1. No category

PDF - Complete Book (3.73 MB)

Cisco Virtual Application Cloud Segmentation Services Installation
and Upgrade Guide, Release 5.4STV3.0
First Published: May 06, 2016
Last Modified: June 16, 2016
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
© 2016
Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Overview 1
About Cisco Virtual Application Cloud Segmentation Services 1
Components of Cisco VACS 1
Benefits of Cisco VACS 2
Wizards in Cisco VACS 2
Cisco VACS Solution in Cisco UCS Director 3
Logging Into the Cisco UCS Director 4
Understanding the Cisco VACS Interface 5
Viewing the Cisco VACS Version Information 6
Cisco VACS User Roles 6
About Cisco UCS Director 7
Information About the Cisco Nexus 1000V Virtual Supervisor Module 7
Related Documentation for the Cisco Virtual Application Cloud Segmentation Services 8
CHAPTER 2
Cisco VACS Installation Task Summary 11
Cisco VACS Installation Tasks Summary 11
Process Flowchart to Install Cisco VACS and the Cisco VACS Components 12
CHAPTER 3
Installing Licenses 13
About Cisco VACS Licenses 13
Guidelines and Limitations for Cisco VACS License 14
Fulfilling the Product Access Key 15
Updating the Cisco UCS Director License 16
Updating the Cisco VACS License 16
Installing the Cisco ASAv License 17
CHAPTER 4
Installing Cisco VACS 21
Compatibility Information for Cisco VACS 21
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
iii
Contents
System Requirements for Cisco VACS 25
Hardware Requirements for Cisco VACS 25
Prerequisites for Installing Cisco VACS 26
Applying the Cisco VACS Patch to the Cisco UCS Director 26
Verifying the Installation of Cisco VACS 28
CHAPTER 5
Upgrading Cisco VACS 29
About Upgrading Cisco VACS 29
Guidelines and Limitations 29
Prerequisites for Upgrading the Cisco VACS 30
Process Flowchart to Upgrade Cisco VACS 31
Upgrading Cisco VACS 31
Upgrading Cisco Virtual Switch Update Manager 32
Verifying the Cisco VACS Upgrade Process 33
Verifying the Cisco VSUM Upgrade Process 33
(Optional) Upgrading Cisco Cloud Services Router (CSR) 1000V 34
CHAPTER 6
Installing Cisco VACS Components 37
Cisco VACS Installation Sequence 37
Creating a Virtual Account 38
Installing Cisco Prime Network Services Controller 38
Installing Cisco Nexus 1000V 43
About Adding Hosts to Nexus 1000V DVS 49
Adding Hosts 50
CHAPTER 7
Troubleshooting Installation Issues 61
Cleaning the Cisco VACS Environment 61
Problems with Installing Cisco VACS 62
Problems with Upgrading Cisco VACS 62
Troubleshooting Cisco PNSC Installation Issues 65
Removing a PNSC Installation Manually 65
Problems with Installing Cisco PNSC 65
Troubleshooting Cisco Virtual Switch Update Manager Installation Issues 66
Removing a Cisco Virtual Switch Update Manager Installation Manually 66
Troubleshooting Cisco Nexus 1000V VSM Installation Issues 66
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
iv
Contents
Removing the Cisco Nexus 1000V VSM Manually 66
Problems with Installing Cisco Nexus 1000V 67
Troubleshooting Adding Hosts Issues 69
Removing the Hosts Manually 69
Problems with Adding Hosts 70
Generic Troubleshooting Issues 71
Deleting a Database Entry From UCS Director Database Table 73
CHAPTER 8
FAQs 75
Cisco VACS Installation FAQs 75
Cisco VACS Licensing FAQs 78
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
v
Contents
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
vi
CHAPTER
1
Overview
This chapter contains the following sections.
• About Cisco Virtual Application Cloud Segmentation Services, page 1
• Cisco VACS Solution in Cisco UCS Director , page 3
• About Cisco UCS Director, page 7
• Information About the Cisco Nexus 1000V Virtual Supervisor Module, page 7
• Related Documentation for the Cisco Virtual Application Cloud Segmentation Services, page 8
About Cisco Virtual Application Cloud Segmentation Services
Cisco Virtual Application Cloud Segmentation (VACS) Services is a software solution that automates the
coordinated licensing, installation, and deployment of multiple virtual services in your datacenter to enable
an easy and efficient setup of virtualized applications. Cisco VACS provides a fully customizable extended
application container abstraction to simplify deploying and provisioning the virtual services. Cisco VACS
allows you to define extended application container templates and to instantiate them through automated setup
and provisioning of the underlying virtual components. Cisco UCS Director provides the management interface
to deploy, provision, and monitor the Cisco VACS solution.
Cisco VACS provides you with a choice of ready-to-use application container templates that define the rules
for deploying a collection of virtual machines (VMs) within a private network secured by a firewall. An
application container is a set of virtual services such as virtual switches, routers, firewalls, and other network
devices configured in a consistent manner to deploy different workloads. When you create and instantiate an
application container template, Cisco VACS deploys VMs, and configures networks, the firewall, and virtual
switches, and enables quick provisioning of network and security at the virtual layer.
Components of Cisco VACS
Cisco VACS enables you to build a secure multi tenant cloud and provides ready-to-use application container
templates by leveraging the features of the following virtual components:
• Cisco Nexus 1000V
• Cisco Prime Network Services Controller (PNSC)
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
1
Overview
Benefits of Cisco VACS
• VMware vSphere
• Cisco Cloud Services Router (CSR) 1000V
• Cisco Adaptive Security Virtual Appliance (ASAv)
• Cisco Virtual Security Gateway (VSG)
• Server Load Balancer
The following figure shows how these components fit into the architecture of Cisco VACS.
Figure 1: Cisco VACS Architecture
Benefits of Cisco VACS
Cisco VACS provides the following benefits:
• A simplified and central provisioning solution for virtual network services.
• Ready-to-use regulatory compliant secure containers that can be created and instantiated with a few
mouse clicks.
• Hypervisor-independent architecture that enables you to build and manage a secure, multi-tenant cloud.
• Consistent deployment of virtual and physical resources with no additional costs.
For more information about how to configure the application container templates on Cisco VACS, see the
Cisco Virtual Application Cloud Segmentation Services Configuration Guide.
Wizards in Cisco VACS
Cisco VACS includes a set of wizards that guide you through the installation of Cisco PNSC and Cisco Nexus
1000V, and adding hosts and templates. Following are the available wizards:
• Install PNSC
This wizard helps you to install the Cisco Prime Network Services Controller (PNSC).
• Install Nexus 1000V
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
2
Overview
Cisco VACS Solution in Cisco UCS Director
This wizard helps you to install the Cisco Nexus 1000V virtual switch.
• Add Host
This wizard helps you to add hosts to the Cisco Nexus 1000V DVS.
• Options
This wizard allows you to hide or display the application container configurations that can be edited by
the end users.
• Add ASAv License
This wizard allows you to install the Cisco ASAv license.
• Add Template
This wizard allows you to create a container template.
Cisco VACS Solution in Cisco UCS Director
After you install the Cisco UCS Director – Cisco VACS license and apply the Cisco VACS patch to the Cisco
UCS Director, you can view the Cisco VACS solution under the Solutions > VACS Container tab.
The following action buttons are available on the Cisco VACS tab:
• Installing Cisco Prime Network Services Controller, on page 38
• Installing Cisco Nexus 1000V, on page 43
• Adding Hosts, on page 50
• Installing the Cisco ASAv License, on page 17
• Add Template
• Options
• About VACS
You can view the Cisco VACS version number and the build details using this tab.
If you select a deployed Cisco VACS application container, the following container-specific action buttons
are available under Policies > Application Containers:
• Manage Service VM password
• View details
• View Reports
• Power on/off containers
• Add VMs
• Delete VMs
• Delete Container
• ERSPAN
• Firewall Policy
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
3
Overview
Logging Into the Cisco UCS Director
• Static NAT
• Open Console
Note
• Effective Release 5.4STV3.0, parallel post container operations on an application container are
blocked. You are allowed to perform only one post container operation per container at a time and
you are not allowed to proceed to the next operation unless the earlier one has been completed.
• For information about the above operations, see the Cisco Virtual Application Cloud Segmentation
Services Configuration Guide.
Once you select a template, the following management action buttons are displayed:
• Edit Template
• Clone Template
• Delete Template
• Create Container
For more information on the preceding management actions, see the Cisco Virtual Application Cloud
Segmentation Services Configuration Guide.
Note
For information on applying the Cisco VACS patch to the Cisco UCS Director, see the Applying the Cisco
VACS Patch to the Cisco UCS Director, on page 26.
Logging Into the Cisco UCS Director
Step 1
Step 2
In the Address field of the browser, enter the IP address of the Cisco UCS Director and press Enter.
The Cisco UCS Director login page appears.
Enter the username and password in the Username and Password fields, and click Login.
Note
The default username and password is
admin.
The Cisco UCS Director home page appears.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
4
Overview
Understanding the Cisco VACS Interface
Understanding the Cisco VACS Interface
This section describes the Cisco VACS interface and the features that you can access using Cisco UCS Director
and the admin privileges.
Figure 2: Cisco VACS Interface
Table 1: Elements of the Cisco VACS User Interface
Number
Description
1
The Menu bar displays tabs that allow you to view the Cisco VACS solution
interface, along with the Cisco UCS Director tabs.
2
The VACS Container tab displays the submenu corresponding to the Cisco
VACS software solution.
3
The VACS submenu displays tabs that allow you to add a template and
host, Options to configure to display or hide the application container
configurations that are editable by the end user, install the Cisco ASAv
license, manage the install PNSC and Nexus 1000V, view the Cisco VACS
version details, and the online help.
4
The VACS area displays the available template details, such as the container
template, template description, and the container type.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
5
Overview
Viewing the Cisco VACS Version Information
This submenu displays buttons that allows you to do the following:
5
• view user information
• log out of the Cisco UCS Director interface
• view the Cisco web page
• view information about the Cisco UCS Director
• view the Cisco UCS Director Online Help
• search for objects
This submenu displays buttons that allows you to do the following:
6
• customize the table
• export reports
• add an advance filter
• search
Viewing the Cisco VACS Version Information
To view the Cisco VACS build and version details, choose Solutions > VACS Container > About VACS.
The About VACS dialog box displays the Cisco VACS version and build details.
To view the product documentation, click Help.
Cisco VACS User Roles
You can use one of the following roles to access and use Cisco VACS:
• Service End User—Enables you to instantiate a Cisco VACS container from the catalog and services
that are related to the container.
• System Administrator—Enables you to have full privileges to manage Cisco VACS in Cisco UCS
Director including adding accounts, defining policies, creating application templates, instantiating
application containers from the templates, and troubleshoot problems.
Attention
Depending on your user role, your view of Cisco VACS solution, and the permissions to access and
perform tasks in Cisco UCS Director might differ. For detailed information about user roles and privileges,
see the Cisco UCS Director Administration Guide and the Cisco UCS Director Self-Service Portal Guide.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
6
Overview
About Cisco UCS Director
About Cisco UCS Director
Cisco UCS Director is a 64-bit appliance that uses the Open Virtualization Format (OVF) for VMware vSphere
standard template:
Cisco UCS Director delivers unified, highly secure management for converged infrastructure solutions, that
are based on the Cisco UCS and Cisco Nexus platforms.
Cisco UCS Director extends the unification of computing and network layers through Cisco UCS to provide
you with a comprehensive visibility and management capability. It supports NetApp FlexPod and ExpressPod,
EMC Isilon, EMC VSPEX, EMC VPLEX, and VCE Vblock systems, which are based on the Cisco UCS and
Cisco Nexus platforms.
Cisco UCS Director automates the provisioning of resource pools across physical, virtual, and baremetal
environments. It delivers native, automated monitoring for health, status, and resource utilization. You can
do the following using Cisco UCS Director:
• Create, clone, and deploy service profiles and templates for all servers and applications
• Monitor organizational usage, trends, and capacity across a converged infrastructure on a continuous
basis, such as by viewing heat maps that show virtual machine (VM) utilization across all your data
centers
• Deploy and add capacity to ExpressPod and FlexPod infrastructures in a consistent, repeatable manner
• Manage, monitor, and report on Cisco UCS domains and their components
• Extend virtual service catalogs to include physical infrastructures services
• Manage secure multitenant environments to accommodate virtualized workloads that run with
nonvirtualized workloads
Information About the Cisco Nexus 1000V Virtual Supervisor
Module
The Virtual Supervisor Module (VSM) is the control plane of the Cisco Nexus 1000V. It is deployed as a
virtual machine.
Cisco VACS supports the installation of the VSM in a high-availability (HA) pair using the automated Cisco
VACS installation.
The VSM, along with the VEMs that it controls, performs the following functions for the Cisco Nexus 1000V
system:
• Configuration
• Management
• Monitoring
• Diagnostics
• Integration with VMware vCenter Server
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
7
Overview
Related Documentation for the Cisco Virtual Application Cloud Segmentation Services
The VSM uses an external network fabric to communicate with the VEMs. The VSM runs the control plane
protocols and configures the state of each VEM, but it never forwards packets. The physical NICs on the
VEM server are the uplinks to the external fabric. VEMs switch traffic between the local virtual Ethernet
ports that are connected to the VM vNICs but do not switch traffic to other VEMs. Instead, a source VEM
switches packets to the uplinks that the external fabric delivers to the target VEM.
A single Cisco Nexus 1000V instance, including dual-redundant VSMs and managed VEMs, forms a switch
domain. Each Cisco Nexus 1000V domain within a VMware vCenter Server must be distinguished by a unique
integer called the domain identifier.
A single VSM can control up to 250 VEMs.
While using the VSG, it can control up to 128 VEMS.
See the Cisco Nexus 1000V Resource Availability Reference for information about scale limits.
The Cisco Nexus 1000V architecture is shown in the following figure.
