The Resource Management tab displays Cisco VNMC resources to view and to manage. It displays and manages the following resources:
Cisco VSGs
Nexus 1000V VSM
Virtual Machines (VMs)
You manage a Cisco VSG by placing it in service. You place the Cisco VSG in service by creating a compute firewall in an organization and assigning the Cisco VSG to that compute firewall.
You manage VMs by discovering those VMs which have a vNic listed in the port profile.
Resource Manager
Resource Manager manages Cisco VSGs, Nexus 1000V VSMs, and Virtual Center (VC). It also manages faults and events.
The Resource Manager provides the following management services:
Allows the binding of organizations to resource pools.
Virtualization allows you to create multiple VMs that run in isolation, side by side on the same physical machine. Each VM has virtual RAM, a virtual CPU and NIC, and an operating system and applications. Because of virtualization, the operating system sees a consistent set of hardware regardless of the actual physical hardware components.
VMs are encapsulated in files for rapid saving, copying, and provisioning, which means that you can move full systems, configured applications, operating systems, BIOS, and virtual hardware within seconds, from one physical server to another. Encapsulated files allow for zero-downtime maintenance and continuous workload consolidation.
Instances of Cisco VNMC are installed on VMs.
Virtual Security Gateways
Cisco VSGs evaluate Cisco VNMC policies based on network traffic. The main functions
of a Cisco VSG are as follows:
Receives traffic from Virtual Network Service Data Path (vPath).
For every new flow, the vPath component encapsulates the first packet and sends it to Cisco VSG as specified in the Nexus 1000V port profiles. It assumes that the Cisco VSG is Layer 2 adjacent to vPath. The
mechanism used for communication between vPath and the Cisco VSG is similar to
VEM and Nexus 1000V VSM communication on a packet VLAN.
Performs application fix-up processing such as FTP, TFTP, and RSH.
Evaluates policies by inspecting the packets sent by vPath using network, VM, and custom attributes.
Transmits the policy evaluation results to vPath.
Each vPath component maintains a flow table for caching Cisco VSG policy evaluation results.
Virtual Security Gateways
Configuring a Compute Firewall
Adding a Compute Firewall
Important:
We recommend that you add the compute firewall object directly at the tenant level.
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click the Firewall Profiles node where you want to add a compute firewall.
Step 5
In the Work pane, click the Add Compute Firewall link.
Step 6
In the Add Compute Firewall dialog box, do the following:
In the General tab area, add a user-defined name and description.
This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.
In the Firewall Details tab area, complete the following fields:
Name
Description
Device Profile field
Opens a Select Firewall Device Profile dialog box that contains a selectable list of firewall device profiles.
Management Hostname field
The management hostname to be used.
Data IP Address field
The data IP address to be used.
The vPath component running on each VEM uses the data IP address to determine the MAC address of the VSG (via ARP). Once the VSG MAC address has been resolved, vPath can communicate with the VSG using MAC in MAC encapsulation. Subsequently for each new flow initiated by a VM, vPath sends the first packet of the flow to the VSG for policy evaluation. vPath caches the VSG policy decision in a flow table. This is the same IP address which is configured
in the vn-service CLI command on the Nexus 1000v port
profile.
Data IP Subnet field
The data IP subnet to be used.
Step 7
Click
OK.
Editing a Compute Firewall
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click the Firewall Profiles node containing the Compute Firewall_name you want to edit.
Step 5
In the Work pane, click the appropriate Compute Firewall_name.
Step 6
In the Work pane, click the Edit link.
Step 7
In the Edit dialog box, do the following:
In the General tab area, change the description as appropriate.
In the Firewall Details area, change the following as appropriate:
Name
Description
Device Profile field
Opens a Select Firewall Device Profile dialog box that contains a selectable list of firewall device profiles.
Management Hostname field
The management hostname to be used.
Data IP Address field
The data IP address to be used.
The vPath component running on each VEM uses the data IP address to determine the MAC address of the VSG (via ARP). Once the VSG MAC address has been resolved, vPath can communicate with the VSG using MAC in MAC encapsulation. Subsequently for each new flow initiated by a VM, vPath sends the first packet of the flow to the VSG for policy evaluation. vPath caches the VSG policy decision in a flow table. This is the same IP address which is configured
in the vn-service CLI command on the Nexus 1000v port
profile.
Data IP Subnet field
The data IP subnet to be used.
Step 8
Click
OK.
Deleting a Compute Firewall
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click the Firewall Profiles node containing the Compute Firewall_name you want to delete.
Step 5
In the Work pane, click the appropriate Compute Firewall_name.
Step 6
Click the Delete link.
Step 7
In the Confirm dialog box, click
OK.
Configuring a Pool
Adding a Pool
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click the Pools node where you want to add a pool.
Step 5
In the Work pane, click the Add Pool link.
Step 6
In the Add Pool dialog box, complete the following fields:
Name
Description
Name field
The name of the pool.
Description field
A user-defined description of the pool.
Step 7
Click
OK.
Editing a Pool
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click a Pools node.
Step 5
In the Work pane, click the pool you want to edit.
Step 6
Click the Edit link.
Step 7
In the Edit Pool dialog box, do the following:
In the General tab area, change the description as appropriate.
In the Pool Members tab area, click the Add link and select your Cisco VSG as appropriate in the Add dialog box.
Click
OK.
Step 8
In the Edit Pool dialog box, click
OK.
Deleting a Pool
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click a Pools node.
Step 5
In the Work pane, click the pool you want to delete.
Step 6
Click the Delete link.
Step 7
In the Confirm dialog box, click
OK.
Assigning and Unassigning VSGs and Pools
Assigning a VSG
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click the Compute Firewall_name where you want to assign a VSG.
Step 5
In the Work pane, click the Assign VSG link.
Step 6
In the Assign VSG dialog box, select a VSG_name from the Select a VSG drop-down list.
Step 7
Click
OK.
Assigning a Pool
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click the Compute Firewall_name where you want to assign a Pool.
Step 5
In the Work pane, click the Assign Pool link.
Step 6
In the Assign Pool dialog box, select a VSG_name from the Select a VSG drop-down list.
Step 7
Click
OK.
Unassigning a VSG and Pool
Procedure
Step 1
In the Navigation pane, click the Resource Management tab.
Step 2
In the Navigation pane, click the Managed Resources subtab.
Step 3
In the Navigation pane, expand the root node.
Step 4
Click the Compute Firewall_name where you want to unassign a VSG and pool.
Step 5
In the Work pane, click the Unassign VSG/Pool link.