Contents
First Published: November 13, 2015
Cisco Intercloud Fabric Provider Platform (ICFPP) simplifies the complexity involved in working with a variety of public cloud APIs, and enables cloud API support for service providers who currently do not have API support. Cisco ICFPP provides an extensible adapter framework that allows integration with a variety of provider cloud infrastructure management platforms, such as OpenStack, CloudStack, VMware vCloud Director, and any other API that can be integrated through a software development kit (SDK) provided by Cisco.
Currently, service providers have their own proprietary cloud APIs—such as Amazon EC2 and Windows Azure—that give customers limited choices and do not provide an easy method for moving from one provider to another. Cisco ICFPP abstracts this complexity and translates Cisco Intercloud Fabric cloud API calls to cloud platform APIs of different provider infrastructure platforms, giving customers the option of moving their workloads regardless of the cloud API used by the service provider.
Many service providers do not provide cloud APIs that Cisco Intercloud Fabric can use to deploy customers' workloads. One option for these providers is to provide direct access to the virtual machine (VM) manager's SDK or API, such as vCenter or System Center. However, this option exposes the provider environment and is not preferred by service providers because of security concerns. Cisco ICFPP, as the first point of authentication for the customer cloud when requesting cloud resources, enforces highly secure access to the provider environment. In addition, Cisco ICFPP provides the cloud APIs that are required for service providers to be part of the provider ecosystem for Cisco Intercloud Fabric.
As the interface between the Cisco Intercloud Fabric from customer cloud environments and provider clouds (public and virtual private clouds), Cisco ICFPP provides the following benefits:
Standardizes and brings uniformity to cloud APIs, making it easier for Cisco Intercloud Fabric to consume cloud services from service providers that are a part of the Cisco Intercloud Fabric ecosystem.
Helps secure access to a service provider's underlying cloud platform.
Limits the utilization rate per customer or tenant environment.
Provides northbound APIs for service providers for integration with existing management platforms.
Supports multitenancy.
Monitors resource usage for each tenant.
Meters resource usage for each tenant.
Cisco ICFPP 2.3.1 includes the following new features and enhancements:
Installation on Cisco Intercloud Services OpenStack.
The following upgrade support:
Automatic restarting of services after an installation or upgrade.
New and updated APIs:
GUI enhancements:
Cisco ICFPP has been hardened for Tomcat.
The following documents are new for this release:
Cisco Intercloud Fabric Provider Platform Architecture Document
Cisco Intercloud Fabric Provider Platform Adapter Developer Guide, Release 2.3.1
Cisco Intercloud Fabric Provider Platform SDK Test Harness, Release 2.3.1
The following documents have been updated for this release:
You can deploy a Cisco ICFPP virtual appliance on a system that meets the following requirements:
Requirement |
Description |
||
---|---|---|---|
Four Virtual CPUs |
1.8 GHz |
||
Memory |
8 GB RAM |
||
Disk Space |
Disk space that is configured as follows:
|
||
One vNIC |
Management network interface |
Ports must be configured as described in the following tables to ensure that Cisco ICFPP can communicate effectively on the internal private network and the public network (Internet).
