Updated Branches: refs/heads/master 67bcce71f -> 1b373accf
CLOUDSTACK-906 draft Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1b373acc Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1b373acc Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1b373acc Branch: refs/heads/master Commit: 1b373accf4dca3ed7b12db90b556af59d8e12f8b Parents: 67bcce7 Author: Radhika PC <[email protected]> Authored: Fri Jul 12 14:58:38 2013 +0530 Committer: Radhika PC <[email protected]> Committed: Fri Jul 12 14:59:32 2013 +0530 ---------------------------------------------------------------------- docs/en-US/network-service-providers.xml | 233 +++++++++++--------- docs/en-US/vnmc-cisco.xml | 306 ++++++++++++++++++++++++++ 2 files changed, 432 insertions(+), 107 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1b373acc/docs/en-US/network-service-providers.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/network-service-providers.xml b/docs/en-US/network-service-providers.xml index cf86b24..4d21f4c 100644 --- a/docs/en-US/network-service-providers.xml +++ b/docs/en-US/network-service-providers.xml @@ -21,112 +21,131 @@ specific language governing permissions and limitations under the License. --> - <section id="network-service-providers"> - <title>Network Service Providers</title> - <note><para>For the most up-to-date list of supported network service providers, see the &PRODUCT; UI or call listNetworkServiceProviders.</para></note> - <para>A service provider (also called a network element) is hardware or virtual appliance that makes a network service possible; for example, a firewall appliance can be installed in the cloud to provide firewall service. On a single network, multiple providers can provide the same network service. For example, a firewall service may be provided by Cisco or Juniper devices in the same physical network.</para> - <para>You can have multiple instances of the same service provider in a network (say, more than one Juniper SRX device).</para> - <para>If different providers are set up to provide the same service on the network, the administrator can create network offerings so users can specify which network service provider they prefer (along with the other choices offered in network offerings). Otherwise, &PRODUCT; will choose which provider to use whenever the service is called for. </para> - <formalpara> - <title>Supported Network Service Providers</title> - <para>&PRODUCT; ships with an internal list of the supported service providers, and you can choose from this list when creating a network offering.</para> - </formalpara> - <informaltable> - <tgroup cols="6" align="left" colsep="1" rowsep="1"> - <colspec colnum="1" colname="c1" colwidth="2.4*"/> - <colspec colnum="2" colname="c2" colwidth="1.14*"/> - <colspec colnum="3" colname="c3" colwidth="1.23*"/> - <colspec colnum="4" colname="c4" colwidth="1.0*"/> - <colspec colnum="5" colname="c5" colwidth="1.3*"/> - <colspec colnum="6" colname="c6" colwidth="1.3*"/> - <thead> - <row> - <entry></entry> - <entry><para>Virtual Router</para></entry> - <entry><para>Citrix NetScaler</para></entry> - <entry><para>Juniper SRX</para></entry> - <entry><para>F5 BigIP</para></entry> - <entry><para>Host based (KVM/Xen)</para></entry> - - </row> - </thead> - <tbody> - <row> - <entry><para>Remote Access VPN</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - - </row> - <row> - <entry><para>DNS/DHCP/User Data</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - - </row> - <row> - <entry><para>Firewall</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - </row> - <row> - <entry><para>Load Balancing</para></entry> - <entry><para>Yes</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - </row> - <row> - <entry><para>Elastic IP</para></entry> - <entry><para>No</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - </row> - <row> - <entry><para>Elastic LB</para></entry> - <entry><para>No</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - </row> - <row> - <entry><para>Source NAT</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - </row> - <row> - <entry><para>Static NAT</para></entry> - <entry><para>Yes</para></entry> - <entry><para>Yes</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - </row> - <row> - <entry><para>Port Forwarding</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>Yes</para></entry> - <entry><para>No</para></entry> - <entry><para>No</para></entry> - </row> - </tbody> - </tgroup> - </informaltable> + <title>Network Service Providers</title> + <note> + <para>For the most up-to-date list of supported network service providers, see the &PRODUCT; UI + or call listNetworkServiceProviders.