Figure 3: Cisco Nexus 1000V Architecture
Related Documentation for the Cisco Virtual Application Cloud
Segmentation Services
This section lists the documents used with the Cisco VACS components and are available on Cisco.com at
the following URL:
Cisco Virtual Application Cloud Segmentation Services Documentation
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
8
Overview
Related Documentation for the Cisco Virtual Application Cloud Segmentation Services
General Information
Cisco Virtual Application Cloud Segmentation Services Release Notes
Installation and Upgrade
Cisco Virtual Application Cloud Segmentation Installation and Upgrade Guide
Configuration
Cisco Virtual Application Cloud Segmentation Configuration Guide
User Information
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide
Nexus 1000V Documentation
For the Cisco Nexus 1000V for VMware vSphere Documentation:
Cisco Nexus 1000V for VMware vSphere Documentation
Prime Network Services Controller Documentation
Cisco Prime Network Services Controller Documentation
Cloud Services Router 1000V Documentation
Cisco Cloud Services Router 1000V Documentation
Cisco Adaptive Security Virtual Appliance (ASAv) Documentation
Cisco Adaptive Security Virtual Appliance Documentation
Virtual Security Gateway Documentation
Cisco Virtual Security Gateway Documentation
UCS Director Documentation
Cisco UCS Director Documentation
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
9
Overview
Related Documentation for the Cisco Virtual Application Cloud Segmentation Services
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
10
CHAPTER
2
Cisco VACS Installation Task Summary
This chapter contains the following section:
• Cisco VACS Installation Tasks Summary, page 11
• Process Flowchart to Install Cisco VACS and the Cisco VACS Components, page 12
Cisco VACS Installation Tasks Summary
The following sections describe the summary of tasks required to install Cisco VACS:
Tasks before you begin the installation process
• Gather the workload VM and Container deployment requirements.
• Setup user accounts and groups in Cisco UCS Director.
For detailed information about setting up accounts, see the Cisco UCS Director Administration Guide.
Tasks when you are installing Cisco VACS
• Apply the Cisco VACS patch.
For information about applying the Cisco VACS patch, see Applying the Cisco VACS Patch to the Cisco
UCS Director, on page 26.
• Apply or upgrade the Cisco VACS license keys through the Cisco UCS Director User Interface (UI).
For more information about installing the Cisco VACS license, see Updating the Cisco VACS License,
on page 16.
Tasks when you are installing Cisco VACS components
• Set up virtual accounts in Cisco UCS Director.
For detailed information about setting up accounts, see the Cisco UCS Director Administration Guide.
• Install Cisco PNSC and Cisco Nexus 1000V through the Cisco UCS Director UI.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
11
Cisco VACS Installation Task Summary
Process Flowchart to Install Cisco VACS and the Cisco VACS Components
For more information about installing these components, see Installing Cisco Prime Network Services
Controller, on page 38 and Installing Cisco Nexus 1000V, on page 43.
• Add hosts to the Cisco Nexus 1000V though the Cisco UCS Director UI.
For more information on adding hosts, see Adding Hosts, on page 50
Process Flowchart to Install Cisco VACS and the Cisco VACS
Components
Use the procedures in this chapter and the following workflow as a guide to install Cisco VACS.
Figure 4: Process Workflow—Installing Cisco VACS and the Cisco VACS Components
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
12
CHAPTER
3
Installing Licenses
This chapter contains the following sections:
• About Cisco VACS Licenses, page 13
• Guidelines and Limitations for Cisco VACS License, page 14
• Fulfilling the Product Access Key, page 15
• Updating the Cisco UCS Director License, page 16
• Updating the Cisco VACS License, page 16
• Installing the Cisco ASAv License, page 17
About Cisco VACS Licenses
To use Cisco VACS, you must obtain the Cisco VACS and the Cisco UCS Director licenses from your Cisco
representative or download it from https://software.cisco.com . You must upload the Cisco VACS license file
in Cisco UCS Director. After the license is installed, registered, and validated by Cisco UCS Director, you
must apply the Cisco VACS patch to view the Cisco VACS menu in the UCS-Director UI.
1 Before you install Cisco UCS Director, generate the license key and claim a certificate (Product Access
Key).
2 Register the Product Access Key (PAK) on the Cisco software license site, as described in Fulfilling the
Product Access Key, on page 15.
3 After you install Cisco UCS Director, update the license in Cisco UCS Director as described in Updating
the Cisco VACS License, on page 16.
4 After the license has been validated, you can upload the Cisco UCS Director-Cisco VACS license.
Tip
If you want to evaluate Cisco UCS Director, you must first obtain an evaluation license by contacting
your Cisco representative.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
13
Installing Licenses
Guidelines and Limitations for Cisco VACS License
Guidelines and Limitations for Cisco VACS License
Follow these guidelines and limitations while Installing a Cisco VACS License:
All Cisco UCS Director licenses should be of either the EVAL or the Production type.
You can use the following combinations to enable the Cisco VACS functionality:
• EVAL Base + EVAL UCS Director Server + EVAL Cisco VACS
• Production Base+Production Cisco UCS Director Server + Production Cisco VACS
The following combinations are not supported:
• EVAL Base + EVAL UCSD Server + Production Cisco VACS
• Production Base + Production UCSD server + EVAL Cisco VACS
While there is no limit to the number of Cisco VACS Production licenses that you can install, you can install
only one Cisco VACS EVAL license file.
To upgrade Cisco VACS from EVAL to Production, you must first install the Cisco UCS Director Production
licenses (Production Base+Production Server), and then install the Cisco VACS Production licenses.
Cisco VACS does not automatically upgrade your existing Cisco Nexus 1000V licenses to permanent licenses
after moving from Cisco VACS EVAL licenses to Cisco VACS Production licenses. You must install a new
Cisco Nexus 1000V to ensure that it is installed with permanent licenses.
Attention
1 From Cisco VACS Release 5.4STV2.1, the Cisco CSR license token UI is not present and the Cisco
UCS Director itself behaves as the Licensing server.
2 The Cisco ASAv license is not a part of the Cisco VACS license. You must purchase the Cisco ASAv
license separately.
3 To license Cisco ASAv, the Cisco ASAv license token must be entered via the Add ASAv license tab
in the Cisco VACS UI.
Cisco VACS does not upgrade CSR 1000V licenses to Maximum throughput (10 Gig ). After installing Cisco
VACS production licenses, only new CSR 1000Vs deployed as part of new container deployment, are licensed
to have a throughput of 10 Gig.
Cisco PNSC does not need any licenses to work with Cisco VACS.
When you upgrade from Cisco VACS EVAL licenses to the Cisco VACS licenses, note the following points:
1 After installing the Cisco UCS Director Production licenses, only the Cisco VACS Production licenses
are accepted.
2 After installing Cisco VACS Production Licenses, existing Cisco Nexus 1000V (installed with EVAL
Cisco VACS Licenses) will not get perpetual/permanent Cisco Nexus 1000V licenses. In this case, you
have to deploy a new Cisco Nexus1000V (after installing the Cisco VACS Production licenses ), so that
new Cisco Nexus 1000V will have perpetual licenses.
3 Cisco CSR 1000V deployed during the Cisco VACS EVAL licenses will come up with default licenses
and a maximum throughput of 100 Kbps.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
14
Installing Licenses
Fulfilling the Product Access Key
4 Cisco ASAv deployed during the Cisco VACS EVAL licenses (or with no ASAv licenses) will come up
with default licenses and a maximum throughput of 100 Kbps.
Fulfilling the Product Access Key
Before You Begin
You need the PAK number.
Step 1
Step 2
Navigate to the Cisco Software License website.
If you are directed to the Product License Registration page, you can take the training or click Continue to Product
License Registration.
Step 3
Step 4
Step 5
Step 6
On the Product License Registration page, click Get New Licenses from a PAK or Token.
In the Enter a Single PAK or TOKEN to Fulfill field, enter the PAK number.
Click Fulfill Single PAK/TOKEN.
Complete the additional fields in License Information to register your PAK:
Step 7
Name
Description
Organization Name
The organization name.
Site Contact Name
The site contact name.
Street Address
The street address of the organization.
City or Town
The city or town.
State or Province
The state or province.
Zip or Postal Code
The zip code or postal code.
Country
The country name.
Click Issue Key.
The features for your license appear, and you receive an email with the Digital License Agreement and a zipped license
file.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
15
Installing Licenses
Updating the Cisco UCS Director License
Updating the Cisco UCS Director License
Tip
If you want to evaluate Cisco UCS Director, you must first obtain an evaluation license by contacting
your Cisco representative.
Before You Begin
If you received a zipped license file by email, extract and save the .lic file to your local machine.
Step 1
Step 2
Step 3
Step 4
Choose Administration > License.
Click the License Keys tab.
Click Update License.
In the Update License dialog box, do one of the following:
• To upload a .lic file, click Browse, navigate to and choose the .lic file, and then click Submit.
• For a license key, check the Enter License Text check box and then copy and paste the license key only into the
License Text field. The license key is typically at the top of the file, after Key ->.
You can also copy and paste the full text of a license file into the License Text field.
Step 5
Click Submit.
The license file is processed, and a message appears confirming the successful update.
Note
A minimum of one UCS Director Base and Server license should be present before you install the Cisco VACS
license. For information on how to obtain and install the Base and Server licenses, see the Cisco UCS Director
Installation and Upgrade on VMware vSphere.
Updating the Cisco VACS License
Tip
If you want to evaluate Cisco VACS, you must first obtain an evaluation license from the Cisco Sales
Acceleration Center at [email protected].
Before You Begin
• Make sure that the Cisco UCS Director Base and Server licenses are installed before installing the Cisco
VACS license.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
16
Installing Licenses
Installing the Cisco ASAv License
• If you received a zipped license file by email, extract and save the .lic file to your local machine.
Step 1
Step 2
Step 3
Step 4
Choose Administration > License.
Click the License Keys tab.
Click Update License.
In the Update License dialog box, do one of the following:
• To upload a .lic file, click Browse, navigate to and select the .lic file, and then click Submit.
• For a license key, check the Enter License Text check box and then copy and paste the license key only into the
License Text field. The license key is typically at the top of the file, after Key ->.
You can also copy and paste the full text of a license file into the License Text field.
Step 5
Click Submit.
The license file is processed, and a message appears confirming the successful update.
Step 6
After the Cisco UCS Director–Cisco VACS license is validated, you must manually restart Cisco UCS Director to view
the tasks that you can perform to use Cisco Virtual Application Cloud Segmentation (VACS) Services and ensure that
all the services are running.
To manually restart the UCS Director services, log in to the SSH application with shelladmin credentials, proceed to the
Cisco UCS Director Shell Menu, and enter the following options in order from the Cisco UCS Director Shell menu:
• 3—Stop Services
• 4—Start Services
• 2—Display Services Status
Installing the Cisco ASAv License
When you purchase one or more licenses for the ASAv, you manage them in the Cisco Smart Software
Manager at https://software.cisco.com .
The Smart Software Manager lets you create a master account for your organization.
By default, your licenses are assigned to the Default Virtual Account under your master account. As the
account administrator, you can optionally create additional virtual accounts; for example, you can create
accounts for regions, departments, or subsidiaries. Multiple virtual accounts let you more easily manage large
numbers of licenses and devices.
Note
• You cannot use PAK-based licensing with the ASAv. Only Smart Software Licensing is supported.
• The delegated license model that is used for Cisco CSR 1000V is not supported for ASAv.
• The Help link provides you access to the corresponding online help.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
17
Installing Licenses
Installing the Cisco ASAv License
Before You Begin
• You must check if the Cisco ASAv licenses are present in the smart licensing account.
• Ensure Internet access or HTTP proxy access from the ASAv, so the ASAv can contact the Licensing
Authority. Offline licensing is not supported.
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Solutions > VACS Container.
The Cisco VACS management task icons appear.
Click Add ASAv License.
The Add ASAv License dialog box appears.
Figure 5: Add ASAv License
Step 3
In the Add ASAv License dialog box complete the following fields:
Name
Description
ASAv License Token field
The ASAv license token that you have obtained.
This is a mandatory field.
DNS Server IP field
The DNS server IP address.
This is a mandatory field.
ASAv License Proxy Server IP field (Optional)
The proxy server IP address. The proxy server IP address
is used by the ASAv management IP address to reach the
Cisco Smart licensing server for obtaining licenses.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
18
Installing Licenses
Installing the Cisco ASAv License
Step 4
Step 5
Name
Description
ASAv License Proxy Server Port field (Optional)
The port number used for connecting to the proxy server.
Click Submit.
(Optional) Click Add ASAv License to verify the token.
The token ID and the DNS server IP address is visible in the corresponding fields.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
19
Installing Licenses
Installing the Cisco ASAv License
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
20
CHAPTER
4
Installing Cisco VACS
This chapter contains the following sections:
• Compatibility Information for Cisco VACS, page 21
• System Requirements for Cisco VACS, page 25
• Hardware Requirements for Cisco VACS, page 25
• Prerequisites for Installing Cisco VACS, page 26
• Applying the Cisco VACS Patch to the Cisco UCS Director, page 26
• Verifying the Installation of Cisco VACS , page 28
Compatibility Information for Cisco VACS
The following table lists the compatibility information for Cisco VACS and Cisco UCS Director, and the
relevant Cisco VACS components.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
21
Installing Cisco VACS
Compatibility Information for Cisco VACS
Table 2: Software Compatibility for Cisco VACS and Cisco UCS Director
Cisco VACS
Cisco UCS Director
Release 5.4STV3.0 Release 5.4 and the 5.4 based patch releases
Note
• We recommend that you install it
on Cisco UCS Director Release
patch 5.4.0.3.
• Cisco VACS 3.0 is not supported
on Cisco UCS Director Release
5.5.
• VMware vSphere 5.5 or 6.0
• Cisco Nexus 1000V
5.2(1)SV3(1.4)
• Cisco Prime Network
Services Controller 3.4.1b
• Cisco Virtual Security
Gateway 5.2(1)VSG2(1.3)
• Cisco Cloud Services Router
1000V XE 3.16.1a
• Cisco Adaptive Security
Virtual Appliance (ASAv)
9.6.1
• Server Load Balancer (SLB)
1 Open Source HA-proxy,
Release 1.5.2 1.5.2-2.el6
(on x86_64)
2 Keepalived 1.2.15
Release 5.4STV2.1 Release 5.4
Release 5.3 and the Release 5.3-based patches are
not supported.
• VMware vSphere 5.1 or later
• Cisco Nexus 1000V
5.2(1)SV3(1.4)
• Cisco Prime Network
Services Controller 3.4.1b
• Cisco Virtual Security
Gateway 5.2(1)VSG2(1.3)
• Cisco Cloud Services Router
1000V XE 3.16.1a
• Server Load Balancer (SLB)
1 Open Source HA-proxy,
Release 1.5.2 1.5.2-2.el6
(on x86_64)
2 Keepalived 1.2.15
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
22
Installing Cisco VACS
Compatibility Information for Cisco VACS
Cisco VACS
Cisco UCS Director
Release
5.3STV2.0.1
Release 5.3 and the later releases
Note
We recommend that you install it on
Cisco UCS Director Release patch
5.3.1.2.
