypervisor™)

  • Viewing Options

  • PDF (6.7 MB)
  • Feedback

Contents

1 Cisco Unified Computing System Express Overview

1.1 Cisco Services Ready Engine

1.2 Services Ready Engine Virtualization (SRE-V)

1.3 Cisco Integrated Management Controller Express

2 The SRE-V Lab

3 Configure Network Interfaces of SM-SRE Service Module

3.1 Configuring Service Module Slot/0 and Service Module Slot/1 Interface(s)

4 Installing, Validating, and Activating SRE-V Software

4.1 Installing SRE-V Software on SM-SRE Service Module

4.2 Validating SRE-V Software Installation

4.3 Activating SRE-V Evaluation License

5 Configuring User(s), Group(s), Role(s), and Permission(s)

5.1 Creating User(s)

5.2 Creating Group(s)

5.3 Creating Role(s)

5.4 Working with Permissions: Adding Roles to User(s) or User Group(s)

6 The VMware vSphere Hypervisor™

6.1 Connecting to VMware vSphere Hypervisor™

7 SRE-V Networking

7.1 Understanding Preexisting vSwitch(es)

7.2 Creating a vSwitch

7.3 Modifying vSwitch or Port-Group Properties

8 SRE-V Storage

9 SRE-V Virtual Machine(s)

9.1 Creating Virtual Machine(s)

9.2 Installing Operating System from an ISO

9.3 Building a Virtual Machine Using Preexisting VMDK file

9.4 Configure Networking (External) for a Virtual Machine (VM-Retail)

9.5 Configure Networking (Internal) for a Virtual Machine (VM-Healthcare)

9.6 Advanced Network Configuration (VLANs)

10 High-Level Overview of SRE-V Hypervisor Settings

10.1 Overview of VMware vSphere Hypervisor™ Configuration

10.2 Overview of Virtual Machine Settings

11 Understanding Differences Between SRE-V and Standard VMware vSphere Hypervisor™


THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT IS SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Services Ready Engine Virtualization (SRE-V) Self Starter Guide (Powered by VMware vSphere Hypervisor )
© 2010 Cisco Systems, Inc. All rights reserved.

1 Cisco Unified Computing System Express Overview

Cisco Unified Computing System (UCS) Express is a converged networking, computing, and virtualization infrastructure for hosting edge applications in the lean branch office. This solution enables multiple virtual instances of Microsoft Windows Server to run on a dedicated general-purpose x86 blade directly inside a Cisco Integrated Services Routers Generation 2 (ISR G2) router. Cisco UCS Express extends unified data center infrastructure to the branch office.
The system consists of the following components:

• Cisco Services Ready Engine (SRE) multipurpose x86 blade servers

• Cisco SRE Virtualization (SRE-V) powered by VMware vSphere Hypervisor (ESXi)

• Cisco Integrated Management Controller Express (CIMCE) for the SRE blades

Cisco UCS Express is best-suited for multisite organizations with centralized IT infrastructure that need to host a small number of essential infrastructure services or line-of-business applications locally in the branch office.

Key Product Features

• Ready-to-use general-purpose x86 blade servers

• Enterprise- and production-class bare-metal hypervisor

• Remote management with network and server separation

• Integrated backplane switch for multigigabit connectivity

• Compact, all-in-one networking and computing system

Key Customer Value Propositions

• Consolidate and simplify branch-office infrastructure into one device

• Reduce total cost of ownership (TCO) of branch-office infrastructure

• Optimize branch-office infrastructure for essential edge applications

• Improve application uptime, recovery time, and deployment time

• Maximize infrastructure usage and investment protection

Read more about Cisco UCS Express at: http://cisco.com/go/ucse

1.1 Cisco Services Ready Engine

Cisco Services Ready Engines (SREs) are high-performance router blades for the Cisco ISR G2s that provide the capability to host Cisco, third-party, and custom applications. The modules have their own processors, storage, network interfaces, and memory that operate independently of the host router resources, helping to ensure maximum concurrent routing and application performance. A services-ready deployment model allows you to remotely provision branch-office applications on the modules at any time.

Key Product Features

• Versatile platform for hosting Cisco, third-party, and custom applications

• High-performance, high-availability, and high-capacity hardware

• Centralized management and troubleshooting

• Small physical, energy, and carbon footprint

• On-demand application provisioning

Key Customer Value Propositions

• Simplify branch-office infrastructure by consolidating applications into the ISR G2

• Adapt branch-office services to business needs by deploying applications on demand

• Save on the cost of onsite visits, utility bills, and hardware support contracts

Figure 1. Service Modules (SM-SRE)

Read more about the Cisco SRE at: http://cisco.com/go/sre

1.2 Services Ready Engine Virtualization (SRE-V)

Cisco SRE-V is a branch-office infrastructure platform that combines computing, networking, storage, virtualization, and unified management into a cohesive system. It enables the VMware vSphere Hypervisor to be provisioned on a Cisco Services Ready Engine (SRE) Service Module and host one or more virtual machines running Microsoft Windows Server operating system. The entire system is integrated with Generation 2 of the Cisco Integrated Services Router (ISR G2).

Figure 2. Conceptual Overview of Services Ready Engine Virtualization

1.3 Cisco Integrated Management Controller Express

CIMC Express provides a web and command-line based interface to perform low-level hardware management of SRE modules; you can use it for provisioning your Cisco SRE-V application. This tool helps with maintaining clear boundaries between IT and the network administrator (Figure 1).

