cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From radh...@apache.org
Subject git commit: updated refs/heads/4.2 to 1fc8991
Date Wed, 17 Jul 2013 05:16:43 GMT
Updated Branches:
  refs/heads/4.2 96d9dd702 -> 1fc8991d6


CLOUDSTACK-906


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1fc8991d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1fc8991d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1fc8991d

Branch: refs/heads/4.2
Commit: 1fc8991d63ae03804ccfba2fb58c61550c5e683d
Parents: 96d9dd7
Author: radhikap <radhika.puthiyetath@citrix.com>
Authored: Wed Jul 17 10:46:20 2013 +0530
Committer: radhikap <radhika.puthiyetath@citrix.com>
Committed: Wed Jul 17 10:46:20 2013 +0530

----------------------------------------------------------------------
 docs/en-US/hardware-firewall.xml |   1 +
 docs/en-US/vnmc-cisco.xml        | 306 ++++++++++++++++++++++++++++++++++
 2 files changed, 307 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1fc8991d/docs/en-US/hardware-firewall.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/hardware-firewall.xml b/docs/en-US/hardware-firewall.xml
index df0568a..db48032 100644
--- a/docs/en-US/hardware-firewall.xml
+++ b/docs/en-US/hardware-firewall.xml
@@ -25,5 +25,6 @@
     be the default gateway for the guest networks; see <xref linkend="external-guest-firewall-integration"/>.</para>
   <xi:include href="generic-firewall-provisions.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
   <xi:include href="external-guest-firewall-integration.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
+<!--  <xi:include href="cisco-vnmc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
-->
   <xi:include href="external-guest-lb-integration.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
 </section>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1fc8991d/docs/en-US/vnmc-cisco.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml
new file mode 100644
index 0000000..6181348
--- /dev/null
+++ b/docs/en-US/vnmc-cisco.xml
@@ -0,0 +1,306 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"
[
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+<section id="vnmc-cisco">
+  <title>External Guest Firewall Integration for Cisco VNMC (Optional)</title>
+  <para>Cisco Virtual Network Management Center (VNMC) provides centralized multi-device
and
+    policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with
+    ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be
able to: </para>
+  <itemizedlist>
+    <listitem>
+      <para>Configure Cisco ASA 1000v Firewalls</para>
+    </listitem>
+    <listitem>
+      <para>Create and apply security profiles that contain ACL policy sets for both
ingress
+        and egress traffic, connection timeout, NAT policy sets, and TCP intercept</para>
+    </listitem>
+  </itemizedlist>
+  <para>&PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware
+    hypervisors.</para>
+  <section id="usecase-vnmc">
+    <title>Use Cases</title>
+    <itemizedlist>
+      <listitem>
+        <para>A Cloud administrator adds VNMC as a network element by using the admin
API
+          addCiscoVnmcResource after specifying the credentials</para>
+      </listitem>
+      <listitem>
+        <para>A Cloud administrator adds ASA 1000v appliances by using the admin API
+          addCiscoAsa1000vResource. You can configure one per guest network.</para>
+      </listitem>
+      <listitem>
+        <para>A Cloud administrator creates an Isolated guest network offering by using
ASA
+          1000v as the service provider for Firewall, Source NAT, Port Forwarding, and Static
+          NAT. </para>
+      </listitem>
+    </itemizedlist>
+  </section>
+  <section id="deploy-vnmc">
+    <title>Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC
+      Deployment</title>
+    <section id="prereq-asa">
+      <title>Prerequisites</title>
+      <itemizedlist>
+        <listitem>
+          <para>Ensure that Cisco ASA 1000v appliance is set up externally and then
registered
+            with &PRODUCT; by using the admin API. Typically, you can create a pool of
ASA
+            1000v appliances and register them with &PRODUCT;.</para>
+          <para>Specify the following to set up a Cisco ASA 1000v instance:</para>
+          <itemizedlist>
+            <listitem>
+              <para>ESX host IP</para>
+            </listitem>
+            <listitem>
+              <para>Standalone or HA mode</para>
+            </listitem>
+            <listitem>
