Resource Management
enables you to manage the following resources:
-
Compute firewalls—A virtual firewall that delivers security and compliance for a virtual computing environment at the VM level. Context-based and VLAN-independent policies can be applied to VM zones, thereby providing topology-invariant, policy-based security controls. In addition, traffic from external sources to VMs, and from VM to VM can be protected.
-
Edge firewalls—A virtual appliance that secures the tenant edge in a multitenant environment. An example of an edge firewall is a Cisco Adaptive Security Appliance 1000V (ASA 1000V). An edge firewall:
-
Supports site-to-site VPN, NAT, and DHCP.
-
Acts as a default gateway.
-
Secures the VMs within a tenant against network-based attacks.
-
-
Edge routers—A virtual edge router that serves as a single-tenant WAN gateway in a multitenant cloud. It allows enterprises to extend their WANs into external provider-hosted clouds.
-
Load balancers—A virtual appliance that distributes network and application traffic across multiple servers. It improves application performance and prevents server failures by alleviating loads on servers.
-
Virtual Security Gateways (VSGs)—VSGs evaluate policies based on network traffic. The main functions of a VSG are as follows:
-
Receive traffic from Virtual Network Service Data Path (vPath). For every new flow, the vPath component encapsulates the first packet and sends it to a VSG as specified in the Nexus 1000V port profiles. It assumes that the VSG is Layer 2 adjacent to vPath. The mechanism used for communication between vPath and the VSG is similar to VEM and Nexus 1000V communication on a packet VLAN.
-
Perform application fix-up processing such as FTP, TFTP, and RSH.
-
Evaluate policies by inspecting the packets sent by vPath using network, VM, and custom attributes.
-
Transmit the policy evaluation results to vPath.
Note
Each vPath component maintains a flow table for caching VSG policy evaluation results.
-
-
Virtual Supervisor Modules (VSMs)—A virtual appliance that runs on a Nexus 1000V switch and that manages, monitors, and configures multiple Virtual Ethernet Modules (VEMs). VEMs run as part of a hypervisor where they act as virtual switches. VSMs are tightly integrated with hypervisors, so that configurations made on a VSM are automatically propagated to the VEMs. As a result, instead of configuring soft switches inside the hypervisor on a host-by-host basis, you can define configurations for immediate use on all VEMs that are managed by the VSM from a single interface.
Resource Management Configuration Workflow
You manage resources by placing them in service. The general workflow for placing devices in service is as follows:
-
Create tenants and subordinate organizations.
-
Configure device policies.
-
Register or instantiate service devices from service images.