This chapter consist of the following topics:
Cisco Prime Service Catalog integrated with UCS Director and Intercloud Fabric for Business (ICFB) provides single self-service ITaaS catalog for the self-service provisioning and lifecycle management of VMs in the private and hybrid cloud workloads. You can provide services such as provisioning virtual machines on a hybrid cloud using ICFB or on a private cloud using UCS Director and perform the lifecycle operations on these public and private VMs. This section covers the infrastructure services such as virtual machines, fenced containers, Virtual Application Container Services (VACS), and APIC Container Catalog on UCS Director and virtual machines on Intercloud Fabric for Business.
![]() Note |
|
![]() Note | Prime Service Catalog currently does not support the popup table input type for UCSD advance catalog workflow. |
|
Steps |
Topics |
---|---|---|
Step 1 |
Integrate UCS Director and/or Intercloud Fabric for Business with Prime Service Catalog. |
Integrating UCS Director or Intercloud Fabric for Business with Prime Service Catalog |
Step 2 |
Discover the IaaS entities from UCSD and ICFB. |
|
Step 3 |
Set up automatic or manual synchronization with UCSD and ICFB. |
Managing UCSD or ICFB Synchronization |
Step 4 |
|
Based on the permissions, end users can now order the hybrid cloud services and perform lifecycle operations on the provisioned containers and virtual machines. For more information on ordering these services, and on the available lifecycle operations for the UCSD and ICFB entities, see Cisco Prime Service Catalog 11.0 User Guide.
![]() Note | Prime Service Catalog allows you to integrate with only one instance of UCSD in the Managed Service Provider (MSP) mode. In a non-MSP mode, you can connect to multiple UCSD instance or connect to only one UCSD and one instance of ICFB. |
Step 1 | Choose UCSD Integration or Intercloud Fabric For Business. | ||
Step 2 | Click + icon and enter the details to connect to the server where UCSD or ICFB is installed. For https connections, import the root CA certificate of the ICFB or UCSD server. Copy the content of the root CA certificate of the server and paste it in the text area. If the root certificate is a chain of certificates, paste the content one below the other. The connection would fail, in case the SSL certificate of the server becomes invalid or untrusted. To prevent connection failure when SSL certificate of the server becomes invalid or untrusted, select the option - Allow Untrusted SSL Certificate on the Server. | ||
Step 3 | Check
Enable
Background Sync if you want to configure automatic polling for the
subsequent connections with UCSD or ICFB connections.
| ||
Step 4 | Click Save and click Test Connection to authenticate the credentials. | ||
Step 5 | After the
connection is successful, click
Connect &
Import. The system starts to discover the data from UCSD or ICFB. For more
information on data discovered from UCSD or ICFB, see
Cisco Prime Service Catalog 11.0 Designer Guide.
| ||
Step 6 | On
UCS Director or
Intercloud Fabric for Business tab, you can:
|
You can automatically discover UCS Director or ICFB instances at scheduled intervals using the scheduler. Use the below procedure to configure the scheduler.
Step 1 | Optionally edit
the following properties files. These files can be located in the
RequestCenter.ear/config directory.
| ||
Step 2 |
|
If Prime Service Catalog and UCSD or ICFB are integrated with LDAP, it is recommended to manually poll users information using the web interface whenever the user roles are changed in UCSD or ICFB. This is to ensure synchronization of the user’s RBAC permission to Prime Service Catalog services with the changes made in UCSD or ICFB.
You can manually import UCSD or ICFB instances using the UCSD or ICFB Integration page. When you perform this process, all entities including users and roles are synchronized.
This process is used in the following scenarios:
Based on the permissions granted to an end user, the discovered services from UCSD and ICFB becomes orderable in the Service Catalog module.
To understand the UCSD, ICFB groups and roles mapping to Prime Service Catalog groups and roles, see Prime Service Catalog Roles Mapping with UCSD and ICFB Roles and Users and User Groups Imported from UCSD and ICFB.
![]() Note | Prime Service Catalog creates catalog services only for standard catalogs in ICFB. |
Depending on the UCSD or ICFB integration, you can discover standard catalogs, container catalogs, and container templates services for end-user provisioning and maintenance of VMs on private and public cloud. Using these services, end users can:
Discover the Services from UCSD or ICFB by integrating with the UCS D or ICFB instance. For more information on integrating UCSD or ICFB, see Integrating UCSD or ICFB with Prime Service Catalog.
When Prime Service Catalog connects to a UCSD or ICFB for the first time, Prime Service Catalog creates a:
Where <ID> is the 3-letter identifier of the UCSD or ICFB server. This group will be the parent group for all groups imported from this UCSD or ICFB server.
Where <ID> is the 3-letter identifier of the UCSD or ICFB server. There will be group for each group in the UCSD or ICFB. All such groups are grouped under the parent group. Users belonging to various groups in the UCSD or ICFB are imported to the respective groups in Prime Service Catalog.
All the imported users from the UCSD or ICFB are assigned an Organizational Unit (OU) in Prime Service Catalog.
During the subsequent connections, Prime Service Catalog checks for group membership changes and updates the records accordingly.
Prime Service Catalog creates the following system-defined roles for the UCSD and ICFB roles it discovers. The following table lists the mapping of the UCSD and ICFB to Prime Service Catalog system-defined roles.
