This chapter contains the following sections.
Cisco VACS allows you to reconfigure passwords for service VMs (CSR, ASAv, VSG, and SLB) in an application container. You can either set the same password for all the service VMs or a different password for each of these services VMs. By default, the Manage Service VM Password option is enabled in all the service VMs.
Based on the secure container report options that you select, the Manager Service VM password UI option is either visible or hidden from the Self-Service user(s). You must either refresh the browser or navigate to another tab before you navigate to
, so that the UI reflects the change.Cisco VACS allows you to modify existing firewall access control lists (ACLs) rules for each container that is already deployed. This includes adding new ACL rules and modifying or deleting existing ACL rules. In a firewall policy, you can change only the ACLs that are defined for a container. You cannot add new zones or modify existing zones.
![]() Note |
|
You can view existing ACL rules associated with a firewall policy that is defined for a container.
Step 1 | On the menu bar, choose . |
Step 2 | Select the appropriate Application Container and click Firewall Policy. The Edit Firewall dialog box appears. |
Step 3 | The PNSC Firewall Specification screen displays the policy name and description. Click Next. The PNSC-ACL Rules screen appears. You can view the existing PNSC ACL rules. |
You can add new ACL rules to a firewall policy that is defined for a container.
![]() Note | The Help link provides you access to the corresponding online help. |
Step 1 | On the menu bar, choose . | ||||||||||||||||||||||||
Step 2 | Select the appropriate Application Container and click Firewall Policy. The Edit Firewall dialog box appears. | ||||||||||||||||||||||||
Step 3 | The PNSC Firewall Specification screen displays the policy name and description. Click Next. The PNSC-ACL Rules screen appears. | ||||||||||||||||||||||||
Step 4 | In the PNSC-ACL Rules screen, click the + icon to add a new PNSC ACL rule. The Add Entry to PNSC ACL Rules screen appears. | ||||||||||||||||||||||||
Step 5 | In the
Add
Entry to PNSC ACL Rules screen, complete the following fields:
| ||||||||||||||||||||||||
Step 6 | Click the Up arrow icon to move the newly created ACL rule in an ascending order. | ||||||||||||||||||||||||
Step 7 | Click Submit. |
Cisco VACS allows you to modify existing firewall ACL rules.
![]() Note | The Help link provides you access to the corresponding online help. |
Step 1 | On the menu bar, choose . |
Step 2 | Select the appropriate application container and click Firewall Policy. The Edit Firewall dialog box appears. |
Step 3 | The PNSC Firewall Specification screen displays the policy name and description. Click Next. The PNSC-ACL Rules screen appears. |
Step 4 | In the PNSC-ACL Rules screen, select the PNSC ACL rule that you want to edit, and click the edit (pencil) icon. The Edit Entry to PNSC ACL Rules screen appears. |
Step 5 | In the Edit Entry to PNSC ACL Rules screen, modify the corresponding fields, and click Submit. |
Step 6 | Click the Up or down arrow icon to move the modified ACL rule in an ascending or descending order. |
Step 7 | Click Submit. |
Cisco VACS allows you to delete existing ACL rules.
![]() Note | The Help link provides you access to the corresponding online help. |
Step 1 | On the menu bar, choose . |
Step 2 | Select the appropriate Application Container and click Firewall Policy. The Edit Firewall dialog box appears. |
Step 3 | The PNSC Firewall Specification screen displays the policy name and description. Click Next. The PNSC-ACL Rules screen appears. |
Step 4 | In the PNSC-ACL Rules screen, click the delete (x) icon to delete an existing PNSC ACL rule. The Delete PNSC ACL Rules Entry confirmation box appears. |
Step 5 | Click Submit to delete the selected PNSC ACL rule. |
Static NAT mappings are required for allowing the outside public IP addresses to reach the virtual machines that are inside the container. The static NAT screen allows you to specify the outside public IP address and map it to the private IP address of the virtual machine in the Web tier of the container.
![]() Note |
|
To configure Static NAT to the workload virtual machines, use the following procedure:
Step 1 | On the menu bar, choose In the . Static NAT dialog box, check the check box for each provisioned VM that require Static NAT enablement. If none of the workload VMs are provisioned on the container, the Static NAT screen is be empty. If the workload VMs are already provisioned, this screen displays the VMs with check boxes next to each of them. | ||
Step 2 | Click the checkbox for each provisioned VM that require Static NAT enablement. These VMs can be reached from outside public IP addresses . | ||
Step 3 | Click
Submit.
|
Traffic to and from individual virtual machines can be monitored using the encapsulated remote switched port analyzer (ERSPAN) feature after workload virtual machines are provisioned. ERSPAN is generally enabled on a per-virtual machine basis for troubleshooting. You must supply an ERSPAN destination for forwarding and analyzing traffic.
![]() Note | The Help link provides you access to the corresponding online help. |
Step 1 | On the menu bar, choose The . Cisco VACS ERSPAN Configuration screen is displayed. | ||||||||
Step 2 | In the ERSPAN Destination IP address Specification screen specify the Destination IP Address for forwarding and analyzing traffic. If ERSPANs are already present, they are displayed in the Destination IP Address Report table in this screen. This table also lists the ERSPAN session ID and the corresponding Destination IP address. | ||||||||
Step 3 | Click Next to proceed to the ERSPAN Configuration page. | ||||||||
Step 4 | In theERSPAN Configuration screen, select the appropriate VM NIC configuration for ERSPAN. | ||||||||
Step 5 | In theERSPAN Configuration screen, click the + icon to add a new VM NIC configuration for ERSPAN. and complete the following: The Add Entry to VM NIC Configuration screen. | ||||||||
Step 6 | In the
Add
Entry to VM NIC Configuration
screen, complete the following fields
| ||||||||
Step 7 | Click
Submit to add the entry to the
VM NIC
Configuration
table.
| ||||||||
Step 8 | Click
Submit in the
ERSPAN
Configuration
screen to submit the ERSPAN configuration request. The
service request will be submitted to the workflow to configure the ERSPAN
monitoring.