Key Product Features

• Low-level hardware management

• Standard network configuration

• On-demand application provisioning

• Out of band management

Figure 3. Cisco Integrated Management Controller Express Web Interface

2 The SRE-V Lab

To perform hands-on training with SRE-V you will start with setting up a lab (POD). The lab should consist of the following components:

• One ISR G2 (2911, 2921, 2951, 3925, 3925E, 3945 or 3945E)

• One SM-SRE (SM-SRE-700-K9 or SM-SRE-900-K9)

• A PC running Windows OS with VMware vSphere Client 4.1 or above

• A server running FTP and NFS service

• A layer three switch

• Windows 2003 ISO image

• A prebuilt virtual machine (VMDK and VMX files) using Window 2003 SE image

Figure 4. Lab Topology

Notice that we are using a letter P. P signifies the POD number. It's relevant if your setup has multiple PODs. If not you can consider P=1 for simplicity. Since our setup has multiple PODs, we will use the letter P in this entire document.

Components within our lab:

• SM-SRE-700-K9 plugged into Slot 1 of ISR G2 2911 running IOS version 15.1.3T

• A PC running Windows OS (IP Address: 10.1.10.10) with VMware vSphere Client 4.1. Windows 2003 ISO file and perbuilt VM are also kept on this PC on E:\ drive within Software directory

• A server (IP Address: 10.10.0.20) running FTP and NFS service hosting SRE-V 1.0.1 image files

• A layer three switch connecting PC, server, router and external network interface of SRE

3 Configure Network Interfaces of SM-SRE Service Module

The host router and the Cisco SRE Service Module use several interfaces for internal and external communication. Use the Cisco IOS Software command-line interface (CLI) commands to configure each of the interfaces on the router.
Before configuring the interfaces, make sure that you have the following information for entering the Cisco SRE Service Module command environment:

• IP address of the Cisco router that contains the Cisco SRE Service Module

• Username and password for logging into the router

The service module communicates with the host router through two internal Gigabit Ethernet (GE) interfaces:

• One Gigabit Ethernet interface connects to the router Peripheral Component Interconnect Express (PCIe) (refer to interface GE0 in Figure 5). This interface is sm slot/0 and is configured through the Cisco IOS Software CLI.

• The other Gigabit Ethernet interface connects to the multigigabit fabric (MGF) (refer to interface GE1 in Figure 5). This interface, sm slot/1, is also configured through the Cisco IOS Software CLI. After the interface is configured, the vSphere client communicates with the VMware vSphere Hypervisor through this interface.

Once configured vSphere client communicates with the VMware vSphere Hypervisor through this interface.

A third Gigabit Ethernet interface is located on the external face plate of the Cisco SRE Service Module (refer to interface GE2 in Figure 5). This Gigabit Ethernet interface is configured and managed by the VMware vSphere Hypervisor .

Figure 5. Block Diagram of Cisco SRE 900 Service Module

3.1 Configuring Service Module Slot/0 and Service Module Slot/1 Interface(s)

The objective of this task is to familiarize yourself with the configurations required to get the SRE-V module working within the ISR G2. After completing this task you will be able to:

• Successfully configure the SRE-V console manager IP address and default gateway

• Successfully configure the VMware vSphere Hypervisor IP address

• Successfully configure the service-module slot/1 interface in trunk mode

• Successfully configure VLAN 1 to be used by VMware vSphere Hypervisor

Figure 6. Conceptual Diagram of IP Address Assignment for POD 1 (P=1)

Note:

• Service-module IP address is assigned to console manager (10.P.20.2).

• Service-module MGF IP address is assigned to VMware vSphere Hypervisor (10.P.30.2).

Step 1. Configure ISR G2 with the following IP addressing scheme:

Router# conf t
Router(config)# interface sm 1/0
Router(config-if)# ip address 10. P.20.1 255.255.255.0
Router(config-if)# service-module ip address 10. P.20.2 255.255.255.0
Router(config-if)# service-module ip default-gateway 10. P.20.1
Router(config-if)# service-module mgf ip address 10. P.30.2 255.255.255.0
Router(config-if)# exit
Router(config)# interface sm 1/1
Router(config-if)# switchport mode trunk
Router(config-if)# exit
Router(config)# interface vlan 1
Router(config-if)# ip address 10. P.30.1 255.255.255.0
Router(config-if)# no shut
Router(config-if)# end
Router# wr

4 Installing, Validating, and Activating SRE-V Software

The Cisco SRE Service Module can be installed in the router in four different states:

• Blank

• Preinstalled with SRE-V software

• Preinstalled with SRE-V software and Windows 2008 R2 64-bit operating system

• Preinstalled with any other applicable application available on the SRE platform; for example, the Cisco Application Extension Platform (AXP), Cisco Wide Area Application Services (WAAS), Cisco Unity® Express, etc.

For our lab we have intentionally kept the module in blank state so that you can familiarize yourself with the installation procedure.

4.1 Installing SRE-V Software on SM-SRE Service Module

The objective of this task is to familiarize yourself with the SRE-V installation procedure from Cisco IOS Software command-line interface (CLI). After completing this task you will be able to:

• Successfully install SRE-V infrastructure software

Prerequisites

Make sure you can ping the FTP server from the ISR G2. Issue the following command to validate connectivity:

Router# ping 10.10.0.20

Step 1. Installing SRE-V infrastructure software

Issue the following command to install SRE-V infrastructure software on the SRE hardware using the Cisco IOS Software CLI. You can also use Cisco Configuration Professional or the CiscoWorks LAN Management Solution (LMS) GUI tool to install SRE-V software on one or multiple devices with a few simple clicks.

