Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Virtual Application Cloud Segmentation Services Configuration Guide, Release 5.4STV2.1

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Virtual Application Cloud Segmentation Services Configuration Guide, Release 5.4STV2.1

Chapter Title

Configuring Application Containers

Results

Updated:
November 16, 2015

Chapter: Configuring Application Containers

Configuring Application Containers

This chapter contains the following sections.

About Cisco VACS Application Containers

A container is a set of virtual components such as routers, firewalls, load balancers, and other network services that are systematically configured to deploy varying workloads. Cisco VACS enhances the Cisco UCS Director container abstraction, adds more controls and security features, and provides ready-to-deploy containers with built-in customization. Each Cisco VACS instance consists of the following user selectable components:

  • A Cisco Cloud Services Router (CSR) 1000V virtual router with multiple networks on which workloads are placed and a single uplink with a Layer 3 connection to the datacenter network.

  • A Cisco Virtual Security Gateway (VSG) zone-based firewall to control and monitor segmentation policies within the networks.

  • A server load balancer (SLB) to scale up the application capacity.

A Cisco prime Network Services Controller (PNSC) that defines and monitors the zone policies. A PNSC can span across multiple containers and the security policy configuration is done by PNSC.

Each container is provided switching by one Cisco Nexus 1000V switch. The Cisco Nexus 1000V switch instantiates the networks as port profiles. A single Cisco Nexus 1000V switch can provide switching for multiple containers.

Types of Cisco VACS Container Templates

Cisco VACS provides you with three different kinds of application container templates. Depending on the specific needs of your virtual application, you can choose one of the following templates:

Guidelines and Limitations

The Cisco VACS guidelines and limitations are as follows:

  • Cisco VACS requires installation of at least one Cisco Nexus 1000V switch and Cisco PNSC to be used in conjunction with containers. Currently, it does not automate the incorporation of Cisco Nexus 1000V switches and Cisco PNSC appliances that have been installed outside of Cisco VACS.

  • Cisco VACS supports Cisco UCS Director Release 5.4 and the following versions of the related components:

    • Cisco Nexus 1000V, Release 5.2(1)SV3(1.4)

    • Cisco PNSC, Release 3.4.1b

    • Cisco Virtual Security Gateway (VSG), Release 5.2(1)VSG2(1.3)

    • Cisco Cloud Services Router 1000V, Release 3.16.1a

    • Server Load Balancer (SLB)

      • Open Source HA-proxy, Release 1.5.2 1.5.2-2.el6 (on x86_64)

      • Keepalived 1.2.15

  • You can add or edit a container template, and then instantiate containers from the template.

  • Cisco VACS supports VMware ESX 5.0, 5.1, and 5.5 and VMware vCenter 5.1 and later versions. We recommend that you use vCenter version 5.5 because it is compatible with all versions of VMware ESXi.

  • The number of virtual machines that you can add to a container template is limited only by the hardware of your setup.

  • SLB for the 3 tier internal/external templates must be placed in the webzone, while for the custom templates it must be based on the zone that you select.

Prerequisites for Creating a Cisco VACS Container Template

The Cisco VACS template has the following prerequisites:

  • Set up a VMware vCenter account on Cisco UCS Director.

  • Define the Computing Policy. Computing policies determine the computing resources used during provisioning that satisfy group or workload requirements.

  • Define the Network Pools and Policies. A network pool policy includes the VLAN pool policy, the VXLAN pool policy, Static IP pool policy, and the IP Subnet pool policy.

  • Define the Storage Policy. A storage policy defines resources, such as the datastore scope, type of storage to use, minimum conditions for capacity, and latency. The storage policy also provides options to configure additional disk policies for multiple disks and to provide datastore choices for use during a service request creation.

  • Define the Systems Policy. A system policy defines the system-specific information, such as the template to use, time zone, and operating system-specific information.

Defining Policies

Before you set up the Cisco VACS application container templates, you must define the following policies.

After you create the template, the following policies are automatically created:

  • PNSC Firewall Policy—The path to this policy is Physical > Network > Multi-Domain > PNSC Accounts > PNSC Name.

  • Tiered Application Gateway Policy—The path to this policy is Policy > Application Container > Tiered Application Gateway Policies.

  • Virtual Infrastructure Policy—The path to this policy is Policy > Application Container > Virtual Infrastructure Policies.

Attention:

We recommend that you do not edit the PNSC Firewall, Tiered Application Gateway Policies, and the Virtual Infrastructure Policies.

Defining Computing Policies

Computing policies determine the computing resources used during provisioning that satisfy group or workload requirements. You can define advanced policies by mixing and matching various conditions in the computing policy.

    Step 1   From the Cisco UCS Director menu bar, choose Policies > Virtual/Hypervisor Policies > Computing. The Computing sub menu appears.
    Step 2   Select the VMware Computing Policy tab.
    Step 3   Click Add. The Add Computing Policy screen appears.
    Step 4   In the Add Computing Policy screen, complete the following fields:

    Name

    Description

    Policy Name field

    The name of the policy.

    Policy Description field

    The description of the policy.

    Cloud Name drop-down list

    Choose the cloud where resource allocation occurs.

    Host Node/Cluster Scope drop-down list

    Choose the scope of deployment.

    Note   

    You can narrow the scope of deployment by specifying whether to use all, include chosen, or exclude chosen options. Depending on the choices, a new field appears where the required hosts or clusters can be chosen.

    Resource Pool drop-down list

    		Choose the resource pool.

    ESX Type drop-down list

    		Choose the ESX installation type: ESX, ESXi, or both.

    ESX Versiondrop-down list

    		Choose the version of ESX.

    Minimum Conditions check boxes

    		Check the check boxes for one or more conditions that should match. Any hosts that do not meet these criteria are excluded from consideration. If more than one condition is chosen, all of the chosen conditions must match.
    Deployment Options

    Override Template check box

    Check the check box to override the template properties. You are provided with options to enter custom settings for CPU and memory.

    Number of vCPUs field

    A custom number of vCPUs. The specified number of vCPUs for a VM should not exceed the total cores for the chosen scope of host nodes or clusters.

    Note    This option appears if you choose Override Template.

    CPU Reservation (MHz) field

    The CPU reservation for the VM. The reservation depends upon the number of vCPUs specified.

    Note    This option appears if you choose Override Template.

    CPU Limit (MHz) field

    The CPU limit for the VM. The CPU limit is based on the chosen scope of host nodes or clusters.

    CPU Shares drop-down list

    Choose the CPU shares: low, normal, or high. The CPU shares determine which VM gets CPU resources when there is competition among VMs.

    Note    This option appears if you choose Override Template.

    Memory field

    The custom memory for the VM.

    Note    This option appears if you choose Override Template.

    Memory Reservation (MB) field

    		The memory reservation for the VM. The reservation depends upon the memory specified.
    Note    This option appears if you choose Override Template.

    Memory Limit (MB) field

    		The memory limit for the VM. The memory limit is based on the chosen scope of host nodes or clusters.
    Note    This option appears if you choose Override Template.

    Memory Shares drop-down list

    		Choose the memory shares: low, normal, or high.1 Memory shares determine which VM gets memory resources when there is competition among VMs.
    Note    This option appears if you choose Override Template.
    Resizing Options

    Allow Resizing of VM check box

    Check the check box to allow VM resizing before provisioning or to resize an existing VM.

    By default, this check box is checked.

    Permitted Values for vCPUs field

    The range of vCPUs to use while provisioning a VM or resizing an existing VM. A range of more than 8 is visible during VM provisioning or resizing. only if the chosen cloud (vCenter) is 5 or above and has VM version 8. Only the values specified in the box are visible.

    Note    This option appears if you choose Allow Resizing of VM

    Permitted Values for Memory in MB field

    The range of memory to use while provisioning a VM or resizing an existing VM. For example: 512, 768, 1024, 1536, 2048, 3072, 4096, and so on. Only the values specified in the box are visible.

    Note    This option appears if you choose Allow Resizing of VM

    Deploy to Folder

    The VMs created using this policy that can be deployed into a custom folder. Cisco UCS Director allows automatic creation of folder names from group names or the available Macro provided by Cisco UCS Director. See the Cisco UCS Director Orchestration Guide for more information.
    Attention:

    By default, the Cisco VACS container virtual machines would be placed in the folder in the vCenter (fenced container) and not in the path provided under the Deploy to Folder option.

    Step 5   Click Submit.

    Defining Network Pools and Policies

    Cisco VACS requires that you create resource pools before you create a container template.

    Note

    Cisco VACS does not use the default network policy or user-created network policy. It, instead, uses the network VLAN/VXLAN pools and IP pool policies for the Cisco VACS application containers.

    Defining Global Resource Pools

    Cisco VACS minimizes the interdependency between server and network administrators for information about IP addresses, subnets, networks, firewall contexts, and policies for a network, and the appropriate device configurations and available resources. To support the Cisco UCS Director self-service portal and to automate large-scale deployments, Cisco VACS uses resource pools. You can create these pools ahead of time and use them when required. The resource pools defined in advance enables easier provisioning of containers.

    Cisco VACS defines the following resource pools:

    • VLAN/VXLAN pools—These pools contain a set of VLAN IDs or Virtual Extensible Local Area Network (VXLAN) segment IDs for instantiating networks. The pool attributes are a set of numerical values from 1 to 3967, 4048 to 4093 or a valid VXLAN range from 4096 to 16000000.

      For information about how to add a VLAN/VXLAN pool, see Adding a VLAN or VXLAN Pool Policy.

    • IP Subnet pools—These pools are used for container workload virtual machines. The pool is specified as a supernet together with the specification of the number of subnets that can be created from it. The attributes of these pools are an IP address prefix and a mask length.

      For information about how to add a IP subnet pool, see Adding an IP Subnet Pool Policy.

