Guest

Cisco Virtual Network Management Center

Release Notes for Cisco Virtual Network Management Center, Release 1.2

  • Viewing Options

  • PDF (157.9 KB)
  • Feedback
Release Notes for Cisco Virtual Network Management Center, Release 1.2

Table Of Contents

Release Notes for Cisco Virtual Network Management Center, Release 1.2

Contents

Introduction

System Requirements

Software Features

Multi-device Management

Security Profile

Stateless Device Provisioning

Security Policy Management

Context-Aware Security Policies

Dynamic Security Policy and Zone Provisioning

Multi-Tenant Management

Role-Based Access Control

XML-Based API

New and Changed Information

Limitations

Cisco VNMC VM Manager and VMware vCenter Server Connections

Characters in Names Fetched from the vCenter

Value Displayed in Parent Application or Resource Pool Fields

Caveats

Open Caveats

Resolved Caveats

Related Documentation

Cisco Virtual Network Management Center Documentation

Cisco Virtual Security Gateway Documentation

Cisco Nexus 1000V Series Switch Documentation

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco Virtual Network Management Center, Release 1.2


August 16, 2011
OL-25158-01 A0

This document describes the features, caveats, and limitations for Cisco Virtual Network Management Center. Use this document in combination with the documents listed in the "Related Documentation" section.


Note Release notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of the Release Notes for Cisco Virtual Network Management Center, Release 1.2:
http://www.cisco.com/go/techdocs

Table 1 shows the online change history for this document.

Table 1 Online History Change 

Part Number
Revision
Date
Description

OL-25158-01

A0

August 16, 2011

Added open caveat CSCtr29484.

OL-25158-01

-

July 29, 2011

Created release notes for
Cisco Virtual Network Management Center, Release 1.2


Contents

This document includes the following sections:

Introduction

System Requirements

Software Features

Limitations

Caveats

Related Documentation

Obtaining Documentation and Submitting a Service Request

Introduction

The Cisco Virtual Network Management Center (Cisco VNMC) is a virtual appliance, based on Red Hat Enterprise Linux, that provides centralized device and security policy management of Cisco Virtual Security Gateways (Cisco VSGs) for the Cisco Nexus 1000V Series switch. Designed for multi-tenant operation, the Cisco VNMC provides seamless, scalable, and automation-centric management for virtualized data center and cloud environments. With built-in GUI, CLI, and XML APIs, the Cisco VNMC allows you to manage Cisco VSGs that are deployed throughout the data center from a centralized location. The Cisco VNMC is built on the information model-driven architecture where each managed device is represented by its sub-components (or objects) that are parametrically defined. This model-centric approach enables a flexible and simple mechanism to securing virtualized infrastructure with Cisco VSG.

System Requirements

Cisco VNMC has the following system requirements:

Cisco VNMC Virtual Appliance—1 virtual CPU at 1.5-GHz, 2-Gb RAM, 25-Gb hard disk (vDisk), 1 management network interface

Hypervisor and Hypervisor Manager—

VMware vSphere 4.0.1, 4.0.2, 4.1.0 releases with VMware ESX or ESXi

VMware vCenter 4.0.1, 4.0.2, and 4.1.0 releases

Interfaces and Protocols—HTTP/HTTPS, Lightweight Directory Access Protocol (LDAP)

Web-based GUI client—

Adobe Flash Player 10.1

Operating System—Support is as follows (see Table 2):

Table 2 Operating System Support Matrix for Client Device Cisco VNMC GUI

Operating System
Internet Explorer 7.x and 8.x
Firefox 3.x

Windows

Supported

Supported

Apple MAC OS

X

X

Linux

X

X


Software Features

This section briefly describes the new features introduced in Cisco VNMC Release 1.2.

This section includes the following topics:

Multi-device Management

Security Profile

Stateless Device Provisioning

Security Policy Management

Context-Aware Security Policies

Dynamic Security Policy and Zone Provisioning

Multi-Tenant Management

Role-Based Access Control

XML-Based API

Multi-device Management

All Cisco VSG devices are centrally managed, which simplifies provisioning and troubleshooting in a scaled-out data center. In addition, the device profile object specifies device configuration policies that you can apply to one or more firewall profile managed resources.