• VMware vSphere 5.1 or later
• Cisco Nexus 1000V
5.2(1)SV3(1.4)
• Cisco Prime Network
Services Controller 3.4.1b
• Cisco Virtual Security
Gateway 5.2(1)VSG2(1.3)
• Cisco Cloud Services Router
1000V XE 3.14.0
• Server Load Balancer (SLB)
1 Open Source HA-proxy,
Release 1.5.2 1.5.2-2.el6
(on x86_64)
2 Keepalived 1.2.15
Release 5.3STV2.0
• Release 5.3 or the 5.3.1.0 patch
• VMware vSphere 5.1 or later
• Release 5.2 or Release 5.2-based patch
releases
• Cisco Nexus 1000V
5.2(1)SV3(1.4)
• Cisco Prime Network
Services Controller 3.4.1b
• Cisco Virtual Security
Gateway 5.2(1)VSG2(1.3)
• Cisco Cloud Services Router
1000V XE 3.14.0
• Server Load Balancer (SLB)
1 Open Source HA-proxy,
Release 1.5.2 1.5.2-2.el6
(on x86_64)
2 Keepalived 1.2.15
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
23
Installing Cisco VACS
Compatibility Information for Cisco VACS
Cisco VACS
Release
5.3STV1.1.2
Release
5.2STV1.1.1
Cisco UCS Director
• Release 5.3
• VMware vSphere 5.1 or later
• Release 5.2
Note
Apply the Cisco UCS Director
maintenance patch (patch 1, which
is cucsd_patch_5_2_0_1.zip)
before installing or before
upgrading to Cisco VACS Release
5.3STV1.1.2.
• Cisco Nexus 1000V
5.2(1)SV3(1.1)
• Release 5.1
• Cisco Cloud Services Router
1000V XE 3.14.0
• Release 5.2
Note
Apply the Cisco UCS Director
maintenance patch (patch 1, which
is cucsd_patch_5_2_0_1.zip)
before installing or before
upgrading to Cisco VACS Release
5.3STV1.1.2.
• VMware vSphere 5.1 or later
• Release 5.1
• Cisco Prime Network
Services Controller 3.2.2.b
• Cisco Virtual Security
Gateway 5.2(1)VSG2(1.1)
• Cisco Nexus 1000V
5.2(1)SV3(1.1)
• Cisco Prime Network
Services Controller 3.2.2.b
• Cisco Virtual Security
Gateway 5.2(1)VSG2(1.1)
• Cisco Cloud Services Router
1000V XE 3.14.0
Release 5.2STV1.1
• Release 5.2
Note
Apply the Cisco UCS Director
maintenance patch (patch 1, which
is cucsd_patch_5_2_0_1.zip)
before installing or before
upgrading to Cisco VACS Release
5.3STV1.1.2.
• Release 5.1
• VMware vSphere 5.1 or later
• Cisco Nexus 1000V
5.2(1)SV3(1.1)
• Cisco Prime Network
Services Controller 3.2.2.b
• Cisco Virtual Security
Gateway 5.2(1)VSG2(1.1)
• Cisco Cloud Services Router
1000V XE 3.14.0
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
24
Installing Cisco VACS
System Requirements for Cisco VACS
Cisco VACS
Cisco UCS Director
Release 5.1STV1.0 Release 5.1
• VMware vSphere 5.1 or later
• Cisco Nexus 1000V
5.2(1)SV3(1.1)
• Cisco Prime Network
Services Controller 3.2.2.b
• Cisco Virtual Security
Gateway 5.2(1)VSG2(1.1)
• Cisco Cloud Services Router
1000V XE 3.12.0
System Requirements for Cisco VACS
Cisco VACS has the following system requirements:
• Cisco UCS Director Release 5.4 and the 5.4 based patch releases.
Note
We recommend that you install it on Cisco UCS Director Release 5.4.0.3.
• VMware vSphere 5.5 or 6.0
Hardware Requirements for Cisco VACS
The following are the hardware requirements for installing Cisco VACS.
Components
Hard Drive in GB
RAM in GB
CPU
Cisco UCS Director
100
8
4
Cisco Virtual Switch Update
Manager (VSUM)
80
4
2
Cisco Nexus 1000V VSM
3
4
2
(Cisco VACS installs the
Cisco Nexus 1000V in an HA
pair)
Cisco Prime network Services
Controller (PNSC)
220
4
4
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
25
Installing Cisco VACS
Prerequisites for Installing Cisco VACS
Prerequisites for Installing Cisco VACS
The installation of the Cisco VACS has the following prerequisites:
• You have installed Cisco UCS Director Release 5.4 and the 5.4 based patch releases.
Note
We recommend that you install it on Cisco UCS Director Release patch 5.4.0.3.
• The setup meets the system requirements with respect to the memory, disk size, and so on.
• You have administrator privileges to install Cisco VACS and the components.
Applying the Cisco VACS Patch to the Cisco UCS Director
Follow this procedure to apply the Cisco VACS patch to the Cisco UCS Director:
Before You Begin
• Download the Cisco VACS patch from http://www.cisco.com. This patch file is a signed zip file with
the name: VACS-5_4_STV_3_0-pkg.zip.
• Unzip the zip file and place the software in the FTP or HTTP server that you plan to use to install the
Cisco VACS patch.
Attention
You must ensure that you have downloaded the packageVACS-5_4_STV_3_0-pkg.zip,
unzipped it to extract VACS-5_4_STV_3_0.zip and placed it on an FTP or HTTP server
that you plan to use to install the Cisco VACS patch.
• If NFS mount is used for application storage, disable it before you apply a patch. If you do not, the
upgrade will fail.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
26
Installing Cisco VACS
Applying the Cisco VACS Patch to the Cisco UCS Director
Note
• We recommend that you take a snapshot of the Cisco UCS Director VM before you begin the upgrade.
If you do this, you do not need to back up the existing configuration database through an FTP server.
• The VACS-5_4_STV_3_0.zip file can only be applied to the Cisco UCS Director Release 5.4 and
the 5.4 based patch releases. If you try to apply this patch file on any other Cisco UCS Director
releases, the patch file will not be applied and you will get an error message.
• In case of an Internet Information Services (IIS) HTTP server, the Cisco VACS install script may
fail with the following error message:ERROR (TestAdapter.java:699) [TestAdapter]
downloadPackageUrl - caught an exception java.net.SocketException: Connection reset. To resolve
this problem, see Problems with Installing Cisco VACS, on page 62.
Step 1
Step 2
Log in to the SSH application using the shelladmin credentials and proceed to the Cisco UCS Director Shell Menu, and
enter the appropriate numbers from this menu.
In the shelladmin, choose Stop services to stop all services.
Step 3
To verify that all services are stopped, choose Display services status.
Step 4
(Optional) If desired, you can choose Backup database to back up the Cisco UCS Director database.
You do not need to back up the database if you took a snapshot of the Cisco UCS Director VM before you started.
Step 5
To apply the Cisco VACS patch, choose Apply patch.
Step 6
When prompted, enter the location of the Cisco VACS patch.
ftp://username:password@hostname|IP_address/software_location_and_name or http://http server
name|IP_address/software_location_and_name.
In this procedure, we are using the FTP option to install the Cisco VACS
patch.
Wait for the download and installation to complete.
After the installation is completed, choose Start services to start services.
Upon a successful VACS patch installation (or an upgrade), you see the following options on the screen:
Note
Step 7
Step 8
vacs_pre_install_3.0.sh Begin .....
vacs_pre_install_3.0.sh End
vacs_post_install_3.0.sh Begin .....
vacs_post_install_3.0.sh End
Completed installing package 0
Note
• After you apply the Cisco VACS patch and complete that installation, choose the Start Services option of
shelladmin to start/restart the Cisco UCS Director services and complete the patch process. The patch
process is not complete or successful until the Cisco UCS Director services have started, Cisco UCS
Director is available, the login screen is displayed, and the admin user can log in to Cisco UCS Director.
All Cisco UCS Director services must be started before you attempt to perform other shelladmin procedures,
such as apply additional patches, take a database backup, or restore a database from a backup.
• If the inframgr services are not running when you install fresh Cisco UCS Director, you must restart Cisco
UCS Director.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
27
Installing Cisco VACS
Verifying the Installation of Cisco VACS
Verifying the Installation of Cisco VACS
Note
You must install the Cisco VACS license before you proceed with the verification of the installation.
You can verify the installation of Cisco VACS using any of the following methods:
1 Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose
Solutions > VACS Container. You can view the Cisco VACS solution task icons.
2 Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose
Solutions > VACS Container > About VACS. You can view the installed version of Cisco VACS.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
28
CHAPTER
5
Upgrading Cisco VACS
This chapter contains the following sections:
• About Upgrading Cisco VACS, page 29
• Guidelines and Limitations, page 29
• Prerequisites for Upgrading the Cisco VACS, page 30
• Process Flowchart to Upgrade Cisco VACS, page 31
• Upgrading Cisco VACS, page 31
• Upgrading Cisco Virtual Switch Update Manager, page 32
• Verifying the Cisco VACS Upgrade Process, page 33
• Verifying the Cisco VSUM Upgrade Process, page 33
• (Optional) Upgrading Cisco Cloud Services Router (CSR) 1000V, page 34
About Upgrading Cisco VACS
You can upgrade the earlier versions of Cisco VACS to Cisco VACS Release 5.4STV3.0 by applying the
Cisco VACS patch to the Cisco UCS Director.
This upgrade process is not revocable. Hence, after you upgrade the software, you cannot downgrade this
software to the previous release.
Guidelines and Limitations
Follow these guidelines and limitations while upgrading the Cisco VACS:
• We recommend that you upgrade Cisco UCS Director to Release 5.4.0.3 before upgrading the Cisco
VACS software.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
29
Upgrading Cisco VACS
Prerequisites for Upgrading the Cisco VACS
Note
For information on upgrading Cisco UCS Director to Release 5.4 and later, see the
Upgrading Cisco UCS Director to Release 5.4 section.
• The following upgrade path is supported and recommended:
• Cisco UCS Director Release 5.4.0.2 + Cisco VACS Release 5.3STV2.1.2 > Cisco UCS Director
Release 5.4.0.3 + Cisco VACS Release 5.4STV3.0.
• Cisco UCS Director Release 5.4.0.2 + Cisco VACS Release 5.3STV2.1.1 > Cisco UCS Director
Release 5.4.0.3 + Cisco VACS Release 5.4STV3.0.
• Cisco UCS Director Release 5.3.1.2 + Cisco VACS Release 5.3STV2.0.1 > Cisco UCS Director
Release 5.4 > Cisco UCS Director Release 5.4.0.3 + Cisco VACS Release 5.4STV3.0.
Note
We recommend that you upgrade Cisco UCS Director to Release 5.4.0.3, although it is
optional if you are on Cisco UCS Director Release 5.4.0.2.
Prerequisites for Upgrading the Cisco VACS
Upgrading the Cisco VACS has the following prerequisites:
• You have installed Cisco UCS Director Release 5.4 and the 5.4 based patch releases.
Note
We recommend that you install it on Cisco UCS Director Release patch 5.4.0.3.
• The setup meets the system requirements with respect to the memory, disk size, and so on.
• You have administrator privileges to install Cisco VACS and the components.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
30
Upgrading Cisco VACS
Process Flowchart to Upgrade Cisco VACS
Process Flowchart to Upgrade Cisco VACS
Use the procedures in this chapter and the following workflow as a guide to upgrade Cisco VACS.
Figure 6: Process Workflow—Upgrading Cisco VACS
Upgrading Cisco VACS
Before You Begin
• Download the Cisco VACS patch from http://www.cisco.com. This patch file is a signed zip file with
the following format: VACS-5_4_STV_3_0-pkg.zip.
• If NFS mount is used for application storage, disable it before you apply a patch. If you do not, the
upgrade will fail.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
31
Upgrading Cisco VACS
Upgrading Cisco Virtual Switch Update Manager
Attention
Step 1
Step 2
Unzip the zip file and place the software in the FTP or HTTP server that you plan to use to install the
Cisco VACS patch.
Step 3
Start your current version of Cisco UCS Director.
Log in to the SSH application using the shelladmin credentials and proceed to the Cisco UCS Director Shell Menu, and
enter the appropriate numbers from this menu.
In the shelladmin, choose Stop services to stop all services.
Step 4
To verify that all services are stopped, choose Display services status.
Step 5
(Optional) If desired, you can choose Backup database to back up the Cisco UCS Director database.
You do not need to back up the database if you took a snapshot of the VM before you started.
Step 6
To apply the Cisco VACS patch, choose Apply patch.
Step 7
When prompted, enter the location of the Cisco VACS patch.
ftp://username:password@hostname|IP_address/software_location_and_name or http://http server
name|IP_address/software_location_and_name.
In this procedure, we are using the FTP option to install the Cisco VACS
patch.
Wait for the download and installation to complete.
When prompted, choose Start services to start services and complete the installation process.
Upon a successful VACS patch installation (or an upgrade), you see the following options on the screen:
Note
Step 8
Step 9
vacs_pre_install_3.0.sh Begin .....
vacs_pre_install_3.0.sh End
vacs_post_install_3.0.sh Begin .....
vacs_post_install_3.0.sh End
Completed installing package 0
Note
• After you apply the Cisco VACS patch and complete that installation, choose the Start Services option of
ShellAdmin to start/restart the Cisco UCS Director services and complete the patch process. The patch
process is not complete or successful until the Cisco UCS Director services have started, Cisco UCS
Director is available, the login screen is displayed, and the admin user can log in to Cisco UCS Director.
All Cisco UCS Director services must be started before you attempt to perform other shelladmin procedures,
such as apply additional patches, take a database backup, or restore a database from a backup.
• If the inframgr services are not running after you upgrade to Cisco UCS Director Release 5.4, you must
restart Cisco UCS Director.