Router# service-module sm 1/0 install url ftp://10.10.0.20/sre-v-k9.smv.1.0.1.pkg

Note: Our SRE-V install image is kept on FTP server within the root folder. Make sure to change the CLI path appropriately based on where your SRE-V image is kept. SRE-V install will take about four minutes.

Note: It will take about four minutes to install the application.

Issue the service-module sm 1/0 session command, click Yes, and see the entire install procedure.

4.2 Validating SRE-V Software Installation

The objective of this task is to familiarize yourself with the output you should expect to see after SRE-V is installed on the Cisco SRE. After completing this task you will be able to:

• Successfully validate installation of SRE-V infrastructure software

Step 1. Validating installation of SRE-V infrastructure software

Issue the following command to validate existence of SRE-V infrastructure software on the SRE hardware using the Cisco IOS Software CLI. You can also use Cisco Configuration Professional or the CiscoWorks LMS GUI tool to view which application is installed on the SRE hardware.

Router# service-module sm 1/0 status
Expect to see following output:
Service Module is Cisco SM1/0
Service Module supports session via TTY line 131
Service Module is in Steady state
Service Module heartbeat-reset is enabled
Getting status from the Service Module, please wait..
Cisco SRE-V Software 1.0.1
SRE-V Running on SMV
No install/uninstall in progress

4.3 Activating SRE-V Evaluation License

The Cisco SRE-V application enables Cisco Software Licensing to manage feature entitlements for VMware vSphere Hypervisor . Cisco Software Licensing provides the following licenses:

• VMware vSphere Hypervisor Evaluation License: The 60-day evaluation license is bundled with the Cisco SRE-V software image, which you can use to evaluate the hosting environment. Evaluation license requires activation. The End User License Agreement (EULA) must be accepted before the evaluation license is activated.

• Permanent VMware vSphere Hypervisor Host License: You can order this perpetual license either along with the VMware vSphere Hypervisor software or separately when the built-in evaluation license expires. After permanent licenses are installed, they provide all the permissions necessary to access features in the software image. All permanent licenses are node-locked and validated by the licensing infrastructure during software installation. After a permanent license is installed, you do not need to upgrade it for subsequent releases. Table 1 lists the part numbers for featured licenses.

Table 1. Featured License Part Numbers

FL-SRE-V-HOST

VMware vSphere Hypervisor Host pre-activated paper license purchased with the software.

FL-SRE-V-HOST=

VMware vSphere Hypervisor Host paper license purchased without the software (spare).

L-FL-SRE-V-HOST=

VMware vSphere Hypervisor Host electronic license purchased without the software (spare).

The objective of this task is to learn how to activate the SRE-V evaluation license so that you can connect to VMware vSphere Hypervisor using the vSphere client. Upon completion of this task you will be able to:

• Successfully activate the SRE-V evaluation license

Step 1. Activate SRE-V infrastructure software

Issue the following command to validate the existence of SRE-V infrastructure software on the SRE hardware using the Cisco IOS Software CLI.

Note: Activation of SRE-V license is done from SRE-V CLI and not from IOS CLI i.e. you need to session into the module before executing this CLI.

Router# service-module sm 1/0 session
SRE-Module# license activate sreVHost
-----------------------------
EULA terms....
-----------------------------
ACCEPT? [y/n]? y
SRE-Module#

Step 2. Configure Hypervisor's Gateway

View and configure SRE-V's gateway by executing show hypervisor ip and hypervisor set ip default-gateway CLI respectively.

SRE-Module# show hypervisor ip
....
Default Gateway: None
....
SRE-Module# hypervisor set ip default-gateway 10. P.30.1

Step 3. Reload the service module (SM-SRE) for license activation to take effect. You need to issue this command from the Router. Exit from Service-Module prompt and then issue this CLI.

Issue the reload command; when prompted to confirm, press Enter. The system continues with the reboot.

Router# service-module sm 1/0 reload

5 Configuring User(s), Group(s), Role(s), and Permission(s)

The hypervisor determines the level of access for a user based on the permissions assigned to that user. The username, password, and permissions combination is the mechanism by which the hypervisor authenticates the user for access, and it authorizes the user to perform activities.
To control which individual users or groups can access particular vSphere objects, the ESXi host uses sets of preestablished privileges or roles. A role and a user or group that is assigned to an inventory object constitute a permission.
By default, the Cisco SRE-V software comes with two predefined roles:

• esx-admins

• vm-users

Each role has certain privileges assigned to it. Users with the esx-admins role can manage the VMware vSphere Hypervisor , whereas users with the vm-users role can manage virtual machines.
Besides the default esxi-admins and vm-users roles, you can use the Cisco SRE-V commands provided in this section to configure additional users and roles, and provide permissions to those users to access virtual machines.
The objective of this task is to learn how to create user(s), group(s), role(s), and permissions. Upon completion of this task, you will be able to:

• Successfully create users

• Successfully create groups

• Successfully create roles and add privileges to roles

• Successfully add roles to user groups

5.1 Creating User(s)

A user is the person who is authorized to log into the ESX/ESXi host or the vCenter Server.
The objective of this task is to learn how to create user(s) in the SRE-V using the console-manger CLI. Keep in mind that you can create user(s) only through the CLI - not through the vSphere client.
After completing this task you will be able to:

• Successfully create two SRE-V users

• Successfully update a user's password

• Successfully delete a user

Step 1. Creating user(s) using the console-manager CLI:

Service-Module# user create jsmith password Usr!234 [fullname "John Smith" ]
Service-Module# user create rlee password rob!123 [fullname "Robert Lee" ]

Step 2. Update user jsmith's password using the console-manager CLI:

Service-Module# user update jsmith password user!123

Step 3. Delete user rlee using the console-manager CLI:

Service-Module# user delete rlee

Note: When you delete a specific user, the user group to which the user belongs to is not deleted, nor is the role that was assigned to that user deleted.

