Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.3 - Configuring Managed Resources [Cisco Virtual Network Management Center]

Contents
Configuring Managed Resources
Managed Resources
Resource Management
Resource Manager
Virtual Machines
Virtual Security Gateways
Virtual Security Gateways
Configuring a Compute Firewall
Adding a Compute Firewall
Editing a Compute Firewall
Deleting a Compute Firewall
Configuring a Pool
Adding a Pool
Editing a Pool
Deleting a Pool
Assigning and Unassigning VSGs and Pools
Assigning a VSG
Assigning a Pool
Unassigning a VSG and Pool
Configuring Managed Resources

This chapter includes the following sections:

Managed Resources
Virtual Security Gateways

Managed Resources
Resource Management

The Resource Management tab displays Cisco VNMC resources to view and to manage. It displays and manages the following resources:

Virtual Machines (VM)

Virtual Security Gateways (Cisco VSG)

Virtual Supervisor Modules (Nexus 1000V VSM)

You manage a Cisco VSG by placing it in service. You place the Cisco VSG in service by creating a compute firewall in an organization and assigning the Cisco VSG to that compute firewall.

You manage VMs by discovering those VMs which have a vNic listed in the port profile.

Resource Manager

Resource Manager manages Cisco VSGs, Nexus 1000V VSMs, and Virtual Center (VC). It also manages faults and events.

The Resource Manager provides the following management services:

Allows the binding of organizations to resource pools.

Integrates with VCs to retrieve VM attributes.

Distributes VM attributes to Cisco VSGs.

Retrieves VM IP addresses from Nexus 1000V VSM.

Distributes VM IP addresses to Cisco VSGs.

Virtual Machines
Virtual Security Gateways

Virtual Machines

Virtualization allows you to create multiple VMs that run in isolation, side by side on the same physical machine. Each VM has virtual RAM, a virtual CPU and NIC, and an operating system and applications. Because of virtualization, the operating system sees a consistent set of hardware regardless of the actual physical hardware components.

VMs are encapsulated in files for rapid saving, copying, and provisioning, which means that you can move full systems, configured applications, operating systems, BIOS, and virtual hardware within seconds, from one physical server to another. Encapsulated files allow for zero-downtime maintenance and continuous workload consolidation.

Instances of Cisco VNMC are installed on VMs.

Virtual Security Gateways

Cisco VSGs evaluate Cisco VNMC policies based on network traffic. The main functions of a Cisco VSG are as follows:

Receives traffic from Virtual Network Service Data Path (vPath). For every new flow, the vPath component encapsulates the first packet and sends it to Cisco VSG as specified in the Nexus 1000V port profiles. It assumes that the Cisco VSG is Layer 2 adjacent to vPath. The mechanism used for communication between vPath and the Cisco VSG is similar to VEM and Nexus 1000V VSM communication on a packet VLAN.

Performs application fix-up processing such as FTP, TFTP, and RSH.

Evaluates policies by inspecting the packets sent by vPath using network, VM, and custom attributes.

Transmits the policy evaluation results to vPath.

Each vPath component maintains a flow table for caching Cisco VSG policy evaluation results.

Virtual Security Gateways
Configuring a Compute Firewall
Adding a Compute Firewall

Important:
We recommend that you add the compute firewall object directly at the tenant level.

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand the root > Compute Firewalls at the node you want to add a Compute Firewall.

Step 4   In the Navigation pane, click the Compute Firewalls node.

Step 5   In the Work pane, click the Add Compute Firewall link.

Step 6   In the Add Compute Firewall dialog box complete the following fields as appropriate:
Name Description

Name field

The name of the object.

This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

Description field

A user-defined description of the object.

Config State field

The configured state of the object.

This field cannot be edited.

Table 1 Firewall Settings Area
Name Description

Device Profile field

Click the Select button to open the Select Firewall Device Profile dialog box .

Management Hostname field

The management host name.

Data IP Address field

The data IP address.

The vPath component running on each VEM uses the data IP address to determine the MAC address of the VSG (via ARP). Once the VSG MAC address has been resolved, vPath can communicate with the VSG using MAC in MAC encapsulation. Subsequently for each new flow initiated by a VM, vPath sends the first packet of the flow to the VSG for policy evaluation. vPath caches the VSG policy decision in a flow table. This is the same IP address which is configured in the vn-service CLI command on the Cisco Nexus 1000v port profile.

Data IP Subnet field

The data IP subnet.

Step 7   Click OK.