    • Static IP pools—These pools are used for management, uplink, and VM networks. Management IP pools contain management IP addresses to automate the instantiation of virtual services, such as Cisco Cloud Services Router (CSR) 1000V, Cisco VSG, and Server Load Balancer (SLB) in a network. The attributes for these pools are derived from the physical router configuration and can be used in the custom containers for the VM networks with a port group option.

      For information about adding management IP pools, see Defining Static IP Pool Policies.

      Uplink address pools contain IP addresses that are used to automate and configure the uplink interface of the default gateway for a container. The attributes for these pools are the same as that of the management IP pools.

      For information about adding uplink address pools, see Defining Static IP Pool Policies.

    Adding a VLAN or VXLAN Pool Policy

    You can add a VLAN or VXLAN pool policy when you add an entry to the list of VM networks.

      Step 1   From the Cisco UCS Director menu bar, choose Policies > Virtual/Hypervisor Policies > Network. The Network sub menu appears.
      Step 2   Select the VLAN Pool Policy tab.
      Note   

      Select the VXLAN Pool Policy tab if you want to add a VXLAN pool policy.

      Step 3   Click Add. The Add Policy screen appears.
      Step 4   In the Add Policy screen, complete the following fields:

      Name

      Description

      Pod drop-down list

      Choose the point of delivery (POD) from the list. A POD is a logical definition that represents a converged stack placement. In most cases, a POD of the generic type is sufficient.

      Policy Name field

      The policy name. This name can be up to 32 characters long.

      Policy Description field

      The description for the pool policy. This description can be up to 256 characters.

      VLAN Range or VXLAN Range field

      The valid VLAN or VXLAN range.

      Note   

      • The VLAN ID range from 1 to 3967 or 4048-4093, or the valid VXLAN ID range from 4096 to 16000000.

      • The range from 20000 to 30000 is reserved for the VSG HA.

      Step 5   Click Submit to add the policy to the list or click Close to exit.
      Defining Static IP Pool Policies
        Step 1   From the Cisco UCS Director menu bar, choose Policies > Virtual/Hypervisor Policies > Network. The Network sub menu appears.
        Step 2   Select the Static IP Pool Policy tab.
        Step 3   Click Add. The Static IP Pool Policy Information screen appears.
        Step 4   In the Static IP Pool Policy Information screen, complete the following fields.

        Name

        Description

        Policy Name field

        The policy name for the IP pool. This name can be alpha-numeric with maximum 32 characters.

        Policy Description field

        The description for the IP pool policy. The description can contain 256 characters.

        Static IP Pools table

        The IP pool. You can search for an IP pool in the search bar. If you want to add an entry to the existing list of IP pools, click + and complete the following fields:

        In the Add Entry to Static IP Pools dialog box, complete the following fields:

        Static IP Pool field

        The range of IP addresses. This can be a combination of ranges, such as 192.168.4.2-192.168.4.30, and individual addresses separated by commas. The only restriction is that all of the addresses must belong to a common subnet.

        Subnet Mask

        The subnet mask address. For example, 255.255.255.0.

        Gateway IP Address field

        The default gateway IP address for this network. If this pool policy is used for a VM network, you must not use the gateway IP address.

        Note   

        • This field is mandatory for the management and uplink networks.

        • This field should be blank for all port group based networks.

        For information on the port group based network, see Configuring VM Networks for a Custom Container Template

        VLAN ID field

        The VLAN ID to use for the network. This field is mandatory.

        Click Submit to add the policy to the list of IP pool policies.

        Step 5   Click Submit. You can click Close to close the wizard

        You can click Back to review the information entered up to this point or click Close the wizard.

        Adding an IP Subnet Pool Policy
          Step 1   From the Cisco UCS Director menu bar, choose Policies > Virtual/Hypervisor Policies > Network. The Network sub menu appears.
          Step 2   Select the IP Subnet Pool Policy tab.
          Step 3   Click Add. The IP Subnet Pool Policy screen appears.
          Step 4   In the IP Subnet Pool Policy Information screen, complete the following fields.
          Name Description

          Policy Name field

          The policy name for the IP Subnet pool. This name can be alpha-numeric with maximum 32 characters.

          Policy Description field

          The description for this policy. The description can be 256 characters long.

          Network Supernet Address field

          The network supernet address for this policy. The address must be in the a.b.c.d format.

          Network Supernet Mask field

          The network supernet mask address for this policy. For example, 255.255.255.0. The supernet address and mask provide the common prefix for the IP subnet pool.

          Number of Subnets Required drop-down list

          Choose the number of required subnets. This number must be a power of 2. The number specifies the number of bits by which the common subnet pool prefix will be extended to create individual subnets.

          Choose the number of subnets in such a manner, that each subnet will have a minimum four IP addresses, excluding the network and broadcast IP addresses.

          Note   

          One subnet will be used per container.

          You must ensure that the number of IP addresses per subnet are equal to or greater than the total sum of the service VM's (both, in HA and non-HA modes) interfaces towards the workload VMs plus the number of workload VMs per container.

          Gateway Address drop-down list

          Choose the gateway address. This can be one of the following:

          • First Address in the subnet

          • Last address in the subnet

          The chosen address specifies how the gateway address is allocated from each subnet that is created from this pool.

          Allow IP Overlap drop-down list

          Choose Yes if you want to allocate the same subnet to more than one container.

          By default, overlapping of the IP addresses is disabled.
          Note   

          For information on the overlapped IPs, see the About Overlapping IP section.

          Context drop-down list

          Note   

          This field is visible only if you set the Allow IP Overlap to Yes.

          Choose the appropriate context type. The default option is UCSD. The available options are:

          • Tenant –If the subnet is in use by some tenant, the same subnet can be allocated for another tenant.

          • Container – If the subnet is in use by some container, the same subnet can be allocated for another container.

          • UCSD – This works as per existing behavior, where different subnets will be allocated to different containers (this is equivalent to the overlapped option set to No).

          Step 5   Click Submit to add the policy to the list or click Close to exit the dialog box.
          About Overlapping IP

          The overlapping IP is a new feature in the IP Subnet Pool Policy, where the same subnet will be allocated to more than one container depending on Context Type Container or Tenant.

          The IP Subnet Pool Poilcy can either be of type overlapped or non-overlapped. By default, the overlapped option is set to No, then it works as per the existing behavior.

          If the IP Subnet Pool policy is the overlapped type, where the overlapped option is set to Yes, the following context types are available:

          • Tenant—If the subnet is in use by some tenant, the same subnet can be allocated for another tenant.

          • Container—If the subnet is in use by some container, the same subnet can be allocated for another container.

          • UCSD—This works as per existing behavior, where different subnets will be allocated to different containers (this is equivalent to the overlapped option set to No).

          Attention:

          If the routing type is Public and Overlap is set to Yes and the Context Type is either tenant or container, then the containers that have the same public IPs could lead to potential problem with the IP duplication.

          To view the IP Subnet Pool Policy, navigate to Policies > Virtual/Hypervisor Policies > Network > IP Subnet Pool Policy. Two new columns, Overlapped and Context Type are available.

          The Overlapped column indicates whether the overlapped option is being set to Yes or No.

          The Context Type column indicates the level the subnet is being overlapped. It could be either UCSD, Container, or Tenant, where the UCSD is the default value.

          Defining Storage Policies

            Step 1   From the Cisco UCS Director menu bar, choose Policies > Virtual/Hypervisor Policies > Storage. The Storage sub menu appears.
            Step 2   Select the VMware Storage Policy tab.
            Step 3   Click Add. The Add Storage Resource Allocation Policy screen appears.
            Step 4   In the Add Storage Resource Allocation Policy screen, complete the following fields:

            Name

            Description

            Policy Name field

            Choose the cloud in which resource allocation occurs.

            Policy Description field

            If you want to narrow the scope of deployment, choose whether to use all, include selected data stores, or exclude selected data stores.

            Cloud Name drop-down list

            		Choose the cloud in which resource allocation occurs.

            System Disk Scope

            Data Stores/Datastore Clusters Scope drop-down list

            If you want to narrow the scope of deployment, choose whether to use all, include selected data stores, or exclude selected data stores.

            Use Shared Data Store Only check box

            Check the check box to use only shared datastores.

            Storage Options

            Use Local Storate check box

            Check the check box to use local storage. By default, the field is checked.

            Use NFS check box

            Check the check box to use NFS storage. By default, the field is checked.

            Use SAN check box

            Check the check box to use SAN storage. By default, the field is checked.

            Minimum Conditions check boxes

            		Check the check box to choose one or more conditions that should match.

            Any datastores that do not meet these criteria are excluded from the consideration. If more than one condition is chosen, all conditions must match.

            Override Template check box

            Check the check box to override the template properties. You are provided with options to enter custom settings such as using thin provisioning and custom disk size.

            Resizing Options for VM Life cycle

            Allow Resizing of Disk check box

            Check the check box to provide the end user with an option to choose the VM disk size before provisioning.

            Allow user to select datastore from scope check box

            Check the check box to provide the end user with an option to choose the data store during the service request creation.

            Step 5   Click Next.
            Step 6   In the Storage Policy - Additional Disk Policies screen, choose a disk type to configure.
            Step 7   Click Edit (pencil icon) to edit the disk type.
            Note   

            By default, the disk policy for the disk is the same as in the System Disk Policy.

            The Edit option is not supported in this release.

            Step 8   Click Submit.
            Note   

            To use the storage policy created with additional disk policies, you need to associate the policy with the VDC that is used for the VM provisioning.

            When using the Additional disks policies configured in a policy, ensure that you uncheck the Provision all disks in a single database check box during the catalog creation for the multiple disk template.

            Defining System Policies

              Step 1   On the menu bar, choose Policies > Virtual/Hypervisor Policies > Service Delivery.
              Step 2   Choose the VMware System Policy tab.
              Step 3   Click Add.
              Step 4   In the System Policy Information dialog box, complete the following fields:
              Name Description

              Policy Name field

              The name of the policy.