5.2 Creating Group(s)

A group is a container that can consist of one or multiple users. It is much easier to manage permissions at a group level than at a user level, and using groups is optional.
The objective of this task is to learn how to create group(s) in the SRE-V using the console-manger CLI. Keep in mind that you can create group(s) only through the CLI - not through vSphere client.
After completing this task you will be able to:

• Successfully create two SRE-V groups

• Successfully add user(s) to group(s)

• Successfully delete a group

Step 1. Create group(s) using the console-manager CLI:

Service-Module# group create SuperAdmins
Service-Module# group create BasicAdmins

Step 2. Update group SuperAdmins with user jsmith using the console-manager CLI:

Service-Module# group update SuperAdmins add-user jsmith

Step 3. Delete group BasicAdmins using the console-manager CLI:

Service-Module# group delete BasicAdmins

Note: When you delete a specific group, the user accounts that belong to the group are not deleted, nor are the roles that are assigned to that group.

5.3 Creating Role(s)

A role is a container that consists of privileges. A role can have one or more privileges associated with it. Privileges are predefined in the VMware vSphere Hypervisor .
Role(s) can be assigned to user(s) and group(s). It is much easier to manage permissions at a group level, so IT best practices dictate that role(s) be assigned to groups rather than users.
The objective of this task is to learn how to create role(s) in the SRE-V using the console-manger CLI. Keep in mind that you can create role(s) only through the CLI - not through the vSphere client.
After completing this task you will be able to:

• Successfully create two SRE-V roles

• Understand what privilege and privilege group signify

• Successfully add privileges and remove privileges from a role

• Successfully delete a role

Step 1. Create role(s) using the console-manager CLI:

Service-Module# role create SuperRole
Service-Module# role create BasicRole

Step 2. Understand what privilege and privilege group signify:

Privileges are predefined in the VMware vSphere Hypervisor . Each privilege has a unique ID, which is contained in a privilege group. The privilege group can have one or more privileges. For example:

• The VirtualMachine.Config.AddNewDisk privilege belongs to the privilege group called VirtualMachine.Config.

• The VirtualMachine.Config privilege group also has other privileges besides the VirtualMachine.Config.AddNewDisk privilege.

Service-Module# show privilege all
Service-Module# show privilege-group all

Step 3. Add and remove privileges and privilege groups from a role using the console-manager CLI:

Service-Module# role update SuperRole add-privilege VirtualMachine.Config.AddNewDisk
Service-Module# role update SuperRole add-privilege-group VirtualMachine.Config
Service-Module# role update SuperRole remove-privilege VirtualMachine.Config.AddNewDisk

Step 4. Delete a role using the console-manager CLI:

Service-Module# role delete BasicRole

5.4 Working with Permissions: Adding Roles to User(s) or User Group(s)

Adding or removing role(s) from a user or group means revising permissions. Permission refers to an object that consists of an authorization role, a user or group name, a managed virtual machine, or host reference. Permission allows the user to access a virtual machine with any of the privileges that apply to the specified role.
The objective of this task is to learn how to work with permissions in the SRE-V using the console-manger CLI. Keep in mind that you can assign permissions only through the CLI - not through the vSphere client.
After completing this task you will be able to:

• Successfully assign a role to a user

• Successfully assign a role to a group

• Successfully remove a role from a user

Step 1. Assign a role to a user:

Service-Module# permission add SuperRole user jsmith [virtual-machine VM ]
OR
Service-Module# permission add SuperRole user jsmith [nopropogate]

Note:

virtual-machine VM (optional): This command gives the user permission to access the specified virtual machine. Role permissions are provided at object level in ESXi. Without the virtual-machine keyword in this command, the user has the permission to access all of the virtual machines in the system.

Nopropogate (optional): This command does not allow role permissions to be propagated to the sub-entities of the host. Without the nopropogate keyword, permissions are propagated to the granted object.

Step 2. Assign a role to a group:

Service-Module# permission add SuperRole group SuperAdmins [virtual-machine VM ]
OR
Service-Module# permission add SuperRole group SuperAdmins [nopropogate]

Step 3. Revoke a role from a user:

Service-Module# permission remove SuperRole user jsmith [virtual-machine VM]

6 The VMware vSphere Hypervisor

VMware vSphere Hypervisor is the new name for what was formerly known as VMware ESXi Single Server, or simply "VMware ESXi". It is licensed only to unlock the hypervisor functions of vSphere.

6.1 Connecting to VMware vSphere Hypervisor

The objective of this task is to learn how to connect to the SRE-V hypervisor. This technology is powered by VMware vSphere Hypervisor . At the completion of this task, you will be able to:
Successfully connect to the SRE-V Hypervisor

Step 1. Launch vSphere client and enter the following information. Upon the prompt, click Ignore and proceed (Figure 7):

• IP address: 10.P.30.2

• Username: esx-admin

• Password: change_it

Figure 7. VMware vSphere Client

Step 2. Validate connectivity to the VMware vSphere Hypervisor (Figure 8).