</para> + </note> + <para>A service provider (also called a network element) is hardware or virtual appliance that + makes a network service possible; for example, a firewall appliance can be installed in the + cloud to provide firewall service. On a single network, multiple providers can provide the same + network service. For example, a firewall service may be provided by Cisco or Juniper devices in + the same physical network.</para> + <para>You can have multiple instances of the same service provider in a network (say, more than + one Juniper SRX device).</para> + <para>If different providers are set up to provide the same service on the network, the + administrator can create network offerings so users can specify which network service provider + they prefer (along with the other choices offered in network offerings). Otherwise, &PRODUCT; + will choose which provider to use whenever the service is called for. </para> + <formalpara> + <title>Supported Network Service Providers</title> + <para>&PRODUCT; ships with an internal list of the supported service providers, and you can + choose from this list when creating a network offering.</para> + </formalpara> + <informaltable> + <tgroup cols="6" align="left" colsep="1" rowsep="1"> + <colspec colnum="1" colname="c1" colwidth="1.64*"/> + <colspec colnum="2" colname="c2" colwidth="1.48*"/> + <colspec colnum="3" colname="c3" colwidth="1.11*"/> + <colspec colnum="4" colname="c4" colwidth="1.0*"/> + <colspec colnum="5" colname="c5" colwidth="1.2*"/> + <colspec colnum="6" colname="c6" colwidth="2.45*"/> + <colspec colnum="7" colname="c6" colwidth="3.39*"/> + <thead> + <row> + <entry/> + <entry><para>Virtual Router</para></entry> + <entry><para>Citrix NetScaler</para></entry> + <entry><para>Juniper SRX</para></entry> + <entry><para>F5 BigIP</para></entry> + <entry><para>Host based (KVM/Xen)</para></entry> + <entry><para>Cisco VNMC</para></entry> + </row> + </thead> + <tbody> + <row> + <entry><para>Remote Access VPN</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + </row> + <row> + <entry><para>DNS/DHCP/User Data</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + </row> + <row> + <entry><para>Firewall</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry>Yes</entry> + </row> + <row> + <entry><para>Load Balancing</para></entry> + <entry><para>Yes</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry>No</entry> + </row> + <row> + <entry><para>Elastic IP</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + </row> + <row> + <entry><para>Elastic LB</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + </row> + <row> + <entry><para>Source NAT</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + </row> + <row> + <entry><para>Static NAT</para></entry> + <entry><para>Yes</para></entry> + <entry><para>Yes</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + </row> + <row> + <entry><para>Port Forwarding</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + <entry><para>No</para></entry> + <entry><para>No</para></entry> + <entry><para>Yes</para></entry> + </row> + </tbody> + </tgroup> + </informaltable> </section> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1b373acc/docs/en-US/vnmc-cisco.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml new file mode 100644 index 0000000..04994e5 --- /dev/null +++ b/docs/en-US/vnmc-cisco.xml @@ -0,0 +1,306 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> +%BOOK_ENTITIES; +]> +<!-- Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<section id="vnmc-cisco"> + <title>Cisco VNMC Support</title> + <para>Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and + policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with + ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: </para> + <itemizedlist> + <listitem> + <para>Configure Cisco ASA 1000v Firewalls</para> + </listitem> + <listitem> + <para>Create and apply security profiles that contain ACL policy sets for both ingress + and egress traffic, connection timeout, NAT policy sets, and TCP intercept</para> + </listitem> + </itemizedlist> + <para>&PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware + hypervisors.