              Cisco UCS Director allows automatic creation of VM names. VM names can be automatically created using a set of variable names. Each variable must be enclosed in ${VARIABLE_NAME}. For example: vm-${GROUP_NAME}-SR${SR_ID}.

              Policy Description field

              The description of the policy.

              VM Name Template field

              Provide the VM name template to use.

              Attention:

              In a Cisco VACS deployment, this field displays the VM name in the Container_Zonename_VMname format by default. The VM name is obtained from the VM Name field in the Configuring Virtual Machines screen in the template wizard.

              Even though this option is visible, it is not applicable to a Cisco VACS container deployment.

              End User VM Name Prefix check box

              Check the check box to allow the user to add a VM name prefix during a service request creation for VM provisioning.

              Note   

              Even though this option is visible, it is not applicable to a Cisco VACS container deployment.

              Power On after deploy check box

              Check the check box to automatically power on all VMs deployed using this policy. In a Cisco VACS deployment, the container VMs remain powered on even when you leave this checkbox unchecked.

              Step 5   Choose from the following optional VM Name Template features:
              Name Description

              Host Name Template field

              You can provide a host name template option or a VM host name can be automatically created using set of variable names in Cisco UCS Director. Each variable must be enclosed in ${VARIABLE}.

              Attention:

              In a Cisco VACS deployment, the host name provided does not reflect in the container VM.

              Step 6   Choose the Host Name Template variable names. For example: ${VMNAME}
              Step 7   Complete the following fields:
              Name Description

              Linux Time Zone drop-down list

              Choose the time zone.

              DNS Domain field

              The IP domain to use for the VM.

              DNS Suffix List field

              The DNS suffixes to configure for the DNS lookup. If there is more than one suffix, separate each by a comma.

              DNS Server List field

              The list of DNS server IP addresses. Use a comma to separate more than one server.

              VM Image Type drop-down list

              Choose the OS of the image that is installed on the VM. Choose from the two options:

              • Windows and Linux

              • Linux Only

              If you choose Windows and Linux, then you need to complete the subsequent fields pertaining to Windows.

              Windows

              Product ID field

              The Windows product ID or license key. The product ID or license key can be provided here or at the OS license pool. The key entered in OS license pool overrides the key provided here.

              License Owner Name field

              The Windows license owner name.

              Organization field

              The organization name to configure in the VM.

              License Mode drop-down list

              Choose per-seat or per-server.

              Number of License Users

              The number of license users or connections.

              WINS Server List field

              The WINS server IP addresses. Multiple values are separated with a comma.

              Auto Logon check box

              Check the check box to enable auto log on. You must retain the default settings.

              Auto Logon Count field

              The number of times to perform auto log on.

              Administrator Password field

              The password for the administrators account.

              Windows Time Zone drop-down list

              Choose the time zone.

              Domain/Workgroup drop-down list

              Choose either Domain or Workgroup.

              Workgroup field

              The name for the workgroup.

              This option appears if Workgroup is chosen as the value in the Domain/Workgroup drop-down list.

              Domain field

              The name of the Windows domain.

              Note   

              This option appears if Domain is chosen as the value in the Domain/Workgroup drop-down list.

              Domain Username field

              The Windows domain administrator’s username.

              Note   

              This option appears if Domain is chosen as the value in the Domain/Workgroup drop-down list.

              Domain Password field

              The Windows domain password of the administrator.

              Note   

              This option appears if Domain is chosen as the value in the Domain/Workgroup drop-down list.

              Define VM Annotation check box

              Check the check box to specify annotations to the VM.

              You can specify a note and custom attributes as part of the annotation. After you select this check box, complete the following fields:

              • VM Annotation field

                Enter a description for the VM.

              • Custom Attributes

                Click Add (+) to specify the Name, Type and Value.

              Note   

              The information that you add as part of the VM Annotation is displayed for the VM in the VM Details page.

              Step 8   Click Submit.

              About End User Self-Service Policy

              The End User Self-Service Policy controls the actions or tasks that a user can perform on the VMs deployed in a Cisco VACS application container. The starting point for creating this policy is to specify an Account Type, for example VMware. After you specify an account type, you can continue with creating the policy. After you create the policy, you must assign the policy to an application container template that is created with the same account type. For example, if you have created an end user policy for VMware, then you can specify this policy when you create the Cisco VACS application container template. You cannot view or assign policies that have been created for other account types.

              In addition to creating an end user self-service policy, Cisco VACS allows you to perform the following tasks:

              • View—Displays a summary of the policy.

              • Edit—Opens the End User Policy dialog box from which you can modify the description or the end user self service options.

              • Clone—Opens the End User Policy dialog box through which you can create another policy with options specified in another policy.

              • Delete—Deletes the policy from the system. However, no vDC must be assigned with this policy.

              Important:

              Assigning a policy to a Cisco VACS application container template is the only method through which you can control the tasks that a user can perform on the VMs deployed in a Cisco VACS application container.

              Adding an End User Policy

                Step 1   On the menu bar, choose Policies > Virtual/Hypervisor Policies > Service Delivery.
                Step 2   Choose the End User Self-Service Policy tab.
                Step 3   Click Add (+).
                Step 4   In the Add End User Policy dialog box, select an account type (VMware) from the drop-down list.
                Step 5   Click Submit.
                Step 6   In the End User Policy screen, complete the following fields:
                Name Description

                Policy Name field

                The name of the policy.

                Policy Description field

                The description for the policy.

                End User Self-Service Options field

                Select the tasks that a user can perform on the VM's with to the Cisco VACS application container that is assigned with this policy.
                Note   

                • We recommend that you do not select the tasks under VM Lease Expiry and VM Clone and Template Management, because performing these tasks will lead to issues with the Cisco VACS container.

                • For the Mount ISO Image As CD/DVD Drive task, ensure that you mark the datastores for the ISO image and map the guest ISO image. For information, see Marking Datastores for ISO and Guest OS ISO Image Mapping.

                The list of tasks vary according to the Account Type.
                Note   

                Cisco VACS Release 5.4STV2.1 supports only the VMware cloud type.

                Step 7   Click Submit.

                Marking Datastores for ISO

                  Step 1   On the menu bar, choose Policies > Virtual/Hypervisor Policies > Service Delivery.
                  Step 2   Click the ISO Datastores tab.
                  Step 3   Click Mark Datastores for ISO.
                  Step 4   In the Mark Datastores for ISO screen, complete the following fields:
                  Name Description

                  Cloud Name drop-down list

                  Choose the cloud name.

                  Select Datastores button

                  Choose the datastores to be marked.

                  Step 5   Click Submit.

                  Guest OS ISO Image Mapping

                    Step 1   On the menu bar, choose Policies > Virtual/Hypervisor Policies > Service Delivery.
                    Step 2   Click the Guest OS ISO Image Mapping Policy tab.
                    Step 3   Click Add.
                    Step 4   In the Guest OS ISO Image Mapping screen, complete the following fields:
                    Name Description

                    Policy Name field

                    The name of the policy.

                    Policy Description field

                    The description for the policy.

                    Cloud Name drop-down list

                    Choose the cloud name.

                    Allow End User to Select Guest OS and ISO Image check box

                    Check the check box to enable the user to choose the guest OS and ISO images.

                    If checked, you can select the guest OS and ISO image source when you create a service request.

                    If unchecked, you can only select the guest OS when you create a service request.

                    ISO field

                    Click the + icon to add an ISO image. Complete the fields in the Add Entry to ISO dialog box and click Submit.

                    Step 5   Click Submit.

                    About Zones

                    Cisco VACS enables you to create application container templates in the required zones based on the application design. The Web, Application, and Database zones are available in the 3 tier internal and 3 tier external templates. Depending on your requirements and security settings, you can choose to create container templates. You can choose to create custom security zones in the custom container templates.

                    Zones isolate virtual machine workloads that are based on security policies or rules. Cisco VACS enables predefined security policies/rules for 3 tier internal template and 3 tier external template for the web, Application and Database tiers. However, you can modify these policies for each container after the container has been deployed successfully. For more information on modifying these policies, see the Managing Firewall Policies section.

                    You can also add/modify the access control lists (ACLs) rules for each template that you define. The modified ACL rules will be effective only for all newly created application containers.

                    The custom container template does not pre-define zones or networks and therefore security policies and ACLs must be defined by the administrator based on the zones that are defined during the creation of the container template.

                    In Cisco VACS, the notion of zones is also used to define application tiers, such as web tier, app tier, and so on. Tiers are relevant to the load balancing function, where members of a tier express an aspect of application architecture and form a server farm.

                    About Cisco VACS 3 Tier Internal and External Container Templates

                    The Cisco VACS 3 tier internal and external container template offers a preset collection of virtual resources that you can deploy in your datacenter. The internal template defines and enforces the overall policy in the web, application, and database tiers on a shared VLAN or VXLAN and achieves minimum required segregation and enables you to choose a private or public address on the gateway. This template enables you to have external connectivity only to the web tier and restricts the application and database tiers from exposing their services or from consuming the services exposed by other applications inside a firewall.

                    The 3 tier internal and external container template uses Enhanced Interior Gateway Routing Protocol (EIGRP) as the default routing protocol if you choose the Public Router IP type. However, you have an option to choose either the EIGRP protocol or set up Static Routing Protocol, and set up other static routes to forward upstream traffic to the container's internal network.

                    These template types allows you to expose the services of the container to external applications and consume the services exposed by other applications behind the firewall. As with the internal template type, the specific security profile requirements for the tiers are enabled by the zone and security policies.

                    Creating a Cisco VACS 3 Tier Internal or External Template

                    Select the application container type from the Add Template wizard under the VACS Container tab in Cisco UCS Director to create a new 3 tier internal or external container template.

