In environments where the Cisco APIC works with a cloud Orchestrator, such as Azure, vRealize, OpenStack, or CliQR, the cloud Orchestrator must typically be aware of the semantics of the vendor’s configuration parameters. With the cloud orchestrator mode, however, the Cisco APIC provides an LB-aas and a FW-aas interface to enable a standard set of parameters that creates a unified interface for configuring load balancers and firewalls in a service graph. The cloud orchestrator mode can also work with the unified interface to provision load balancers and firewalls in the Cisco ACI fabric. As a result, the Orchestrator does not need to be aware of the semantics of the vendor’s configuration parameters.

The cloud orchestrator mode schema is published as a device package (CISCO CloudMode device package) that is automatically created in the Cisco APIC.

The cloud orchestrator mode schema is published as a device package (CISCO CloudMode device package) that is automatically created in the Cisco APIC.

The cloud orchestrator mode is configured in the GUI when performing the following actions:

• Creating a Function Profile–When creating a Layer 4 to Layer 7 function profile, the option to use the cloud orchestrator mode appears when choosing an existing profile. The Profile property appears as a drop-down menu that lists the supported function profiles. The cloud orchestrator mode profiles are identified in the profile name.

  Note	Device packages from vendors using cloud orchestrator mode will have pre-created copies of function profiles in cloud mode for all of their existing function profiles.

  For information about creating a function profile, see Creating a Function Profile Using the GUI.

• Creating a Layer 4 to Layer 7 Service Graph Template–When creating a Layer 4 to Layer 7 service graph template, the option to use the cloud orchestrator mode appears when creating a service node. The Profile property appears as a drop-down menu that lists the supported profiles. The cloud orchestrator mode profiles are identified in the profile name.

  For information about creating a service node when creating a Layer 4 to Layer 7 Service Graph Template, see Configuring a Service Graph Template Using the GUI .

• Applying a Service Graph Template to Endpoint Groups–The cloud orchestrator mode interface for the chosen profile appears when applying a service graph template to EPGs with a cloud orchestrator mode profile.

  For more information about applying a service graph template to EPGs, see Applying a Service Graph Template to Endpoint Groups Using the GUI.

The following REST API configures a firewall:

<fvTenant  name="Tenant1">
		<fvAp name="ap1">
			<fvAEPg name="epg3">
				<vnsSvcPol ctrct="ctrct_fw" graph="Graph_FW" node="FW">
					<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="fw" name="fw">
						<vnsRsFolderInstToMFolder tDn="uni/infra/mDev-CISCO-CloudMode-1.0/mFunc-FW/mFolder-fw"/>
						<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="network" name="network">
							<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="interface" name="interface">
								<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="internal" name="internal">
									<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="ip" name="ip">
										<vnsParamInst name="ipaddress" key="ipaddress" value="2.2.2.2"/>
										<vnsParamInst name="netmask" key="netmask" value="255.255.255.0"/>
									</vnsFolderInst>
								</vnsFolderInst>
								<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="external" name="external">
									<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="ip" name="ip">
										<vnsParamInst name="ipaddress" key="ipaddress" value="1.1.1.1"/>
										<vnsParamInst name="netmask" key="netmask" value="255.255.255.0"/>
									</vnsFolderInst>
									<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="acl" name="acl">
										<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="ace" name="ace">
											<vnsParamInst name="action" key="action" value="PERMIT"/>
											<vnsParamInst name="order" key="order" value="10"/>
											<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="protocol" name="protocol">
												<vnsParamInst name="protocol" key="protocol" value="TCP"/>
											</vnsFolderInst>
											<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="sourceip" name="sourceip">
												<vnsParamInst name="ipaddress" key="ipaddress" value="0.0.0.0"/>
												<vnsParamInst name="netmask" key="netmask" value="0"/>
											</vnsFolderInst>
											<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="destinationip" name="destinationip">
												<vnsParamInst name="ipaddress" key="ipaddress" value="10.10.10.0"/>
												<vnsParamInst name="netmask" key="netmask" value="24"/>
											</vnsFolderInst>
											<vnsFolderInst ctrctNameOrLbl="ctrct_fw" graphNameOrLbl="Graph_FW" nodeNameOrLbl="FW" key="destinationport" name="destinationport">
												<vnsParamInst name="port" key="port" value="80"/>
											</vnsFolderInst>
										</vnsFolderInst>
									</vnsFolderInst>
								</vnsFolderInst>
							</vnsFolderInst>
						</vnsFolderInst>
					</vnsFolderInst>
				</vnsSvcPol>
			</fvAEPg>
		</fvAp>
</fvTenant>

The following REST API configures a load balancer:

<fvTenant  name="Tenant1">
		<fvAp name="ap1">
			<fvAEPg name="epg2">
				<vnsSvcPol ctrct="ctrct_lb" graph="Graph_ADC" node="ADC">
					<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="lb" name="lb">
						<vnsRsFolderInstToMFolder tDn="uni/infra/mDev-CISCO-CloudMode-1.0/mFunc-LB/mFolder-lb"/>
						<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="network" name="network">
							<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="interface" name="interface">
								<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="internal" name="internal">
									<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="ip" name="ip">
										<vnsParamInst name="ipaddress" key="ipaddress" value="2.2.2.2"/>
										<vnsParamInst name="netmask" key="netmask" value="255.255.255.0"/>
									</vnsFolderInst>
								</vnsFolderInst>
								<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="external" name="external">
									<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="ip" name="ip">
										<vnsParamInst name="ipaddress" key="ipaddress" value="1.1.1.1"/>
										<vnsParamInst name="netmask" key="netmask" value="255.255.255.0"/>
									</vnsFolderInst>
								</vnsFolderInst>
							</vnsFolderInst>
						</vnsFolderInst>
						<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="service" name="service">
							<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="vip" name="vip1">
								<vnsParamInst name="lbmethod" key="lbmethod" value="LEAST_CONNECTIONS"/>
								<vnsParamInst name="protocol" key="protocol" value="TCP"/>
								<vnsParamInst name="ipaddress" key="ipaddress" value="3.3.3.3"/>
								<vnsParamInst name="port" key="port" value="80"/>
								<vnsFolderInst ctrctNameOrLbl="ctrct_lb" graphNameOrLbl="Graph_ADC" nodeNameOrLbl="ADC" key="pool" name="pool1">
									<vnsParamInst name="port" key="port" value="80"/>
								</vnsFolderInst>
							</vnsFolderInst>
						</vnsFolderInst>
					</vnsFolderInst>
				</vnsSvcPol>
			</fvAEPg>
		</fvAp>
</fvTenant>