</para> + <section id="usecase-vnmc"> + <title>Use Cases</title> + <itemizedlist> + <listitem> + <para>A Cloud administrator adds VNMC as a network element by using the admin API + addCiscoVnmcResource after specifying the credentials</para> + </listitem> + <listitem> + <para>A Cloud administrator adds ASA 1000v appliances by using the admin API + addCiscoAsa1000vResource. You can configure one per guest network.</para> + </listitem> + <listitem> + <para>A Cloud administrator creates an Isolated guest network offering by using ASA + 1000v as the service provider for Firewall, Source NAT, Port Forwarding, and Static + NAT. </para> + </listitem> + </itemizedlist> + </section> + <section id="deploy-vnmc"> + <title>Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC + Deployment</title> + <section id="prereq-asa"> + <title>Prerequisites</title> + <itemizedlist> + <listitem> + <para>Ensure that Cisco ASA 1000v appliance is set up externally and then registered + with &PRODUCT; by using the admin API. Typically, you can create a pool of ASA + 1000v appliances and register them with &PRODUCT;.</para> + <para>Specify the following to set up a Cisco ASA 1000v instance:</para> + <itemizedlist> + <listitem> + <para>ESX host IP</para> + </listitem> + <listitem> + <para>Standalone or HA mode</para> + </listitem> + <listitem> + <para>Port profiles for the Management and HA network interfaces. This need to + be pre-created on Nexus dvSwitch switch.</para> + </listitem> + <listitem> + <para>Port profiles for both internal and external network interfaces. This need + to be pre-created on Nexus dvSwitch switch, and to be updated appropriately + while implementing guest networks.</para> + </listitem> + <listitem> + <para>The Management IP for Cisco ASA 1000v appliance. Specify the gateway such + that the VNMC IP is reachable.</para> + </listitem> + <listitem> + <para>Administrator credentials</para> + </listitem> + <listitem> + <para>VNMC credentials</para> + </listitem> + </itemizedlist> + <para>After Cisco ASA 1000v instance is powered on, register VNMC from the ASA + console.</para> + </listitem> + <listitem> + <para>Ensure that Cisco VNMC appliance is set up externally and then registered with + &PRODUCT; by using the admin API. A single VNMC instance manages multiple ASA1000v + appliances.</para> + </listitem> + <listitem> + <para>Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT; + when adding VMware cluster.</para> + </listitem> + </itemizedlist> + </section> + <section id="how-to-asa"> + <title>Using Cisco ASA 1000v Services</title> + <orderedlist> + <listitem> + <para>Ensure that all the prerequisites are met.</para> + <para>See <xref linkend="prereq-asa"/>.</para> + </listitem> + <listitem> + <para>Add a VNMC instance.</para> + <para>See <xref linkend="add-vnmc"/>.</para> + </listitem> + <listitem> + <para>Add a ASA 1000v instance.</para> + <para>See <xref linkend="add-asa"/>.</para> + </listitem> + <listitem> + <para>Create a Network Offering and use Cisco VNMC as the service provider for desired services.</para> + <para>See <xref linkend="asa-offering"/>.</para> + </listitem> + <listitem> + <para>Create an Isolated Guest Network by using the network offering you just created.</para> + </listitem> + </orderedlist> + </section> + </section> + <section id="add-vnmc"> + <title>Adding a VNMC Instance</title> + <orderedlist> + <listitem> + <para>Log in to the &PRODUCT; UI as administrator.</para> + </listitem> + <listitem> + <para>In the left navigation bar, click Infrastructure.</para> + </listitem> + <listitem> + <para>In Zones, click View More.</para> + </listitem> + <listitem> + <para>Choose the zone you want to work with.</para> + </listitem> + <listitem> + <para>Click the Network tab.</para> + </listitem> + <listitem> + <para>In the Network Service Providers node of the diagram, click Configure. </para> + <para>You might have to scroll down to see this.</para> + </listitem> + <listitem> + <para>Click Cisco VNMC.</para> + </listitem> + <listitem> + <para>Click View VNMC Devices</para> + </listitem> + <listitem> + <para>Click the Add VNMC Device and provide the following:</para> + <itemizedlist> + <listitem> + <para>Host: The IP address of the VNMC instance.</para> + </listitem> + <listitem> + <para>Username: The user name of the account on the VNMC instance that &PRODUCT; + should use.</para> + </listitem> + <listitem> + <para>Password: The password of the account.