                    To create the Cisco VACS 3 tier internal or external container template, perform the following tasks:

                    Process Flowchart for Creating the Internal/External Templates

                    Use the following workflow and the procedures in this chapter as a guide to create either the internal or the external templates.

                    Figure 1. Process Workflow—Creating Internal/External Templates



                    Specifying a Template Type


                    Note

                    • It is important that you select the 3 Tier (Internal) or the 3 Tier (External) options from the Container Type drop-down list.

                    • The Help link provides you access to the corresponding online help.

                      Step 1   From the Cisco UCS Director menu bar, choose Solutions > VACS Container. The Cisco VACS management task icons appear.
                      Step 2   Click Add Template. The Add VACS wizard appears.
                      Figure 2. Add Template Wizard



                      Step 3   In the VACS Template Specification screen, complete the following fields:

                      Name

                      Description

                      Template name field

                      Enter a name for the template you want to create. This name can be an alpha-numeric value with a maximum length of 256 characters.

                      Template Description field

                      Enter a description for the template. This field can contain 2048 characters.

                      Container Type drop-down list

                      Select either the 3 Tier (Internal) or 3 Tier (external) container type from the following choices:
                      • Cisco VACS 3 Tier (Internal)
                      • Cisco VACS 3 Tier (External)
                      • Cisco VACS Custom Container

                      Selecting the Deployment Options

                      You can choose the deployment options and parameters to configure your network pools and policies.

                      Note

                      The Help link provides you access to the corresponding online help.

                        Step 1   In the VACS Deployment Options screen, complete the following details:

                        Name

                        Description

                        Container Application Size button

                        Click Select to select the size of the container: Small, Medium, or Large.

                        Cisco VACS provides the following deployment options to meet your container requirements:

                        Cisco VACS Deployment Option

                        RAM(GB)

                        CPU Cycle(GHz)

                        vCPUs

                        Small

                        VSG—2 GB

                        CSR 1000V—4 GB

                        SLB—2 GB

                        VSG—1 GHz

                        VSG—1 vCPU

                        CSR 1000V—1 vCPU

                        SLB—1

                        Medium

                        VSG—2 GB

                        CSR 1000V—4 GB

                        SLB—2 GB

                        VSG—1.5 GHz

                        VSG—1 vCPU

                        CSR 1000V—2 vCPU

                        SLB—1

                        Large

                        VSG— 2 GB

                        CSR 1000V—4 GB

                        SLB—2 GB

                        VSG—1.5 GHz

                        VSG—2 vCPU

                        CSR 1000V—4 vCPU

                        SLB—1

                        Virtual Account drop-down list

                        Select the cloud account to deploy the container.

                        N1K DVSwitch drop-down list

                        Select the N1K Distributed Virtual Switch.

                        Computing Policy drop-down list

                        Choose the computing policy for your deployment type.

                        If you want to customize the computing policies, click the + icon to add a policy. For information on creating a computing policy, see Defining Computing Policies.

                        Storage Policy drop-down list

                        Choose the storage policy for your deployment type.

                        If you want to customize the storage policies, click the + icon to add a policy. For information on creating a storage policy, see Defining Storage Policies.

                        Systems Policy drop-down list

                        Choose the systems policy for your deployment type.

                        If you want to customize the system policies, click the + icon to add a policy. For information on creating a system policy, see Defining System Policies.

                        End User Self-Service Policy drop-down list

                        Select the end user self-service policy.

                        If you want to customize the end user self-service policies, click the + icon to add a policy. For information on creating an end user self-service policy, see Adding an End User Policy.

                        Infrastructure Deployment Options

                        Enable Server Load Balancing check box

                        Check this check box to enable the server load balancing (SLB) option. By default, SLB is disabled

                        Note   

                        CSR and VSG are enabled by default and cannot be disabled.

                        High Availability drop-down list

                        Choose the high availability mode: Yes or No.

                        If you choose Yes during the container deployment, the high availablity (HA) mode is enabled as follows:
                        Step 2   Click Next.

                        Configuring Network Resource Pools


                        Note

                        The Help link provides you access to the corresponding online help.

                          Step 1   In the VACS Network Resource Pool screen, complete the following fields:

                          Name

                          Description

                          Management IP Pool

                          Management IP Pool button

                          Click Select to display the list of static IP pools. Select the appropriate pool and click Select. This pool is used to configure the Cisco Virtual Security Gateway (VSG), Cisco Cloud Services Router (CSR), and the Server Load Balancer (SLB) management IP. If no pools are displayed, click the + icon to add a new static IP pool.

                          For more information on adding a new static IP pool, see the Defining Static IP Pool Policies

                          Router Network Configuration

                          Router Uplink IP Pool button

                          Click Select to display the list of static IP pools. Select the Static IP pool to configure the uplink interface of the CSR and click Select. If no pools are displayed, click the + icon to add a new static IP pool.

                          For more information on adding a new static IP pool, see the Defining Static IP Pool Policies

                          Router IP Type drop-down list

                          Choose the Router IP type: Public or Private. If you choose Public, the router will be configured with public IP addresses based on the chosen routing protocol.

                          L3 Routing Protocol drop-down list

                          Choose the L3 routing protocol:Static or EIGRP.

                          This field is visible only if you choose the Public Router IP type.

                          Autonomous System Number field

                          Enter the system number. The range is between 1 to 65535.

                          This field is visible only if you choose EIGRP as the L3 routing protocol.

                          MTU field

                          Enter the MTU number. The range is between 1500 to 9216.

                          The default value is 1500.

                          This field is visible only if you choose EIGRP as the L3 routing protocol.

                          Step 2   Click Next.

                          Configuring VM Networks

                          Virtual machine networks provide all of the information about the configured virtual machines for the Cisco VACS templates.


                          Note

                          The Help link provides you access to the corresponding online help.

                            Step 1   In the VACS – VM Networks screen, select a virtual machine network from the list displayed. If no networks are displayed, click + to add an entry to the VM Networks table.
                            Step 2   In the Add Entry to VM Networks screen, complete the following fields:

                            Name

                            Description

                            Network Name field

                            Provide a unique network name up to 128 characters long.

                            Network Type drop-down list

                            Choose the network type to connect to the network. The available options are:

                            • VLAN

                            • VXLAN

                            VLAN Pool button

                            Note   

                            Based on the network type that you select, either the VLAN Pool, the VXLAN Pool, or the Port Group buttons will appear.

                            Click Select to select a VLAN Pool from the list of available pools that are displayed. If no pools are displayed, click the + icon to add a new policy. For more information on adding a new policy, see Adding a VLAN or VXLAN Pool Policy.

                            VXLAN Pool button

                            Note   

                            Based on the network type that you select, either the VLAN Pool, the VXLAN Pool, or the Port Group buttons will appear.

                            Click Select to select a VXLAN Pool from the list of available pools that are displayed. If no pools are displayed, click the + icon to add a new policy. For more information on adding a new policy, see Adding a VLAN or VXLAN Pool Policy.

                            IP Subnet Pool button
                            Note   

                            The IP Subnet Pool button is visible only when you select the either VLAN or VxLAN as the network type.

                            Click Select to select IP Subnet Pool from the list of pools displayed. If the port group option is not selected, you must select a IP Subnet pool from the list of available pools. If no pools are displayed, click the + icon to add a new IP Subnet Pool Policy. For more information on adding a new IP subnet pool policy, see Adding an IP Subnet Pool Policy.

                            Click Submit.

                            Note   

                            Only one network is allowed for both, 3 tier internal and external container templates.

                            Step 3   Click Next. You can click Back to review the information that you have provided until this point, or click Close to exit the wizard.

                            Configuring Server Load Balancing

                            Enabling the server load balancing (SLB) option is an optional task. Based on your requirements, you can enable this option. By default, the SLB option is disabled.


                            Note

                            • This screen appears only if you enable SLB in the VACS Deployment Options screen. For more information, see Selecting the Deployment Options.

                            • The Help link provides you access to the corresponding online help.

                              Step 1   In the Server Load Balancing screen, complete the following fields:
                              Note   

                              This screen appears only if you have selected the SLB option in the Deployment Options screen.

                              Name

                              Description

                              Tier drop-down list

                              You can deploy the template only for the web, hence the WebZone is the only available value.

                              Handling Mode drop-down list

                              Choose the protocol. By default, the value is set to Passthrough. This mode indicates that the SLB will not terminate the SSL/HTTP session.

                              The available values are:

                              • Passthrough

                              • HTTP Processing

                              Note   

                              In the Cisco VACS Release 5.3STV2.0, the SLB will not terminate SSL traffic. If you want to serve the SSL traffic, then it is important that you select the Passthrough mode. If you are serving only the HTTP traffic, then you can select the HTTP processing mode so as to enable the cookie based persistence.

                              Persistence drop-down list

                              Choose the persistence criteria. By default, the value is set to None. The available values are:

                              • Source IP—Indicates that load balancing, although based on round robin, directs subsequent requests to the same backend server based on the IP address of the client.

                              • Cookie—Indicates that the load balancing, although based on round robin, directs subsequent requests to the same backend server based on the cookie information that has been inserted by the SLB.

                              • None—Indicates a round robin load balancing and no additional persistence criterion to stick a client to a single server.

                              Note   

                              If you choose the Passthrough in the Handling mode, the persistence drop-down list displays only the Source IP and the None values.

                              In Passthrough mode, SLB is not handling the HTTP mode and is only managing the TCP processing. Hence, SLB will not insert/parse cookies in the HTTP header. Therefore, only the Source IP and the None values are available.

                              HTTP

                              Note   

                              You must change the TCP port value only if the service is hosted on the custom ports. If you change this value, then you must also edit the firewall ACL rules to allow the traffic to pass through the custom ports.

                              Front TCP Port field

                              Enter the TCP port number. The default value is 80.

                              Back TCP Port field

                              Enter the TCP port number. The default value is 80.