Figure 8. Connectivity Validation

7 SRE-V Networking

Unlike when you install a standard ESXi, when you install SRE-V it creates multiple switches, so it is important to understand what these switches are for. Following are the vSwitches that are created:

• vSwitch0: This switch uses the MGF interface to connect the VMware vSphere Hypervisor and the guest virtual machines to the outside world. The MGF interface is sm slot/1. vSwitch0 contains two port groups:

– Management network: Used by the VMware vSphere Hypervisor to connect to the vSphere client

– VM network: Used by the guest virtual machines to connect to the outside world

• ciscoSwitchLocal: This switch contains CiscoReservedLocal port group, which is used for internal communication between the console manager and the VMware vSphere Hypervisor.

• ciscoSwitch: This switch contains the CiscoReserved port group, which is used for the following:

– External connection to the Cisco SRE Service Module management interface, such as Secure Shell (SSH) Protocol, Cisco Licensing Manager (CLM), and the web service application programming interface (API)

– Internal communication between the Cisco ISR G2 and the Cisco SRE Service Module

7.1 Understanding Preexisting vSwitch(es)

The objective of this task is to familiarize yourself with preexisting vSwitches. At the completion of this task, you will be able to:

• Understand vSwitches in the SRE-V Hypervisor

Step 1. First click the Configuration tab and then click Networking (Figure 9).

Figure 9. Virtual Switches

Even if you live and breathe hypervisor(s) do not delete or modify the following:

• vSwitch0: Management network
• ciscoSwitchLocal: CiscoReservedLocal
• ciscoSwitch: CiscoReserved

7.2 Creating a vSwitch

The objective of this task is to learn how to create a new vSwitch. After completion, you will be able to:

• Successfully create a vSwitch

Step 1. Click the Add Networking link at the top right of the screen and select Virtual Machine (Figure 10).

Figure 10. Adding a Virtual Machine

Step 2. Select Create a virtual switch and select vmnic0 (Figure 11).

Figure 11. Creating a Virtual Switch

Step 3. Give the port group a name: VM Network External Port and leave the VLAN ID as it is (Figure 12).

Figure 12. Giving Port Group a Name

Step 4. Click Finish (Figure 13).

Figure 13. Virtual Switches Configured

Step 5. Validate creation of vSwitch1 (Figure 14) and click on Properties

Figure 14. Validating Creation of vSwitch1

7.3 Modifying vSwitch or Port-Group Properties

The objective of this task is to familiarize yourself with the options available in vSwitch(es) and port group(s). They have similar options, so this section, covers only one of them. vSwitch properties are applied at a global level, and port-group properties are applied at an individual level. When you complete this task you will be able to:

• Successfully modify vSwitch properties

Step 1. Select vSwitch and click Edit (Figure 15).

Figure 15. Modifying vSwitch Properties

Step 2. Select the General tab and leave the port number unchanged; then select the Security tab and change Promiscuous mode to Accept (Figure 16).

Figure 16. Changing Promiscuous Mode

Step 3. Select Traffic Shaping and update Policy Exception Status to Enabled. Leave NIC Teaming at the default settings and click OK (Figure 17).

Figure 17. Changing Status of Traffic Shaping

Step 4. Select Network Adapters, click Edit, and view its settings (Figure 18).

Figure 18. Editing Network-Adapter Settings

8 SRE-V Storage

The Cisco SRE 700 Service Module (SM-SRE-700) has one datastore created by default, and the Cisco SRE 900 Service Module (SM-SRE-900) has two datastores created by default.
The objective of this task is to learn how to configure a remote datastore in the SRE-V. Upon completion you will be able to:

• Successfully create a datastore using the network file system (NFS).

Step 1. Click the Configuration tab; then click Storage and then Add Storage (Figure 19).

Figure 19. Adding Storage

Step 2. Select Network File System and then click Next (Figure 20).

Figure 20. Selecting Storage Type

Step 3. Enter IP: 10.10.0.20, Folder: /NFS_PX. Enter Datastore Name: NFS_PX and click Next (Figure 21). X is the number of your POD. Make sure you have setup a folder which is being shared using NFS protocol.

Figure 21. Naming Datastore

Step 4. Click Finish and validate creation of a datastore (Figure 22).

Figure 22. Validating Creation of Datastore

9 SRE-V Virtual Machine(s)

A virtual machine is a software computer that runs an operating system and applications (just like a physical computer). You can use VMware vSphere Hypervisor to run several virtual machines. For this lab we use the vSphere client GUI to create and manage virtual machines.
The vSphere client contains an online tutorial for first-time users. It also contains embedded inline assistance for getting started, which allows you to set up your virtual infrastructure through an easy-to-use, step-by-step process. If you are an experienced user, you can turn off this assistance.

9.1 Creating Virtual Machine(s)

The objective of this task is to learn how to create and modify virtual machines. At completion of this task, you will be able to:

• Successfully create two virtual machines

• Successfully modify virtual machines

Step 1. Invoke the virtual-machine creation wizard.

There are multiple ways to start creation of a virtual machine and you can use any of them (Figure 23).

Figure 23. Virtual-Machine Creation Wizard

Option A: Right click the ESXi Host and select New Virtual Machine.
Option B: Click the General tab and select Create a new virtual machine.
Option C: Click the Summary tab and select New Virtual Machine.
Option D: Click File > New > Virtual Machine.