UCS Director Roles |
ICFB Roles |
Prime Service Catalog System Defined Roles |
Description |
---|---|---|---|
System Admin |
System Admin |
UCSD Sys Admin |
UCSD or ICFB Sys Admin user can view the details of Containers, vDC's and VM's as service items in My Stuff based on the Group permissions assigned to each of the UCSD or ICFB Service Item in Service Item Manager. Only users with this role can order Container Template Services. |
All Policy Admin |
|||
Computing Admin |
|||
Service End-User, Group Admin, Operation roles |
Service End User, Group Admin |
UCSD End User |
UCSD or ICFB End User can view the details of Containers, vDC's and VM's as service items in My Stuff based on the Group permissions assigned to each of the UCSD or ICFB Service Item in Service Item Manager. Users with this role can order services based on the group to which user belongs and catalogs which are assigned to a group in UCSD or ICFB. |
All other roles |
- |
UCSD Operator |
Users with this role can only view and use the self-service portal but cannot order the services. |
The new service will be displayed in the Service Catalog module based on the category you have selected.
Discover the Services from UCSD or ICFB by integrating with the UCSD or ICFB instance. For more information, see Integrating UCSD or ICFB with Prime Service Catalog.
This feature enables service providers to use Cisco ONE Enterprise Cloud Suite to provide multi-tenant Infrastructure as a Service (IaaS) on ACI. The components required for this functionality are: Prime Service Catalog, UCS Director (in Managed Service Providermode), and ACI.
The Tenant Managementmodule in Prime Service Catalog provides infrastructure services to multiple tenants quickly and efficiently. Using this module, tenants can manage their own set of services, and offer these infrastructure services to their end users. A tenant can contain several organizations and each organization can contain several users.
The tenant workflow (for example: create, update, and delete tenants), VDC, and VM operations are executed through Advanced and Service Container Catalog workflow in UCS Director. Prime Service Catalog creates services for these advance and service container catalog workflows during the UCSD discovery process. For this feature to work seamlessly, a site administrator must map these UCS Director discovered services to the Tenant Management workflow in Prime Service Catalog. For more information, see Setting Up Tenant Management Module and Mapping Tenant and VDC Workflows from UCSD.
For seamless multi-tenant IaaS operations, an administrator must ensure that multi-tenant IaaS-related objects are created and configured in UCS Director. An administrator need to configure only 3 of these multi-tenant IaaS workflows. Remaining workflow are pre-defined and configured during the installation process.
This section covers the list of fields or attributes that must be configured for these workflows in the UCSD. For more information, on how to create these advance and container catalog workflow, see Cisco UCS Director Administration Guide, Release 5.3.
A site administrator must perform the following steps for seamless multi-tenant IaaS operations.
Step 1 | Integrate Prime Service Catalog with UCS Director and discover the infrastructure entities from UCS Director. For instructions, see Integrating UCS Director with Prime Service Catalog. |
Step 2 | Map the Advanced Catalog/Container Catalog services from UCS Director to the Prime Service Catalog workflow. For more information, see Mapping Tenant and VDC Workflows from UCSD. |
Step 3 | Invoke workflow for creating tenants in Prime Service Catalog. For more information, see Onboarding a Tenant. |
When Prime Service Catalog is integrated with UCSD, the discovery process creates services based on UCSD Advanced Catalogs and APIC service container catalog. The advance and the APIC service container catalogs in UCSD are used for publishing workflow for creating, managing a tenant and creating a VDC respectively.
![]() Note | Only three of the Prime Service Catalog tenant management workflows need mapping from an administrator. The remaining workflows are pre-defined and are configured during the installation process. For information on the workflows that needs mapping in Prime Service Catalog, see the table below . |
Integrate Prime Service Catalog with UCSD instance that is in the Service Provider mode. For more information, see Integrating UCSD with Prime Service Catalog.
Prime
Service Catalog Workflow
Create
Tenant
Advance
Catalog based on
VNX
Tenant Onboarding workflow
Manage
Tenant
Advance
Catalog based on
Update
Tenant workflow
Create VDC
Any
APIC
Service Container Catalog
UCSD Advance/Service
Container Catalogs
As a site administrator, you can create a tenant administrator. A Tenant administrator can create and manage users, Organization Units (OUs), and VDCs. In addition, the tenant administrator can specify which tasks the users can perform on their virtual machines and services, and can place quotas on computing resources and virtual machines.
When you create a Tenant Admin, the Organization and Tenant User dashlets are automatically created and associated for that Tenant.
![]() Note | These prerequisites are also applicable for creating a VDC. |
Add a UCSD connection that is in the Manage Service Provider (MSP) mode. You can connect to a UCSD instance in
.Map the advance/service container catalog services with the Prime Service Catalog workflows. For more information, see Mapping Tenant and VDC Workflows from UCSD.
UCSD Agent must be up and running in the Service Link module.
Step 1 | Log in as Site Administrator. |
Step 2 | Go to Tenant Management. |
Step 3 | Click Add Tenant from the Tenant Management Dashboard. |
Step 4 | Enter the necessary details in the Tenant Information tab. |
Step 5 | Specify the
reservation details for vDC in the
Quota
Management tab (based on the vDC template).
UCSD uses this information for resource allocation and to provision that tenant. The Tenant Administrator can then create and manage OUs, vDC, and users for each of the associated Tenant. When the Tenant is in the Being provisioned status, the Tenant Admin icon will be disabled on Tenant Dashboard restricting the user (site admin) to view the User Management. An information icon 'i' is displayed in Status in the Tenant Dashboard and when clicked, displays an overlay of requisition, provisioning workflow summary, comments with date and timestamp. |
You can also search and edit only the quota/capacity details (and not any other details associated to a VDC) by navigating to
. The Tenant Administrator can navigate to Organization, Users, and VDCs from the User Dashboard.![]() Note |
|