                              Click Submit.

                              HTTPS
                              Note   

                              • This option is available only if you do not choose HTTP Processing as the Handling Mode.

                              • You must change the TCP value only if the service is hosted on the custom ports. If you change this value, then you must also edit the firewall ACL rules to allow the traffic to pass through the custom ports.

                              Front TCP Port field

                              Enter the TCP port number. The default value is 443.

                              Back TCP Port field

                              Enter the TCP port number. The default value is 443.

                              Step 2   Click Next. You can click Back to review the information that you have provided until this point, or click Close to exit the wizard.

                              Adding Virtual Machines to a Template

                              Adding virtual machines to your Cisco VACS template at this stage is an optional task. Based on your requirements, you can add the virtual machines after you create and provision the containers.

                              Note

                              The Help link provides you access to the corresponding online help.

                                Step 1   In the VACS – Virtual Machines screen , click the + icon to add a virtual machine.
                                Step 2   In the Add Entry to Virtual Machines screen, complete the following fields:
                                Name Description

                                Security Zone drop-down list

                                Choose a security zone.

                                VM Name field

                                Provide a unique name for the virtual machine, up to 32 characters long. The complete virtual machine name will include the name provided in this field, the zone name and the container name.

                                Description field

                                Provide a description for the virtual machine.

                                VM Image drop-down list

                                Choose a virtual machine image to deploy from the list. The list contains the virtual machine templates that are present on the chosen vCloud account. If the list is empty, then the chosen vCloud account does not have any templates.

                                Note   

                                1. The drop-down list shows only the VM templates which are added to one of the hosts on the datacenter where Virtual Machines are deployed.

                                2. If the drop-down list does not show the added VM templates, you must perform inventory collection to display them :

                                  • Choose Virtual > Compute.

                                  • Under All Clouds, select your virtual account (for the polling option to become visible), and then choose Polling > Request Inventory Collection.

                                Number of Virtual CPUs drop-down list

                                Choose the custom number of virtual CPUs.

                                Memory drop-down list

                                Choose the custom memory size for the VM.

                                CPU Reservation (MHz) field

                                Enter a value to define the CPU reservation of the VM.

                                Memory Reservation (MB) field

                                Enter a value to define the memory reservation of the VM.

                                Disk Size (GB) field

                                Enter the disk size.

                                VM Password Sharing Option drop-down list

                                Choose the virtual machine password sharing option:

                                • Do not share

                                • Share after password reset

                                • Share template credentials

                                Note   

                                You must uncheck the Use Network Configuration from Image Option checkbox. If you select this option, the VM IP addresses will not be assigned from selected pool. By default, this checkbox is not checked.

                                Root Login for the Template field

                                Enter the username.

                                This field is visible only if you choose the Share after password rest or the Share template credentials option.

                                Root Password for the Template field

                                Enter the password.

                                This field is visible only if you choose the Share after password rest or the Share template credentials option.

                                VM Network Interfaces drop-down list

                                Choose the virtual machine network interface from the list of interfaces. Only one network is allowed for a VACS 3 tier internal type and VACS 3 tier external type containers.

                                Click + to add an interface and complete the following fields:

                                Name

                                Description

                                VM Network Interface Name field

                                Enter a unique name for the VM network interface.

                                Select the Network drop-down list

                                Choose the network to which the Network Interface Card (NIC) should be attached.

                                Adapter Type drop-down list

                                Select the appropriate adapter type.

                                Click Submit.

                                Initial Quantity field

                                Enter the number of virtual machine instances to provision when you create a container. The default number is one.

                                Step 3   Repeat for each zone and then click Next.

                                Reviewing the Summary

                                  Step 1   In the Summary screen, review and verify the details displayed for the specific container template.
                                  Step 2   Click Submit or click Back to modify the details. Click Close to exit the wizard.

                                  Editing the Firewall ACL Rules for the Templates

                                  Viewing and Editing the ACLs for the 3 Tier Templates

                                  Cisco Virtual Application Cloud Segmentation (VACS) Services (Cisco VACS) defines default access control lists (ACLs) for the 3 tier templates. You can view and edit these ACLs.


                                  Note

                                  Use this procedure to edit the firewall access control lists (ACLs) rules for the templates. To modify existing firewall ACL rules for deployed containers, you must use the Firewall Policy menu option available at Policies > Application Containers. For more information, see Editing Firewall ACL Rules.

                                    Step 1   On the menu bar, choose Physical > Network > Multi-Domain Manager > PNSC Accounts.
                                    Step 2   In the navigation pane, choose an account.
                                    Step 3   Choose the PNSC Firewall Policies tab. The Cisco UCS Director displays a table of the PNSC firewall policies. These policies include the ACLs.
                                    Step 4   Select the accurate firewall policy to view or edit that policy's ACLs.
                                    Note   

                                    The naming convention is Template Name_firewall policy.

                                    Step 5   Click Edit.
                                    Step 6   In the PNSC Firewall Specification screen, click Next to leave the information as is.
                                    Step 7   In the PNSC-Zones Configuration screen, click Next to leave the information as is.
                                    Step 8   In the PNSC-ACL Rules screen, you can add a new ACL, or edit, delete, or move the existing ACLs.
                                    Step 9   After you are done adding, editing, deleting and moving the ACLS, click Next.
                                    Step 10   In the PNSC-VSG Configuration screen, retain the default values, and then click Submit.

                                    You can click Back to review the information entered up to this point or click Close to close the wizard and undo any changes.

                                    About Cisco VACS Custom Container Template

                                    The Cisco VACS Custom Container (or Advanced Container) template enables you to design a container that meets your specific requirements without any restrictions on the number of tiers, zones, networks, or network elements such as, CSR, and/or VSG, and/or SLB or a combination of these network elements and application types. The custom container type allows you to build a template that allows a n-tier application with each tier on a shared or dedicated VLAN or VXLAN segments.

                                    Creating a Cisco VACS Custom Container Template

                                    Select the application container type from the Add Template wizard under the VACS Container tab in Cisco UCS Director to create a new custom container template.

                                    To create the Cisco VACS custom container template, perform the following tasks:

                                    Process Flowchart for Creating Custom Templates

                                    Use the following workflow and the procedures in this chapter as a guide to create custom templates.

                                    Figure 3. Process Flowchart—Creating Custom Templates



                                    Specifying a Template Type


                                    Note

                                    • It is important that you select the Custom Container option from the Container Type drop-down list.

                                    • The Help link provides you access to the corresponding online help.

                                      Step 1   From the Cisco UCS Director menu bar, choose Solutions > VACS Container. The Cisco VACS management task icons appear.
                                      Step 2   Click Add Template. The Add VACS wizard appears.
                                      Figure 4. Add Template Wizard



                                      Step 3   In the VACS Template Specification screen, complete the following fields:

                                      Name

                                      Description

                                      Template name field

                                      Enter a name for the template you want to create. This name can be an alpha-numeric value with a maximum length of 256 characters.

                                      Template Description field

                                      Enter a description for the template. This field can contain 2048 characters.

                                      Container Type drop-down list

                                      Select Custom container type from the following choices:
                                      • Cisco VACS 3 Tier (Internal)
                                      • Cisco VACS 3 Tier (External)
                                      • Cisco VACS Custom Container

                                      Selecting the Deployment Options

                                      You can choose the deployment options and parameters to configure your network pools and policies.

                                      Note

                                      The Help link provides you access to the corresponding online help.

                                        Step 1   In the VACS Deployment Options screen, complete the following details:

                                        Name

                                        Description

                                        Container Application Size button

                                        Click Select to select the size of the container: Small, Medium, or Large.

                                        Cisco VACS provides the following deployment options to meet your container requirements:

                                        Cisco VACS Deployment Option

                                        RAM(GB)

                                        CPU Cycle(GHz)

                                        vCPUs

                                        Small

                                        VSG—2 GB

                                        CSR 1000V—2.5 GB

                                        SLB—2 GB

                                        VSG—1 GHz

                                        VSG—1 vCPU

                                        CSR 1000V—1 vCPU

                                        SLB—1

                                        Medium

                                        VSG—2 GB

                                        CSR 1000V—4 GB

                                        SLB—2 GB

                                        VSG—1.5 GHz

                                        VSG—1 vCPU

                                        CSR 1000V—2 vCPU

                                        SLB—1

                                        Large

                                        VSG— 2 GB

                                        CSR 1000V—4 GB

                                        SLB—2 GB

                                        VSG—1.5 GHz

                                        VSG—2 vCPU

                                        CSR 1000V—4 vCPU

                                        SLB—1

                                        Virtual Account drop-down list

                                        Select the cloud account to deploy the container.

                                        N1K DVSwitch drop-down list

                                        Select the N1K Distributed Virtual Switch.

                                        Computing Policy drop-down list

                                        Choose the computing policy for your deployment type.

                                        If you want to customize the computing policies, click the + icon to add a policy. For information on creating a computing policy, see Defining Computing Policies.

                                        Storage Policy drop-down list

                                        Choose the storage policy for your deployment type.

                                        If you want to customize the storage policies, click the + icon to add a policy. For information on creating a storage policy, see Defining Storage Policies.

                                        Systems Policy drop-down list

                                        Choose the systems policy for your deployment type.

                                        If you want to customize the system policies, click the + icon to add a policy. For information on creating a system policy, see Defining System Policies.

                                        End User Self-Service Policy drop-down list

                                        Select the end user self-service policy.

                                        If you want to customize the end user self-service policies, click the + icon to add a policy. For information on creating an end user self-service policy, see Adding an End User Policy.

                                        Infrastructure Deployment Options

                                        Enable Edge Gateway check box

                                        Check the check box to deploy Cisco Services Router (CSR) 1000V as a part of the container.

                                        By default, the edge gateway is enabled.