Step 2. Select Custom and click Next (Figure 24).

Figure 24. Custom Creation of Virtual Machine

Step 3. Provide a name to the virtual machine; for example, VM-Retail (Figure 25).

Figure 25. Naming the New Virtual Machine

Step 4. Select datastore1. That is where virtual-machine's files should be kept and click Next (Figure 26).

Figure 26. Selecting Datastore for Virtual-Machine Files

Step 5. Select Virtual Machine 7 for compatibility with the newer version of VMware products (Figure 27).

Figure 27. Selecting Virtual Machine for Compatibility with Newer VMware Products

Step 6. Select the operating system that you plan to install: Window 2003 Standard Edition (32 Bit). (Refer to Figure 28.)

Figure 28. Selecting Operating System to Install

Step 7. Enter the amount of memory you want to allocate. For now enter 1024 MB and click Next (Figure 29).

Figure 29. Memory Configuration

Step 8. Select VM Network External Port network interface and click Next (Figure 30).

Figure 30. Selecting Network Interface

Step 9. Select LSI Logic Parallel and click Next (Figure 31).

Figure 31. SCSI Controller Settings

Step 10. Leave the default settings Create a new virtual disk and click Next (Figure 32).

Figure 32. Selecting Disk

Step 11. Enter Disk Size 2 GB, leave the rest as default, and click Next (Figure 33).

Figure 33. Selecting Disk Size

Step 12. Leave the default options as they are and click Next (Figure 34).

Figure 34. Advanced Options

Step 13. Click Finish (Figure 35).

Figure 35. Completion of New Virtual Machine Creation

9.2 Installing Operating System from an ISO

The objective of this task is to learn how to install an operating system within a virtual machine. Upon completion of this task, you will be able to:

• Successfully mount a client device and install an operating system

• Successfully mount an ISO from a datastore and install an operating system

Step 1. Select VM-Retail and click Edit Setting under the Summary tab (Figure 36).

Figure 36. Editing Virtual-Machine Settings

Step 2. Click CD/DVD Drive under the Hardware tab and select Client Device (Figure 37).

Figure 37. Client Device for CD/DVD Drive

Figure 38. Datastore ISO Image (This is an example to show that image can also be kept on the datastore).

Note: Do not execute this step

Step 3. Under the Summary Tab click Power On and then click Open Console (Figure 39).

Figure 39. Summary Tab

Step 4. You should see a screen similar to Figure 40.

Figure 40. VM-Retail Booting

Step 5. Click the icon and select Connect to ISO image on local disk. Browse to E:\Software and select Win2k3.iso (Figure 41).

Figure 41. Connecting to ISO Image

Note: Point to the Windows 2003 ISO file or any other Windows IOS file you have available within your setup.

Step 6. Click VM > Guest > Send Ctrl+Alt+del (Figure 42).

Figure 42. Rebooting VM-Retail

Step 7. Keep using defaults and continue installation of the Windows 2003 operating system. When prompted, enter VM-Retail as Computer Name and cisco as Administrator Password (Figure 43).

Figure 43. Installing Windows

Step 8. Select Typical settings and enter Cisco in the Work Group textbox. When the operating system finishes installation, click VM > Guest > Send Ctrl+Alt+del and enter Administrator and cisco as username and password, respectively (Figure 44).

Figure 44. Administrator Username and Password

Note: Ignore any messages that pop-up during first login.

9.3 Building a Virtual Machine Using Preexisting VMDK file

In the previous section you installed an operating system directly from an ISO. This section describes how to import a VMDK file or a preexisting virtual machine and build a virtual machine off it.
The objective of this task is to learn how to build a virtual machine off a VMware Virtual Machine Disk (VMDK). At completion, you will be able to:

• Successfully create a virtual machine using VMDK

Step 1. Click Configuration > Storage. Right click datastore1 and click Browse. Click the icon and select Upload Folder. Identify the location where you have kept a prebuilt Virtual Machine (VMDK and VMX files). In our setup the images are saved on the PC at the following location E:\Software\VM-Healthcare.

Copy over E:\Software\VM-Healthcare (Figure 45). We assume you have a preexisting VMDK, if not build a VM and save the files on your PC.

Figure 45. Uploading a Folder

Step 2. Start the virtual-machine creation wizard. Select Custom and click Next (Figure 46). Refer to 9.1 for more information.

Figure 46. Custom Configuration

Step 3. Provide a name to the virtual machine: VM-Healthcare and click Next (Figure 47).

Figure 47. Naming the Virtual Machine

Step 4. Select datastore1. That is where virtual-machine's files should be kept and click Next (Figure 26).

Figure 48. Selecting Datastore for Virtual-Machine Files

Step 5. Select Virtual Machine 7 for compatibility with the newer versions of VMware products (Figure 49).

Figure 49. Selecting Virtual Machine for Compatibility with Newer Versions of VMware Products

Step 6. Select the operating system that you plan to install: Window 2003 Standard Edition (32 Bit) and click Next (Figure 50).

Figure 50. Choosing Operating System to Install

Step 7. Enter the amount of memory you want to allocate. For now enter 512 MB and click Next (Figure 51).

Figure 51. Choosing Memory

Step 8. Select VM Network interface and click Next (Figure 52).

Figure 52. Choosing Virtual-Machine Network

Step 9. Select LSI Logic Parallel and click Next (Figure 53).

