Cisco Virtual Security Gateway, Release 4.2(1)VSG1(4.1) and Cisco Virtual Network Management Center, Release 2.0 Installation and Upgrade Guide
Installing Cisco VNMC
Downloads: This chapterpdf (PDF - 1.39 MB) The complete bookPDF (PDF - 5.68 MB) | Feedback

Installing Cisco VNMC

Installing Cisco VNMC

This chapter contains the following sections:

Information About the Cisco VNMC

The Cisco Virtual Network Management Center (Cisco VNMC) is a virtual appliance that provides centralized device and security policy management for Cisco virtual services. Designed to support enterprise and multiple-tenant cloud deployments, the Cisco VNMC provides transparent, seamless, and scalable management for securing virtualized data center and cloud environments.

Installation Requirements

Cisco VNMC System Requirements



Virtual Appliance

One virtual CPU

1.5 GHz



Disk space

25 GB on a shared network file storage (NFS) or a storage area network (SAN) if Cisco VNMC is deployed in a high availability (HA) cluster

Management interface

One management network interface


x86 Intel or AMD server with 64-bit processor listed in the VMware compatibility matrix



VMware vSphere

Release 4.1 or 5.0 with VMware ESX or ESXi

VMware vCenter

Release 4.1 or 5.0 (English)


Interfaces and Protocols


Lightweight Directory Access Protocol (LDAP)


Intel VT

Intel Virtualization Technology (VT)

Enabled in the BIOS

Web-Based GUI Client Requirements



Operating system

Any of the following:
  • Windows
  • Apple Mac OS


Any of the following:
  • Internet Explorer 9.0
  • Mozilla Firefox 11.01
  • Chrome 18.0

Flash Player

Adobe Flash Player plugin (version 11.2)

1 We recommend Mozilla Firefox 11.0 with Adobe Flash Player 11.2.

Firewall Ports Requiring Access









Cisco Nexus 1000V Series Switch Requirements




The procedures in this guide assume that the Cisco Nexus 1000V Series switch is up and running, and that endpoint Virtual Machines (VMs) are installed.


Two VLANs configured on the Cisco Nexus 1000V Series switch uplink ports:
  • Service VLAN

Neither VLAN needs to be the system VLAN.

Port Profiles

One port profile configured on the Cisco Nexus 1000V Series Switch for the service VLAN.

Information Required for Installation and Configuration

Information Type

Your Information

For Deploying the VNMC OVA


Location of files


Datastore location


Storage location, if more than one location is available

Management port profile name for VM management

The management port profile is the same port profile that is used for VSM. The port profile is configured in VSM and is used for the Cisco VNMC management interface.

IP address


Subnet mask


Gateway IP address


Domain name


DNS server


Admin password


Shared secret password for communications between the Cisco VNMC, Cisco VSG, and VSM.


For Configuring vCenter in VNMC

vCenter name




Hostname or IP address


Shared Secret Password Criteria

A shared secret password is a password that is known only to those using a secure communication. Passwords are designated strong if they cannot be easily guessed for unauthorized access. When you set a shared secret password for communications between the Cisco VNMC, Cisco VSG, and VSM, adhere to the following criteria for setting valid, strong passwords:

Do not include the following items in passwords:
  • Characters: & ' " ` ( ) < > | \ ; $
  • Spaces
Create strong passwords based on the following characteristics:
Table 1 Characteristics of Strong Passwords

Strong passwords have...

Strong passwords do not have...

  • At least eight characters.
  • Lowercase letters, uppercase letters, digits, and special characters.
  • Consecutive characters, such as abcd.
  • Characters repeated three or more times, such as aaabbb.
  • A variation of the word Cisco, such as cisco, ocsic, or one that changes the capitalization of letters in the word Cisco.
  • The username or the username in reverse.
  • A permutation of characters present in the username or Cisco.
Examples of strong passwords are:
  • If2CoM18
  • 2004AsdfLkj30
  • Cb1955S21

ESXi and ESX Server Requirement

You must set the clock to the correct time on all ESXi and ESX servers that will run Cisco VNMC, ASA 1000V instances, Cisco VSG, or VSM. If you do not set the correct time on the server, the Cisco VNMC CA certificate that is created when the Cisco VNMC VM is deployed might have an invalid time stamp. An invalid time stamp can prevent you from successfully registering ASA 1000V instances to the Cisco VNMC.

After you set the clock to the correct time on all ESXi and ESX servers that run the Cisco VNMC, you can, as an option, set the clock on the Cisco VNMC as follows:
  • If you set the clock manually, be sure to enter the correct time zone as a Coordinated Universal Time (UTC) offset.
  • If you set the clock by synchronizing with the Network Time Protocol (NTP), you can select the UTC time zone.

Installing Cisco VNMC

You can deploy the VNMC OVA, resulting in a VNMC VM.

Before You Begin
    Step 1   Choose the host on which to deploy the VNMC VM.
    Step 2   From the File menu, choose Deploy OVF Template.

    The Deploy OVF Template screen opens.

    Step 3   In the Source screen, choose the VNMC OVA, and then click Next.
    Figure 1. Source Screen

    The OVF Template Details screen opens.

    Step 4   In the OVF Template Details screen, review the details of the VNMC template, and then click Next.

    The End User License Agreement screen opens.

    Step 5   In the End User License Agreement screen, click Accept, and then click Next.
    Step 6   In the Name and Location screen, provide the required information, and then click Next.

    The Deployment Configuration screen opens.

    Step 7   In the Deployment Configuration screen, choose VNMC Installer from the Configuration drop-down list, and then click Next.

    The Datastore screen opens.

    Step 8   In the Datastore screen, choose the data store for the VM, and then click Next. The storage can be local or shared remote, such as NFS or SAN.

    If only one storage location is available for an ESX host, this screen is not displayed and the VM is assigned to the storage location that is available.

    Figure 2. Datastore Screen

    The Disk Format screen opens.

    Step 9   In the Disk Format screen, click either Thin provisioned format or Thick provisioned format to store the VM virtual disks, then click Next. The default is Thick provisioned format. If you do not want to allocate the storage immediately, use the Thin provisioned format.

    You can safely ignore the red text in the window.

    The Network Mapping screen opens.

    Step 10   In the Network Mapping screen, choose the management network port profile for the VM, and then click Next.

    The Properties screen opens.

    Step 11   In the Properties screen, provide the required information, and address any errors described in the red text messages below the selection box (if needed, you can enter placeholder information as long as your entry meets the field requirements); and then click Next.

    You can safely ignore the VNMC Restore fields.

    Figure 3. Properties Screen

    The Ready to Complete screen opens.

    Step 12   In the Ready to Complete Screen, review the deployment settings, and then click Finish. A progress indicator shows the task progress until VNMC is deployed.

    Any discrepancies can cause VM booting issues. Carefully review the IP address, subnet mask, and gateway information.

    Figure 4. Ready to Complete Screen

    Step 13   After VNMC is successfully deployed, click Close.