                                        Enable Zone Security for Tiers check box

                                        Check the check box to deploy Virtual Security Gateway (VSG) as a firewall of a container.

                                        By default, the zone security for the tiers is enabled.

                                        Enable Server Load Balancing check box

                                        Check this check box to enable the server load balancing (SLB) option. By default, SLB is disabled

                                        High Availability drop-down list

                                        Choose the high availability mode: Yes or No. By default, the HA mode is set to No.

                                        If you choose Yes during the container deployment, the high availablity (HA) mode is enabled as follows:
                                        Step 2   Click Next.

                                        Configuring Network Resource Pools


                                        Note

                                        • This screen is displayed only when at least one of the service VMs, such as enabling edge gateway, appear when atleast one of the service VMs(enabling edge, zone security, or SLB are selected in the VACS Deployment Options screen.

                                        • The Help link provides you access to the corresponding online help.

                                          Step 1   In the VACS Network Resource Pool screen, complete the following fields:

                                          Name

                                          Description

                                          Management IP Pool

                                          Management IP Pool button

                                          Click Select to display the list of static IP pools. Select the appropriate pool and click Select. This pool is used to configure the Cisco Virtual Security Gateway (VSG), Cisco Cloud Services Router (CSR), and the Server Load Balancer (SLB) management IP. If no pools are displayed, click the + icon to add a new static IP pool.

                                          For more information on adding a new static IP pool, see the Defining Static IP Pool Policies

                                          Router Network Configuration
                                          Note   

                                          This option is displayed only when you enable the edge gateway.

                                          Router Uplink IP Pool button

                                          Click Select to display the list of static IP pools. Select the Static IP pool to configure the uplink interface of the CSR and click Select. If no pools are displayed, click the + icon to add a new static IP pool.

                                          For more information on adding a new static IP pool, see the Defining Static IP Pool Policies

                                          Router IP Type drop-down list

                                          Choose the Router IP type: Public or Private. If you choose Public, the router will be configured with public IP addresses based on the chosen routing protocol.

                                          L3 Routing Protocol drop-down list

                                          Choose the L3 routing protocol:Static or EIGRP.

                                          This field is visible only if you choose the Public Router IP type.

                                          Autonomous System Number field

                                          Enter the system number. The range is between 1 to 65535.

                                          This field is visible only if you choose EIGRP as the L3 routing protocol.

                                          MTU field

                                          Enter the MTU number. The range is between 1500 to 9216.

                                          The default value is 1500.

                                          This field is visible only if you choose EIGRP as the L3 routing protocol.

                                          Step 2   Click Next.

                                          Configuring Security Zones

                                          You can configure the security zones for your custom container and define the zone conditions based on your requirements.

                                          Note

                                          The Help link provides you access to the corresponding online help.

                                            Step 1   In the VACS Security Zones Configuration screen, click + to add security zones to the list.
                                            Step 2   In the Add Entry to Security Zones screen, complete the following fields:

                                            Name

                                            Description

                                            Zone Name field

                                            Enter a unique zone name. This can be an alpha-numeric value between 2- 32 characters.

                                            Zone description field

                                            Enter a description for the security zone. This description can be 256 characters long.

                                            Zone Conditions field
                                            Note   

                                            This option is displayed only if you enable the zone security for the tiers in the VACS Deployment Options screen.

                                            Click + to add an entry to the zone conditions table and complete the following fields:

                                            • From the Attribute Type drop-down list, choose the attribute : Network or VM.

                                            • From the Attribute Name drop-down list, choose the name.

                                            • From the Operator drop-down list, choose the operator : Range or Equals or Not Equals or Prefixed by.

                                            • In the Attribute Value field, enter an appropriate value.

                                            • Click Submit to add the entry to the list of zone conditions.

                                            Step 3   Click Next.

                                            Configuring Access Control Lists


                                            Note

                                            • This screen is visible only if you enable the zone security for the tiers (VSG) in the VACS Deployment Options screen.

                                            • The Help link provides you access to the corresponding online help.

                                              Step 1   In the VACS Access Control List Configuration screen, click + to add the ACL rules.
                                              Step 2   In the Add Entry to Access Control List Rules screen, complete the following fields:

                                              Name

                                              Description

                                              Name field

                                              Enter a unique name for the ACL Rule. This name can be an alpha-numeric and special character set between 2-32 characters long.

                                              Description field

                                              Enter a description for the ACL rule in less than 256 characters.

                                              Action drop-down list

                                              Choose an action : Permit or Drop or Reset

                                              Condition Match Criteria drop-down list

                                              Choose a criteria: match-all or match-any

                                              Protocol/Service drop-down list

                                              Choose between Protocol or Service
                                              Note   

                                              Check the check-box to enable protocol to set the rule. The protocol is set to Any by default.

                                              Service field

                                              Choose the required services. The available options are http and https.

                                              Source Conditions table

                                              Click + to add an entry to the source conditions table and complete the following fields:

                                              • From the Attribute Type drop-down list, choose the attribute : Network, VM, or Zone.

                                              • From the Attribute Name drop-down list, choose the name.

                                              • From the Operator drop-down list, choose the operator : Range or Equals or Not Equals or Prefixed by or Range.

                                              • In the Attribute Value field, enter the corresponding IP address.

                                              • Click Submit to add the entry to the list of zone conditions.

                                              Destination Conditions table

                                              Click + to add an entry to the destination conditions table and complete the following fields:

                                              • From the Attribute Type drop-down list, choose the attribute : Network, VM or Zone.

                                              • From the Attribute Name drop-down list, choose the name.

                                              • From the Operator drop-down list, choose the operator : Range or Equals or Not Equals or Prefixed by or Range.

                                              • In the Attribute Value field, enter the corresponding IP address.

                                              • Click Submit to add the entry to the list of zone conditions.

                                              Step 3   Click Next.

                                              Configuring the Application Layer Gateway for a Cisco VACS Container


                                              Note

                                              • This screen is visible only when you enable the Edge Gateway (CSR) option with the non-HA mode in the in the VACS Deployment Options screen.

                                              • The Help link provides you access to the corresponding online help.

                                              The Application Layer Gateway performs inspection on the incoming packets for the selected Application layer Protocols.


                                              Note

                                              By default, the first five protocols (HTTP, HTTPS, FTP, DNS, and ICMP) are enabled.

                                                Step 1   In the Application Layer Gateway screen, check the required check-boxes to enable protocol level access control to configure the application layer gateway on the router.
                                                Step 2   Click Next.

                                                Configuring VM Networks for a Custom Container Template

                                                Virtual machine networks provide all of the information about the configured virtual machines for the Cisco VACS templates.


                                                Note

                                                The Help link provides you access to the corresponding online help.

                                                  Step 1   In the VACS – VM Networks screen, select a virtual machine network from the list displayed. If no networks are displayed, click + to add an entry to the VM Networks table.
                                                  Step 2   In the Add Entry to VM Networks screen, complete the following steps:

                                                  Name

                                                  Description

                                                  Network Name field

                                                  Provide a unique network name up to 128 characters long.

                                                  Network Type drop-down list

                                                  Choose the network type to connect to the network. The available options are:

                                                  • VLAN

                                                  • VXLAN

                                                  • Port Group

                                                  VLAN Pool button

                                                  Note   

                                                  Based on the network type that you select, either the VLAN Pool, the VXLAN Pool, or the Port Group buttons will appear.

                                                  Click Select to select a VLAN Pool from the list of available pools that are displayed. If no pools are displayed, click the + icon to add a new policy. For more information on adding a new policy, see Adding a VLAN or VXLAN Pool Policy.

                                                  VXLAN Pool button

                                                  Note   

                                                  Based on the network type that you select, either the VLAN Pool, the VXLAN Pool, or the Port Group buttons will appear.

                                                  Click Select to select a VXLAN Pool from the list of available pools that are displayed. If no pools are displayed, click the + icon to add a new policy. For more information on adding a new policy, see Adding a VLAN or VXLAN Pool Policy.

                                                  Port Group button

                                                  Note   

                                                  Based on the network type that you select, either the VLAN Pool, the VXLAN Pool, or the Port Group buttons will appear.

                                                  Click Select to select Port Group from the list of available port groups that are displayed.

                                                  If you choose Port Group, you must select the required port group from the list of port-groups that are shown in the table. The port-groups displayed are the ones that are associated with the Nexus1000V DVS mapped to the template.

                                                  IP Subnet Pool button
                                                  Note   

                                                  The IP Subnet Pool button is visible only when you select the either VLAN or VxLAN as the network type.

                                                  Click Select to select IP Subnet Pool from the list of pools displayed. If the port group option is not selected, you must select a IP Subnet pool from the list of available pools. If no pools are displayed, click the + icon to add a new IP Subnet Pool Policy. For more information on adding a new IP subnet pool policy, see Adding an IP Subnet Pool Policy.

                                                  Static IP Pool button
                                                  Note   

                                                  The Static IP Pool field is visible only when you select the Port Group as the network type.

                                                  Click Select to select a static IP Pool from the list of pools displayed. If no pools are displayed, click the + icon to add a new static IP pool Policy. For more information on adding a new static IP pool policy, see Defining Static IP Pool Policies.

                                                  Click Submit.

                                                  Note   

                                                  To define more than one VM network, repeat step 2.

                                                  Step 3   Click Next. You can click Back to review the information that you have provided until this point, or click Close to exit the wizard.

                                                  Configuring Server Load Balancing

                                                  Enabling the server load balancing (SLB) option is an optional task. Based on your requirements, you can enable this option. By default, the SLB option is not enabled.


                                                  Note

                                                  • This screen appears only if you enable SLB in the VACS Deployment Options screen. For more information, see Selecting the Deployment Options.

                                                  • The Help link provides you access to the corresponding online help.

                                                    Step 1   In the Server Load Balancing screen, complete the following fields:

                                                    Name

                                                    Description

                                                    Tier drop-down list

                                                    Choose the zone on which SLB should be associated with. The available options are based on the security zones that were created earlier.