Upon
successful execution of the workflow, the ERSPAN session will be visible from
ERSPAN screen after a few minutes.
| ||||||||
Step 9 | Click
Submit.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the progress of the workflow. |
Although deploying virtual machines during the container deployment process is optional, you can use the Add VMs tab available in the Cisco VACS UI to add virtual machines after deploying a container.
![]() Note |
|
Step 1 | On the menu bar, choose . | ||||||||||||||||||||||||||||||||||||||
Step 2 | In the
Add VMs dialog box, complete the following fields:
| ||||||||||||||||||||||||||||||||||||||
Step 3 | Click
Submit.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the progress of the workflow. |
![]() Note | This section is not applicable for all fresh installation or upgrades from 5.4STV2.1 and later releases of Cisco VACS. For releases prior to 5.4STV2.1, you must migrate to Cisco UCS Director 5.4 based patches. |
If you migrate from Cisco UCS Director Release 5.3 to Cisco UCS Director Release 5.4, you must manually map the add VM workflow.
Step 1 | On the menu bar, choose . |
Step 2 | Expand the VACS folder and double click VACS Add VMs to Container. The Workflow Designer – VACS Add VMs to Container screen appears. |
Step 3 | In the Workflow Designer – VACS Add VMs to Container screen that appears, double click VACS:ProvisionContainer-VM. The Edit Task (VACS: Provision Container - VM) wizard appears. |
Step 4 | In the Workflow Task Basic Information screen, click Next. |
Step 5 | In the User Input Mapping screen that appears, complete the following: |
Step 6 | Click Next. The Tasks Inputs screen appears. |
Step 7 | Click Next. The User Output Mappings to Task Output Attributes screen appears. |
Step 8 | Click Submit. |
Step 9 | Click Validate Workflow. |
You can upload Open Virtualization Format (OVF) files (in both, the zip and jar formats) to a previously configured storage location, where they are deployed. These files can be used while adding VMs to the Cisco VACS application containers.
Cisco VACS allows you to upload OVF files (OVA, zip, and jar formats) to a predefined storage location and deploy them to a group or customer organization.
Step 1 | On the menu bar, choose . | ||||||||||||
Step 2 | Click the User OVF Management tab. | ||||||||||||
Step 3 | Click Upload File. | ||||||||||||
Step 4 | In the
Upload
File dialog box, complete the following fields:
| ||||||||||||
Step 5 | Click Submit. | ||||||||||||
Step 6 | When the
Submit
Result - Upload Successfully dialog box appears, click
OK. The uploaded file is listed in the
User OVF
Management table.
|
If you are an administrator, you can delete files located in the storage area.
The Manage Service VM Password feature is enabled for the Self-Service users only when the Secure Container Details option is unchecked.
Step 1 | From the Cisco UCS Director menu bar, choose The Cisco VACS management task icons appear. . | ||||||||||||||||||||||
Step 2 | Click Options. The Options screen appears. | ||||||||||||||||||||||
Step 3 | In the
Options
Specification screen, complete the following fields:
| ||||||||||||||||||||||
Step 4 | Click Submit to save the settings. Alternatively, click Close to exit from this screen. |
You can add multiple port-group network based vNICs to a VM.
![]() Note | The Help link provides you access to the corresponding online help. |
Step 1 | On the menu bar, choose . | ||||||||||
Step 2 | Double click the appropriate application container and click the Virtual Machines tab. | ||||||||||
Step 3 | Select the appropriate VM and choose VACS Add vNICs. The Add VACS VM vNICs screen appears. | ||||||||||
Step 4 | Click+ to add a new interface. The Add Entry to VACS VM Networks 2 dialog box appears. | ||||||||||
Step 5 | In the
Add Entry
to VACS VM Networks 2 dialog box, complete the following fields:
| ||||||||||
Step 6 | Click
Submit.
|
You can delete existing (or multiple) multiple port-group network based vNICs on a VM. This option is available only for those VMs that are a part of the Cisco VACS application container.
![]() Note | The Help link provides you access to the corresponding online help. |
Step 1 | On the menu bar, choose . | ||
Step 2 | Double click the appropriate application container and click the Virtual Machines tab. | ||
Step 3 | Select the appropriate VM and choose VACS Del vNICs. The Delete VM vNICs screen appears. | ||
Step 4 | Click
Select from the
VM
vNICs button.
The Select Items dialog box appears. | ||
Step 5 | Check the check box of the vNIC you want to delete or click Check All to select all vNICs. | ||
Step 6 | Click Select. | ||
Step 7 | Click
Delete.
|
The VM is restarted in order to complete the removal process.
Using the Cisco VACS UI, you can delete workload VMs from a selected application container that has been deployed and the VMs that have been provisioned.
![]() Note | The Help link provides you access to the corresponding online help. |
Step 1 | On the menu bar, choose The Delete VMs dialog box that appears, displays the VMs that have been provisioned. . |
Step 2 | Check the check
box against the VMs that you choose to delete. and click
Submit.
After clicking Submit, a pop-up window that appears, displays a service request number that can be used to track the progress of the Workflow. |
Step 3 | (Optional) Click Close to cancel the deletion. |
You can view the console on your VMs if you have the proper access rights.
Step 1 | On the menu bar, choose . | ||
Step 2 | Select the appropriate Application Container and click Open Console. The Access Console dialog box appears. | ||
Step 3 | From the Select VM drop-down list, choose a VM. | ||
Step 4 | Click
Submit.
A console of the selected VM opens in a new browser.
|