Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: cloudstack-dev@incubator.apache.org
Received-SPF: pass (nike.apache.org: domain of koushik.das@citrix.com
 designates 203.166.19.134 as permitted sender)
From: Koushik Das <koushik.das@citrix.com>
To: Chiradeep Vittal <Chiradeep.Vittal@citrix.com>,
	"cloudstack-dev@incubator.apache.org" <cloudstack-dev@incubator.apache.org>
CC: Manan Shah <manan.shah@citrix.com>
Date: Tue, 12 Mar 2013 22:00:57 +0530
Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
Thread-Topic: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
Thread-Index: Ac4euDlwPujCjdlKQHydtIHxNsjoXgAZ4icAAAav2qA=
Message-ID: 
 <2529883E7B666F4E8F21F85AADA43CA7010C94680340@BANPMAILBOX01.citrite.net>
References: 
 <2529883E7B666F4E8F21F85AADA43CA7010C94680207@BANPMAILBOX01.citrite.net>
 <CD63C307.C59E%chiradeep.vittal@citrix.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Resending as I didn't see the mail on dev list.

> -----Original Message-----
> From: Koushik Das
> Sent: Tuesday, March 12, 2013 6:37 PM
> To: Chiradeep Vittal; cloudstack-dev@incubator.apache.org
> Cc: Manan Shah
> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
>=20
>=20
>=20
> > -----Original Message-----
> > From: Chiradeep Vittal
> > Sent: Tuesday, March 12, 2013 5:56 AM
> > To: cloudstack-dev@incubator.apache.org; Koushik Das
> > Cc: Manan Shah
> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> >
> >  - It might be better to support VPC instead of "isolated". Even if it
> > means that some features are not supported initially. I feel that
> > "isolated is a special case of "VPC", except for the firewall function.

I feel both can exist and once VPC stuff is completed then it can be docume=
nted appropriately

> >  - What about support for systemvm / NS as an LB appliance?

I am trying to think what would side-by-side mean in this case. For inline =
mode support is anything available in the CS framework?

> >  - Although the ASA DHCP server cannot be programmed, it might be
> > desirable in enterprise use cases (where they may not care about
> > userdata/metadata) to support the ASA DHCP server as a DHCP provider.
> > In this case we have to figure out how to update the NIC information
> > in CloudStack DB after the VM has acquired its IP.

This is a good to have use case. Will revisit after isolated and VPC scenar=
ios are done.