                                                    Network drop-down list

                                                    Choose the network on which the load balancing needs to occur. The drop-down list displays all the networks that were created only for the VXLAN and VLAN type of network in the VM Networks screen.

                                                    Handling Mode drop-down list

                                                    Choose the protocol. By default, the value is set to Passthrough. This mode indicates that the SLB will not terminate the SSL/TCP session.

                                                    The available values are:

                                                    • Passthrough

                                                    • HTTP Processing

                                                    Note   

                                                    In the Cisco VACS Release 5.3STV2.0, the SLB will not terminate SSL traffic. If you want to serve the SSL traffic, then it is important that you select the Passthrough mode. If you are serving only the HTTP traffic, then you can select the HTTP processing mode so as to enable the cookie based persistence.

                                                    Persistence drop-down list

                                                    Choose the persistence criteria. By default, the value is set to None. The available values are:

                                                    • Source IP—Indicates that load balancing, although based on round robin, directs subsequent requests to the same backend server based on the IP address of the client.

                                                    • Cookie—Indicates that the load balancing, although based on round robin, directs subsequent requests to the same backend server based on the cookie information that has been inserted by the SLB.

                                                    • None—Indicates a round robin load balancing and no additional persistence criterion to stick a client to a single server.

                                                    Note   

                                                    If you choose the Passthrough in the Handling mode, the persistence drop-down list displays only the Source IP and the None values.

                                                    In Passthrough mode, SLB is not handling the HTTP mode and is only managing the TCP processing. Hence, SLB will not insert/parse cookies in the HTTP header. Therefore, only the Source IP and the None values are available.

                                                    HTTP

                                                    Note   

                                                    You must change the TCP port value only if the service is hosted on the custom ports. If you change this value, then you must also edit the firewall ACL rules to allow the traffic to pass through the custom ports.

                                                    Front TCP Port field

                                                    Enter the TCP port number. The default value is 80.

                                                    Back TCP Port field

                                                    Enter the TCP port number. The default value is 80.

                                                    Click Submit.

                                                    HTTPS
                                                    Note   

                                                    • This option is available only if you do not choose HTTP Processing as the Handling Mode.

                                                    • You must change the TCP value only if the service is hosted on the custom ports. If you change this value, then you must also edit the firewall ACL rules to allow the traffic to pass through the custom ports.

                                                    Front TCP Port field

                                                    Enter the TCP port number. The default value is 443.

                                                    Back TCP Port field

                                                    Enter the TCP port number. The default value is 443.

                                                    Step 2   Click Next. You can click Back to review the information that you have provided until this point, or click Close to exit the wizard.

                                                    Adding Virtual Machines to a Template

                                                    Adding virtual machines to your Cisco VACS template at this stage is an optional task. Based on your requirements, you can add the virtual machines after you create and provision the containers.

                                                    Note

                                                    The Help link provides you access to the corresponding online help.

                                                      Step 1   In the VACS – Virtual Machines screen , click the + icon to add a virtual machine.
                                                      Step 2   In the Add Entry to Virtual Machines screen, complete the following fields:
                                                      Name Description

                                                      Security Zone drop-down list

                                                      Choose a security zone.

                                                      VM Name field

                                                      Provide a unique name for the virtual machine, up to 32 characters long. The complete virtual machine name will include the name provided in this field, the zone name and the container name.

                                                      Description field

                                                      Provide a description for the virtual machine.

                                                      VM Image drop-down list

                                                      Choose a virtual machine image to deploy from the list. The list contains the virtual machine templates that are present on the chosen vCloud account. If the list is empty, then the chosen vCloud account does not have any templates.

                                                      Note   

                                                      1. The drop-down list shows only the VM templates which are added to one of the hosts on the datacenter where Virtual Machines are deployed.

                                                      2. If the drop-down list does not show the added VM templates, you must perform inventory collection to display them:

                                                        • Choose Virtual > Compute.

                                                        • Under All Clouds, select your virtual account (for the polling option to become visible), and then choose Polling > Request Inventory Collection.

                                                      Number of Virtual CPUs drop-down list

                                                      Choose the custom number of virtual CPUs.

                                                      Memory drop-down list

                                                      Choose the custom memory size for the VM.

                                                      CPU Reservation (MHz) field

                                                      Enter a value to define the CPU reservation of the VM.

                                                      Memory Reservation (MB) field

                                                      Enter a value to define the memory reservation of the VM.

                                                      Disk Size (GB) field

                                                      Enter the disk size.

                                                      VM Password Sharing Option drop-down list

                                                      Choose the virtual machine password sharing option:

                                                      • Do not share

                                                      • Share after password reset

                                                      • Share template credentials

                                                      Note   

                                                      You must uncheck the Use Network Configuration from Image Option check box. If you select this option, the VM IP addresses will not be assigned from selected pool. By default, this check box is not checked.

                                                      Root Login for the Template field

                                                      Enter the username.

                                                      This field is visible only if you choose the Share after password rest or the Share template credentials option.

                                                      Root Password for the Template field

                                                      Enter the password.

                                                      This field is visible only if you choose the Share after password rest or the Share template credentials option.

                                                      VM Network Interfaces drop-down list

                                                      Choose the virtual machine network interface from the list of interfaces. Only one network is allowed for a VACS 3 tier internal type and VACS 3 tier external type containers.
                                                      Note   

                                                      If SLB has been enabled in the template, you must choose at least one virtual machine network interface that is in the same network as that of the SLB.

                                                      Click + to add an interface and complete the following fields:

                                                      Name

                                                      Description

                                                      VM Network Interface Name field

                                                      Enter a unique name for the VM network interface.

                                                      Select the Network drop-down list

                                                      Choose the network to which the Network Interface Card (NIC) should be attached.

                                                      Adapter Type drop-down list

                                                      Select the appropriate adapter type.

                                                      Click Submit.

                                                      Attention:

                                                      You are allowed to add only one VLAN or VXLAN network to the VM for each zone. However, you can add any number of port group based networks.

                                                      Initial Quantity field

                                                      Enter the number of virtual machine instances to provision when you create a container. The default number is one.

                                                      Step 3   Repeat for each zone and then click Next.

                                                      Reviewing the Summary

                                                        Step 1   In the Summary screen, review and verify the details displayed for the specific container template.
                                                        Step 2   Click Submit or click Back to modify the details. Click Close to exit the wizard.

                                                        Publishing a Catalog

                                                          Step 1   On the menu bar, choose Policies > Catalogs.
                                                          Step 2   Choose the Catalog tab.
                                                          Step 3   Click Add (+)
                                                          Step 4   In the Catalog Add dialog box, select the type of catalog that you want to add.
                                                          Step 5   Click Submit.
                                                          Step 6   In the Add Catalog dialog box, complete the following fields:

                                                          Name

                                                          Description

                                                          Basic Information pane

                                                          Catalog Name field

                                                          Enter the catalog name.

                                                          Note   

                                                          After you create a catalog, you cannot modify the name.

                                                          Catalog Description field

                                                          Enter a description of the catalog.

                                                          Catalog Type drop-down list

                                                          Select Service Container as the type of catalog. This catalog is used for publishing application containers as catalog items.

                                                          Catalog Icon drop-down list

                                                          Choose from a list of icons to associate this catalog with an image. This icon is seen when you are creating a service request using this catalog.

                                                          Applied to all groups check box

                                                          Check the check box to enable all groups to use this catalog. Uncheck the check box to deny its use to other groups.

                                                          Customer Organization check box

                                                          Click Select to open and select the list of customer organizations you want the published catalog be available to.

                                                          Publish to end users check box

                                                          Uncheck this check box if you do not want this catalog to be visible to end-users. If you do not uncheck this check box, then this catalog will be visible to the end users of the system.

                                                          Cloud Name drop-down list

                                                          Choose the cloud with the image for VM provisioning.

                                                          Service Container Template Name drop-down list

                                                          Choose the template from the list.

                                                          Note   

                                                          This option appears when the chosen Catalog Type is Service Container.

                                                          Select Folder drop-down list

                                                          Choose the folder within which this catalog must be created in.

                                                          Note   

                                                          The drop-down list includes names of folders that are available by default. You can either select a folder that is available, or click the + icon to create a new folder. In the Add New Folder dialog box, specify a folder name, and select an icon for the folder.

                                                          Step 7   Click Next.
                                                          Step 8   Review the catalog information in the Summary page.
                                                          Step 9   Click Submit.

                                                          Instantiating Cisco VACS Containers

                                                          After creating the Cisco VACS application container templates, you can instantiate them by ordering an extended application container from the Cisco UCS Director self-service catalog. The self-service catalog enables you to purchase, monitor, and manage the individual services of a container. When you submit a container provisioning request, a service request is created. If the container creation operation fails, you can resubmit the first four tasks of this process.

                                                          Note

                                                          You can resubmit a failed container rollback.

                                                            Step 1   In the Cisco UCS Director menu bar, choose Solutions > VACS Container.
                                                            Step 2   Right-click the appropriate template and Select Create Container. The Create Container from Template screen appears.
                                                            Step 3   In the Create Container from Template screen, complete the following fields:

                                                            Name

                                                            Description

                                                            Container Name field

                                                            Enter a name for the container.

                                                            Container Label field

                                                            Enter a label for the container.

                                                            Number of Hosts per Tier field

                                                            Enter the number of hosts per tier.

                                                            Group drop-down list

                                                            Select the end user you want to share the templates with.

                                                            Step 4   Click Submit.

                                                            Managing Container Templates

                                                            As an administrator, you can perform the following management actions on the Cisco VACS application container templates that you create:

                                                            • Edit template

                                                            • Clone template

                                                            • Delete template


                                                            Note

                                                            The edit and delete operations should be performed only when the Cisco VACS application containers are not using these templates.