Figure 53. SCSI Controller Settings

Step 10. Select Use an existing virtual disk and click Next (Figure 54).

Figure 54. Selecting a Disk

Step 11. Browse and select datastore1 > VM-Healthcare > VM-Healthcare.vmdk and click Next (Figure 55).

Figure 55. Browsing VMDK File

Step 12. Leave the default options as they are and click Next (Figure 56).

Figure 56. Default Options

Step 13. Click Finish (Figure 57).

Figure 57. Completion

Step 14. Start the virtual machine and log in with username Administrator and password cisco (Figure 58).

Figure 58. Starting Virtual Machine

9.4 Configure Networking (External) for a Virtual Machine (VM-Retail)

In the section "Installing Operating System from an ISO" (9.2), you installed an operating system directly from an ISO. In this section you will configure the network interface and validate connectivity to other virtual machines using the external interface on the Cisco SRE 700 Service Module (SM-SRE-700-K9).
The objective of this task is to familiarize yourself with configuring network connectivity for virtual machines. Upon completion, you will be able to:

• Successfully configure the IP address and validate connectivity

Step 1. Click Start > Control Panel > Network Connections > Local Area Connection (Figure 59).

Figure 59. Configuring Local Area Connection

Step 2. Click Properties > Internet Protocol (TCP/IP) > Properties and enter the following details and click OK, OK and Close (Figure 60):

• IP address: 10.1.100.P

• Subnet mask: 255.255.255.0

• Default gateway: 10.1.100.254

Figure 60. Properties

Step 3. Launch the command prompt and test connectivity to 10.1.100.254 and to other virtual machines. Ask your instructor for IP addresses for other virtual machines (Figure 61).

Figure 61. Command Prompt

9.5 Configure Networking (Internal) for a Virtual Machine (VM-Healthcare)

In the section "Building a Virtual Machine Using Preexisting VMDK file" (9.3), you built a virtual machine using a preexisting VMDK. In this section you will configure the network interface and validate connectivity to the router using an internal interface (MGF). This setup is a very basic one; that is, your virtual machine will piggyback on the default VLAN; that is, VLAN 1.
The objective of this task is to learn how to configure network connectivity for virtual machines. Upon completion, you will be able to:

• Successfully configure IP address and validate connectivity of virtual machines

Step 1. Click Start > Control Panel > Network Connections > Local Area Connection (Figure 62).

Figure 62. Configuring Local Area Connection

Step 2. Click Properties > Internet Protocol (TCP/IP) > Properties and enter the following details and click on OK, OK and Close (Figure 63).

• IP address: 10.P.30.3

• Subnet mask: 255.255.255.0

• Default gateway: 10.P.30.1

Figure 63. Properties

Step 3. Launch the command prompt and test connectivity to 10.P.30.1, 10.P.10.1, and 10.P.20.1. (Figure 64). Refer to 3.1 to understand which IP corresponds to which interface

Figure 64. Command Prompt

9.6 Advanced Network Configuration (VLANs)

In the previous sections, "Configure Networking (External) for a Virtual Machine:VM-Retail" and "Configure Networking (Internal) for a Virtual Machine: VM-Healthcare" (9.4 and 9.5, respectively), you configured external and internal gigabit ports for virtual machines. This section discusses advanced vSwitch and port-group configuration; that is, you will create two different port groups within one vSwitch and use VLANs to isolate traffic.
The objective of this task is to learn how to set up virtual machines in different VLAN segments. Upon completion, you will be able to:

• Successfully create two port groups in a vSwitch

• Successfully assign virtual networks to virtual machines

• Successfully configure IP addresses for virtual machines

• Successfully configure VLANs on the router

Creating Port Group(s)

Step 1. Click Configuration > Networking and select Properties for vSwitch0 (Figure 65).

Figure 65. vSwitch0 Configuration

Step 2. Click Add (Figure 66).

Figure 66. Creating a Port Group

Step 3. Select Virtual Machine and click Next (Figure 67).

Figure 67. Creating Connection Type

Step 4. Provide a name to the port group: VM Network - Retail, enter VLANID 40, and click Next (Figure 68).

Figure 68. Port Group Properties

Step 5. Click Finish (Figure 69).

Figure 69. Completion of Port Group Creation

Step 6. Click Add (Figure 70).

Figure 70. Creating a Port Group

Step 7. Select Virtual Machine and click Next (Figure 71).

Figure 71. Creating Connection Type

Step 8. Provide a name to the port group: VM Network - Healthcare, enter VLANID 50, and click Next (Figure 72).

Figure 72. Port Group Properties

Step 9. Click Finish (Figure 73).

Figure 73. Completion of Port Group Creation

Step 10. Click Close (Figure 74).

Figure 74. Closing Window

Configuring VLANs on the Router

Step 11. Go back to the router and begin entering the following commands.

Router# vlan database [Ignore deprecated warning]
Router(vlan)# vlan 40
Router(vlan)# vlan 50
Router(vlan)# exit
Router(config)# interface vlan 40
Router(config-if)# ip address 10. P.40.1 255.255.255.0
Router(config-if)# exit
Router(config)# interface vlan 50
Router(config-if)# ip address 10. P.50.1 255.255.255.0
Router(config-if)# end
Router# wr

Assigning Virtual Machines to Port Group(s)

Step 12. Go back to vSphere client and right click on virtual machine VM-Healthcare, click Edit Settings > Network adapter 1, and select VM Network - Healthcare and click OK (Figure 75).

