Step 1
| Choose
.
|
Step 2
| On the
Resource Groups page, click
Application Profile.
|
Step 3
| Click the row with the application profile and choose View from the More Actions drop-down list to view the name, description, and service offering of the application profile, or, choose View Details to see the following:
Name |
Description |
Tiers
|
Displays the tier name, description, physical network service class, and virtual network service class of the application profile.
|
VMs
|
Displays the VM name, description, selected network, virtual compute service class, and virtual storage service class of the application profile.
|
BMs
|
Displays the VM name, description, selected network, physical compute service class, and physical storage service class of the application profile.
|
|
Step 4
| Click
Add.
|
Step 5
| On the Profile Specification screen, complete the following fields:
Name |
Description |
Name field
|
Enter the name of the application profile.
The name must be alphanumeric, not greater than 32 characters, and can include the following special characters: _, -, ., :.
The name cannot be modified after it is added.
|
Description field
|
Enter the description of the application profile.
|
|
Step 6
| Click
Next.
|
Step 7
| On the Networks screen, complete the following fields:
Name |
Description |
Service Offering list
|
Expand service offerings, check the service offering that you want to use, and then click Validate. The service offering must belong to the tenant for which you will create containers with this application profile.
Click Add to add a service offering. See the Cisco UCS Director APIC Management Guide.
|
Networks list
|
Expand the list and click Add to configure a newtork. For more information on how to configure a network, see the next Step.
|
|
Step 8
| Click Add to configure the tier for application.
On the Add Entry to Networks screen, complete the following fields:
Name |
Description |
Network field
|
Enter the name of the network.
|
Description field
|
Enter the description of the network.
|
Network Type drop-down list
|
Choose the network type:
-
Internal
-
External
-
Infrastructure
-
Failover
Note
|
When a tenant needs multiple private networks, you need to define only Internal and External network types.
|
|
Interested Tag Value list
|
Expand Interested Tag Values and check the tag values that you want to use, and then click Validate, to choose the tag values for each tier. During container provisioning, a resource is selected based on the tag associated with the tier.
This field appears only when Network Type is Internal.
Note
|
You can select more than one tag (the tag that is used for VMware cluster or datastore cluster ). For example, if you select a datastore tag (ds tag - gold) and a VMware cluster tag (cluster tag - ESXi cluster tag), during the datastore selection, the datastore tagged with the gold value is selected.
|
Note
|
To avail shared L3Out support, choose the tag value that is used for tagging the external network and contract of a common tenant.
|
|
APIC Network Policy drop-down list
|
Choose the APIC network policy from the list.
This field appears only when Network Type is Internal, Infrastructure, or Failover.
Click + to add an APIC network policy. See Adding an APIC Network Policy.
|
L2/L3 Selection drop-down list
|
By default, L2Out is selected to integrate the ACI fabric with external Layer 2 network.
This field appears only when Network Type is External.
You can choose one of the following:
-
L2Out—To integrate the ACI fabric with external Layer 2 network.
-
L3Out—To integrate the ACI fabric with external Layer 3 network.
-
SharedL3Out—To integrate the ACI fabric with shared external Layer 3 network. The network must be tagged and updated on Tenant vPOD in advance and the same tag must be selected for the external network in case of shared L3Out.
|
Use Existing L2/L3 Out config available in the tenant check box
|
By default, the box is checked to use the L2/L3 out configuration defined in the tenant while creating a container.
This field appears only when Network Type is External.
Note
|
When a container is created based on an application profile, tenants having L2 out or L3 out configuration are displayed according to the L2/L3 selection in the application profile.
|
|
|
Step 9
| Click Submit. |
Step 10
| Click
Next.
|
Step 11
| On the Application screen, do the following: - Expand VM Based Application Components and click +.
- On the Add Entry to VM Based Application Components screen, complete the following fields:
Name |
Description |
VM Name field
|
Enter the name of the VM.
|
Description field
|
Enter the description of the VM.
|
Network drop-down list
|
Choose the network from the list.
|
Image Selection Type drop-down list
|
Choose one of the following for the image selection:
|
Provision new VM using Content Library VM Template check box
|
Check to view and choose a VM template from the content library VM templates. If unchecked, you have to choose VM template from VM image templates.
|
Content Library VM Template field
|
This field appears only when the Provision new VM using Content Library VM Template check box is checked. Expand the list and choose a VM template from the content library.
|
VM Image list
|
This field appears only when the Provision new VM using Content Library VM Template check box is unchecked. Expand VM Image, click a VM image that you want to use, and then click Validate. The list varies according to the option selected in the Image Selection Type drop-down list.