+              <para>Port profiles for the Management and HA network interfaces. This
need to
+                be pre-created on Nexus dvSwitch switch.</para>
+            </listitem>
+            <listitem>
+              <para>Port profiles for both internal and external network interfaces.
This need
+                to be pre-created on Nexus dvSwitch switch, and to be updated appropriately
+                while implementing guest networks.</para>
+            </listitem>
+            <listitem>
+              <para>The Management IP for Cisco ASA 1000v appliance. Specify the gateway
such
+                that the VNMC IP is reachable.</para>
+            </listitem>
+            <listitem>
+              <para>Administrator credentials</para>
+            </listitem>
+            <listitem>
+              <para>VNMC credentials</para>
+            </listitem>
+          </itemizedlist>
+          <para>After Cisco ASA 1000v instance is powered on, register VNMC from the
ASA
+            console.</para>
+        </listitem>
+        <listitem>
+          <para>Ensure that Cisco VNMC appliance is set up externally and then registered
with
+            &PRODUCT; by using the admin API. A single VNMC instance manages multiple
ASA1000v
+            appliances.</para>
+        </listitem>
+        <listitem>
+          <para>Ensure that Cisco Nexus 1000v appliance is set up and configured in
&PRODUCT;
+            when adding VMware cluster.</para>
+        </listitem>
+      </itemizedlist>
+    </section>
+    <section id="how-to-asa">
+      <title>Using Cisco ASA 1000v Services</title>
+      <orderedlist>
+        <listitem>
+          <para>Ensure that all the prerequisites are met.</para>
+          <para>See <xref linkend="prereq-asa"/>.</para>
+        </listitem>
+        <listitem>
+          <para>Add a VNMC instance.</para>
+          <para>See <xref linkend="add-vnmc"/>.</para>
+        </listitem>
+        <listitem>
+          <para>Add a ASA 1000v instance.</para>
+          <para>See <xref linkend="add-asa"/>.</para>
+        </listitem>
+        <listitem>
+          <para>Create a Network Offering and use Cisco VNMC as the service provider
for desired services.</para>
+          <para>See <xref linkend="asa-offering"/>.</para>
+        </listitem>
+        <listitem>
+          <para>Create an Isolated Guest Network by using the network offering you
just created.</para>
+        </listitem>
+      </orderedlist>
+    </section>
+  </section>
+  <section id="add-vnmc">
+    <title>Adding a VNMC Instance</title>
+    <orderedlist>
+      <listitem>
+        <para>Log in to the &PRODUCT; UI as administrator.</para>
+      </listitem>
+      <listitem>
+        <para>In the left navigation bar, click Infrastructure.</para>
+      </listitem>
+      <listitem>
+        <para>In Zones, click View More.</para>
+      </listitem>
+      <listitem>
+        <para>Choose the zone you want to work with.</para>
+      </listitem>
+      <listitem>
+        <para>Click the Network tab.</para>
+      </listitem>
+      <listitem>
+        <para>In the Network Service Providers node of the diagram, click Configure.
</para>
+        <para>You might have to scroll down to see this.</para>
+      </listitem>
+      <listitem>
+        <para>Click Cisco VNMC.</para>
+      </listitem>
+      <listitem>
+        <para>Click View VNMC Devices</para>
+      </listitem>
+      <listitem>
+        <para>Click the Add VNMC Device and provide the following:</para>
+        <itemizedlist>
+          <listitem>
+            <para>Host: The IP address of the VNMC instance.</para>
+          </listitem>
+          <listitem>
+            <para>Username: The user name of the account on the VNMC instance that
&PRODUCT;
+              should use.</para>
+          </listitem>
+          <listitem>
+            <para>Password: The password of the account.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+      <listitem>
+        <para>Click OK.</para>
+      </listitem>
+    </orderedlist>
+  </section>
+  <section id="add-asa">
+    <title>Adding an ASA 1000v Instance</title>
+    <orderedlist>
+      <listitem>
+        <para>Log in to the &PRODUCT; UI as administrator.</para>
+      </listitem>
+      <listitem>
+        <para>In the left navigation bar, click Infrastructure.</para>
+      </listitem>
+      <listitem>
+        <para>In Zones, click View More.</para>
+      </listitem>
+      <listitem>
+        <para>Choose the zone you want to work with.</para>
+      </listitem>
+      <listitem>
