Prime Network Services Controller Overview
The dynamic nature of cloud environments requires organizations to apply and enforce frequent changes to networks. These networks can consist of thousands of virtual services elements, such as firewalls, load balancers, routers, and switches. simplifies operations with centralized, automated multi-device and policy management for Cisco network virtual services. For the latest release updates and overview, see the corresponding data sheet.
Cisco Prime Network Services Controller is the primary management element for Cisco Nexus 1000VE Switches and Services that can enable a transparent, scalable, and automation-centric network management solution for virtualized data center and hybrid cloud environments. Nexus 1000VE switches and services deliver a highly secure multitenant environment by adding virtualization intelligence to the data center network. These virtual switches are built to scale for cloud networks. Support for Virtual Extensible LAN (VXLAN) helps enable a highly scalable LAN segmentation and broader virtual machine (VM) mobility.
Cisco Prime Network Services Controller enables the centralized management of Cisco virtual services to be performed by an administrator, through its GUI, or programmatically through its XML API. is built on an information-model architecture in which each managed device is represented by its subcomponents (or objects), which are parametrically defined. This model-centric approach enables a flexible and simple mechanism for provisioning and securing virtualized infrastructure using Cisco VSG security services.
Note |
Starting with Cisco PNSC Release 3.4.2a, Cisco Adaptive Security Appliance (ASA 1000V), Cisco Cloud Services Router (CSR), Citrix NetScaler VPX, Citrix NetScaler, and KVM Hypervisor, and Microsoft HyperV platforms are not supported. |
Hypervisor Support
The Prime Network Services Controller platform supports multiple VM Managers through their APIs and through tight integration with Nexus 1000VE Virtual Supervisor Modules (VSMs) and Virtual Ethernet Modules (VEMs).
Cisco Dynamic Fabric Automation Integration Support
Cisco Dynamic Fabric Automation (DFA) delivers fabric optimization, management, and automation capabilities under Cisco Unified Fabric. Prime Network Services Controller plays a critical role in the Cisco DFA solution with L4-7 services integration. Prime Network Services Controller integrates with Cisco Data Center Network Manager (DCNM) to support the managed resources and services in a VMware vSphere environment.
Consistent and Efficient Security Policies
Prime Network Services Controller uses security profiles for template-based configuration of security policies. A security profile is a collection of security policy sets and integrated policies and rules that can be predefined and applied on demand at the time of virtual machine instantiation. This profile-based approach significantly simplifies authoring, deployment, and management of security policies, including dense multi-tenant environments, while enhancing deployment agility and scaling. Security profiles also help reduce administrative errors and simplify audits.
The XML API for Prime Network Services Controller facilitates integration with northbound network provisioning tools for programmatic network and security provisioning and management of Cisco VSG (VSG) and ASA 1000V. The option of programmatic control of those virtual appliances can greatly simplify operational processes and reduce infrastructure management costs.
Nondisruptive Administration Model
By providing visual and programmatic controls, Prime Network Services Controller can enable the security operations team to author and manage security policies for virtualized infrastructure and enhance collaboration with the server and network operations teams. This nondisruptive administration model helps ensure administrative segregation of duties to reduce errors and simplify regulatory compliance and auditing:
-
Security administrators can author and manage security profiles and manage VSG instances. Security profiles are referenced in Nexus 1000VE port profiles.
-
Network administrators can author and manage port profiles, and manage Nexus 1000VE switches. Port profiles with referenced security profiles are available in VMware vCenter through the Nexus 1000VE VSM programmatic interface with VMware vCenter.
-
Server administrators can select an appropriate port profile in VMware vCenter when instantiating a virtual machine.
Efficient Management for Easier Scalability
Prime Network Services Controller implements an information-model architecture in which each managed device, such as VSG or Cisco ASA 1000V, is represented by the device's object-information model. This model-based architecture helps enable the use of:
-
Stateless managed devices—Security policies (security templates) and object configurations are abstracted into a centralized repository and used as templates against any virtual device type.
-
Dynamic device allocation—A centralized resource management function manages pools of devices that are commissioned (deployed) in service and a pool of devices that are available for commissioning. This approach simplifies large-scale deployments because managed devices can be preinstantiated and then configured on demand, and devices can be allocated and deallocated dynamically across commissioned and noncommissioned pools.
-
Scalable management—A distributed management-plane function is implemented using an embedded agent on each managed device that helps enable greater scalability.