Upgrading Cisco Virtual Switch Update Manager
The Cisco VSUM upgrade is done automatically as a part of the post-install script of the Cisco VACS patch
application. This script checks for an existing Cisco VSUM available for every virtual account and upgrades
it to Release 1.5.6.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
32
Upgrading Cisco VACS
Verifying the Cisco VACS Upgrade Process
Note
• It is important that you upgrade Cisco VSUM before you upgrade VMware vSphere to Release 6.0.
• If the Cisco VSUM upgrade process fails, see the Problems with Upgrading Cisco VACS, on page
62 section for the solution.
Verifying the Cisco VACS Upgrade Process
You can verify the Cisco VACS upgrade using any one of the following methods:
1 Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose
Solutions > VACS Container. You can view the Cisco VACS solution task icons.
2 Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose
Solutions > VACS Container > About VACS. You can view the installed version of Cisco VACS The
installed version will be 5.4STV3.0.
Verifying the Cisco VSUM Upgrade Process
You can verify the Cisco VACS upgrade using any one of the following methods:
Step 1
Check the console logs of the patch install done via the shelladmin login to Cisco UCS Director.
The follows logs are seen at the end of the upgrade process:
Printing the VSUM upgrade report
==================================
VSUM Upgrade Report
==================================
======
VSUM 1
======
Name
IP Address
vCenter_ip
Upgrade Status
Errors
Step 2
:
:
:
:
:
vsum
192.168.0.1
192.168.255.254
Success
None
Verify the Upgrade status for VSUM.
The upgrade process is successful if the upgrade status displays as Success. If the upgrade status displays failure, see
the Problems with Upgrading Cisco VACS, on page 62 section to re-run the upgrade process.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
33
Upgrading Cisco VACS
(Optional) Upgrading Cisco Cloud Services Router (CSR) 1000V
(Optional) Upgrading Cisco Cloud Services Router (CSR) 1000V
You must upgrade Cisco CSR 1000V if the Cisco VACS version that you are using is a version earlier than
Release 5.4STV2.1. In this case, you must migrate Cisco Cloud Services Router 1000V (CSR) from Release
3.14 to release 3.16.1a.
Before You Begin
Install a SCP server or an RCP server application on a TCP/IP-ready workstation or PC.
Step 1
Step 2
Download the Cisco CSR 1000V file (csr1000v-universalk9.03.16.01a.S.155-3.S1a-ext.SPA.bin) from
https://software.cisco.com/download/release.html?mdfid=284364978&softwareid=282046477&release=3.16.1aS.
Log into the Cisco CSR 1000V VM and copy the downloaded system file to the boot flash.
buni01-primary-10#copy scp: bootflash:
Address or name of remote host []?172.31.255.254
Source username [admin]? user1
Source filename []? /bkup/csr1000v-universalk9.03.16.01a.S.155-3.S1a-ext.SPA.bin
Destination finename [csr1000v-universalk9.03.16.01a.S.155-3.S1a-ext.SPA.bin]?
Passwored:
Sending file modes: C0640 354917760 csr1000v-universalk9.03.16.01a.S.155-3.S1a-ext.SPA.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Step 3
Verify that the image is available in the bootflash.
buni01-primary-10#sh bootflash: | inc bin
27
73 Nov 07 2015 07:04:48 +00:00 /bootflash/tracelogs/binos_log_R0-0.log
67 354917760 Nov 10 2015 10:23:49 +00:00
/bootflash/csr1000v-universalk9.03.16.01a.S.155-3.S1a-ext.SPA.bin
Step 4
Deregister the current smart license.
buni01-primary-10#license smart deregister
buni01-primary-10# conf t
buni01-primary-10(config)#no license smart enable
buni01-primary-10(config)#end
buni01-primary-10#
Step 5
Verify the license information using show license all command.
Step 6
Set the boot parameters to the new system file name and save the configuration.
buni01-primary-10#conf t
buni01-primary-10(config)#no boot system
buni01-primary-10(config)#boot system bootflash:csr1000v-universalk9.03.16.01a.S.155-3.S1a-ext.SPA.bin
buni01-primary-10(config)#exit
buni01-primary-10#write memory
Building configuration...
[OK]
Step 7
Verify the current version.
buni01-primary-10#sh version
Cisco IOS XE Software, Version 03.14.00.S - Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(1)S, RELEASE
SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 20-Nov-14 17:11 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2014 by cisco Systems, Inc.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
34
Upgrading Cisco VACS
(Optional) Upgrading Cisco Cloud Services Router (CSR) 1000V
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
buni01-primary-10 uptime is 3 days, 3 hours, 39 minutes
Uptime for this control processor is 3 days, 3 hours, 40 minutes
System returned to ROM by reload
System image file is "bootflash:packages.conf"
Last reload reason: <NULL>
Step 8
Reload the Cisco CSR 1000V.
buni01-primary-10# reload
Proceed with reload? [confirm]
Step 9
Verify the Cisco CSR 1000V version after it reboots.
buni01-primary-10#sh version
Cisco IOS XE Software, Version 03.16.01a.S - Extended Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S1a, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 04-Nov-15 12:09 by mcpre
For more information on the Cisco CSR 1000V upgrade process, see
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/csr1000Vswcfg/swupgradecsr.html.
Step 10
Once Cisco CSR 1000V reboots with the accurate version, set the boot level license to Cisco VACS.
buni01-primary-10(config)#license boot level vacs
% use 'write' command to make license boot config take effect on next boot
buni01-primary-10(config)#end
buni01-primary-10#write memory
Building configuration...
[OK]
Step 11
Verify that the start up and running configurations are in the Cisco VACS mode.
buni01-primary-10#sh run
buni01-primary-10#sh running-config | inc vacs
license boot level vacs
buni01-primary-10#sh start | inc vacs
license boot level vacs
buni01-primary-10#
Step 12
Reload Cisco CSR 1000V.
buni01-primary-10#reload
Proceed with reload? [confirm]
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
35
Upgrading Cisco VACS
(Optional) Upgrading Cisco Cloud Services Router (CSR) 1000V
Step 13
Once Cisco CSR 1000V reboots, verify the boot license, and configure the Cisco VACS license server information. The
Cisco VACS license server is the Cisco UCS Director appliance where the Cisco VACS software is installed.
buni01-primary-10#sh running-config | inc vacs
license boot level vacs
buni01-primary-10#sh startup-config | inc vacs
license boot level vacs
buni01-primary-10#conf t
bbuni01-primary-10(config)# platform hardware vacs connect ip <YOUR_UCSD_IP> port 5000
buni01-primary-10(config)#write memory
Step 14
Verify the system throughput.
buni01-primary-10#sh platform hardware throughput level
The current throughput level is 10000000 kb/s
buni01-primary-10#
Step 15
Check the license count in the Cisco UCS Director from Virtual > Network > VACS:CSR License Balance.
Note
The license count in Cisco UCS Director is subjective to the availability of the license.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
36
CHAPTER
6
Installing Cisco VACS Components
This chapter contains the following sections:
• Cisco VACS Installation Sequence , page 37
• Creating a Virtual Account, page 38
• Installing Cisco Prime Network Services Controller, page 38
• Installing Cisco Nexus 1000V, page 43
• About Adding Hosts to Nexus 1000V DVS, page 49
• Adding Hosts, page 50
Cisco VACS Installation Sequence
After you install the Cisco UCS Director—Cisco VACS license and apply the Cisco VACS patch to the UCS
Director, you must install and register the following components before you can create the Cisco VACS
application container templates:
• Add the virtual account.
For information about adding virtual account, see Creating a Virtual Account, on page 38
• Install Cisco Prime Network Services Controller (PNSC) using Install PNSC action button.
For information about installing Cisco PNSC, see the Installing Cisco Prime Network Services Controller,
on page 38.
• Install Cisco Nexus 1000V using the Install Nexus 1000V action button. Cisco Nexus 1000V is
automatically registered with Cisco UCS Director when you install the switch.
For information about installing Cisco Nexus 1000V, see Installing Cisco Nexus 1000V, on page 43.
• Enable Cisco Nexus 1000V forwarding on each virtualized server in the vCenter deployment using the
Add Host action button.
For information about adding hosts, see Adding Hosts, on page 50.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
37
Installing Cisco VACS Components
Creating a Virtual Account
Creating a Virtual Account
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Administration > Virtual Accounts.
The Virtual Accounts task icons appear.
Click Add.
The Add Cloud dialog box appears.
Step 3
Choose VMware from the Cloud Type drop-down list.
The Add Cloud entry form window appears.
Step 4
In the Add Cloud entry form window, complete the following mandatory fields:
1 Cloud Name—Enter the cloud name.
2 Server Address—Enter the vSphere server address.
3 Admin Credentials—Enter the administrator credentials.
Step 5
Choose the POD from the POD drop-down list.
By default, the POD fro the Virtual Account is Default POD. You can choose the applicable POD from the drop-down
list.
Step 6
Click Add and then click OK.
The new virtual account now displays in the Virtual Accounts table.
Installing Cisco Prime Network Services Controller
After a successful installation of the Cisco VACS license, Cisco UCS Director enables you to do a new
installation of Cisco PNSC. Cisco PNSC is the policy manager for Virtual Security Gateway for traffic between
the virtual machines in one virtual cloud account.
Note
The Help link provides you access to the corresponding online help.
Before You Begin
• Have the administrator privileges to install Cisco PNSC.
• Ensure that Cisco PNSC and any associated Cisco Nexus 1000V switches are not installed on the same
virtual account in Cisco UCS Director. Cisco PNSC and the Cisco Nexus 1000V must not be pre-installed
on the virtual accounts on which you plan to install these components using Cisco VACS.
• Know the location information (data center and IP address) of the host on which you are deploying the
Cisco PNSC.
• Know the virtual machine resources (management port group and data store) for the Cisco PNSC virtual
machine.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
38
Installing Cisco VACS Components
Installing Cisco Prime Network Services Controller
• Know the DNS and Network Time Protocol (NTP) server information.
• Ensure that the data store has sufficient storage space.
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Solutions > VACS Container.
The Cisco VACS management task icons appear.
Click Install PNSC.
The Install PNSC wizard appears.
Figure 7: Install PNSC Wizard
Step 3
In the Name and Location Specification screen, complete the following fields.
Name
Description
PNSC OVF Path field
The PNSC OVF path is auto-populated in this field.
Virtual Account Information
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
39
Installing Cisco VACS Components
Installing Cisco Prime Network Services Controller
Name
Description
Virtual Account drop-down list
Choose the virtual account for the PNSC installation.
Note
This virtual account can be a vCenter account or
a datacenter in a vCenter account.
PNSC Specification
PNSC Name field
Enter a unique name for the PNSC instance.
Note
The name can be alphanumeric, dashes, and
underscores and must be between 2 to 32
characters.
Admin Password field
Enter the administrator password.
Note
The admin password validation must meet the
below conditions:
• Contains between 8 to 64 characters.
• Contains at least three of the following:
1 Lowercase letters
2 Uppercase letter
3 Digits
4 Special characters
• Does not contain a character that is repeated
more than three times consecutively. For
example, aaabbb.
• Is not the user name or the reverse of the user
name.
• Passes a password dictionary check. The
password must not be based on a standard
dictionary word. PNSC uses the standard
Linux open source PAM module.
• Does not contain the following symbols:
dollar sign ($), question mark (?), slash (\),
and the equals sign (=).
• The password must not be blank for a local
user and the admin accounts.
Confirm Admin Password field
Re-enter the password.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
40
Installing Cisco VACS Components
Installing Cisco Prime Network Services Controller
Name
Description
Shared Secret field
Enter the shared secret.
The shared secret is used for authenticating control traffic
between the PNSC and the VSM that is involved in
managing security policies for and switching between a
given set of virtual machines.
Note
The shared secret password must contain the strong
password characteristics such as the following:
• Contains between 8 to 64 characters.
• Lowercase letters, uppercase letters, digits,
and special characters.
• Does not include characters such as:
1 Consecutive alphanumeric characters,
such as abcd or 1234.
2 Characters repeated three or more times,
such as aaabbb.
3 A variation of the word Cisco , such as
cisco , ocsic , or one that changes the
capitalization of letters in the word Cisco.
4 The username, or the username in
reverse.
5 A permutation of characters present in
the username or Cisco.
6 Characters such as, &, ' " `, ( ), < >, |, \,
;, $, and spaces.
Confirm Shared Secret field
Re-enter the shared password.
IPv4 Address field
Enter the management IP address that is configured on the
PNSC instance.
Note
The IPv4 address must have the following
characteristics:
• Must be a valid unicast IPv4 address.
• Must have the same subnet with the IPv4
Gateway field.
IPv4 Address Subnet Mask field
Enter the netmask address. For example, 255.255.255.0.
IPv4 Gateway Address field
Enter the default gateway.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
41
Installing Cisco VACS Components
Installing Cisco Prime Network Services Controller
Step 4
Step 5
Click Next.
In the Placement and Network Specification screen, complete the following fields.
Name
Description
Networking
DNS IPv4 field
Enter the DNS server IPv4 address.
DNS Hostname field
Enter a unique DNS hostname for the PNSC.
Note
The DNS hostname must contain the following
characteristics:
• Must be at least 2 characters, no more than
24 characters.
• Must contain an alphanumeric and a hyphen.
• Must not start with a digit.
• Must not start or end with a hyphen.
DNS Domain Name field
Enter a DNS domain name.
Note
This name should be a string value from 2 to 256
characters.
NTP IPv4 Server field
Enter the NTP server IPv4 address.
Placement Details Information
Step 6
Step 7
Datacenter drop-down list
Choose the datacenter of the host on which the PNSC
virtual machine must be deployed.
Host/Cluster drop-down list
Choose a standalone host or a host from the cluster in the
datacenter.
Management Network drop-down list
Choose the port group to which the PNSC's Management
network should be mapped.
Datastore drop-down list
Choose the datastore.
click Next.
In the Install PNSC Summary screen, verify the details of the installation. If the details are correct, click Submit.
Otherwise, click Back to go back to a previous step and modify the details.
After clicking Submit, a dialog box that appears , displays a service request number that can be used to track the progress
of the workflow, as described in the next step.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
42
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
Note
1 If the Cisco PNSC installation fails, there is an automatic rollback to clean up the installation. If Cisco PNSC
installation is successful, but the Cisco PNSC registration to the VC and the UCS Director fails, then automatic
rollback are not done.
