Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.0.1
Configuring Managed Resources
Download this chapter
Configuring Managed ResourcesConfiguring Managed Resources
Download the complete book
Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.0.1Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.0.1 (PDF - 2 MB)
 Feedback

Configuring Managed Resources

This chapter includes the following sections:

Managed Resources

Resource Management

The Resource Management tab displays Cisco VNMC resources to view and to manage. It displays and manages the following resources:

  • Cisco VSGs
  • Nexus 1000V VSM
  • Virtual Machines (VMs)

You manage a Cisco VSG by placing it in service. You place the Cisco VSG in service by creating a compute firewall in an organization and assigning the Cisco VSG to that compute firewall.

You manage VMs by discovering those VMs which have a vNic listed in the port profile.

Resource Manager

Resource Manager manages Cisco VSGs, Nexus 1000V VSMs, and Virtual Center (VC). It also manages faults and events.

The Resource Manager provides the following management services:

  • Allows the binding of organizations to resource pools.
  • Integrates with VCs to retrieve VM attributes.
  • Distributes VM attributes to Cisco VSGs.
  • Retrieves VM IP addresses from Nexus 1000V VSM.
  • Distributes VM IP addresses to Cisco VSGs.

Virtual Machines

Virtualization allows you to create multiple VMs that run in isolation, side by side on the same physical machine. Each VM has virtual RAM, a virtual CPU and NIC, and an operating system and applications. Because of virtualization, the operating system sees a consistent set of hardware regardless of the actual physical hardware components.

VMs are encapsulated in files for rapid saving, copying, and provisioning, which means that you can move full systems, configured applications, operating systems, BIOS, and virtual hardware within seconds, from one physical server to another. Encapsulated files allow for zero-downtime maintenance and continuous workload consolidation.

Instances of Cisco VNMC are installed on VMs.

Virtual Security Gateways

Cisco VSGs evaluate Cisco VNMC policies based on network traffic. The main functions of a Cisco VSG are as follows:

  • Receives traffic from Virtual Network Service Data Path (vPath). For every new flow, the vPath component encapsulates the first packet and sends it to Cisco VSG as specified in the Nexus 1000V port profiles. It assumes that the Cisco VSG is Layer 2 adjacent to vPath. The mechanism used for communication between vPath and the Cisco VSG is similar to VEM and Nexus 1000V VSM communication on a packet VLAN.
  • Performs application fix-up processing such as FTP, TFTP, and RSH.
  • Evaluates policies by inspecting the packets sent by vPath using network, VM, and custom attributes.
  • Transmits the policy evaluation results to vPath.

Each vPath component maintains a flow table for caching Cisco VSG policy evaluation results.

Virtual Security Gateways

Configuring a Compute Firewall

Adding a Compute Firewall

Important:

We recommend that you add the compute firewall object directly at the tenant level.

Procedure
    Step 1   In the Navigation pane, click the Resource Management tab.
    Step 2   In the Navigation pane, click the Managed Resources subtab.
    Step 3   In the Navigation pane, expand the root node.
    Step 4   Click the Firewall Profiles node where you want to add a compute firewall.
    Step 5   In the Work pane, click the Add Compute Firewall link.
    Step 6   In the Add Compute Firewall dialog box, do the following:
    1. In the General tab area, add a user-defined name and description.

      This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

    2. In the Firewall Details tab area, complete the following fields:
      Name Description

      Device Profile field

      Opens a Select Firewall Device Profile dialog box that contains a selectable list of firewall device profiles.

      Management Hostname field

      The management hostname to be used.

      Data IP Address field

      The data IP address to be used.

      The vPath component running on each VEM uses the data IP address to determine the MAC address of the VSG (via ARP). Once the VSG MAC address has been resolved, vPath can communicate with the VSG using MAC in MAC encapsulation. Subsequently for each new flow initiated by a VM, vPath sends the first packet of the flow to the VSG for policy evaluation. vPath caches the VSG policy decision in a flow table. This is the same IP address which is configured in the vn-service CLI command on the Nexus 1000v port profile.

      Data IP Subnet field

      The data IP subnet to be used.
    Step 7   Click OK.

    Editing a Compute Firewall

    Procedure
      Step 1   In the Navigation pane, click the Resource Management tab.
      Step 2   In the Navigation pane, click the Managed Resources subtab.
      Step 3   In the Navigation pane, expand the root node.
      Step 4   Click the Firewall Profiles node containing the Compute Firewall_name you want to edit.
      Step 5   In the Work pane, click the appropriate Compute Firewall_name.
      Step 6   In the Work pane, click the Edit link.
      Step 7   In the Edit dialog box, do the following:
      1. In the General tab area, change the description as appropriate.
      2. In the Firewall Details area, change the following as appropriate:
      Name Description

      Device Profile field

      Opens a Select Firewall Device Profile dialog box that contains a selectable list of firewall device profiles.