Protocol |
Port |
Allow/Deny |
Description |
---|---|---|---|
TCP |
443 |
ALLOW |
Allows inbound HTTPS traffic from the Internet so that Cisco Intercloud Fabric for Business can reach Cisco ICFPP. |
Protocol |
Port |
Allow/Deny |
Description |
---|---|---|---|
All |
All |
DENY |
Cisco ICFPP does not need to send outbound traffic to the Internet. |
Protocol |
Port |
Allow/Deny |
Description |
---|---|---|---|
TCP |
443 |
ALLOW |
Allows inbound HTTPS traffic from the internal network, so that the Cisco ICFPP web-based GUI can be accessed. |
TCP |
22 |
ALLOW |
Allows inbound SSH traffic from the internal network for Cisco ICFPP administration. |
TCP |
3306 |
ALLOW |
Allows inbound MySQL traffic from the internal network. Required if Cisco ICFPP is configured in a multiple-node cluster. |
TCP |
8080 |
ALLOW |
Allows inbound HTTP traffic for template uploads to CloudStack. Required if using the CloudStack adapter. |
Note | To ensure that the destination systems receive communications from Cisco ICFPP, the ports in the following table must be open on any firewalls on the internal network between Cisco ICFPP and the destination systems. |
Protocol |
Firewall Port |
Allow/Deny |
Description |
---|---|---|---|
TCP |
443 |
ALLOW |
Allows HTTPS traffic to the internal network. Required to reach the cloud provider API/SDK gateway if it is running on HTTPS. |
TCP |
80 |
ALLOW |
Allows HTTP traffic to the internal network. Required to reach the cloud provider API/SDK gateway if it is running on HTTP. |
TCP |
3306 |
ALLOW |
Allows outbound MySQL traffic to other Cisco ICFPP nodes on the internal network. Required if Cisco ICFPP is configured in a multiple-node cluster. |
TCP/UDP |
514 |
ALLOW |
Allows syslog traffic from Cisco ICFPP to the syslog server. |
The following items contain important information for using Cisco ICFPP:
Physical hosts in a cloud data center must use the correct date and time for effective communications. We recommend that you synchronize the host clock with an NTP server to ensure successful operations and communications.
If a valid tenant login session does not exist for a username- and password-based cloud, the Cisco ICFPP administrator must use the tenant credentials to perform any operation on a tenant cloud resource, such as deleting a tenant VM. The loss of a valid tenant login session can occur immediately after Cisco ICFPP is rebooted or Cisco ICFPP services are restarted.
For security reasons, Cisco ICFPP does not store tenant passwords in the Cisco ICFPP database. As a result, operations that affect tenant cloud resources (such as tenant VMs or templates) are possible only when the tenant has a valid login session from Cisco Intercloud Fabric for Business.
Any mention of Dimension Data or DiData in the Cisco ICFPP GUI refers to the product Cisco Intercloud Services – V.
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
You can use the Bug Search Tool to search for a specific bug or to search for all bugs in a release.
Step 1 | Go to Cisco Bug Search Tool. | ||
Step 2 | In the Log In
screen, enter your registered Cisco.com username and password, and then click
Log
In. The Bug Search page opens.
| ||
Step 3 | To search for a specific bug, enter the bug ID in the Search For field and press Enter. | ||
Step 4 | To search for
bugs in the current release:
|
The following table lists the open bugs in Cisco Intercloud Fabric Provider Platform 2.3.1:
Bug ID |
Description |
---|---|
When creating an Intercloud link with VMware vCloud Director 5.5.4, the security rules are not applied to the vShield Edge Gateway and the exception "Security rule exceeded" is displayed. |
|
A Cisco Intercloud Fabric Switch (ICS) fails to register with Cisco PNSC, or the ICS registers but the site-to-site tunnel fails to come up due to a "bad certificate" error. |
|
When using VMware vCloud Director, NAT entries are not created on newly deployed Edge Gateways. |
The documentation listed below is available for Cisco Intercloud Fabric Provider Platform at the following URL:
The documentation listed below is available for Cisco Intercloud Fabric at the following URL:
Cisco Intercloud Fabric Release Notes
Cisco Intercloud Fabric Getting Started Guide
Cisco Intercloud Fabric Director REST API Guide
Cisco Intercloud Fabric Configuration Guide
Cisco Intercloud Fabric Firewall Configuration Guide
Cisco vPath and vServices Reference Guide for Intercloud Fabric
Cisco Intercloud Fabric User Guide
Cisco Intercloud Fabric Troubleshooting Guide
To provide technical feedback on this document, or to report an error or omission, please send your comments to: intercloud-fabric-doc-feedback@cisco.com.
We appreciate your feedback.
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation, at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.
Copyright © 2015, Cisco Systems, Inc. All rights reserved.