2 If the input parameters needs to be changed, then re-submission of the workflow will not help.
3 If the Register Cisco PNSC task has failed, then re-submission of the workflow from the same task is possible.
4 If the Cisco PNSC installation fails, you can manually recover the partial or an unsuccessful installation. To
manually recover the installation, see Removing a PNSC Installation Manually, on page 65. For additional
troubleshooting tips, see Problems with Installing Cisco PNSC, on page 65.
Step 8
View the progress of the installation and deployment of Cisco PNSC by choosing the Organization > Service Requests.
In the Service Request tab, you can view the Workflow Status or Logs to determine the status of the installation and
troubleshoot problems.
Note
If the deployment task failed due to network or host issues which can be corrected, then correct the issues and
resubmit the workflow.
Installing Cisco Nexus 1000V
After successfully installing Cisco PNSC, the Cisco VACS solution enables you to install a Cisco Nexus
1000V switch. You can install multiple Cisco Nexus 1000V switches. Each of these instances are registered
with Cisco PNSC that was installed by the Cisco VACS solution.
Note
1 Cisco Nexus 1000V is licensed with 1024 licenses of the Stingray Package.
During the EVAL period, the expiry date of Cisco Nexus 1000V is the same as that of the EVAL Cisco
VACS license expiry. In case Cisco Nexus 1000V is created after installing the Cisco VACS Production
licenses, there will not be any expiry (permanent) for Cisco Nexus 1000V.
2 In case of upgrading the EVAL Cisco VACS license to the Production Cisco VACS license, an existing
Cisco Nexus 1000V is not automatically installed with the permanent licenses.
Note
The Help link provides you access to the corresponding online help.
Before You Begin
• You must be a system administrator with full privileges to perform this task.
• Set aside one IP address for the VSM and one IP address for the Cisco Virtual Switch Update Manager
(Cisco VSUM). Cisco VSUM is the Cisco Nexus 1000V installer.
• Set aside virtual machine resources (port groups and datastores) for the installer virtual machine, the
primary VSM, and the secondary VSM.
• Each VSM (primary and secondary) must have the following minimum system requirements:
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
43
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
◦2 vCPUs, 2 GHz
◦4 GB memory
◦3 GB storage space
• The Cisco VSUM must have the following minimum system requirements:
◦2 vCPUs
◦4 GB memory
◦80 GB storage space
• Reserve a unique numeric domain ID for the Cisco Nexus1000V switch.
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Solutions > VACS Container.
The Cisco VACS management task icons appear.
Click Install Nexus 1000V.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
44
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
The Cisco Nexus 1000V wizard appears.
Figure 8: Install Cisco Nexus 1000V Wizard
Step 3
In the Name and Location Specification screen, complete the following fields, and then click Next:
Name
Description
VSUM OVF Path field
The Cisco VSUM OVF path is auto-populated.
Virtual Account drop-down list
Choose the name of the cloud account that you want to install the
Cisco VSUM (installer VM) and the Cisco Nexus 1000V VSMs.
After you select the cloud account, the IP address of the Cisco
PNSC version that you earlier installed is displayed below this
field. If you have not installed Cisco PNSC earlier, then you get
an error message indicating that the Cisco PNSC server is not found
and you are not allowed to proceed with the installation.
VSUM Name field
Enter a unique name for Cisco VSUM.
Note
The name of the installer can be an alpha-numeric value,
from 2 to 256 characters long.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
45
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
Step 4
In the Placement and Network Specification screen, complete the following tasks, and then click Next:
Name
Description
Placement Details
Datacenter drop-down list
Choose the VMware datacenter to install the Cisco VSUM.
Host/Cluster drop-down list
Choose a standalone host or a host from the cluster in the datacenter.
Management Network drop-down list
Choose the port group details for this installer. Ensure that this port
group provides reachability to the IP address that you will provide
for the Cisco VSUM VM later in the installation process.
Datastore drop-down list
Choose the datastore.
Network Properties Information
Step 5
IPv4 Address field
Enter the IPv4 address of the Cisco VSUM. This IPv4 address must
be accessible through the port group that you previously chose.
IPv4 Subnet Netmask field
Enter the netmask address. For example, 255.255.255.0.
Default Gateway IPv4 field
Enter the default gateway.
In the VSM Deployment Information screen, complete the following tasks and then click Next:
Name
Description
VSM Deployment Information
Step 6
Deployment Type field
The Cisco Nexus 1000V is deployed in the High Availability (HA)
mode by default.
Firmware Version field
The firmware version of the VSM. The default version is
5.2(1)SV3(1.4).
VSM Datacenter drop-down list
Choose the VSM datacenter for deploying the VSM VMs. This is
also the datacenter in which the Cisco Nexus 1000V Distributed
Virtual Switch will be created.
In the VSM Host Selection screen, complete the following tasks and then click Next:
Name
Description
Primary VSM Host
Primary IP Address drop-down list
Choose a stanalone host or a host from the cluster on which the
primary Cisco Nexus 1000V VSM will be placed.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
46
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
Name
Description
Primary Datastore drop-down list
Choose the datastore to use for the primary VSM.
The list contains the datastores that are on host of the primary
Cisco Nexus 1000V VSM.
Secondary VSM Host
Step 7
Secondary IP Address drop-down list
Choose a standalone host or a host from the cluster on which the
secondary Cisco Nexus 1000V VSM will be placed.
Secondary Datastore drop-down list
Choose the datastore for the secondary VSM.
In the VSM Port Group screen, complete the following tasks and then click Next:
Name
Description
Port Group Information
Step 8
Control Interface Portgroup drop-down list
Choose the control interface portgroup of the VSM.
Management Interface Portgroup drop-down list
Choose the management interface portgroup of the VSM.
Packet Interface Portgroup drop-down list
Choose the packet interface portgroup of this VSM.
Note
For more information on the port groups, see the http:/
/www.cisco.com/c/en/us/support/switches/
nexus-1000v-switch-vmware-vsphere/
products-installation-and-configuration-guides-list.html
In the SVS Domain and Server Setup Specification screen, complete the following tasks and then click Next.
Name
Description
SVS Domain Setup
Domain ID field
Enter a unique ID for the SVS domain. The domain ID must be
unique across all of the Cisco Nexus 1000V virtual switches in
your datacenter.
Note
Valid range for the domain ID is between 1 to
1023.
NTP and PNSC Setup
NTP Server IP field
The IP address of the NTP server is automatically populated
with the IP address of the NTP that was provided during the
PNSC installation. This is a non-editable field.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
47
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
Step 9
Name
Description
PNSC Server IP field
The IP address of the PNSC server is automatically populated
with the IP address of the Cisco PNSC server that was provided
during the Cisco PNSC installation. This is a non-editable field.
In the VSM Profile Specification screen, complete the following tasks and then click Next.
Name
Description
VSM Profile
IPv4 Address field
Enter the management IP address that you want to configure on
the VSM.
Subnet Mask field
Enter the netmask address. For example, 255.255.255.0.
Gateway IP Address field
Enter the gateway IPv4 address.
Distributed Virtual Switch Name field
Enter a unique name for the switch. The name can be an
alpha-numeric value, from 2 to 32 characters long.
User and Password
User Name field
User name is set to admin by default and cannot be changed.
Password field
Enter the password for associated with the VSM profile. The
password must contain at least 1 uppercase letter, 1 lowercase
letter, and 1 numeric digit, and must be value between 8 to 64
characters long.
As per the Cisco Nexus 1000V password guidelines, the password
must not contain special characters. For information, see http://
www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/
sw/4_2_1_s_v_1_4/security/configuration/guide/n1000v_security/
n1000v_security_2useracct.html.
Confirm Password field
Step 10
Re-enter the password.
In the Install Nexus1000V Summary screen, verify the details of the installation. If the details are correct, click Submit.
Otherwise, click Back to go back to a previous step and modify the details.
After clicking Submit, a dialog box shows a service request number that can be used to track the progress of the Workflow,
as described in the next step.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
48
Installing Cisco VACS Components
About Adding Hosts to Nexus 1000V DVS
Note
1 If the VSUM installation fails, there is an automatic rollback to clean up the installation. If VSUM installation
is successful, but the VSM deployment fails, then only the VSM is automatically rolled back to clean up the
VSM installation. If the VSM are also deployed successfully but the VSM configuration tasks fails, then an
automatic rollback does not occur.
2 If the inputs are not right, then re-submission does not work. The Cisco Nexus 1000V wizard must be used
again to enter the correct inputs and then submit.
3 If there are any network, host, or datastore issues, then you must correct them and then resubmit the workflow
from the point of failure (in the deploy VSUM or deploy VSM tasks)
4 If the installation of Cisco VSUM for Cisco VACS fails, you can manually remove the partial installation
or unsuccessful installation. To manually remove the installation, see the Removing a Cisco Virtual Switch
Update Manager Installation Manually, on page 66. For additional troubleshooting tips, see Problems with
Installing Cisco Nexus 1000V, on page 67.
Step 11
Step 12
View the progress of the installation and deployment of the VSM by clicking on the Organization > Service Requests.
In the Service Request tab, you can view the Workflow Status or Logs to determine the status of the installation and
troubleshoot problems.
If the deployment tasks is successful, but the Config VSM task fails, then you must resubmit the workflow from the
Config VSM task to complete the installation.
About Adding Hosts to Nexus 1000V DVS
Adding hosts to Nexus 1000V DVS is a complex operation. This section describes the scope of the Add Hosts
wizard and how to translate your intended usage into proper choices.
Adding a host requires the following :
• Specifying a Nexus 1000V DVS and the host that is being added to it.
• Using a port profile editor to view the existing port profiles and to create new port profiles in case the
existing ones are inadequate for your purpose. For an overview of the Cisco Nexus1000V port profiles,
see the http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_2_1_s_v_3_1_1/
port_profile/config/b_Cisco_N1KV_VMware_Port_Profile_Config_521SV311.html
• Selecting one or more physical interfaces of the host to migrate to the virtual switch and attaching the
right port profile to each one.
• Establishing a VM kernel NIC for Cisco Nexus1000V control traffic.
• Optionally migrating previously created virtual kernel NICs (vmknics).
• Creating one or more (upto a maximum of four) VM kernel NICs for VXLAN encapsulation. In VXLAN
terminology, these VM Kernel NICs serve the role of VTEPs, which are the VXLAN Tunnel End Points.
• Optionally migrating some or all of the Virtual Machines that may already be present on the host.
Once you name the virtual account for the deployment and select the specifications from the corresponding
drop-down lists, the virtual switch and host specifications get created. Port profiles are an abstraction that
stands for a set of port level network attributes. They come in the following two flavors :
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
49
Installing Cisco VACS Components
Adding Hosts
1 Physical port profiles
These contain attributes relevant to the physical interfaces. You can set up a physical port profile to carry
multiple VLANs. One of these vlans must be designated as the native VLAN. Traffic on the native VLAN
travels on the wire, without 802.1Q encapsulation. A virtual port profile for the purposes of the 'Add Host'
wizard can carry traffic on just one VLAN. For any virtual interface, irrespective of whether it is the
interface of a VM or a VM Kernel NIC, you can associate a particular virtual port profile only if the VLAN
it specifies, has been included in one of the physical port profiles associated with one of the physical
interfaces. The VLAN associated with any virtual interface on a host must be carried on one of the physical
interfaces of that host.
Physical port profiles also specify if the interfaces that they attach to form a logical bundle and if they do,
whether it is a bundle of type '5 tuple hash-based static portchannel' or of type 'MAC Pinning'. For an
understanding of what these interface types are, see the http://www.cisco.com/c/en/us/td/docs/switches/
datacenter/nexus1000/sw/5_2_1_s_v_3_1_1/interfaces/config/
b_Cisco_N1KV_VMware_Interface_Config_521SV311/b_Cisco_Nexus_1000V_Interface_Configuration_
Guide_Release_4_2_1_SV_2_2_1_chapter_0110.html
2 Virtual port profiles
These contain attributes suitable for VMs or VM Kernel NICs. A specially designated virtual Kernel NIC
must be established on each host to exchange management and control signals with the Cisco Nexus1000V
Virtual Supervisor Module (VSM). The simplest way is to specify migrating the pre-existing management
VM Kernel NIC (usually named vmk0). Alternatively you can create a VM Kernel NIC expressly for this
purpose. If you exercise the latter option, we recommend that these specifically created VM Kernel NICs
belong to the same VLAN and have IP addresses in the same subnet as the management interface of the
VSM module. It is not necessary to ensure this when you are simply choosing to use the management VM
Kernel NIC as the control VM Kernel NIC.
You must follow this simple rule for creating VTEP VM Kernel NICs. If the physical interfaces of a host
are not in a MAC pinning mode port channel, a single VTEP NIC suffices. If they are in MAC Pinning
mode, you can create as many VTEP VM Kernel NIcs as the number of physical interfaces being migrated
on that host. Moreover, all VTEP NICs on all hosts in a single virtual switch must be in the same VLAN
and the same subnet.
The Cisco VACS Add Host wizard will try to restrict you to legitimate choices. For instance, it will try to
detect which VLAN is native on each physical interfaces that you want to migrate. It will also try to discover
which VLAN the management VMKernel NIC is on in case you choose to re-use it as the control VM Kernel
NIC. However there are times when these automatic discovery attempts can fail. You must ensure correct
choices for native VLANs of the physical interfaces as well as the VLAN for the control VM Kernel NIC.
Adding Hosts
After a successful installation of the Cisco VACS license and Cisco Nexus 1000V, you can install Cisco
Nexus 1000V Virtual Ethernet Module (VEM) for a VMware ESXserver .
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
50
Installing Cisco VACS Components
Adding Hosts
Note
• The Help link provides you access to the corresponding online help.
• Rollback recovery is not supported for the Add Host operation.
• For this release, Cisco VACs allows you to add only one host at a time to the Nexus1000 DVS.
• We recommend that you turn on the CDP on the server ports before starting the Add Host wizard.
Before You Begin
Before beginning the Cisco Nexus 1000V VEM software installation, you must know or do the following:
• The following are the disk and memory usage for the VEM software on an ESX/ESXi host:
• 6.5 MB of disk space
• Maximum of 4 GB of RAM when all Cisco Nexus 1000V features are activated.
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Solutions > VACS Container.
The Cisco VACS management task icons appear.
Click Add Host.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
51
Installing Cisco VACS Components
Adding Hosts
The Add Host wizard appears.
Figure 9: Add Host Wizard
Step 3
In the Host Location Specification screen, complete the following fields :
Name
Description
Virtual Account drop-down list
Choose the name of the virtual account.
