Configuring VMware vCloud Director for Cisco ICFP

Configuring VMware vCloud Director

Installing Cisco ICFP at a cloud provider site enables you to support a hybrid cloud environment with Cisco Intercloud Fabric for Business. For VMware vCloud Director (VCD) environments, Cisco ICFP includes a built-in VCD adapter that enables Cisco ICFP to integrate with the VCD platform. This VCD-Cisco ICFP integration can be viewed as the infrastructure that binds the enterprise virtualization platform, such as VMware vCenter, to the provider cloud platform, VCD.

The following illustration depicts how Cisco Intercloud Fabric interfaces with the provider VCD platform through Cisco ICFP.

Figure 1. VCD and Cisco Intercloud Fabric Integration Architecture

The secure site-to-site tunnel illustrated in the image is created between an Intercloud Fabric Switch (ICS) on the provider cloud and an Intercloud Fabric Extender (ICX) on the private cloud. In addition to providing secure communications between the private and provider clouds, this site-to-site tunnel enables Cisco Intercloud Fabric Secure Extender to integrate with VCD for each tenant network.

Before the ICS and ICX can communicate via the Internet, you must:

  • Assign a public IP address to the ICS so that the ICX can reach the ICS.

  • Ensure that the vShield Edge Gateway provides NAT functionality so that the ICS can connect to the Internet.

The following figure shows an example deployment:

Figure 2. vShield Edge Gateway Deployment Example



A vShield Edge Gateway is an interconnecting appliance that provides many edge network service features, including:

  • DHCP

  • Firewall

  • IPsec VPN

  • Load-balancer

  • NAT

  • Static route

The following figure shows how Organization X connects the Org Network to an external network through a vShield Edge Gateway and directly to vApp networks.

Figure 3. VCD Networking Model



Workflow for Integrating VCD with Cisco ICFP

To integrate VCD with Cisco ICFP, you must provision certain infrastructure resources in the target VCD platform. The following table identifies the tasks required to provision these resources:

Step

Task

Related Information

1.

Ensure that the following prerequisites are met:

  • VCD version 5.5 is installed.

  • You have access to the VCD system administrator account.

VMware VCD documentation

2.

Create an external network.

Creating an External Network

3.

Deploy the vShield Edge Gateway.

Adding a vShield Edge Gateway on an Org VDC

4.

Create an Org VDC network.

Creating an Org VDC Internal Network

5.

Create a catalog.

Creating a Catalog

6.

Ensure that NAT and firewall services are configured on the vShield Edge Gateway.

Verifying NAT and Firewall Service Configuration

For additional information on any of these topics, see your VMware documentation.

After you have successfully integrated VCD with Cisco ICFP, you can configure a cloud instance and add a tenant as described in Configuring Cisco ICFP for Cisco Intercloud Fabric.

Creating an External Network

This procedure describes how to create an external network in a virtual data center (VDC).

Procedure
    Step 1   Log in to the VCD GUI as system administrator.
    Step 2   Choose System > Manage & Monitor > Cloud Resources > External Networks.
    Step 3   In the External Networks pane, click Add. The New External Network wizard opens, guiding you through the configuration process.
    Step 4   In the Select vSphere Network screen, choose the VDC vCenter and the DVS port group created for the vSphere management network, and click Next.
    Step 5   In the Configure External Network screen, click Add.
    Step 6   In the Add Subnet dialog box, enter the following information for the external network:

    • Gateway IP address

    • Network mask

    • DNS server IP address

    • Static IP address or IP address range





    Step 7   In the Name this External Network screen, enter a name for the external network, and click Next.
    Step 8   In the Ready to Complete screen, review the content for accuracy and click Finish. The newly created external network is displayed in the External Networks pane.

    Adding a vShield Edge Gateway on an Org VDC

    You must add a vShield Edge Gateway to integrate the Provider VDC and Org VDC with Cisco ICFP.

    Before You Begin

    Confirm that the following have been configured:

    • A Provider VDC

    • An Org VDC

    • An external network

    Procedure
      Step 1   In the VCD GUI, choose System > Manage & Monitor > Cloud Resources > Organization VDCs.
      Step 2   In the Organization VDCs table, double-click the Org VDC where the vShield Edge Gateway is to be added. The screen is refreshed with information about the selected VDC.
      Step 3   Choose the Edge Gateways tab and click Add. The New Edge Gateway wizard opens, guiding you through the configuration process.
      Step 4   In the Configure Edge Gateway screen, configure the vShield Edge Gateway for connectivity with the external network as follows, and then click Next:
      1. Choose the required edge gateway configuration: Compact, Full, or Full-4.
      2. If the edge gateway is to be configured for HA, check the Enable High Availability check box.
      3. In the Advanced Options section, check the Sub-Allocate IP Pools check box.
      Step 5   In the External Networks screen, choose the external network that you created in Creating an External Network and click Add. If the external network is not listed, create a new external network.




      Step 6   After the external network is added to the list of networks in the lower portion of the screen, click Next.
      Step 7   In the Sub-Allocate IP Pools screen, identify the range of IP addresses allocated for each externally-connected interface on the external network, and click Next.
      Step 8   In the Name and Description screen, enter the edge gateway name and description, and then click Next.
      Step 9   In the Summary screen, review the information for accuracy and click Finish.

      Creating an Org VDC Internal Network

      Use this procedure to create an internal network for the Org VDC.