                                                            Do not edit or clone templates from 1 type to another. It is not recommended to change (add or remove) the optional services while editing an existing template

                                                            For detailed instructions about the management tasks you can perform in Cisco UCS Director, see the following guides:
                                                            • Cisco UCS Director Application Container Guide
                                                            • Cisco UCS Director Self -Service Portal Guide
                                                            • Cisco UCS Director Administration Guide

                                                            Managing Application Containers

                                                            As an administrator, you can perform the following management actions on the Cisco VACS application containers that you create:

                                                            • View details

                                                            • View reports

                                                            • Power on/off a container

                                                            • Add virtual machines

                                                            • ERSPAN

                                                            • Firewall Policy

                                                            • Static NAT

                                                            • Delete virtual machines

                                                            • Delete container

                                                            • View Report

                                                            For detailed instructions about the management tasks you can perform in Cisco UCS Director, see the following guides:
                                                            • Cisco UCS Director Application Container Guide
                                                            • Cisco UCS Director Self -Service Portal Guide
                                                            • Cisco UCS Director Administration Guide

                                                            Viewing Reports

                                                            You can generate summary reports, a detailed report with credentials, and a detailed report without credentials for each container.

                                                              Step 1   On the menu bar, choose Policies > Application Containers.
                                                              Step 2   Click the Application Container tab.
                                                              Step 3   Choose a container or right-click on the container to bring up all of the actions.
                                                              Step 4   Click View Reports.
                                                              Step 5   From the Select Report Type drop down list, choose the report you want to view.

                                                              Reports "with Credentials" show passwords in plain text. Reports "without Credentials" hide passwords in the report.

                                                              Reports for Administrators contain policy information not given in reports for Self-Service Users.

                                                              A dialog appears with a report detailing the application container.
                                                              Note   

                                                              Any of the reports, in the report header, shows the ID of the Service Request used to create the container.

                                                              Types of Reports

                                                              Attention:

                                                              • To view the login passwords and vnc details for the VMs, see the detailed report with credentials.

                                                              • The login user for CSR/VSG is admin and for SLB is root.

                                                              • The default enable password for CSR is cisco123.

                                                              • The Summary Report and the Detailed Report in the Secure Container details are displayed based on the permissions granted by the administrator.

                                                              • The contents of the Detailed report depends on whether it is a secure report or an unsecure report.

                                                              Cisco VACS generates different types of reports for each container that you create. The following reports can be viewed based on the user roles:

                                                              Note

                                                              In addition to these reports, Cisco VACS maintains the VACS Resource History Report, which is an audit report that is utilized to debug issues related to resource allocation. For more information, see About the Cisco VACS Resource History Report.

                                                              1. Secure Reports—These reports are displayed based on the permissions granted by the administrator while setting the end user options and they do not display the details of the service VMs.

                                                                • Summary Report (for Self-Service Users)—displays the details of the workload VMs

                                                                • Detailed Report (for Self-Service User)

                                                                  • Container:Name—displays the container name, container type, the group it belongs to, and the date the template was created.

                                                                  • Virtual Machines—displays the details of the workload VMs.

                                                                  • Event history—displays the deployment history.

                                                                  • Virtual Machine Subnet Information—displays the network and gateway IP addresses and the subnet mask.

                                                                  • CSR Uplink Information—information about the CSR 1000V uplink.

                                                                  • Static Nat Details—displays Static Nat related information.


                                                                    Note

                                                                    If the network administrator has granted permissions to view the secure container details, the Stats URL displays the VIP IP address instead of the SLB Management IP Address.

                                                                • Detailed Report without Credentials (for Administrators)

                                                                • Detailed Report with Credentials (for Administrators)

                                                              2. Unsecure Reports—These reports are displayed based on the permissions granted by the administrator while setting the end user options. The following reports are available:

                                                                • Summary Report (for Self-Service Users)—displays container details such the summary of all the VMs, including the details of the service VMs that are associated with the selected application container.

                                                                • Detailed Report with credentials (for Self-Service User)

                                                                • Detailed Report without credentials (for Self-Service User)

                                                                • Detailed Report without Credentials (for Administrators)

                                                                • Detailed Report with Credentials (for Administrators)

                                                              The detailed reports (with or without credentials) for both, the end user and the administrator displays the following information:

                                                              • Container:Name—displays the container name, container type, the group it belongs to, and the date the template was created.

                                                              • Virtual Machines—displays consolidated information about all the provisioned VMs and their status in the container, resource consumption details such as disk size, memory, and CPU, details of the network interface, hostname and status, and port mappings for the container.

                                                              • Container Port Groups—displays details about the container port groups with specific admin credentials.

                                                              • Event history—displays the deployment history.

                                                              • Server Load Balancing—displays the server load balancing (SLB) primary and secondary virtual machine names, IP addresses, netmask, network gateway, data and management port-groups, Stats URL, Stats username and password, information about the VIP, zone, and real server.

                                                              • Virtual Machine Subnet Information—displays the network and gateway IP addresses and the subnet mask.

                                                              • CSR 1000V License Details—displays details about the CSR 1000V virtual appliances deployed by Cisco VACS and the corresponding license states.

                                                              • CSR Uplink Information—information about the CSR 1000V uplink.

                                                              • Static Nat Details—displays Static Nat related information.

                                                              • ERSPAN Details—displays ERSPAN related information.

                                                              • Upstream Router Configuration Required—This section is displayed when the edge gateway is disabled in a container.


                                                              Note

                                                              The detailed report with credentials (for Self-Service Users and Administrators) also displays the service VM passwords that were reset or reconfigured using the manager service VM password feature.

                                                              About the Cisco VACS Resource History Report

                                                              Cisco VACS maintains the resource history report, which is an audit report that displays details associated with the resource allocation and deallocation during the application container deployment, rollback, and all resource allocation related operations. This is used as a troubleshooting mechanism to identify the resource leakages, if any.

                                                              The Cisco VACS Services resource history report displays the following details:

                                                              • Audit Id

                                                              • SR Id

                                                              • Container Id

                                                              • Container Name

                                                              • Initiating User

                                                              • Resource Type

                                                              • Resource Value

                                                              • Action

                                                              • Context Type

                                                              • Context Name

                                                              • Usage

                                                              • Place Holder

                                                              • Timestamp

                                                              Viewing the Cisco VACS Resource History Report

                                                                Step 1   On the menu bar, choose Policies > Virtual/Hypervisor Policies > Network > VACS Resource History.
                                                                Step 2   In the VACS Resource History screen that appears, the following details are displayed:

                                                                Name

                                                                Description

                                                                Audit Id column

                                                                The audit ID.

                                                                By default, this column is not displayed.

                                                                SR Id column

                                                                The service request ID.

                                                                Container Id column

                                                                The ID of the application container for which the resources were either reserved or released.

                                                                Container Name column

                                                                The name of the application container for which the resources were either reserved or released.

                                                                Initiating User column

                                                                The name of the user who initiated a particular workflow.

                                                                Resource Type column

                                                                The type of the resource, such as the IP Address, VLAN, VXLAN, or the port group that was used to create the application container.

                                                                Resource Value column

                                                                The resource value .

                                                                Action column

                                                                The actual action of the resource, such as whether it is reserved or released.

                                                                Context Type column

                                                                This column is applicable only if the IP Subnet pool policy is of type Overlapped. If it is an overlapped IP Subnet pool policy, the context type is UCSD, Tenant, or Container.

                                                                Context Name column

                                                                The name of the context type.

                                                                Usage column

                                                                The resource usage which indicates the purpose of the reserved resources, such as the VXLAN/VLAN, IP Subnet, and so on.

                                                                Place Holder column

                                                                The name of the class and the method which called the resource reserved or released API. These details are mainly used for debugging

                                                                By default this column is not displayed.

                                                                Timestamp column

                                                                The time during which the resources were either reserved or released.

                                                                You are allowed to customize the details that can be displayed in this report using the Customize Table Columns button. You can also filter the display using the Add Advance Filter button. You can also export this report to a local machine using the Export Report button.

                                                                Deleting or Resetting the Data in the Cisco VACS Resource History Report

                                                                You can choose to delete selected records from the available data or delete all existing records from the database.

                                                                  Step 1   On the menu bar, choose Policies > Virtual/Hypervisor Policies > Network > VACS Resource History. The VACS Resource History screen appears
                                                                  Step 2   Select the row(s) that you want to delete and click the Delete button. In the Delete confirmation box that appears, click Delete to delete the selected record(s).
                                                                  Step 3   Click the Reset button to delete all existing data from the database.

                                                                  Viewing the CSR 1000V Licensing Information

                                                                  After the Cisco VACS application container is deployed, you can view all consolidated information about the CSR 1000V licensing using the administrator privileges. The Self-Service users can view the CSR status about a CSR in a container in the view report page.


                                                                  Note

                                                                  If the Edge gateway is not enabled in the template, then the corresponding container will not have any CSRs. In this case, this section is not applicable for such containers.

                                                                    Step 1   On the menu bar, choose Virtual > Network.

                                                                    The VACS:CSR Licenses screen appears.

                                                                    Step 2   The VACS:CSR Licenses screen that appears displays the list of CSRs that are deployed using Cisco VACS.

                                                                    All the unlicensed CSR 1000V try to fetch the latest status of the CSR 1000V information every 10 minutes.

                                                                    The available information is as follows:

                                                                    • License Type (Delegated, Smart, or Unknown)

                                                                    • CSR 1000V name

                                                                    • License status

                                                                    • Throughput

                                                                    Step 3   Click the VACS: CSR License Balance tab. The VACS: CSR LIcense Balance screen appears.

                                                                    This is a CSR license report that displays the count number for the Cisco VACS licenses and the CSR delegated license balance.

                                                                    Was this Document Helpful?

                                                                    FeedbackFeedback

                                                                    Contact Cisco