Datacenter drop-down list
Choose the datacenter where the host is present.
Nexus 1000V Switch drop-down list
Choose a Cisco Nexus 1000V DVS to add the hosts.
Host drop-down list
Choose a standalone host or a host from the cluster in the
datacenter, that you want to add to the Nexus1000V DVS.
Step 4
Click Next.
The Port Profle Configuration screen appears.
Step 5
In the Port Profle Configuration screen, review the port profiles that can be used by the physical interfaces (PNIC) or
the virtual interfaces (VNIC).
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
52
Installing Cisco VACS Components
Adding Hosts
The Port Profle Configuration screen lets you view or create port profiles. These port profiles are applied to the physical
interfaces that you want to add to the virtual switch or to the virtual interfaces of the VMs. The Port Profile table lists
the existing port profiles and displays some suggested port profiles for the selected host. You can modify or delete the
suggested port profiles, or add new ones. After you finish managing the port profiles, you are prompted to apply them
to the host’s physical interfaces or to the VMs on the host that you want to migrate to the Cisco Nexus 1000V. Any newly
created port profiles in this list that are not assigned to any interface—physical or virtual—do not persist on the switch.
Before exiting this screen, ensure that suitable port profiles exist for all the physical server ports that you intend to migrate
to the Cisco Nexus 1000V. If the UI does not pre populate the Port Profile table with suitable port profiles, you must
add them manually.
Note
Only those port profiles that have Exists?=no can be modified. The port profile with Exists?=yes are those that
are already available on the VSM and cannot be modified. There could be instances wherein this screen will
not display any port profiles.
For Ethernet port profiles, only static port channel and virtual port channel host mode (vPC -HM) is supported.
The list of port profiles is displayed. You can modify or delete the suggested port profiles, or add new port profiles. If
you want to add more port profiles, click + and fill in the following details in the Add Entry to Port Profile screen. If
you want to modify an existing port profile, then select the appropriate port profile and click the edit (pencil) icon which
is located next to + and modify the existing field.
Step 6
In the Add Entry to Port Profile screen, complete the following fields:
Field
Description
Profile Name field
Enter a unique name for the port profile. The valid range
is 2 to 32.
Port Profile Specification
VLANs field
Enter a VLAN list as a comma-separated list of numeric
IDs and numeric ID ranges. For example,
"1,3,5-8,6-9,11,20-30". The valid range is 1 to 3967 and
4048 and 4093.
A port profile with the Physical Interface check box
checked, can usually carry multiple VLANs in a list. Port
profiles for virtual machines only carry a single VLAN.
Attempting to assign a list to a port profile with the
Physical Interface check box unchecked results in an error.
Physical Interface check box
Check this check box to indicate that this port profile is
intended for use with the physical interfaces of the host.
Uncheck the check box to indicate that the port profile is
meant for use with one or more virtual interfaces.
By default, this check box is unchecked.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
53
Installing Cisco VACS Components
Adding Hosts
Field
Description
Native VLAN field
If you check the Use for physical interfaces check box,
you can enter the Native VLAN ID for this port profile.
This field is pre-populated with a value of 1.
• The valid range is 1 to 3967 and 4048 and
4093.
Note
• Ensure that you provide the correct VLAN
for the native VLAN field. If you don't do
so, the addition of a host to the Nexus 1000V
DVS fails.
• This field is displayed if the Physical
Interface check box is unchecked. I
Channel Group MacPinning check box
Check this check box to enable port–channel of type
Mac–Pinning. If unchecked, all of the interfaces to which
this port profile is applied form a static port channel.
Note
By default, the Channel Group MacPinning is
disabled.
Click Submit.
Repeat the above steps for physical port-profiles. For virtual
machine port-profiles, only the VLAN and Native VLAN
fields are displayed. You must choose the appropriate
VLAN configuration.
Step 7
Click Next on the Port Profile Configuration screen after you have modified or added the required port profiles. .
The Physical NIC Migration Configuration screen appears.
Step 8
In the Physical NIC Migration Configuration screen, you can view all the PNICs present in the host, with a suggested
port-profile mapped to it and the migration to be set to true.
Setting the migration flag to a value of true indicates that the corresponding PNIC will be migrated to Cisco Nexus
1000V.
Step 9
To edit the Port-profile mapping, migration status, or the container traffic check for an existing PNIC, select the appropriate
PNIC and click the edit (pencil) icon and modify the existing fields.
Attention
It is necessary that you enable at least one physical NIC to use for container traffic. If you do not enable it,
you cannot proceed with the wizard.
The Edit Physical NICs Entry screen appears.
Step 10
(Optional) In the Edit Physical NICs Entry screen, modify the existing fields, and then click Submit.
Name
Description
Select PNIC to Migrate
Name field
This display-only field shows the interface name.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
54
Installing Cisco VACS Components
Adding Hosts
Name
Description
Migration check box
Check the check box to enable the migration of the PNIC
to the Cisco Nexus 1000V.
Note
By default, all the PNICs are set to true for that
migration. You can uncheck the check box to
prevent migrating the PNIC to the Cisco Nexus
1000V.
Port Profile drop-down list
Choose the port profile from the list of available port
profiles that are associated to the physical interfaces.
Use for Container Traffic check box
Check this check box to indicate that the port profile
mapped to the PNIC is data-capable. A data-capable port
profile is applied to those physical interfaces that carry all
of the container traffic. This distinguishes such a port
profile from one applied to physical interfaces intended
only to carry other traffic classes such as vMotion traffic,
host management traffic and storage traffic. All traffic
classes can also be multiplexed on the same set of interfaces
which would then still be designated as data capable.
Attention
Source vSwitch field
In every host, there must be exactly one
physical port profile in use that is marked data
capable.
This display-only field shows the virtual switch with which
the interface is currently associated.
Repeat this step for the other PNICs that you want to
modify.
Click Submit.
Step 11
In the Physical NIC Migration Configuration screen, click Next.
The Kernel NIC Migration Specification screen appears.
Step 12
In the Kernel NIC Migration Specification screen, complete the following fields:
Each host in a Cisco Nexus 1000V virtual switch must set up a virtual kernel NIC (VMKNIC) to carry the control protocol
between the host software and the VSM. In Cisco Nexus 1000V terminology, this VMKNIC is referred to as the L3
control VMKNIC of the host. This screen enables you to set up and configure the L3 control VMKNIC for the host and
also provides you an option to migrate the existing VMKNICs from the vswitch to Nexus1000V DVS.
Name
Description
Migrate Kernel NICs check box
Check the check box to view the list of all available
VMKNICs.
By default this check box is checked.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
55
Installing Cisco VACS Components
Adding Hosts
Name
Description
VM Kernel NICS table
Displays the list of all available VMKNICS. You are
allowed to edit the VLAN and the VMKNIC usage
information. This table is displayed when you check the
Migrate Kernel NICs check box.
Note
The VMKNICs whose usage is Management will
be used for L3 control communication between
the host and the VSM. You can have only 1
VMKNIC which can be management (usually the
host management VMKNIC)
An additional VMKNIC can be used for Storage
usage. This configures the iSCSI–multipath feature
on the Cisco Nexus1000V for that VMKNIC.
Important
You must ensure that the VLANs mentioned
in the table are correct for the VMKNIC and
that those VLANs are allowed in the
port-profile that was mapped to the physical
NIC in the Physical NIC Migration
Configuration screen.
Step 13
Step 14
(Optional) If you want to modify the attributes of an existing VMKNIC, then select the appropriate VMKNIC, and then
click the edit (pencil) icon and modify the existing fields.
(Optional) In the Edit VM KNICs Entry screen, modify the existing fields, and then click Submit.
Name
Description
Select VM Kernel to Migrate
Name field
This display-only field shows the VM kernel name.
VLAN drop-down list
Choose a VLAN to use with the L3 control VMKNIC. The
list contains only those VLANS that were added to the
physical port profiles and are mapped to the PNICs in the
earlier screens.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
56
Installing Cisco VACS Components
Adding Hosts
Name
Description
Usage drop-downl list
Choose the usage of the VMKNIC – management, storage,
or unassigned (blank).
Management usage is automatically added to the
management VMKNIC of the host by Cisco VACS. If it
is not matching the host management VMKNIC, change
the management usage mapping to the right VMKNIC.
If the storage VMKNIC is present, mark the VMKNIC
with usage storage. The iSCSI-mulitpath feature of the
Cisco Nexus 1000V will be added to this VMKNIC.
If the VMKNICs are not used for management or storage,
then leave the usage as unassigned.
You can have only one VMKNIC with
management usage and it has to be the ESX host
management VMKNIC.
Do not change the VMKNIC usage without verifying the
existing VMKNIC configuration and usage on the vswitch.
Note
Click Submit.
Step 15
(Optional) If you want to add new VMKNICs instead of using existing VMKNICs, then uncheck the Migrate Kernel
NICs check box and complete the following fields:
Name
Description
VLAN drop-down list
Choose a VLAN to use with the L3 control vmknic.
Note
This option is available if the Migrate Kernel
NICs check box is not checked.
Enter the IPv4 address for the L3 control VMKNIC.
IPv4 Address
Note
IPv4 Subnet Mask
This option is available if theMigrate Kernel
NICs check box is not checked.
Enter the subnet mask IPv4 address .
Note
This option is available if theMigrate Kernel
NICs check box is not checked.
Step 16
Click Next.
The VXLAN VTEP Interfaces screen appears.
Step 17
In the VXLAN VTEP Interfaces screen, click + to add entries to the list of VXLAN VTEP interfaces list.
VXLAN operation requires that each host have one or more Virtual Tunnel End Points (VTEPs). These are represented
as vmknics. If the host has data-capable physical interfaces configured in a static port channel mode, then a single VTEP
suffices. If the host has one or more physical interfaces configured using the Mac Pinning configuration, then the user
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
57
Installing Cisco VACS Components
Adding Hosts
can accordingly create as many VTEPs as there are physical interfaces in the MAC pinning configuration. Creating fewer
VTEPs results in underutilization of the physical bandwidth that is available to the host.
Name
Description
Add Entry to VTEP Interfaces
IPv4 Address field
Enter the IPv4 address of the VXLAN VTEP.
IPv4 Subnet Mask field
Enter the subnet mask IPv4 address .
VLAN drop-down list
Choose a VLAN that will receive and transmit all VXLAN
encapsulated frames. The list contains only those VLANS
that were added to the physical port profiles and are mapped
to the PNICs in the earlier screens.
Click Submit.
Note
Step 18
Step 19
You can create a maximum of four VXLAN VTEP interfaces to add to the list of interfaces. After you add the
first interface, you have to enter only the new IPV4 address to create additional interfaces. All other information
is shared between the interfaces across all hosts added via Cisco VACS.
If you want to change the VLAN or subnet mask of the VTEPs, then you must select the first VTEP that you
added, click the Edit button at the top of the table, and then change the fields. All of the VTEPS in the table
will be changed.
Attention
You must choose a sufficiently large IP subnet as all the VTEPs of all the hosts added to a single Nexus1000V
DVS will belong to the same subnet. This cannot be edited in the UI and the add host process will not
proceed further if the IP addresses of the provided subnet are completely utilized.
Click Next.
In the VM Migration Configuration screen, select the VM NIC to migrate and click Next. If you want to edit an entry,
click the Pencil icon and complete the following tasks in the Edit VM NICs to Migrate screen:
Field
Description
Select a VM to Migrate
Name field
This display-only field shows the name of virtual machine
that is being migrated.
Migration check box
The check box is unchecked by default. Check the check
box to migrate the virtual machine to the Cisco Nexus
1000V DVS.
Port Profile drop-down list
Choose the port profile for the virtual machine to migrate.
Only the virtual port profiles that were displayed or created
in the Port Profile Configuration screen are listed in this
drop-down list.
Source vSwitch field
This display-only field shows the virtual switch with which
the virtual machine is currently associated.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
58
Installing Cisco VACS Components
Adding Hosts
Field
Description
Click Submit.
If there are only fresh hosts, this list is empty. This list will be populated with VMs only when a host is previously
used and it has VMs that you want to migrate.
Click Next.
In the Add Host Summary Information screen, verify the details of the host added. If the details are correct, click
Submit. Otherwise, click Back to go back to a previous steps and modify the details.
After clicking Submit, a pop-up window appears that shows a service request number that can be used to track the
progress of the Workflow, as described in the next step.
Note
Step 20
Step 21
Step 22
You can view the progress of adding hosts, by clicking on the Organization > Service Requests. In the Service Request
tab, you can view the Workflow Status or Logs to determine the status of the installation and troubleshoot problems.
Note
1 Re-submission of Add-host is not recommended. If there are errors, navigate to the Add-Host UI and Submit
the form again. Note that, the port-profiles suggested in the 2nd screen will now have changed, so choose/edit
them appropriately.
2 If the host addition fails, you can manually remove the partial or an unsuccessful host addition. To manually
remove the hosts added, see the Removing the Hosts Manually, on page 69. For additional troubleshooting
tips, see Problems with Adding Hosts, on page 70.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
59
Installing Cisco VACS Components
Adding Hosts
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
60
CHAPTER
7
Troubleshooting Installation Issues
This chapter contains the following sections.
• Cleaning the Cisco VACS Environment, page 61
• Problems with Installing Cisco VACS, page 62
• Problems with Upgrading Cisco VACS, page 62
• Troubleshooting Cisco PNSC Installation Issues, page 65
• Troubleshooting Cisco Virtual Switch Update Manager Installation Issues, page 66
• Troubleshooting Cisco Nexus 1000V VSM Installation Issues, page 66
• Troubleshooting Adding Hosts Issues, page 69
• Generic Troubleshooting Issues, page 71
• Deleting a Database Entry From UCS Director Database Table, page 73
Cleaning the Cisco VACS Environment
Use the following order to manually clean the Cisco VACS environment.
Step 1
Step 2
Ensure that all the containers are deleted. However, if the deletion or rollback fails, you must manually remove the VMs
from the VC, and run the VC inventory in the Cisco UCS Director.
Remove all the hosts that were added to Nexus1000V DVS
For information on how to manually remove hosts, see Removing the Hosts Manually, on page 69.
Step 3
Remove Cisco Nexus 1000V.
For information on how to manually remove the Cisco Nexus 1000V VSM, see Removing the Cisco Nexus 1000V VSM
Manually, on page 66.