Figure 75. Editing Virtual Machine's Network Connection

Step 13. Select virtual machine VM-Retail, click Edit Settings > Network adapter 1, and select VM Network - Retail and click OK (Figure 76).

Figure 76. Editing Virtual Machine's Network Connection

Step 14. Validate that your configuration looks like Figure 77 by clicking on Hypervisor's IP > Configuration > Networking.

Figure 77. Configuration Validation

Configuring IP Address of Both Virtual Machines (Refer to section 9.5)

Step 15. Configure the VM-Retail IP address as 10.P.40.2 and the VM-Healthcare IP address as 10.P.50.2. Enter subnet mask as 255.255.255.0 and gateways as 10.P.40.1 and 10.P.50.1, respectively (Figure 78).

Figure 78. Configuring IP Address and Gateway

Step 16. Validate reachability to the router by pinging 10.P.10.1 from both the virtual machines (Figure 79).

Figure 79. Validate Connectivity from VM-Retail and VM-Healthcare

Step 17. Modify allowed VLAN(s) on the router and observe the change in connectivity (Figure 80).

Router(config)# interface sm 1/1
Router(config-if)# switchport trunk allowed vlan remove 40
Router(config-if)# exit

Figure 80. Command Prompt of VM-Healthcare

Configure an access control list (ACL) on a different VLAN interface and observe the change in connectivity.

10 High-Level Overview of SRE-V Hypervisor Settings

The objective of this task is to familiarize yourself with a few basic settings within VMware vSphere Hypervisor :

• Observe what is in the Getting Started tab

• Observe what is in the Summary tab

• Observe what is in the Virtual Machine tab

• Observe what is in the Resource Allocation tab

• Observe what is in the Performance tab

• Make Edits under the Configuration tab

• Observe what is in the Local Users & Groups tab

• Observe what is in the Events tab

• Observe what is in the Permissions tab

10.1 Overview of VMware vSphere Hypervisor Configuration

Step 1. Getting Started tab (Figure 81).

Figure 81. Getting Started Tab

Step 2. Summary tab (Figure 82).

Figure 82. Summary Tab

Step 3. Virtual Machines tab (Figure 83).

Figure 83. Virtual Machines Tab

Step 4. Resource Allocation tab (Figure 84).

Figure 84. Resource Allocation Tab

Step 5. Performance tab (Figure 85).

Figure 85. Performance Tab

Step 6. Configuration tab (Figure 86).

Figure 86. Configuration Tab

Step 7. Click Configuration Tab > Time Configuration and select Properties then select Options. Click NTP Settings and click Add. Enter Network Time Protocol (NTP) server IP 10.P.10.1 and click OK (Figure 87). Observe the hypervisor synchronizing time with the router. Make sure router is configured to run NTP protocol.

Figure 87. Time Configuration

Step 8. Click Configuration Tab > DNS and Routing Configuration. Click Properties and enter SRE-V and Cisco as your Host Name and Domain respectively. Click OK (Figure 88).

Figure 88. DNS and Routing Configuration

Step 9. Click the Configuration Tab > Virtual Machine Startup and Shutdown option and select Properties. Check the box below System Settings and make edits to Default Startup Delay (Figure 89).

Figure 89. Virtual Machine Startup and Shutdown

Step 10. Click Configuration Tab > Security Profile and select Properties. Observe the services that are running and those that have stopped (Figure 90).

Figure 90. Stopped and Running Services

Step 11. Local Users & Groups tab

These groups are managed through the SRE-V CLI (Figure 91).

Figure 91. Local Users & Groups Tab

Step 12. Events tab (Figure 92).

Figure 92. Events Tab

Step 13. Permissions tab

Permissions are managed through the SRE-V CLI (Figure 93).

Figure 93. Permissions Tab

10.2 Overview of Virtual Machine Settings

The objective of this task is to familiarize yourself with a few basic settings of a virtual machine. At completion, you will be able to:

• Successfully add a USB device to a virtual machine and modify the memory footprint

• Successfully modify the name of a virtual machine

• Successfully modify CPU resource allocation of a virtual machine

Step 1. Click Add and select USB Controller and select defaults to add it to your virtual machine. Now modify Memory Size by reducing it from 1 GB to 512 MB (Figure 94).

Figure 94. Memory Size Modification

Step 2. Click Options and update Virtual Machine Name to anything you wish (Figure 95).

Figure 95. Changing Name of Virtual Machine

Step 3. Click Resources and update Shares to High (Figure 96).

Figure 96. Resource Allocation

11 Understanding Differences Between SRE-V and Standard VMware vSphere Hypervisor

The Cisco SRE-V product is different from the standalone VMware product that is distributed by VMware vSphere in the following ways:

• Cisco SRE-V enables VMware vSphere Hypervisor to be provisioned on a Cisco SRE Service Module, which is integrated in the Cisco ISR G2.

• Configuration of the VMware vSphere Hypervisor IP address is done through the Cisco ISR G2.

• Configuration of the user management tasks is done using the Cisco SRE-V CLI instead of the VMware vSphere client.

• License management for the Cisco SRE-V is done through Cisco Software Licensing.

• Software upgrade packages for the Cisco SRE-V are obtained from Cisco.com. Software upgrades are done using the Cisco SRE-V CLI.

• System operation such as firmware settings, advanced settings, and Peripheral Component Interconnect (PCI) Passthru settings are disabled.