+        <para>Click the Network tab.</para>
+      </listitem>
+      <listitem>
+        <para>In the Network Service Providers node of the diagram, click Configure.
</para>
+        <para>You might have to scroll down to see this.</para>
+      </listitem>
+      <listitem>
+        <para>Click Cisco VNMC.</para>
+      </listitem>
+      <listitem>
+        <para>Click View ASA 1000v.</para>
+      </listitem>
+      <listitem>
+        <para>Click the Add CiscoASA1000v Resource and provide the following:</para>
+        <itemizedlist>
+          <listitem>
+            <para>Host: The management IP address of the ASA 1000v instance. The IP
address is
+              used to connect to ASA 1000V.</para>
+          </listitem>
+          <listitem>
+            <para>Inside Port Profile: The Inside Port Profile configuration on Cisco
+              Nexus1000v dvSwitch.</para>
+          </listitem>
+          <listitem>
+            <para>Cluster: The VMware cluster to which you are adding the ASA 1000v
+              instance.</para>
+            <para>Ensure that the cluster is Cisco Nexus 1000v dvSwitch enabled.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+      <listitem>
+        <para>Click OK.</para>
+      </listitem>
+    </orderedlist>
+  </section>
+  <section id="asa-offering">
+    <title>Creating a Network Offering Using Cisco ASA 1000v</title>
+    <para>To have Cisco ASA 1000v support for a guest network, create a network offering
as
+      follows: </para>
+    <orderedlist>
+      <listitem>
+        <para>Log in to the &PRODUCT; UI as a user or admin.</para>
+      </listitem>
+      <listitem>
+        <para>From the Select Offering drop-down, choose Network Offering.</para>
+      </listitem>
+      <listitem>
+        <para>Click Add Network Offering.</para>
+      </listitem>
+      <listitem>
+        <para>In the dialog, make the following choices:</para>
+        <itemizedlist>
+          <listitem>
+            <para><emphasis role="bold">Name</emphasis>: Any desired name
for the network
+              offering.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Description</emphasis>: A short
description of the
+              offering that can be displayed to users.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Network Rate</emphasis>: Allowed
data transfer rate in
+              MB per second.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Traffic Type</emphasis>: The type
of network traffic
+              that will be carried on the network.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Guest Type</emphasis>: Choose whether
the guest
+              network is isolated or shared.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Persistent</emphasis>: Indicate
whether the guest
+              network is persistent or not. The network that you can provision without having
+              to deploy a VM on it is termed persistent network. </para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">VPC</emphasis>: This option indicate
whether the guest
+              network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is
a
+              private, isolated part of &PRODUCT;. A VPC can have its own virtual network
+              topology that resembles a traditional physical network. For more information
on
+              VPCs, see <xref linkend="vpc"/>.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Specify VLAN</emphasis>: (Isolated
guest networks
+              only) Indicate whether a VLAN should be specified when this offering is
+              used.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Supported Services</emphasis>:
Use Cisco VNMC as the
+              service provider for Firewall, Source NAT, Port Forwarding, and Static NAT
to
+              create an Isolated guest network offering.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">System Offering</emphasis>: Choose
the system service
+              offering that you want virtual routers to use in this network.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Conserve mode</emphasis>: Indicate
whether to use
+              conserve mode. In this mode, network resources are allocated only when the
first
+              virtual machine starts in the network.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+      <listitem>
+        <para>Click OK </para>
+        <para>The network offering is created.</para>
+      </listitem>
+    </orderedlist>
+  </section></section>
\ No newline at end of file


Mime
View raw message