Note
|
All the VM images are listed from the managed cloud irrespective of the cloud type.
|
Note
|
The images that satisfy the following conditions are displayed for selection:
|
|
Use Linked Clone check box
|
This check box is enabled only when you choose a VM template with a snapshot. Check this box to deploy new VMs using linked clone feature which enables them to be provisioned faster and storage efficient.
|
Snapshot field
|
This field appears only when the Use Linked Clone check box is checked. Click Select to choose a snapshot that need to be used to provision a new VM using linked clone feature.
|
Virtual Compute Service Class drop-down list
|
Choose the service class for the virtual compute category.
|
Virtual Storage Service Class drop-down list
|
Choose the service class for the virtual storage category.
|
VM Password Sharing Option drop-down list
|
Choose how you want to share the root or administrator password for the VM with users:
Specify the root login ID and root password for the template that appears when you choose Share after password reset or Share template credentials as the password sharing option.
|
VM Network Interfaces list
|
Expand the list and click + to add a VM network interface.
|
Maximum Quantity field
|
Enter the maximum number of VM instances per tier.
Note
|
This number allows you to determine the subnet size for each tier. This number will be overridden with the value defined during application container deployment. The value is accepted even when the number of resources are less when compared to the maximum quantity in the application profile.
|
|
Initial Quantity field
|
Enter the number of VM instances to be provisioned when the application is created.
|
- Click Submit.
|
Step 12
| On the Application screen, do the following: - Expand the Bare Metal Application Components list and click +.
- On the Add Entry to Bare Metal Application Components screen, complete the following fields:
Name |
Description |
Instance Name field
|
Enter the name of the bare metal instance.
|
Description field
|
Enter the description of the bare metal instance.
|
Boot Lun Size (GB) field
|
Recommended LUN size for booting.
|
Network drop-down list
|
Choose a network.
|
Target BMA drop-down list
|
Choose the bare metal agent (BMA) for PXE setup.
|
Bare Metal Image drop-down list
|
Choose the bare metal image.
|
Blade Type drop-down list
|
Choose one of the following as the blade type for the APIC container:
|
Physical Compute Service Class drop-down list
|
Choose the service class for the physical compute category.
|
Physical Storage Service Class drop-down list
|
Choose the service class for the physical storage category.
|
- Click Submit.
|
Step 13
| Click
Next.
|
Step 14
| On the Contracts screen, define the rule for communication in multi-tier applications.
Contracts are policies that enable inter-End Point Group (inter-EPG) communication. These policies are the rules that specify communication between application tiers. If no contract is attached to the EPG, inter-EPG communication is disabled by default. No contract is required for intra-EPG communication because intra-EPG communication is always allowed.
A contract can contain multiple subjects. A subject can be used to realize unidirectional or bidirectional filters. A unidirectional filter is a filter that is used in one direction, either from consumer-to-provider (IN) or from provider-to-consumer (OUT) filter. A bidirectional filter is the same filter that is used in both directions. It is not reflexive.
A new contract is created for each source-to-destination network pair. For example, if there are multiple rules defined between Web tier as source and application tier as destination network, a single contract will be created on APIC to hold the contract information between Web tier as source and application tier as destination network.
For a contract, a new subject is created if the rule defines unidirectional or bidirectional filter. A subject is reused for multiple rules under same contract depending on whether rule includes unidirectional or bidirectional filter.
A new filter is created for a specific rule. A new filter rule is created for every rule defined between networks.
|
Step 15
| Expand Contracts and click + to add the communication protocol details. - On the Add Entry to Contracts screen, complete the following fields:
Name |
Description |
Rule Name field
|
Enter the name of the rule.
|
Select Source Network drop-down list
|
Choose the source network to which you want to apply the contract rule.
When an external network is chosen as the source network, only the Rule Name field, Select Source Network drop-down list, and Select Destination Network drop-down list are available for configuration. Cisco UCS Director uses the existing contract as tagged and updated in tenant vPOD previous to configuring the application profile based on the tag used in the chosen external network.
|
Select Destination Network drop-down list
|
Choose the destination network to which you want to apply the contract rule.
|
Rule Description field
|
Enter the description of the rule.
|
Protocol drop-down list
|
Choose the protocol for communication.
|
Apply Both Directions check box
|
Check the box to apply the same contract for traffic from source to destination, or from destination to source.
|
The following fields appear only if TCP or UDP protocol is selected:
|
Source Port Start field
|
Enter the starting range of the source port number.
|
Source Port End field
|
Enter the ending range of the source port number. |
Destination Port Start field
|
Enter the starting range of the destination port number.
|
Destination Port End field
|
Enter the ending range of the destination port number.
|
Stateful check box
|
This check box appears when you choose TCP protocol. Check the box to enable stateful connection.
|
Action drop-down list
|
Choose the action to be taken for the communication:
|
- Click Submit.
|
Step 16
| Click
Next.
|
Step 17
| On the Policy screen, do the following: - Choose a policy from the VMware System Policy drop-down list.