</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para>Click OK.</para> + </listitem> + </orderedlist> + </section> + <section id="add-asa"> + <title>Adding an ASA 1000v Instance</title> + <orderedlist> + <listitem> + <para>Log in to the &PRODUCT; UI as administrator.</para> + </listitem> + <listitem> + <para>In the left navigation bar, click Infrastructure.</para> + </listitem> + <listitem> + <para>In Zones, click View More.</para> + </listitem> + <listitem> + <para>Choose the zone you want to work with.</para> + </listitem> + <listitem> + <para>Click the Network tab.</para> + </listitem> + <listitem> + <para>In the Network Service Providers node of the diagram, click Configure. </para> + <para>You might have to scroll down to see this.</para> + </listitem> + <listitem> + <para>Click Cisco VNMC.</para> + </listitem> + <listitem> + <para>Click View ASA 1000v.</para> + </listitem> + <listitem> + <para>Click the Add CiscoASA1000v Resource and provide the following:</para> + <itemizedlist> + <listitem> + <para>Host: The management IP address of the ASA 1000v instance. The IP address is + used to connect to ASA 1000V.</para> + </listitem> + <listitem> + <para>Inside Port Profile: The Inside Port Profile configuration on Cisco + Nexus1000v dvSwitch.</para> + </listitem> + <listitem> + <para>Cluster: The VMware cluster to which you are adding the ASA 1000v + instance.</para> + <para>Ensure that the cluster is Cisco Nexus 1000v dvSwitch enabled.</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para>Click OK.</para> + </listitem> + </orderedlist> + </section> + <section id="asa-offering"> + <title>Creating a Network Offering Using Cisco ASA 1000v</title> + <para>To have Cisco ASA 1000v support for a guest network, create a network offering as + follows: </para> + <orderedlist> + <listitem> + <para>Log in to the &PRODUCT; UI as a user or admin.</para> + </listitem> + <listitem> + <para>From the Select Offering drop-down, choose Network Offering.</para> + </listitem> + <listitem> + <para>Click Add Network Offering.</para> + </listitem> + <listitem> + <para>In the dialog, make the following choices:</para> + <itemizedlist> + <listitem> + <para><emphasis role="bold">Name</emphasis>: Any desired name for the network + offering.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Description</emphasis>: A short description of the + offering that can be displayed to users.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Network Rate</emphasis>: Allowed data transfer rate in + MB per second.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Traffic Type</emphasis>: The type of network traffic + that will be carried on the network.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Guest Type</emphasis>: Choose whether the guest + network is isolated or shared.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Persistent</emphasis>: Indicate whether the guest + network is persistent or not. The network that you can provision without having + to deploy a VM on it is termed persistent network. </para> + </listitem> + <listitem> + <para><emphasis role="bold">VPC</emphasis>: This option indicate whether the guest + network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a + private, isolated part of &PRODUCT;. A VPC can have its own virtual network + topology that resembles a traditional physical network. For more information on + VPCs, see <xref linkend="vpc"/>.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Specify VLAN</emphasis>: (Isolated guest networks + only) Indicate whether a VLAN should be specified when this offering is + used.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Supported Services</emphasis>: Use Cisco VNMC as the + service provider for Firewall, Source NAT, Port Forwarding, and Static NAT to + create an Isolated guest network offering.</para> + </listitem> + <listitem> + <para><emphasis role="bold">System Offering</emphasis>: Choose the system service + offering that you want virtual routers to use in this network.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Conserve mode</emphasis>: Indicate whether to use + conserve mode. In this mode, network resources are allocated only when the first + virtual machine starts in the network.</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para>Click OK </para> + <para>The network offering is created.</para> + </listitem> + </orderedlist> + </section> \ No newline at end of file