      Procedure
        Step 1   In the VCD GUI, choose System > Manage & Monitor > Cloud Resources > Organization VDCs.
        Step 2   In the Organization VDCs table, double-click the Org VDC where you want to create the internal network. The screen is refreshed with information about the selected VDC.
        Step 3   In the Org VDC Networks tab, in the toolbar, choose Actions > Add Network.




        The New Organization Network wizard opens, guiding you through the configuration process.
        Step 4   In the Select Network Type screen:
        1. Choose Create a routed network by connecting to an existing edge gateway.
        2. Choose the vShield Edge Gateway that you created in Adding a vShield Edge Gateway on an Org VDC.




        Step 5   In the Configure Network screen:
        1. Enter the following information:

          • Gateway IP address

          • Network mask

          • DNS server IP address

        2. In the Static IP pool area, enter an IP address or an IP address range and click Add.
        Step 6   In the Name and Description screen, enter a name and description (optional) for the Org VDC internal network.
        Step 7   In the Ready to Complete screen, review the information for accuracy and click Finish.

        Creating a Catalog

        A catalog enables you to upload images from Cisco ICFP to VCD.

        For additional information about creating catalogs and selecting options, see your VMware vCloud Director documentation.

        Procedure
          Step 1   In the VCD GUI, choose System > Manage & Monitor > Cloud Resources > Organization VDCs.
          Step 2   In the Organization VDCs table, double-click the Org VDC in which to add the catalog. The screen is refreshed with information about the selected VDC.
          Step 3   Choose the Catalogs tab and, in the toolbar, choose Actions > Add Catalog. A dialog box opens with multiple tabs so that you can configure the catalog and user access.
          Step 4   In the General tab, enter a name and a description (optional) for the catalog.
          Step 5   In the Sharing tab:
          1. Click Add Members.
          2. Choose the users or groups of users who can access the catalog.
          3. In the Access Level field, choose the level of access for each user or group of users: Read-only, Read/Write, or Full Control.
          Step 6   In the Storage tab, choose the type of storage.
          Step 7   In the Metadata tab:
          1. From the Type drop-down list, choose the metadata type.
          2. In the Name field, enter a name for this metadata entry.
          3. In the User access of metadata field, choose the level of access for the metadata: Read/Write, Read-only, or Hidden.
          4. In the Value field, enter a text value for the metadata entry.
          Step 8   After you have configured the catalog, click OK.

          Verifying NAT and Firewall Service Configuration

          When VCD is integrated with Cisco ICFP, NAT and firewall services are configured automatically, enabling the vShield Edge Gateway to communicate with the external network. This procedure enables you to confirm that NAT and firewall services have been configured on the vShield Edge Gateway as expected.

          Procedure
            Step 1   In the VCD GUI, choose System > Manage & Monitor > Cloud Resources > Organization VDCs.
            Step 2   In the Organization VDCs table, double-click the Org VDC where you created the vShield Edge Gateway (Adding a vShield Edge Gateway on an Org VDC). The screen is refreshed with information about the selected VDC.
            Step 3   In the Edge Gateways tab, right-click the required edge gateway and choose Edge Gateway Services.
            Step 4   In the Configure Services dialog box, confirm the following:
            1. In the NAT tab, confirm that Source NAT and Destination NAT rules are displayed, as shown in the following example:




            2. In the Firewall tab, confirm that inbound traffic is allowed for the following destination ports and protocols:

              • 22—TCP

              • 443—TCP

              • 500—TCP, UDP

              • 4500—TCP, UDP

              • 6644—TCP, UDP

              • 6646—TCP, UDP

              The information should resemble the following example:





            Configuring Cisco ICFP for Cisco Intercloud Fabric

            After you have installed Cisco ICFP on a VMware server and launched a Cisco ICFP instance, you can configure Cisco ICFP for use with Cisco Intercloud Fabric.

            Before You Begin

            Confirm the following:

            • Cisco ICFP has been installed on a VMware server and an instance has been launched.

            • You know the Cisco ICFP public IP address.

            Procedure
              Step 1   In the Cisco ICFP GUI, choose Cloud Instances, and click the Add Cloud icon.
              Step 2   In the New Cloud Instance dialog box, provide the following information, and click Create:

              Field

              Description

              Cloud Instance Name

              Name of the cloud instance.

              Type

              The cloud instance type: Cisco or Custom.

              Module Name

              For a Cisco cloud instance type, choose the module name, such as VCDP for VMware vCloud Director Platform.

              For a custom cloud instance, enter the custom module name.

              Endpoint URI

              The endpoint hostname or IP address of the cloud instance.
              Step 3   In the Cisco ICFP GUI, choose Tenant Accounts, and click the Add Tenant Account icon.
              Step 4   In the New Tenant Account dialog box, provide the following information, and click Create:

              Field

              Description

              Tenant Name

              Enter the tenant name.

              You cannot change the name after adding the tenant.

              Select Cloud

              Choose the name of the cloud instance that you created in the previous steps.

              You cannot change the cloud instance name after adding the tenant.

              Org Name

              For VMware vCloud Director clouds, enter the name of the organization to which the tenant belongs.

              Max Servers

              Enter the maximum number of servers provisioned for the tenant, including stopped VMs.

              Username

              Enter the tenant account username.

              Email

              Enter the tenant account email address.