      Management Hostname field

      The management hostname to be used.

      Data IP Address field

      The data IP address to be used.

      The vPath component running on each VEM uses the data IP address to determine the MAC address of the VSG (via ARP). Once the VSG MAC address has been resolved, vPath can communicate with the VSG using MAC in MAC encapsulation. Subsequently for each new flow initiated by a VM, vPath sends the first packet of the flow to the VSG for policy evaluation. vPath caches the VSG policy decision in a flow table. This is the same IP address which is configured in the vn-service CLI command on the Nexus 1000v port profile.

      Data IP Subnet field

      The data IP subnet to be used.
      Step 8   Click OK.

      Deleting a Compute Firewall

      Procedure
        Step 1   In the Navigation pane, click the Resource Management tab.
        Step 2   In the Navigation pane, click the Managed Resources subtab.
        Step 3   In the Navigation pane, expand the root node.
        Step 4   Click the Firewall Profiles node containing the Compute Firewall_name you want to delete.
        Step 5   In the Work pane, click the appropriate Compute Firewall_name.
        Step 6   Click the Delete link.
        Step 7   In the Confirm dialog box, click OK.

        Configuring a Pool

        Adding a Pool

        Procedure
          Step 1   In the Navigation pane, click the Resource Management tab.
          Step 2   In the Navigation pane, click the Managed Resources subtab.
          Step 3   In the Navigation pane, expand the root node.
          Step 4   Click the Pools node where you want to add a pool.
          Step 5   In the Work pane, click the Add Pool link.
          Step 6   In the Add Pool dialog box, complete the following fields:
          Name Description

          Name field

          The name of the pool.

          Description field

          A user-defined description of the pool.
          Step 7   Click OK.

          Editing a Pool

          Procedure
            Step 1   In the Navigation pane, click the Resource Management tab.
            Step 2   In the Navigation pane, click the Managed Resources subtab.
            Step 3   In the Navigation pane, expand the root node.
            Step 4   Click a Pools node.
            Step 5   In the Work pane, click the pool you want to edit.
            Step 6   Click the Edit link.
            Step 7   In the Edit Pool dialog box, do the following:
            1. In the General tab area, change the description as appropriate.
            2. In the Pool Members tab area, click the Add link and select your Cisco VSG as appropriate in the Add dialog box.
            3. Click OK.
            Step 8   In the Edit Pool dialog box, click OK.

            Deleting a Pool

            Procedure
              Step 1   In the Navigation pane, click the Resource Management tab.
              Step 2   In the Navigation pane, click the Managed Resources subtab.
              Step 3   In the Navigation pane, expand the root node.
              Step 4   Click a Pools node.
              Step 5   In the Work pane, click the pool you want to delete.
              Step 6   Click the Delete link.
              Step 7   In the Confirm dialog box, click OK.

              Assigning and Unassigning VSGs and Pools

              Assigning a VSG

              Procedure
                Step 1   In the Navigation pane, click the Resource Management tab.
                Step 2   In the Navigation pane, click the Managed Resources subtab.
                Step 3   In the Navigation pane, expand the root node.
                Step 4   Click the Compute Firewall_name where you want to assign a VSG.
                Step 5   In the Work pane, click the Assign VSG link.
                Step 6   In the Assign VSG dialog box, select a VSG_name from the Select a VSG drop-down list.
                Step 7   Click OK.

                Assigning a Pool

                Procedure
                  Step 1   In the Navigation pane, click the Resource Management tab.
                  Step 2   In the Navigation pane, click the Managed Resources subtab.
                  Step 3   In the Navigation pane, expand the root node.
                  Step 4   Click the Compute Firewall_name where you want to assign a Pool.
                  Step 5   In the Work pane, click the Assign Pool link.
                  Step 6   In the Assign Pool dialog box, select a VSG_name from the Select a VSG drop-down list.
                  Step 7   Click OK.

                  Unassigning a VSG and Pool

                  Procedure
                    Step 1   In the Navigation pane, click the Resource Management tab.
                    Step 2   In the Navigation pane, click the Managed Resources subtab.
                    Step 3   In the Navigation pane, expand the root node.
                    Step 4   Click the Compute Firewall_name where you want to unassign a VSG and pool.
                    Step 5   In the Work pane, click the Unassign VSG/Pool link.
                    Step 6   In the Confirm dialog box, click OK.