- Optional. Click + to add a new policy to the system policy drop-down list.
- On the System Policy Information screen, complete the following fields:
Name |
Description |
Policy Name field
|
Enter the name of the system policy.
|
Policy Description field
|
Enter the description of the system policy.
|
VM Name Template field
|
Enter the template to use for the VM name.
Note
|
If the name template is not specified, the name provided by the user is used as the VM name.
|
|
Disable VM Name Uniqueness Check check box
|
Check this check box to skip the VM name uniqueness validation.
|
VM Name Validation Policy drop-down list
|
Choose the policy for validating the VM name.
|
End User VM Name or VM Prefix check box
|
Check the box to allow the user to specify the name or prefix for the VM.
|
Power On after deploy check box
|
Check the box to power on the VM after provisioning.
|
Host Name Template field
|
Enter the template of the host name.
|
Disable Host Name Uniqueness Check check box
|
Check this check box to skip the host name uniqueness validation.
|
Host Name Validation Policy drop-down list
|
Choose the policy for validating the host name.
|
Linux Time Zone drop-down list
|
Choose the time zone for the Linux VM.
|
Linux VM Max Boot Wait Time drop-down list
|
Choose the value to specify the maximum length of time that the VM will pause during startup.
|
DNS Domain field
|
Enter the name of the DNS domain.
|
DNS Suffix List field
|
Enter the list of domain name suffixes that get appended to DNS.
|
DNS Server List field
|
Enter the list of DNS servers.
|
VM Image Type drop-down list
|
Choose one of the following as the VM image type:
-
Windows and Linux
-
Linux Only
|
Define VM Annotation check box
|
An annotation states that the app/web tier allows the subnet to be created as Shared and Public through the APIC network policy. Check the box to define the VM annotation.
|
VM Annotation field
|
This field appears when the Define VM Annotation check box is selected. Enter the annotation note for the VM.
|
Custom Attributes field
|
This field appears when the Define VM Annotation check box is selected. Expand Custom Attributes and click + to add a custom attribute.
|
- Click Submit.
- From the Cost Model drop-down list, choose a cost model to compute the chargeback.
- Expand HyperV Deployment Policy and check the HyperV deployment policy for the HyperV container provision.
- Click Next.
|
Step 18
| On the L4-L7 Service Policy screen, check the Configure L4-L7 Service check box to configure the Layer 4 to Layer 7 service in the application profile. If the Configure L4-L7 Service check box is checked, complete the following fields: - L4-L7 Service Policy drop-down list—Choose the Layer 4 to Layer 7 service policy from the list. Click + to add a Layer 4 to Layer 7 service policy. See Adding a Layer 4 to Layer 7 Service Policy.
- Application L4-L7 Service Definition list—Expand Application L4-L7 Service Definition and click +. On the Add Entry to Application L4-L7 Service Definition screen, complete the following fields:
Name
|
Description
|
Service Name field
|
Enter the name of the service.
|
Consumer drop-down list
|
Choose the internal tier.
Note
| When you are deploying ASA/ASAv between the tiers, you can create a VDC with the shared Layer 3 network without any dependency on the tenant with the Layer 2 network. |
|
Provider drop-down list
|
Choose the external tier.
|
Protocol drop-down list
|
Choose a protocol.
Note
|
This field appears only for the load balancer service.
|
|
Port drop-down list
|
Choose the port number of the selected protocol.
Note
|
This field appears only for the load balancer service.
|
|
Services list
|
Expand the list to choose the service type by checking one of the following boxes:
-
FIREWALL—To provide firewall service between consumer and provider.
-
LB_SINGLE_ARM—To configure the load balancer service between consumer and provider in the single-arm mode. In the single-arm mode, the load balancer is connected to the network through a single interface.
Note
|
The single-arm load balancer service is the only supported service type for a tenant with multiple private networks.
|
-
FW_LB_ONE_ARM—To configure both firewall and single-arm load balancer services between consumer and provider. In the single-arm mode, the load balancer is connected to the network through a single interface.
-
LB_DUAL_ARM—To configure the load balancer service between consumer and provider in the dual-arm mode. In the dual-arm mode, the load balancer is connected to the consumer and provider with two different interfaces.
-
FW_LB_SSL_OFFLOAD—To configure both firewall and load balancer services between consumer and provider along with the SSL offload support.
|
- Check the Customize Firewall Security For Tiers box to customize the firewall security for the network tiers in the application profile.
- Expand Firewall Security Levels that appears when the Customize Firewall Security For Tiers check box is selected. Choose a tier and click edit to change the security level.
|
Step 19
| Click
Submit.
|