Security Profile

A security profile enables you to represent the Cisco VSG security policy configuration in a profile, which simplifies provisioning, reduces administrative errors during security policy changes, reduces audit complexities, and enables a highly scaled-out data center environment.

Stateless Device Provisioning

The stateless configuration model is enabled with a management agent that is embedded with Cisco VSGs, that allows the Cisco VNMC to be a highly scalable device provisioning model.

Security Policy Management

Security policies are authored, edited and provisioned for all Cisco VSGs in a data center, which simplifies the operation and management of security policies as well as ensures that the security requirements are accurately represented in the associated security policies.

Context-Aware Security Policies

The Cisco VNMC interacts with VMware vCenter to obtain VM contexts that you can leverage to institute granular policy controls across their virtual infrastructure.

Dynamic Security Policy and Zone Provisioning

The Cisco VNMC interacts with the Cisco Nexus 1000V Series switch VSM to bind the security profile with the corresponding Cisco Nexus 1000V Series switch port profile. When VMs are dynamically instantiated and applied to appropriate port profiles, their association to trust zones is also established.

Multi-Tenant Management

The Cisco VNMC can manage Cisco VSGs and security policies in a dense multi-tenant environment, so that you can rapidly add or delete tenants and update tenant-specific configurations and security policies. This feature significantly reduces administrative errors, ensures segregation of duties within the administrative team, and simplifies audit procedures.

Role-Based Access Control

Role-Based Access Control (RBAC) simplifies operational tasks across different types of administrators, while allowing subject-matter experts to continue with their normal procedures. With RBAC, organizations are able to reduce administrative errors and simultaneously simplify auditing requirements. The Cisco VNMC supports local and remote authentication with RBAC.

XML-Based API

The Cisco VNMC full-featured XML API allows external system management and orchestration tools to programmatically provision Cisco VSGs and provide seamless and scalable operational management.

New and Changed Information

The following features are new or have changed in Release 1.2:

The VNMC GUI toolbar has a Preferences button where you can set the time for an inactivity timeout.

The reset action is available when configuring rules.

Two new attributes are available to create rule conditions:

VM DNS name

Resource pool in VM

Firewall rules can be exported to a PDF or CSV file.

Under the Resource Managment tab, the health status and connection status of VMs and hypervisors are available.

Data Center in the Tenant Management tab is displayed as Virtual Data Center.

Zone in the Policy Management tab is displayed as vZone.

Limitations

This section describes the limitations in Cisco VNMC Release 1.2 for the Cisco Nexus 1000v switch and the Cisco Virtual Security Gateway.

This section includes the following topics:

Cisco VNMC VM Manager and VMware vCenter Server Connections

Characters in Names Fetched from the vCenter

Value Displayed in Parent Application or Resource Pool Fields

Cisco VNMC VM Manager and VMware vCenter Server Connections

Cisco VNMC VM Manager automatically connects to the VMware vCenter server on HTTP port 80. A vCenter extension file is required to establish a connection between VM Manager and vCenter. The extension file is exported from Cisco VNMC and linked on the VM Managers tab. You install it as a plugin on all the vCenter servers to which you want to connect.

Characters in Names Fetched from the vCenter

In the Resource Management > Resources > Virtual Machines area, the following set of characters are not allowed in names that are fetched from the vCenter:

", ', ^, &, `, <, >, ?, =, \, "

If any name attribute that is fetched from the vCenter, such as the following name attributes, contains the preceding characters, Cisco VNMC will not recognize the characters:

VM name

VM DNS name

Parent Application name property of VM

Resource Pool name property of VM

Cluster name property of Hypervisor

As a result, the VNMC attribute names will not display correctly on the GUI and may also be evaluated differently when these attributes are used in policy conditions.

Value Displayed in Parent Application or Resource Pool Fields

In the Resource Management > Resources > Virtual Machines area, the VM Properties pane displays Parent Application names and Resource Pool names. If the name of the Parent Application displays, the name of the Resource Pool does not display. The VM can only be part of a Parent Application or part of a Resource Pool, so only one of these fields will display a value at a time.

Caveats

This section describes the caveats in Cisco VNMC and includes the following sections:

Open Caveats

Resolved Caveats

Open Caveats

This section describes the open caveats in Cisco VNMC, Release 1.2:

Bug ID
Caveat Headline

CSCtk47220

A syslog message is not generated on a Cisco VSG when the timezone is changed from the Cisco VNMC.