> >
> >
> > On 3/11/13 6:11 AM, "Koushik Das" <koushik.das@citrix.com> wrote:
> >
> > >Updated the FS with following changes:
> > >
> > >- Use case section updated, classified use cases that will be
> > >supported for 4.2 and beyond. Also removed items like VSG and VXLAN
> > >support to "Open items" section as not planning to do them as part of
> > >"ASA integration".
> > >- Updated the deployment model section and added HV limitation
> > >(Vmware only feature)
> > >- Also updated the API section with parameter details.
> > >
> > >Comments/feedback?
> > >
> > >Thanks,
> > >Koushik
> > >
> > >> -----Original Message-----
> > >> From: Koushik Das [mailto:koushik.das@citrix.com]
> > >> Sent: Monday, February 11, 2013 7:08 PM
> > >> To: cloudstack-dev@incubator.apache.org
> > >> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> > >>
> > >> Updated the FS with API, Db changes and current deployment
> limitations.
> > >> Also updated the UI section as to what all needs to be added.
> > >>
> > >> Chiradeep,
> > >> I looked at the option of spinning up templates from ovf template
> > >>but didn't  find a way (was looking for some samples) to pass custom
> > >>parameters like  vnmc  ip, password etc. while creating VM instance.
> > >>So for now the ASA  instance creation is a manual step similar to
> > >>VNMC appliance. In case there is  a way out, the auto-creation can
> > >>be done as a future enhancement.
> > >>
> > >> Thanks,
> > >> Koushik
> > >>
> > >> > -----Original Message-----
> > >> > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> > >> > Sent: Friday, January 25, 2013 1:39 AM
> > >> > To: CloudStack DeveloperList
> > >> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> > >> >
> > >> > Thanks for the FS updates.
> > >> > Good progress.
> > >> > I had forgotten about registering the ASA 1000v with VNMC < that
> > >> > makes it harder to spin these appliances up/down. However we can
> > >> > plan to login via the CLI just for this step.
> > >> >
> > >> > I believe it is better to use a pre-setup pool of ASA appliances.
> > >> > Let's say we start with N appliances (created via an admin API
> > >> > call to
> > >> CloudStack).
> > >> > createASA1000vPool(ovf template id, zone, vnmc ip, N, increment,
> > >> > threshold) Then as the capacity reaches threshold%, the pool
> > >> > capacity is incremented by increment% asynchronously.
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > On 1/21/13 12:46 AM, "Koushik Das" <koushik.das@citrix.com> wrote:
> > >> >
> > >> > >Thanks Chiradeep for explaining the vnmc/asa integration stuff
> > >> > >that you are working on and listing down all the use cases.
> > >> > >
> > >> > >Manan,
> > >> > >CLOUDSTACK-742 is covered as part of Chiradeep's work (refer use
> > >> > >cases
> > >> > >#1 and #2 from the doc).
> > >> > >
> > >> > >-Koushik
> > >> > >
> > >> > >-----Original Message-----
> > >> > >From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> > >> > >Sent: Saturday, January 19, 2013 1:30 AM
> > >> > >To: CloudStack DeveloperList
> > >> > >Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> > >> > >
> > >> > >Take a look here:
> > >> >
> > >>
> >
> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Cisco+VNMC+i
> > >> > nteg
> > >> > >rat
> > >> > >i
> > >> > >on
> > >> > >
> > >> > >
> > >> > >This is something I had been prototyping without any real
> enthusiasm.
> > >> > >
> > >> > >There's 3 ways to control the ASA1000v:
> > >> > >1. By logging in via the CLI. Strongly against this.
> > >> > >2. By using VNMC
> > >> > >3. Via Cisco's Network Services Manager (NSM)[1]
> > >> > >
> > >> > >The NSM is comprehensive, covers a large range of physical and
> > >> > >virtual devices and has an easy northbound API. This would be my
> > >> > >preferred solution.
> > >> > >
> > >> > >However as of now (NSM v5.0.2), the ASA1000v  is not supported.
> > >> > >It may also be the case that using VNMC may be a cheaper (albeit
> > >> > >less
> > >> > >supported) option
> > >> > >
> > >> > >[1] http://www.cisco.com/en/US/products/ps11636/index.html
> > >> > >
> > >> > >On 1/17/13 9:26 PM, "Koushik Das" <koushik.das@citrix.com> wrote:
> > >> > >
> > >> > >>Manan,
> > >> > >>Can you answer the questions that Chiradeep has raised?
> > >> > >>
> > >> > >>Chiradeep,
> > >> > >>I saw that you have started working on asa/vnmc here
> > >> > >>(https://git-wip-us.apache.org/repos/asf/incubator-cloudstack/r
> > >> > >>ep
> > >> > >>o?p
> > >> > >>=3Di
> > >> > >>n
> > >> > >>cub
> > >> > >>ator-cloudstack.git;a=3Dshortlog;h=3Drefs/heads/cisco-vnmc-api-
> > >> integration).
> > >> > >>I would like to understand the functionalities that you are
> > >> > >>planning to cover and what is the overlap between your work and
> > >> > >>the feature that Manan has proposed (supporting asa1000v as an
> > >> > >>external
> > >>firewall).
> > >> > >>
> > >> > >>Thanks,
> > >> > >>Koushik
> > >> > >>
> > >> > >>> -----Original Message-----
> > >> > >>> From: Alex Huang [mailto:Alex.Huang@citrix.com]
> > >> > >>> Sent: Sunday, January 06, 2013 2:18 AM
> > >> > >>> To: cloudstack-dev@incubator.apache.org
> > >> > >>> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into
> > >> > >>> CloudStack
> > >> > >>>
> > >> > >>> Manan,
> > >> > >>>
> > >> > >>> Can you address the issues that Chiradeep has brought up?  I
> > >> > >>>think for a  requirements discussion it is just as important
> > >> > >>>to indicate what we will not do  or what is considered a
> > >> > >>>feature of a later release.
> > >> > >>>
> > >> > >>> --Alex
> > >> > >>>
> > >> > >>> > -----Original Message-----
> > >> > >>> > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> > >> > >>> > Sent: Thursday, January 03, 2013 6:16 PM
> > >> > >>> > To: CloudStack DeveloperList
> > >> > >>> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into
> > >> > >>> > CloudStack
> > >> > >>> >
> > >> > >>> > There cannot be feature parity since the ASA1000v is only
> > >> > >>> > supported on VMWare.
> > >> > >>> >
> > >> > >>> > Should the ASA1000v be created on demand, or do we expect
> > >> > >>> > the admin to provision a pool of virtual ASAs?
> > >> > >>> >
> > >> > >>> > Should we support VXLAN as the isolation technology or VLANs=
?
> > >> > >>> >
> > >> > >>> >
> > >> > >>> > On 1/3/13 5:08 PM, "Manan Shah" <manan.shah@citrix.com>
> > wrote:
> > >> > >>> >
> > >> > >>> > >Hi,
> > >> > >>> > >
> > >> > >>> > >I would like to propose a new feature for integrating
> > >> > >>> > >Cisco ASA 1000v in CS 4.1. I have created a JIRA ticket
> > >> > >>> > >and provided the requirements at the following location.
> > >> > >>> > >Please provide feedback on the
> > >> > >>>requirements.
> > >> > >>> > >
> > >> > >>> > >JIRA Ticket:
> > >> > >>> > >https://issues.apache.org/jira/browse/CLOUDSTACK-742
> > >> > >>> > >Requirements:
> > >> > >>> >
> > >> > >>>
> > >> >
> > >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Integrate+C
> > >> > >i
> > >> > >>> >s
> > >> > >>> >c
> > >> > >>> > >o
> > >> > >>> > +ASA
> > >> > >>> > >+
> > >> > >>> > >1000v+as+a+FW+for+CloudStack
> > >> > >>> > >
> > >> > >>> > >Additional details would be provided in the FS.
> > >> > >>> > >
> > >> > >>> > >Regards,
> > >> > >>> > >Manan Shah
> > >> > >>> > >
> > >> > >>
> > >> > >
> > >