Step 4
Remove Cisco VSUM.
For information on how to manually remove Cisco VSUM, see Removing a Cisco Virtual Switch Update Manager
Installation Manually, on page 66.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
61
Troubleshooting Installation Issues
Problems with Installing Cisco VACS
Step 5
Remove Cisco PNSC.
For information on how to manually remove Cisco PNSC, see Removing a PNSC Installation Manually, on page 65.
Problems with Installing Cisco VACS
This section includes symptoms, possible causes, and solutions for issue (s) encountered while applying the
Cisco VACS patch.
Symptom:When you apply the Cisco VACS patch to the Cisco UCS Director using the Hypertext Transfer
Protocol (HTTP) from an IIS based HTTP Server, the patch installation fails with an error message. During
this installation failure, there is no network connectivity issues between the HTTP server and the Cisco UCS
Director.
Error Message:
(TestAdapter.java:699) [TestAdapter] downloadPackageUrl - caught an exception java.net.
SocketException: Connection reset
Possible Causes: This occurs when you use a Windows machine as the Web/HTTP Server (IIS).
Verification and Solution: To resolve this problem, configure a website that is dedicated to download large
files by disabling the HTTP Keep-Alives Enabled option for a website that the ISS hosts. To disable this option,
do the following:
• For ISS version 6:
1 Right click the configured website and click Properties. The Websites Properties dialog box appears.
2 Choose the Connections tab and uncheck Enable HTTP keep-alive.
• For ISS version 7 and 7.5:
1 Select the configured website and double click the HTTP Response headers in the Features view..
2 In the Actions panel, click Set Common Headers. Alternatively, right click in the HTTP Response
Headers Feature screen and click Set Common Headers.
3 Uncheck Enable HTTP keep-alive.
Problems with Upgrading Cisco VACS
This section includes symptoms, possible causes, and solutions for problems that you could encounter while
upgrading Cisco VACS.
1 Symptom: The Cisco VACS upgrade process fails with an error.
Error Message:
tar: /opt /infra/install/<VACS_PATCH>/patch.tar: Not found in archive
localhost logger: tar: Error exit delayed from previous errors
Possible Causes: This occurs when the installation of the previous upgrade patch was stopped abruptly,
possible because Cisco UCS Director re-booted by itself.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
62
Troubleshooting Installation Issues
Problems with Upgrading Cisco VACS
Verification and Solution: To resolve this problem, do the following:
1 Delete all Cisco VACS related files from /opt/infra/install by executing the following
comamnd:
rm -rf /opt/infra/install/VACS*
2 Reapply the Cisco upgrade patch.
2 Symptom:The Cisco VSUM upgrade process fails with an error.
Error Message:
Cannot update the Extension info at vCenter.
update_extension.sh failed with an exception: Exception in thread
"main" com.vmware.ciscon1kvim25.InvalidArgument
Possible Causes:
1 Cisco VSUM extension in VMware vSphere does not have the companyURL field as unset.
2 VMware vSphere has already been upgraded to 6.0.
Verification and Solution: To resolve this problem, perform the following steps to recover the Cisco
VSUM, re-register the extension to VMware vSphere, and to re-manage the VSM (to Cisco VSUM):
• For vCenter on Windows, do the following:
1 Go to https://VCIP/mob and log in with the vCenter credentials.
2 In a web browser, choose Content > Extension Manager.
3 Click UnregisterExtension, enter com.cisco.n1kv and then click Invoke method.
4 Log into the Windows VM hosting the vCenter, choose Start, and then run services.msc.
5 Right-click the VMware vSphere Web Client and click Stop.
6 Go to C:\ProgramData\VMware\vSphere and in the Web Client\
vc-packages\vsphere-client-serenity directory, delete the entire com.cisco.n1kv
folder.
7 Choose Start and then run services.msc.
8 Right-click the VMware vSphere Web Client and then click Start.
• For vCenter on Linux, do the following:
1 Go to https://VCIP/mob and log in with the default credentials.
2 In a web browser, choose Content > Extension Manager.
3 Click UnregisterExtension, enter com.cisco.n1kv, and then click Invoke method.
4 Go to the /var/lib/vmware/ vsphere-client/vc-packages/vsphereclient-serenity/ directory in the vCenter VM and delete the entire com.cisco.n1kv folder
using the following command:
rm -rf /var/lib/vmware/vsphere-client/ vc-packages/ vsphereclient-serenity/com.cisco.n1kv-x-x
5 Restart VMware vSphere Web Client service using the following command:
/etc/init.d/vsphere-client restart
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
63
Troubleshooting Installation Issues
Problems with Upgrading Cisco VACS
6 Check if the web client UI is working after starting the service and logging out.
• To re-register Cisco VSUM, do the following:
1 Log in to Cisco VSUM using the default credentials (root/cisco).
2 Navigate to /etc/cisco/app_install.
3 Copy the app.cfg template file to app.cfg using the following command:
cp app.cfg.template app.cfg
Note
The app.cfg template file is a hidden file in the /etc/cisco/app_install folder.
4 Open the app.cfg file by using the following command:
vi app.cfg
5 Update the IP address and change the vCenterUsernameFormat and vCenterPasswordFormat
values from hex to plain.
6 Enter the administrator credentials in the vCenterUsername and vCenterPassword fields and save
this configuration.
7 Navigate to /etc/cisco/app_install and run the following command to re-register Cisco
VSUM:
service tomcat stop; bash config_app.sh -rf; service tomcat start
• To re-manage the VSM, do the following:
1 Log in to Cisco UCS Director using the root credentials.
2 Navigate to /opt/infra/inframgr/resources.
3 Execute the managevsm.sh script using the following command:
./managevsm.sh
4 Once the VSMs are re-managed, re-run the vsum upgrade python script
(Upgrade_VSUM_1.3_1.5.6.py) located at /opt/infra/inframgr/resources to upgrade
Cisco VSUM to 1.5.6.headless.
Note
If you see problems while you add hosts or perform any other VSM related operations,
you can flap the svs connection on the vCenter and redo the operation.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
64
Troubleshooting Installation Issues
Troubleshooting Cisco PNSC Installation Issues
Troubleshooting Cisco PNSC Installation Issues
Removing a PNSC Installation Manually
You can manually remove an unsuccessful or a failed PNSC installation using the following steps.
Step 1
Delete the database entry for the <pnsc-vm-name> you want to delete, from the UCSD table STINGRAY_AJAX_DATA.
To delete the database entry from the UCS Director database table, see Deleting a Database Entry From UCS Director
Database Table, on page 73.
Step 2
From the UCS Director UI, delete the entry for the respective <pnsc-name> from Administration > Physical Account
> Multi Domain Managers.
Step 3
Step 4
Select the particular PNSC entry that you want to delete from the table and click Delete.
Power off the PNSC-VM from the vSphere Client and delete the VM.
Problems with Installing Cisco PNSC
This section includes symptoms, possible causes, and solutions for issues encountered while installing Cisco
PNSC.
Symptom:The Cisco PNSC installation workflow fails with an error message.
Error Message:
java.net.UnknownHostException:< hostname_of_the_server >,
selectedContext=<None>
Possible Causes:This occurs when the hosts are added to the VC via the host names and the DNS settings
on the UCS Director are incorrect. The reachability to the host and the PNSC OVA deployment fails when
either the DNS server is wrong, or when the DNS server is not listed as the first one in the UCS Director.
Verification and Solution: You must verify that the DNS server IP address is valid and the DNS server is
listed as the first. If not, change the order of the DNS server in such a way, that the preferred DNS server is
always listed as the first in the list. To change the order or view the DNS IP address, do the following:
1 Log into UCS Director.
2 Navigate to Administration > Guided Setup > Initial System Configuration > Launch.
3 Skip all the steps until the DNS Server appears. Edit the order of the DNS server list or add the right DNS
servers.
4 Skip the remaining steps and click Submit. You can relaunch the Cisco PNSC installation for a successful
deployment.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
65
Troubleshooting Installation Issues
Troubleshooting Cisco Virtual Switch Update Manager Installation Issues
Troubleshooting Cisco Virtual Switch Update Manager
Installation Issues
Removing a Cisco Virtual Switch Update Manager Installation Manually
Use the following procedure to manually remove Cisco Virtual Switch Update Manager while installing the
Cisco Nexus 1000V for Cisco VACS.
Step 1
Delete the database entry for the respective <vsum-vm-name> from the UCSD (Cisco UCS Director) table
‘STINGRAY_AJAX_DATA’.
Delete the <vsum-vm>. For detailed instructions about deleting a database entry, see Deleting a Database Entry From
UCS Director Database Table, on page 73.
Step 2
Delete the extension - 'com.cisco.n1kv.headless' from the vCenter Server MOB from https://<vcenter-server-ip>/mob
and click Content > Extension Manager.
Click UnregisterExtension and add the Extension key Value = com.cisco.n1kv.headless.
Power off the <vsum-VM> from the vSphere Client and delete it.
Step 3
Step 4
Troubleshooting Cisco Nexus 1000V VSM Installation Issues
Removing the Cisco Nexus 1000V VSM Manually
Use the following procedure to manually remove a Cisco Nexus 1000V VSM.
Step 1
From the Cisco Nexus 1000V console, execute the following commands:
n1k-dvs-name# configure terminal
n1k-dvs-name(config)#svs connection vCenter
n1k-dvs-name(config-svs-conn)#no vmware dvs
This will remove the DVS from the vCenter Server and any associated port-groups. Do you really want
to proceed(yes/no)? [yes] yes
n1k-dvs-name(config-svs-conn)#no connect
n1k-dvs-name(config-svs-conn)#end
n1k-dvs-name#copy running-config startup-config (optional)
Step 2
Step 3
Power off the primary and secondary VSM VMs from the vSphere Client and delete both the VMs.
Delete the database entry for the respective <Nexus1000V-dvs-name> from the Cisco UCSD table
STINGRAY_AJAX_DATA.
To delete the database entry, see Deleting a Database Entry From UCS Director Database Table, on page 73.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
66
Troubleshooting Installation Issues
Problems with Installing Cisco Nexus 1000V
Step 4
Step 5
Select the entry for the respective <Nexus1000V dvs> from Cisco UCS Director UI from Administration > Physical
Account > Manage Network Elements and click Delete Nework Element.
Delete the lock entry for a Cisco Nexus 1000V from the STINGRAY_LOCK_DATA table using the DELETE FROM
STINGRAY_LOCK_DATA WHERE LOCKID=’<VSM-IP>’ ; command.
Problems with Installing Cisco Nexus 1000V
This section includes symptoms, possible causes, and solutions for issues encountered while installing Cisco
Nexus 1000V.
1 Symptom:The Cisco Nexus 1000V installation fails.
Possible Causes:The ESX host, on which the VSM VM is being deployed, will be unreachable to the
VSUM. The error message in the SR states the following error message:
Handler failed with error - No route to host
Verification and Solution:Check if the ESX host is added to VCenter via the hostname or the IP address.
Ping that hostname or IP address from the VSUM console and see if the ping is successful or not. If it is
not successful, rectify the network/DNS settings and retry.
2 Symptom:The Cisco Nexus1000V Installation fails with nsc-pa-agent install failure. (PNSC-N1kv
connection).
Possible Causes:Time sync issues between Cisco PNSC and Cisco Nexus 1000V.
Verification and Solution:To resolve this issue, do the following:
1 Choose Administration > System > System Task to perform an inventory collection for the virtual
account, Cisco PNSC, and Cisco Nexus 1000V:
a VMware Inventory collector Virtual Account Name
b Infra Network Inventory collection task.
c PNSC Inventory collector PNSC Name.
Proceed to the next step if the problem is not resolved.
2 Verify that the Cisco Nexus 1000V status is in a running mode in the Cisco PNSC. To verify this, do
the following:
1 Enter https://server-ip-address, where server-ip-address is the IP address of Cisco PNSC.
2 In the Prime Network Services Controller window, enter the appropriate administration
credentials.
3 Choose Resource Management > Resources > VSM and verify that the VSM is running. If not,
proceed to step 3.
3 Check the connectivity between Cisco Nexus 1000V and Cisco PNSC. If the connectivity is fine,
proceed to step 4.
4 Ensure that the NTP server is reachable from Cisco PNSC, and the time synchronization has happened
properly. To verify this, log into Cisco PNSC using SSH and verify the time stamp using the show
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
67
Troubleshooting Installation Issues
Problems with Installing Cisco Nexus 1000V
clock command. If the NTP server is not reachable from Cisco PNSC and if you want to change the
NTP server, do the following:
1 In the Prime Network Services Controller window, enter the appropriate administration
credentials.
2 Set the time zone.
1 Choose Administration > System Profile > root > system profile > default.
2 Select the time zone under the General tab, and click Save.
3 Add an external NTP server as the time source.
1 Choose Administration > System Profile > root > system profile > default.
2 Select Add NTP Server under the Policy tab.
3 Enter the NTP server host name or the IP address, click OK, and then click Save.
Caution
We recommend that you do not set the time zone after you add the NTP server.
5 Verify the connectivity between Cisco Nexus 1000V and the NTP server.
6 Check the time stamp using the and the show clock and the show ntp peer status commands.
7 If the NTP server is not reachable and if you want to configure a new NTP server, use the ntp server
< NTP server IP address > command.
8 Verify the time and the NTP synchronization status using the show clock and the show ntp peer-status
commands.
9 Log into Cisco Nexus 1000V using the SSH application and unconfigure the PA agent configuration
using the following commands:
nsc-policy-agent
no policy-agent-image
no shared-secret
no registration-ip
10 Reconfigure the PA agent using the following commands:
nsc-policy-agent
registration-ip <PNSC Ip address>
shared-secret <shared Secret used during PNSC deployment >
policy-agent-image bootflash:/vsmcpa.3.2.2b.bin
11 Check the PA agent status using the following command:
show nsc-pa status
If the status shows an error message, then unconfigure the NTP server on Cisco 1000V using the no
ntp server < NTP server IP address > command and configure the system clock using the clock set
command, where the time should be 30 seconds ahead of the PNSC time stamp. Once configured,
repeat step 9 and step 10.
12 After the installation of the PA is successful, perform step 1 and create a template.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
68
Troubleshooting Installation Issues
Troubleshooting Adding Hosts Issues
Troubleshooting Adding Hosts Issues
Removing the Hosts Manually
Use the following procedure to manually remove the hosts added to the Cisco Nexus 1000V distributed virtual
switch (DVS).