CSCtk60381

The show running command on the CLI always displays the log level of the policy agent as info.

CSCtk82548

Restoring a saved configuration with a shared secret does not work.

CSCtl02840

A shared secret with special characters causes the policy agent installation to fail.

CSCto06046

During a Cisco VNMC ISO installation, the Next button is not activated in the Device/Network Settings pane.

CSCto61627

The Cisco VSG compute firewall remains associated to a deleted VSG IP from the pool that is associated to the compute firewall.

CSCto92238

The Cisco VNMC Policy Manager consumes over 90% of the CPU, and the page displays "Data Error."

CSCtr00650

The service status may not display the status for all the services in the Cisco VNMC.

CSCtr04974

VM attribute values do not auto populate with VM NICs in separate tenants.

CSCtr29484

LDAP authentication does not work with SSL.

CSCtr54339

Swapping out the vCenter (new one) with the same IP address does not result in all the vCenter attributes getting updated in the Cisco VNMC.

CSCtr78442

When adding a DNS provider, an error appears on the screen.


Resolved Caveats

This section describes the caveats that were open in Cisco VNMC, Release 1.0.1 and are resolved in Cisco VNMC, Release 1.2:

Bug ID
Caveat Headline

CSCtk82321

After a Cisco VNMC GUI administration import and export operation, the password field may not automatically clear.

CSCtl00323

For locally defined non-admin users the change password configuration is not available.

CSCtl04751

The VM Manager cannot be set to enable state if the Admin State is disable and the Operational State is bad-credentials.

CSCtl46168

The Cluster Name property does not change for newly added hosts in a cluster.

CSCtl80434

When installing Cisco VNMC using an ISO image, if the Prefix (Netmask) field is completed using dotted decimal notation AFTER both the Gateway and IP Address fields, the installer generates an error.

CSCtl89501

The client browser encounters an Error #2032 when connected to the Cisco VNMC GUI.

CSCtl91828

Restore fails when restoring from the OVA or ISO installations with the error message as follows: There was an error, please try again - Permission denied. The remote host credentials have been verified.


Related Documentation

This section contains information about the documentation available for Cisco Virtual Network Management Center and related products.

This section includes the following topics:

Cisco Virtual Network Management Center Documentation

Cisco Virtual Security Gateway Documentation

Cisco Nexus 1000V Series Switch Documentation

Cisco Virtual Network Management Center Documentation

The following Cisco Virtual Network Management Center documents are available on Cisco.com at the following URL:

http://www.cisco.com/en/US/products/ps11213/tsd_products_support_series_home.html

Release Notes for Cisco Virtual Network Management Center, Release 1.2

Cisco Virtual Security Gateway, Release 4.2(1)VSG1(2) and Cisco Virtual Network Management Center, Release 1.2 Installation and Upgrade Guide

Cisco Virtual Network Management Center CLI Configuration Guide, Release 1.2

Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.2

Cisco Virtual Network Management Center XML API Reference Guide, Release 1.2

Cisco Virtual Security Gateway Documentation

The following Cisco Virtual Security Gateway for the Nexus 1000V Series Switch documents are available on Cisco.com at the following URL:

http://www.cisco.com/en/US/products/ps11208/tsd_products_support_model_home.html

Cisco Virtual Security Gateway for Nexus 1000V Series Switch Release Notes, Release 4.2(1)VSG1(2)

Cisco Virtual Security Gateway, Release 4.2(1)VSG1(2) and Cisco Virtual Network Management Center, Release 1.2 Installation and Upgrade Guide

Cisco Virtual Security Gateway for Nexus 1000V Series Switch License Configuration Guide, Release 4.2(1)VSG1(2)

Cisco Virtual Security Gateway for Nexus 1000V Series Switch Configuration Guide, Release 4.2(1)VSG1(2)

Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)

Cisco Virtual Security Gateway for Nexus 1000V Series Switch Troubleshooting Guide, Release 4.2(1)VSG1(2)

Cisco Nexus 1000V Series Switch Documentation

The Cisco Nexus 1000V Series switch documentation is available at the following URL:

http://www.cisco.com/en/US/products/ps9902/tsd_products_support_series_home.html

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.