Editing a Compute Firewall

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand the root > Compute Firewalls at the node you want to edit a compute firewall.

Step 4   In the Navigation pane, click the Compute Firewalls node.

Step 5   In the Work pane, click the compute firewall you want to edit.

Step 6   In the Edit dialog box, modify the following fields as appropriate:
On the General tab, change the description.

Modify the following as appropriate:
Table 2 Firewall Settings Area
Name Description

Device Profile field

Click the Select link to open the Select Firewall Device Profile dialog box.

Management Hostname field

The management host name.

Data IP Address field

The data IP address. The vPath component running on each VEM uses the data IP address to determine the MAC address of the VSG (via ARP). Once the VSG MAC address has been resolved, vPath can communicate with the VSG using MAC in MAC encapsulation. Subsequently for each new flow initiated by a VM, vPath sends the first packet of the flow to the VSG for policy evaluation. vPath caches the VSG policy decision in a flow table. This is the same IP address which is configured in the vn-service CLI command on the Nexus 1000v port profile.

Data IP Subnet field

The data IP subnet.

Step 7   Click OK.

Deleting a Compute Firewall

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand the root > Compute Firewalls at the node you want to delete a compute firewall.

Step 4   In the Navigation pane, click the Compute Firewalls node.

Step 5   In the Work pane, select the compute firewall you want to delete.

Step 6   Click the Delete link.

Step 7   In the Confirm dialog box, click OK.

Configuring a Pool
Adding a Pool

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand the root > Pools node at the location where you want to add a pool.

Step 4   In the Navigation pane, click the Pools node.

Step 5   In the Work pane, click the Add Pool link.

Step 6   In the Add Pool dialog box, complete the following fields:
Table 3 Action Area
Name Description

Name field

The name of the pool.

This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

Description field

A description of the pool.

This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

Step 7   (Optional) Assign pool members to the pool by performing the following tasks:
Click the (Un)Assign link.

In the Assign Pool Member dialog box, move the VSG you want to assign to the Assigned VSGs list..

Click OK.

Step 8   Click OK.

Editing a Pool

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand root > Pools to where you want to edit a pool.

Step 4   In the Navigation pane, click the Pools node to view the Pools work pane.

Step 5   In the Work pane, click the pool you want to edit.

Step 6   In the Edit dialog box, modify as appropriate:
Name Description

Name field

The name of the resource.

You cannot edit this field.

Description field

A description of the resource.

This name can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

Table 4 Pool Members Area
Name Description

(Un)Assign link

Click to open the (Un)Assign Pool Members dialog box. Use the dialog box to assign and unassign pool members.

IP Address column

A list of the IP addresses of the resources.

Compute Firewall column

A list of the compute firewalls.

Association State column

A list of the states of association of the resources.

Service ID column

A list of the service identification numbers for the resources.

Operational State column

A list of the operational states of the resources.

Note
Depending upon the object you select in the table, different options will appear in the area above the table.

Step 7   Click OK.

Deleting a Pool

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand root > Pools to where you want to delete a pool.

Step 4   In the Navigation pane, click the Pools node to view the Pools work pane.

Step 5   In the Work pane, click the pool you want to delete.

Step 6   Click the Delete link.

Step 7   In the Confirm dialog box, click OK.

Assigning and Unassigning VSGs and Pools
Assigning a VSG

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand root > Compute Firewalls to the node where you want to assign a VSG.

Step 4   In the Navigation pane, click the compute firewall where you want to assign a VSG.

Step 5   In the Work pane, click the Assign VSG link.

Step 6   In the Assign VSG dialog box, select the desired IP address from the VSG Management IP drop-down list.

Step 7   Click OK.

Assigning a Pool

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand root > Compute Firewalls to the node where you want to assign a pool

Step 4   In the Navigation pane, click the compute firewall where you want to assign a pool.

Step 5   In the Work pane, click the Assign Pool link.

Step 6   In the Assign Pool dialog box, select the desired pool from the Name drop-down list.

Step 7   Click OK.

Unassigning a VSG and Pool

Procedure
Step 1   In the Navigation pane, click the Resource Management tab.

Step 2   In the Navigation pane, click the Managed Resources subtab.

Step 3   In the Navigation pane, expand the root node.

Step 4   Click the Compute Firewall_name where you want to unassign a VSG and pool.

Step 5   In the Work pane, click the Unassign VSG/Pool link.

Step 6   In the Confirm dialog box, click Yes.