Step 1
If not already added, add a physical NIC or VMNIC to the vSphere Standard Switch and navigate to vSphere Standard
Switch.
Attention
This step is applicable only if one physical NIC or VMNIC is migrated to the N1KV DVS. If more than a
physical NIC or VMNIC is migrated to the Cisco Nexus 1000V DVS, then skip to Step 3.
Step 2
Step 3
Select the Physical NIC or VMNIC from Properties > Network Adapters > Add.
Migrate the VMKNIC back to the vSwitch.
Note
You must select the appropriate VLAN ID that facilitates management connectivity.
Step 4
In the vSphere Distributed Switch, navigate to Manage Virtual Adapters and select the management VMKNICs and
click Migrate. Choose the appropriate vSphere Standard Switch and the port-group that facilitates management
connectivity, and proceed with the migration.
Repeat this step for all relevant and necessary VMKNICs.
Step 5
To remove newly created Layer 3 control (Nexus 1000V control) VMKNIC and the VTEP VMKNICs, navigate to the
Manage Virtual Adapters in the vSphere Distributed switch and select the appropriate virtual adapter and click Remove.
To move all virtual machines from Cisco Nexus 1000V to vSwitch, select the VM and navigate to Edit Settings and
change the network adapter's port group mapping to a port-group on the VMware Standard vSwitch.
To remove the host from the distributed virtual switch, perform the following steps:
a) In the Networking sub menu, select the Nexus 1000V DVS from the left panel.
b) From the Hosts tab on the right panel, select the particular host to be deleted.
c) Right click and select Remove from the vSphere Distributed Switch.
Note
These steps ensure that all the PNICs associated with the DVS are removed and are made available.
Step 6
Step 7
Step 8
To remove the VIB from the host, move the host to maintenance mode and SSH to the host and execute the following
command : esxcli software vib remove -n cisco-vem-v170-esx
Step 9
To clean up the VTEP entries for the host from the UCS Director database, perform the following steps:
a) Log on to Cisco UCS Director as root user and enter mysql --user=admin --password=<ucsd db password>
<db-name> to access the UCS Director database.
b) Use the following syntax to remove the VTEP entries for the host that was removed:
DELETE from STINGRAY_VTEPS_PER_HOST where HOSTIP="<VEM-HOSTIP>";
e.g.
DELETE from STINGRAY_VTEPS_PER_HOST where HOSTIP="10.10.10.1";
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
69
Troubleshooting Installation Issues
Problems with Adding Hosts
Problems with Adding Hosts
This section includes symptoms, possible causes, and solutions for issues encountered while adding hosts.
1 Symptom:The Port-profile screen does not show any port-profiles and manually adding one, throws an
error stating that the vSwitch migration spec is missing.
Verification and Solution: To resolve this issues, verify that there is atleast one port group on the vSwitch.
If the default port groups "VM Network" and the "Management VM" are not available, do the following:
1 Navigate to vCenter and create a port group on the vSwitch, of type, virtual machine.
2 In the UCS Director, navigate to Virtual > Compute > Your VC Account > Polling > Request
Inventory Collection.
After the inventory collection is completed, open the Add Host wizard and navigate to the Port Profile
screen. The list of port profile suggestions is displayed.
2 Symptom:The add host operation fails when you add a host that has a VMWare DVS installed on it.
Verification and Solution:Either remove the VMWare DVS from that host or use another host that does
not have the VMWare DVS installed on it.
3 Symptom:The add host operation could fail when you add a host which has a previous Cisco Nexus 1000V
vib version.
Verification and Solution:Remove the Cisco Nexus 1000V vib version and add it again.
4 Symptom:The add host screen does not display the list of available hosts.
Verification and Solution:Reboot the VSUM.
5 Symptom: The add host operation fails with an error message.
Error Message:
INTERNAL_ERROR, VSUM Error Message : null
Possible Causes: The vSwitch of the PNIC that was used for the add host operation does not have any
port groups.
Verification and Solution:To resolve this issue, do the following:
1 Navigate to vCenter and create a VM network port group on the vSwitch, of type, virtual machine.
2 In the UCS Director, navigate to Virtual > Compute > Your VC Account > Polling > Request
Inventory Collection.
After the inventory collection is completed, open the Add Host wizard and complete the installation
process.
6 Symptom: vm_kernel_IP_in_use VSUM Error Message : null
Verification and Solution:Change the VMKNIC IP (L3 or vteps) and submit the Add-host operation.
7 Symptom:virtualNIC_dendency_on_PNIC, VSUM Error Message : null
Verification and Solution:There was a VM template using VM network pg on that vSwitch. When you
try to migrate the pnic mapped to vswitch to dvs, VSUM(Nexus1000V installer) throws an error.
8 Symptom: Vlans_not_backed, VSUM Error Message : null
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
70
Troubleshooting Installation Issues
Generic Troubleshooting Issues
Verification and Solution: If VLANs of existing vmknics/new L3 control vmknic/Vteps/VMs are not
present in the uplink port-profile chosen for the pnics.
9 Symptom: VSM_operation error, VSUM Error Message : null
Verification and Solution: Some of the configuration commands have failed on the Nexus 1000V. Log
in to Nexus 1000V and check the accounting log. The show accounting log will show some commands
as 'FAILURE'.
10 Symptom:The add host operation completes without VSUM throwing up an exception, but the workflow
times out.
Verification and Solution: Reboot the VSUM
Generic Troubleshooting Issues
This section includes symptoms, possible causes, and solutions for issue(s) encountered while creating a new
template or editing an existing template.
Symptom:Creating a new template or editing an existing template fails with an error message.
Error Message:
No Registered PNSC Account found for the selected virtual account < Account Name > and
switch
< switch Name >
Possible Causes:Communication issues between Cisco PNSC and Cisco Nexus 1000V.
Verification and Solution:To resolve this issue, do the following:
1 Choose Administration > System > System Task to perform an inventory collection for the virtual
account, Cisco PNSC, and Cisco Nexus 1000V:
a VMware Inventory collector Virtual Account Name
b Infra Network Inventory collection task.
c PNSC Inventory collector PNSC Name.
Proceed to the next step if the problem is not resolved.
2 Verify that the Cisco Nexus 1000V status is in a running mode in the Cisco PNSC. To verify this, do the
following:
a Enter https://server-ip-address, where server-ip-address is the IP address of Cisco PNSC.
b In the Prime Network Services Controller window, enter the appropriate administration credentials.
c Choose Resource Management > Resources > VSM and verify that the VSM is running. If not,
proceed to step 3.
3 Check the connectivity between Cisco Nexus 1000V and Cisco PNSC. If the connectivity is fine, proceed
to step 4.
4 Ensure that the NTP server is reachable from Cisco PNSC, and the time synchronization has happened
properly. To verify this, log into Cisco PNSC using SSH and verify the time stamp using the show clock
command. If the NTP server is not reachable from Cisco PNSC and if you want to change the NTP server,
do the following:
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
71
Troubleshooting Installation Issues
Generic Troubleshooting Issues
a In the Prime Network Services Controller window, enter the appropriate administration credentials.
b Set the time zone.
1 Choose Administration > System Profile > root > system profile > default.
2 Select the time zone under the General tab, and click Save.
c Add an external NTP server as the time source.
1 Choose Administration > System Profile > root > system profile > default.
2 Select Add NTP Server under the Policy tab.
3 Enter the NTP server host name or the IP address, click OK, and then click Save.
Caution
We recommend that you do not set the time zone after you add the NTP server.
5 Verify the connectivity between Cisco Nexus 1000V and the NTP server.
6 Check the time stamp using the and the show clock and the show ntp peer status commands.
7 If the NTP server is not reachable and if you want to configure a new NTP server, use the ntp server <
NTP server IP address > command.
8 Verify the time and the NTP synchronization status using the show clock and the show ntp peer-status
commands.
9 Log into Cisco Nexus 1000V using the SSH application and unconfigure the PA agent configuration using
the following commands:
nsc-policy-agent
no policy-agent-image
no shared-secret
no registration-ip
10 Reconfigure the PA agent using the following commands:
nsc-policy-agent
registration-ip <PNSC Ip address>
shared-secret <shared Secret used during PNSC deployment >
policy-agent-image bootflash:/vsmcpa.3.2.2b.bin
11 Check the PA agent status using the following command:
show nsc-pa status
If the status shows an error message, then unconfigure the NTP server on Cisco 1000V using the no ntp
server < NTP server IP address > command and configure the system clock using the clock set command,
where the time should be 30 seconds ahead of the PNSC time stamp. Once configured, repeat step 9 and
step 10.
12 After the installation of the PA is successful, perform step 1 and create a template.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
72
Troubleshooting Installation Issues
Deleting a Database Entry From UCS Director Database Table
Deleting a Database Entry From UCS Director Database Table
Step 1
Log on to Cisco UCS Director as root user and enter mysql --user=admin --password=<ucsd db password> <db-name>
to access the UCS Director database.
example:
mysql --user=admin --password=cloupia db_private_admin
Step 2
Enter the following SQL query to delete a database entry from the UCS Director database table:
DELETE FROM <table_name>
WHERE <some_column>=<some_value>;
example:
DELETE FROM STINGRAY_AJAX_DATA
WHERE VMNAME = ’vsum_vm’;
Step 3
Enter the following SQL query to examine the entries in the table before or after the deletion:
SELECT ALL <comumn_name> FROM <table_name>;
Example:
SELECT ALL VMNAME FROM STINGRAY_AJAX_DATA;
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
73
Troubleshooting Installation Issues
Deleting a Database Entry From UCS Director Database Table
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
74
CHAPTER
8
FAQs
This chapter contains the following sections.
• Cisco VACS Installation FAQs, page 75
• Cisco VACS Licensing FAQs, page 78
Cisco VACS Installation FAQs
• General Installation
General Installation
Q. I have an existing Cisco Nexus 1000V in my datacenter. Do I still need to install Cisco Nexus 1000V for
Cisco VACS?
A. Yes, you have to install Cisco Nexus 1000V for Cisco VACS using the Cisco VACS solution UI in Cisco
UCS Director.
Q. I have an existing Cisco Prime Network Services Controller (PNSC), Cisco Nexus 1000V and Cisco VSUM
in my datacenter. Can I reuse them ?
A. No, you cannot reuse the Cisco VACS components. You have to install the components using the Cisco
VACS solution UI in Cisco UCS Director.
Q. Can I install the Cisco VACS solution on Cisco UCS Director 4.x and earlier versions?
A. No. The Cisco VACS solution requires Cisco UCS Director version 5.1 or later.
Q. Can I migrate the existing Virtual Machines (VM) to the Cisco Nexus 1000V installed by Cisco VACS ?
A. Yes, but you cannot use them as part of a Cisco VACS container. However, you can create a VM template
of an existing VM and use the same in the Cisco VACS containers.
Q. Do I need to follow a specific sequence for installing the Cisco VACS infrastructure components?
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
75
FAQs
Cisco VACS Installation FAQs
A. Yes. Install the Cisco VACS sequence in the following order :
1 Install PNSC
2 Install Cisco Nexus 1000V
3 Add Host
Q. Are there any recommendations for a PNSC host name/ Admin Password / Shared Secret ?
A. Yes. The recommendations are as follows:
Name
Recommendation
PNSC Host Name
The host name must include minimum two
characters and must follow the RFC 952 standard.
As per this standard, the host name can contain only
the following characters:
• ASCII letters "a" through "z" in a
case-insensitive manner
• Numerics from "0" to "9"
• Hyphen ("-")
Note
The host name must not start with a
numeric or with a hyphen and must not end
with a hyphen.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
76
FAQs
Cisco VACS Installation FAQs
Admin Password
The admin password validation must meet the below
conditions:
• Contains a minimum of eight characters.
• Contains at least three of the following:
1 Lowercase letters
2 Uppercase letter
3 Digits
4 Special characters
• Does not contain a character that is repeated
more than three times consecutively. For
example, aaabbb.
• Is not the user name or the reverse of the user
name.
• Passes a password dictionary check. The
password must not be based on a standard
dictionary word. PNSC uses the standard
Linux open source PAM module.
• Does not contain the following symbols: dollar
sign ($), question mark (?), slash (\), and the
equals sign (=).
• The password must not be blank for a local
user and the admin accounts.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
77
FAQs
Cisco VACS Licensing FAQs
Shared Secret
The shared secret password must contain the strong
password characteristics such as the following:
• At least eight characters.
• Lowercase letters, uppercase letters, digits,
and special characters.
• Does not include characters such as:
1 Consecutive alphanumeric characters, such
as abcd or 1234.
2 Characters repeated three or more times,
such as aaabbb.
3 A variation of the word Cisco , such as
cisco , ocsic , or one that changes the
capitalization of letters in the word Cisco.
4 The username, or the username in reverse.
5 A permutation of characters present in the
username or Cisco.
6 Characters such as, &, ' " `, ( ), < >, |, \, ;,
$, and spaces.
Cisco VACS Licensing FAQs
Q. Does Cisco VACS automatically license CSR evaluation licenses when Cisco VACS permanent licenses
are installed ?
A. No. You must manually apply the CSR license for the existing containers which have been deployed with
the EVAL license.
Q. Can I install Cisco VACS licenses on Cisco Nexus 1000V?
A. No, you cannot install Cisco VACS licenses on Cisco Nexus 1000V. Only Cisco VACS can install the
Cisco Nexus 1000V licenses for Cisco VACS.
Q. How many workload VMs and containers are allowed per Cisco VACS license?
A. There is no limit on how many workload VMs you can add to a Container, but the number of VMs on a
server is limited by the Cisco UCS Director server licenses installed.
Q. How many workload VMs are allowed per container?
A. There is no technical limit on the number of workload VMs permitted per Cisco VACS container.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
78
FAQs
Cisco VACS Licensing FAQs
Q. Can I use evaluation licenses with UCSD Production licenses?
A. No, Cisco VACS evaluation licenses can be used only with Cisco UCS Director evaluation licenses.
Q. Can fenced containers and Cisco VACS co-exist with a Cisco VACS license?
A. Yes, they can.
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
79
FAQs
Cisco VACS Licensing FAQs
Cisco Virtual Application Cloud Segmentation Services Installation and Upgrade Guide, Release 5.4STV3.0
80

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz