Cisco Virtual Application Cloud Segmentation Services Self-Service
Portal User Guide, Release 5.4STV2.1
First Published: November 16, 2015
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
© 2015
Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Overview 1
About Cisco Virtual Application Cloud Segmentation Services 1
About the Self-Service Portal 1
Logging Into the Cisco UCS Director 2
Understanding the Self-Service Portal 3
Related Documentation for the Cisco Virtual Application Cloud Segmentation Services 4
CHAPTER 2
Managing Service Requests 7
About Service Requests 7
Service Request Workflows 7
Creating a Service Request for Service Container Catalogs 8
Viewing the Service Request Status 9
Viewing the Service Request History for a Group 10
Cancelling a Service Request 10
Searching the Service Request History for a Group 10
Exporting Group Service Requests History 11
CHAPTER 3
Performing VM Lifecycle Management 13
About VM Lifecycle Management Actions 13
Viewing All VMs 15
Managing VM Power 15
Resizing VMs 17
Managing VM Snapshots 17
Creating Snapshots 18
Reverting Snapshots 18
Marking a Snapshot as Golden 19
Unmarking a Golden Snapshot 20
Deleting Snapshots 20
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
iii
Contents
Deleting All Snapshots 21
Creating a VM Disk 21
Resizing a VM Disk 22
Deleting A VM Disk 23
Resynchronizing a VM 23
Adding vNICs 24
Deleting vNICs 24
Viewing VM Details 25
About OVF Files 25
Uploading OVF Files 25
Deleting OVF Files 26
Launching VM Client 27
Enabling the VNC Console on a VM 27
Testing VNC Connectivity 28
Enabling or Disabling VMRC Console Access 28
Mounting the ISO Image as CD/DVD Drive 29
CHAPTER 4
Working with the Cisco VACS Self-Service Portal 31
Viewing Reports 31
Types of Reports 32
Powering on the Application Container 34
Powering off the Application Container 34
Adding Virtual Machines 34
Deleting Virtual Machines 37
Managing Service VM Passwords 37
Configuring Static NAT to the Virtual Machines 38
Configuring ERSPAN 39
Managing Firewall Policies 40
Viewing Firewall ACL Rules 41
Adding Firewall ACL Rules 41
Editing Firewall ACL Rules 43
Deleting Firewall ACL Rules 44
Deleting Application Containers 45
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
iv
CHAPTER
1
Overview
This chapter contains the following sections.
• About Cisco Virtual Application Cloud Segmentation Services, page 1
• About the Self-Service Portal, page 1
• Related Documentation for the Cisco Virtual Application Cloud Segmentation Services, page 4
About Cisco Virtual Application Cloud Segmentation Services
Cisco Virtual Application Cloud Segmentation (VACS) Services is a software solution that automates the
coordinated licensing, installation, and deployment of multiple virtual services in your datacenter to enable
an easy and efficient setup of virtualized applications. Cisco VACS provides a fully customizable extended
application container abstraction to simplify deploying and provisioning the virtual services. Cisco VACS
allows you to define extended application container templates and to instantiate them through automated setup
and provisioning of the underlying virtual components. Cisco UCS Director provides the management interface
to deploy, provision, and monitor the Cisco VACS solution.
Cisco VACS provides you with a choice of ready-to-use application container templates that define the rules
for deploying a collection of virtual machines (VMs) within a private network secured by a firewall. An
application container is a set of virtual services such as virtual switches, routers, firewalls, and other network
devices configured in a consistent manner to deploy different workloads. When you create and instantiate an
application container template, Cisco VACS deploys VMs, and configures networks, the firewall, and virtual
switches, and enables quick provisioning of network and security at the virtual layer.
About the Self-Service Portal
You can use the Cisco UCS Director Self-Service Portal for self-service provisioning, monitoring, and
management capabilities. With the Self-Service Portal, you can create a request for a VACS container, perform
container related operations permitted for the service end user.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
1
Overview
Logging Into the Cisco UCS Director
Attention
• This document describes the Self-Service Portal for a service end user only. For information on the
Self-Service Portal for administrators, see the http://www.cisco.com/c/en/us/support/
servers-unified-computing/ucs-director/products-maintenance-guides-list.html.
• This user guide documents all of the configuration settings available in the Cisco VACS Self-Service
Portal. This guide assumes that your network administrator has configured the portal to display all
user settings. If a setting that is in this guide does not appear in the Cisco VACS Self-Service Portal
UI that you are accessing, you must contact your network administrator.
Logging Into the Cisco UCS Director
Step 1
Step 2
In the Address field of the browser, enter the IP address of the Cisco UCS Director and press Enter.
The Cisco UCS Director login page appears.
Enter the username and password in the Username and Password fields, and click Login.
The Cisco UCS Director home page appears.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
2
Overview
Understanding the Self-Service Portal
Understanding the Self-Service Portal
This section describes the Self-Service portal and the Cisco VACS features that you can access using Cisco
UCS Director.
Figure 1: Self-Service Portal
Table 1: Elements of the Self-Service Portal
Number
Description
1
The Menu bar displays tabs that allow you to view the Cisco VACS solution
interface, along with the UCS Director Self-Service tabs.
2
The sub menu displays the tabs that provide details corresponding to the
menu tabs.
3
The subset menu displays the Cisco VACS features that allow you to power
on/off a container, add and delete VMs, manage the service VM passwords,
and configure the ERSPAN and Static NAT features, and manage the service
vm password and firewall policies.
4
The Application Containers area displays the available containers.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
3
Overview
Related Documentation for the Cisco Virtual Application Cloud Segmentation Services
5
This sub menu displays buttons that allows you to do the following:
• customize the table
• export reports
• add an advance filter
• search
6
This sub menu displays buttons that allows you to do the following:
• view user information
• log out of the Cisco UCS Director interface
• view the Cisco web page
• view information about the Cisco UCS Director
• view the Cisco UCS Director Online Help
• search for objects
Related Documentation for the Cisco Virtual Application Cloud
Segmentation Services
This section lists the documents used with the Cisco VACS components and are available on Cisco.com at
the following URL:
Cisco Virtual Application Cloud Segmentation Services Documentation
General Information
Cisco Virtual Application Cloud Segmentation Services Release Notes
Installation and Upgrade
Cisco Virtual Application Cloud Segmentation Installation and Upgrade Guide
Configuration
Cisco Virtual Application Cloud Segmentation Configuration Guide
User Information
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide
Nexus 1000V Documentation
For the Cisco Nexus 1000V for VMware vSphere Documentation:
Cisco Nexus 1000V for VMware vSphere Documentation
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
4
Overview
Related Documentation for the Cisco Virtual Application Cloud Segmentation Services
Prime Network Services Controller Documentation
Cisco Prime Network Services Controller Documentation
Cloud Services Router 1000V Documentation
Cisco Cloud Services Router 1000V Documentation
Virtual Security Gateway Documentation
Cisco Virtual Security Gateway Documentation
UCS Director Documentation
Cisco UCS Director Documentation
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
5
Overview
Related Documentation for the Cisco Virtual Application Cloud Segmentation Services
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
6
CHAPTER
2
Managing Service Requests
This chapter contains the following sections.
• About Service Requests, page 7
• Service Request Workflows, page 7
• Creating a Service Request for Service Container Catalogs, page 8
• Viewing the Service Request Status, page 9
• Viewing the Service Request History for a Group, page 10
• Cancelling a Service Request, page 10
• Searching the Service Request History for a Group, page 10
• Exporting Group Service Requests History, page 11
About Service Requests
You can use the self-service provisioning feature to create a service request to provision virtual machines
(VMs), services, or applications.
Service Request Workflows
The service request workflow can be summarized into several stages:
• Initiation—Service request initiation.
• Resource Allocation—Resources required for VM provisioning.
• Provision—The act of provisioning a VM.
• Setup Lifecycle Schedule— The scheduled and termination time.
• Notify—An email notice that states information about the container is sent to the user.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
7
Managing Service Requests
Creating a Service Request for Service Container Catalogs
Creating a Service Request for Service Container Catalogs
The administrator publishes catalogs to a group and end users choose the required catalog to create a service
request.
Before You Begin
This type of service request requires that a service container catalog be available for selection.
Step 1
Step 2
On the menu bar, choose Catalog > Service Container.
Double click the appropriate catalog and then click Create Request.
The Create Service Request wizard appears.
Note
You can also create a service request using the Services tab. To navigate to the Create Service Request wizard,
do the following:
1 choose Services > Service Requests > Create Request.
2 In the Create Request dialog box, choose Service Container, and then click Submit to view the Create
Service Request wizard. You can then proceed with the service request procedure.
Step 3
In the Create Service Request screen, view the following fields:
Name
Description
Catalog Type drop-down list
The type of catalog is auto populated.
Select Catalog drop-down list
The catalog to be provisioned is auto populated.
Step 4
Click Next.
The Deployment Configuration screen appears.
Step 5
In the Deployment Configuration screen, do the following:
Name
Description
Comment field
Enter the description for the service request.
Provision drop-down list
Choose the deployment time
The available options are Now and Later.
If you select Later, you are allowed to choose a date and
time for this deployment.
Service Container Name field
Step 6
Enter the container name.
Click Next.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
8
Managing Service Requests
Viewing the Service Request Status
The Summary screen appears.
Step 7
In the Summary screen, review the information for accuracy, and then click Submit.
Viewing the Service Request Status
Before You Begin
Create a service request.
Step 1
Step 2
Step 3
Choose Services > Service Request.
Choose a service request.
Click View Details.
The Service Request screen provides the details regarding the service request and the related workflow steps. From this
page you view the status for each workflow step. Details, such as the time, are also displayed in addition to each step's
status (color-coded).
• Grey—Indicates the step still needs to be completed.
• Green—Indicates the step completed successfully.
• Red—Indicates the step failed. The reason for the failure is also specified under the step.
• Blue—Indicates more input is required from the user for the step to be completed. For example, if an approver was
defined for this service request, blue indicates that the service request is waiting for approval.
Name
Description
Overview section
Request ID field
The service request ID number.
Request Type field
The type of request (for example, VM)
Workflow Name field
The name of the workflow.
Request Time field
The time the service request was created.
Request Status field
The status of the service request (for example, Complete,
Canceled, or Failed).
Comments field
Comments added during the service request creation.
Ownership section
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
9
Managing Service Requests
Viewing the Service Request History for a Group
Name
Description
Group field
The group to which the user requesting the service request
belongs.
Initiating User field
The user who initiated the service request.
Note
Approvers can view service requests that need their approval under the Approvals
tab.
Viewing the Service Request History for a Group
End users can view all service requests created for your group.
On the menu bar, click Services and choose the Service Requests tab.
Cancelling a Service Request
After submitting a service request, you can cancel it for any reason.
Before You Begin
Creating a service request.
Step 1
Step 2
Step 3
Step 4
On the menu, choose Services > Service Requests.
Choose the service request entry that needs to be canceled.
Click Cancel Request.
Click Submit to cancel the service request.
Searching the Service Request History for a Group
End users can search for the service request history for their group.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
10
Managing Service Requests
Exporting Group Service Requests History
Before You Begin
Create a service request.
Step 1
Step 2
On the menu bar, choose the Services > Service Request tab.
Enter the text or service request number in the search field.
Note
Criteria can be any text from any of the
columns.
Exporting Group Service Requests History
Reports of service requests for all groups or any particular group can be exported into a tabular format.
Before You Begin
Creating service requests.
Step 1
Step 2
On the menu bar, choose Services > Service Requests.
Click the Export Report icon to generate a report of service requests.
Reports can be exported in PDF, CSV, or XLS format.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
11
Managing Service Requests
Exporting Group Service Requests History
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
12
CHAPTER
3
Performing VM Lifecycle Management
This chapter contains the following sections.
• About VM Lifecycle Management Actions, page 13
• Viewing All VMs, page 15
• Managing VM Power, page 15
• Resizing VMs, page 17
• Managing VM Snapshots, page 17
• Creating a VM Disk, page 21
• Resizing a VM Disk, page 22
• Deleting A VM Disk, page 23
• Resynchronizing a VM, page 23
• Adding vNICs, page 24
• Deleting vNICs, page 24
• Viewing VM Details, page 25
• About OVF Files, page 25
• Launching VM Client, page 27
• Enabling the VNC Console on a VM, page 27
• Testing VNC Connectivity, page 28
• Enabling or Disabling VMRC Console Access, page 28
• Mounting the ISO Image as CD/DVD Drive, page 29
About VM Lifecycle Management Actions
You can perform post provisioning lifecycle management actions that are permitted by the administrator. You
can also view the entire list of virtual machines (VMs) provisioned using service requests under their group.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
13
Performing VM Lifecycle Management
About VM Lifecycle Management Actions
All VMs that belong to a particular group are displayed. The administrator decides which of these management
actions are permitted to you.
Attention
After you perform any of the following VM lifecycle management actions, it is important that you perform
the VM sync operation to get the latest status and other related information of the VM.
The available VM lifecycle management actions are as follows:
1 VM Power Management
• Power On
• Power Off
• Suspend
• Standby
• Reset
• Reboot
• Shutdown Guest
2 VM Resizing
• Resize VM
3 VM Snapshot Management
• Create Snapshot
• Revert Snapshot
• Mark Golden Snapshot
• Delete Snapshot
• Delete All Snapshots
4 VM Disk Management
• Create VM Disk
• VM Disk Resize
• Delete VM Disk
• VACS Add vNICs
• VACS Delete vNICs
• UCSD Add vNICs
• UCSD Delete vNICs
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
14
Performing VM Lifecycle Management
Viewing All VMs
Note
You cannot add or delete the UCSD vNICS.
5 VM Network Management
• VM Resyn
• Upload OVF files
• Delete OVF files
6 VM Console Management
• Launch VM Client
• Configure VNC
• Test VNC
• Enable/Disable VMRC Console
7 VM SO Management Image as CD/DVD
• Mount ISO Image as CD/DVD Drive
Viewing All VMs
The viewing all VMs feature displays all of the VMs and their details such as the VM ID, host name, IP
address, and power state.
Step 1
Step 2
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM from the list of available VMs to view the available management actions for that VM.
Note
The VM management actions that are available for a VM are based on the permissions granted by the
administrator.
Managing VM Power
Managing the power functions of the VM includes the following actions:
Action
Description
Power On
Powers on the VM.
Power Off
Powers off the VM.
Suspend
Places the VM in a suspended state.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
15
Performing VM Lifecycle Management
Managing VM Power
Note
Step 1
Step 2
Step 3
Action
Description
Standby
Moves the VM to standby state.
Reset
Performs a hard reset of the VM.
Reboot
Performs a soft reboot of the VM.
Shutdown Guest
Shuts down the Guest OS on the VM.
To access these options on a VM, the administrator must provide the appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Power On.
In the VM Task dialog box, complete the following fields:
Name
Description
VM Name field
Name of the VM.
Task field
Selected power management task.
Comments field
Enter comments if required.
Schedule Action field
Specify either to power on the VM now or at a specific date and time.
Click Proceed.
Note
Repeat these steps to complete the other power management actions.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
16
Performing VM Lifecycle Management
Resizing VMs
Resizing VMs
Note
Step 1
Step 2
Step 3
Step 4
To access the Resize VM option on a VM, the administrator must provide the appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Resize VM.
In the Resize VM dialog box, complete the following fields:
Name
Description
VM Name field
The name of the selected VM.
Current Allocated CPU field
The number of allocated CPUs being used by the VM.
Current Allocated Memory (GB)
field
The amount of memory allocated to the VM.
New CPU Count drop-down list
Choose the CPU required from the drop-down list.
New Memory drop-down list
Choose the amount of memory required from the drop-down list.
Click Resize.
Managing VM Snapshots
You can create and manage snapshots of restore points during a recovery from a system disaster or malfunctions.
A restore point is the complete state of a VM at a point in time. You may want to create snapshots from time
to time to preserve the current state of a VM. For example, you can create a snapshot of your VM in its stable
form before performing a potentially risky system operation. After creating several snapshots, you can view
a VM snapshot summary report and identify which snapshots you want to preserve for future use (also know
as golden snapshots). Golden snapshots cannot be deleted.
Note
The VM snapshot options on a VM are available based on the permissions granted by an administrator.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
17
Performing VM Lifecycle Management
Creating Snapshots
Creating Snapshots
The feature creates a snapshot of all of the VM's resources in their current state. You can also revert back to
a particular snapshot (state).
Note
Step 1
Step 2
Step 3
To access the Creating Snapshots option for a VM, the administrator must provide the appropriate
permissions.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Create Snapshot.
In the Create Virtual Machine Snapshot dialog box, complete the following fields:
Name
Description
Snapshot Name field
The name of the snapshot.
Snapshot Description field
The description of the snapshot.
Snapshot Memory check box
Check the box to include VM memory.
Quiesce Guest File System check box
Check the box to take the snapshot in Quiesce mode.
Quiescing a file system is a process of bringing the on-disk
data of a physical or virtual computer into a state suitable
for backups. This process may include operations as
flushing dirty memory buffers from the operating system's
in-memory cache to disk, or other higher-level application
specific tasks.
Note
In order to use this option you have to have
VMware tools installed on the VM.
Click Proceed.
Reverting Snapshots
If the VM crashes or malfunctions for any reason you can revert back to the most recent snapshot of the VM.
You can also select a specific snapshot to revert back to, in case there is more than one snapshot for the VM
available.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
18
Performing VM Lifecycle Management
Marking a Snapshot as Golden
Note
To access the Revert Snapshots Details option on a VM, the administrator must provide the appropriate
permission.
Step 1
Step 2
On the menu bar, click Virtual Resources and choose VMs.
Right-click on a VM and choose Revert Snapshot.
The Revert Virtual Machine Snapshot dialog box appears.
Step 3
Complete the following checkbox.
Step 4
Name
Description
Snapshot check box
If checked, defines it as a snapshot.
Click Proceed.
Marking a Snapshot as Golden
Marking a snapshot as golden prevents it from being accidentally deleted. The only way to delete a golden
snapshot is to unmark the golden snapshot (returning it to a standard snapshot).
Note
Step 1
Step 2
Step 3
To access the Mark Golden Snapshot option on a VM, the administrator must provide the appropriate
permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Mark Golden Snapshot.
In the Mark Golden Snapshot dialog box, complete the following fields:
Name
Description
Snapshot check box
Check the box against the appropriate snapshot that you
want to mark as a golden snapshot.
Marks As Golden Snapshot check box
Check the box to mark the selected snapshot as a golden
snapshot.
Click Proceed.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
19
Performing VM Lifecycle Management
Unmarking a Golden Snapshot
Unmarking a Golden Snapshot
You can unmark a snapshot that earlier marked as golden.
Note
Step 1
Step 2
Step 3
To access the Mark Golden Snapshot option on a VM, the administrator must provide the appropriate
permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Mark Golden Snapshot.
In the Mark Golden Snapshot dialog box, complete the following fields:
Name
Description
Snapshot check box
Check the box against the appropriate golden snapshot that
you want to mark as a snapshot.
Marks As Golden Snapshot check box
Check the box to unmark the selected snapshot as a golden
snapshot.
Click Proceed.
Deleting Snapshots
Snapshots deemed unimportant can be deleted to make more disk space for newer snapshots. However, you
can delete only those snapshots that are unmarked as golden snapshots.
Note
Step 1
Step 2
To access the Delete Snaphot option on a VM, the administrator must provide the appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Delete Snapshot.
In the Delete Snapshot dialog box, complete the following check boxes:
Name
Description
Snapshot check box
Check the box to select a snapshot.
Delete Children check box
Check the box to delete the children of the selected
snapshot.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
20
Performing VM Lifecycle Management
Deleting All Snapshots
Step 3
Click Proceed.
Deleting All Snapshots
You can delete all available snapshots unless a golden snapshot is present. If a golden snapshot is available,
you must unmark that golden snapshot before being able to delete all the snapshots.
Note
Step 1
Step 2
Step 3
To access the Delete All Snaphots option on a VM, the administrator must provide the appropriate
permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Delete All Snapshots.
In the Delete All Snapshots dialog box, complete the following check box:
Name
Description
Delete All Snapshots check box
Check the box to delete all the snapshots.
Click Proceed.
Creating a VM Disk
Note
Step 1
Step 2
To access the Create VM Disk option on a VM, the administrator must provide the appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Create VM Disk.
In the Create VM Disk dialog box, complete the following fields:
Name
Description
VM Name field
The name of the selected VM.
New Disk (GB) field
Enter the disk size for the VM in GB.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
21
Performing VM Lifecycle Management
Resizing a VM Disk
Name
Description
Select Disk Type drop-down list
Select the required disk from the drop-down list.
Select Datastore drop-down list
Select a datastore from the drop-down list.
Note
Thin Provision check box
Check this check box to use thin provisioning during VM creation.
Note
Step 3
The datastore's selection is available, depending upon the storage policy
that is associated to the VM.
Thin provisioning enables dynamic allocation of the physical storage
capacity to increase VM storage utilization.
Click Create.
Resizing a VM Disk
This feature allows you modify the allocated (provisioned) disk space for the VM. By default, you can only
increase the disk size of the VM.
Note
• The disk size of a VM can only be increased and not decreased.
• To access the VM Disk Resize option on a VM, the administrator must provide the appropriate
permission.
Step 1
Step 2
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click VM Disk Resize.
In the Resize VM Disk dialog box, complete the following fields:
Name
Description
VM Name field
The name of the VM.
This name cannot be edited.
Select Disk drop-down list
Select the VM disk from the drop-down list.
Total Provisioned (GB) field
Displays the total provisioned space of the selected disk on the VM.
New Size (GB) field
The new size for the VM. The new disk size should be greater than the total
provisioned size.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
22
Performing VM Lifecycle Management
Deleting A VM Disk
Step 3
Click Resize.
Deleting A VM Disk
Note
Step 1
Step 2
Step 3
To access the Delete VM Disk option on a VM, the administrator must provide the appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Delete VM Disk.
In the Delete VM Disk dialog box, complete the following fields:
Name
Description
VM Name field
The name of the selected VM.
Select Disk Name drop-down list
Choose a hard disk from the drop-down list.
Click Delete.
Resynchronizing a VM
Note
Step 1
Step 2
Step 3
Step 4
To access the Resync VM option on a VM, the administrator must provide the appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Resync VM.
In the Resync VM dialog box, choose the number of minutes from 0 to 30 from the Max Wait Time (minutes) drop-down
list.
Click Submit.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
23
Performing VM Lifecycle Management
Adding vNICs
Adding vNICs
You can add multiple port-group network based vNICs to a VM.
Note
The Add vNICs are applicable only to application VMs. You cannot add or delete vNIC for a service VM.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate application container and choose VACS Add vNICs. The Add VACS VM vNICs screen appears.
Step 3
Step 4
Choose the virtual machine network interface from the list of available interfaces.
Click+ to add an interface.
The Add Entry to VACS VM Networks 2 dialog box appears.
Step 5
In the Add Entry to VACS VM Networks 2 dialog box, complete the following fields:
Name
Description
VM Network Interface Name field
Enter a unique name for the VM network interface.
Select the Network drop-down list
Choose the port group based networks to which the
Network Interface Card (NIC) should be attached.
Adapter Type drop-down list
Select the appropriate adapter type.
Click Submit.
Step 6
Click Submit.
Deleting vNICs
You can delete existing (or multiple) multiple port-group network based vNICs on a VM. This option is
available only for those VMs that are a part of the Cisco VACS application container.
Note
The Add vNICs are applicable only to application VMs. You cannot add or delete vNIC for a service VM.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate VM and choose VACS Del vNICs. The Delete VM vNICs screen appears.
Step 3
Click Select from the VM vNICs button.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
24
Performing VM Lifecycle Management
Viewing VM Details
The Select Items dialog box appears.
Step 4
Step 5
Step 6
Check the check box of the vNIC you want to delete or click Check All to select all vNICs.
Click Select.
Click Delete.
The VM is restarted in order to complete the removal process.
Viewing VM Details
This feature allows you to view the details about the VM, such as VM action request, vNICs, VM snapshots,
and general summary information.
Note
Step 1
Step 2
To access the View Details option on a VM, the administrator must provide the appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click View Details.
The Summary screen appears.
About OVF Files
You can upload Open Virtualization Format (OVF) files (in both, the zip and jar formats) to a previously
configured storage location, where they are deployed. These files can be used while adding VMs to the Cisco
VACS application containers.
Uploading OVF Files
Cisco VACS allows you to upload OVF files (OVA, zip, and jar formats) to a predefined storage location and
deploy them to a group or customer organization.
Step 1
Step 2
Step 3
On the menu bar, choose Services > User OVF Management.
Click Upload File.
In the Upload File dialog box, complete the following fields:
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
25
Performing VM Lifecycle Management
Deleting OVF Files
Name
Description
Folder Type drop-down list
The type of folder containing the OVF file. Choose one of the following:
• User—Choose this role if you are an end user. End users are not granted
extensive privileges. The User role is well suited for first-level support, in
which problem identification, remediation, and escalation are the primary
goals.
• Group—The file is only available to those in a defined group.
File Name field
The name of the OVF file to upload and display.
Upload option
Launches the File Upload dialog box in which you can browse and select an OVF
file.
Only OVF files in OVA, zip and jar formats can only be uploaded to the
storage location.
After the file is uploaded, and a confirmation message stating that the file is ready
for use is displayed, close the File Upload dialog box.
Note
File Description field
Step 4
Step 5
The description of the file (if required).
Click Submit.
When the Submit Result - Upload Successfully dialog box appears, click OK. The uploaded file is listed in the User
OVF Management table.
Note
These files are used while adding VMs to the application containers.
Deleting OVF Files
Step 1
Step 2
On the menu bar, choose Services > User OVF Management.
Choose an OVF file from the table and click Delete File.
The Delete File dialog box appears.
Step 3
Click Submit.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
26
Performing VM Lifecycle Management
Launching VM Client
Launching VM Client
This feature lets you set up a remote or a VNC console. The VNC console provides access for each VM. The
console provides full control capabilities of the VM. The console is accessible using any standalone web
browser and no plug-in is required. Cisco UCS Director provides automatic configuration of the console.
Note
• To access the Launch VM Client option on a VM, the administrator must provide the appropriate
permission.
• You can access a VM's login credential when it is setup for Web or remote desktop access. An
administrator must provide the proper catalog (and necessary privileges) from which the VM is
provisioned.
Step 1
Step 2
Step 3
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Launch VM Client.
In the Launch Client dialog box, select an access scheme:
Name
Description
Access Scheme drop-down list
Choose an access scheme from the drop-down list. The available schemes are
VNC Console and VMRC.
Note
The VMRC and the VNC Console schemes are available only when it
has been enabled. However, in Cisco VACS, the VNC Console is
enabled for all the workload VMs during the deployment.
Click Proceed.
Enabling the VNC Console on a VM
Note
To access the Configure VNC option on a VM, the administrator must provide the appropriate permission.
Step 1
Step 2
Step 3
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Configure VNC.
In the Configure VNC Request dialog box, click Submit.
Step 4
Click OK.
Cisco UCS Director automatically configures VNC console access to a VM when the request is submitted.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
27
Performing VM Lifecycle Management
Testing VNC Connectivity
Testing VNC Connectivity
Testing VNC connectivity is used for troubleshooting purposes. If the test for VNC connectivity succeeds,
the host node IP address and VNC port number displays. For example: VNC connectivity intact
at 172.29.110.75:5921.
However if connectivity fails, a failure message displays. For example: VM is not configured for
VNC yet.
Note
To access the Test VNC option on a VM, the administrator must provide the appropriate permission.
Step 1
Step 2
Step 3
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Test VNC.
In the Test VNC Connectivity dialog box, click Submit.
Step 4
Use the result to troubleshoot VNC connectivity.
Note
If connectivity fails, there is no VNC port assigned to the VM IP address. For more information, see Enabling
the VNC Console on a VM, on page 27.
Enabling or Disabling VMRC Console Access
Web applications running in the browser can use the VMRC browser plug-in to access virtual machine console
functions by using the VMRC JavaScript API. With a web application that uses VMRC browser plug-in and
the VMRC API, users can remotely access, and interact with, a virtual machine from any system with the
appropriate web browser and operating system.
Note
Step 1
Step 2
To access the Enable/Disable VMRC Console option on a VM, the administrator must provide the
appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click Enable/Disable VMRC Console.
In the Enable VMRC Console Access dialog box, check the Enable VMRC Console check box to enable the VMRC
Console access.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
28
Performing VM Lifecycle Management
Mounting the ISO Image as CD/DVD Drive
If the VMRC Console is enabled, the Disable VMRC Console Access dialog box appears. You can check the
Disable VMRC Console check box to disable the VMRC Control access.
Click Submit, and then click OK.
Note
Step 3
Mounting the ISO Image as CD/DVD Drive
Note
Step 1
Step 2
To access the CD/DVD Drive Mount ISO option, the administrator must provide the appropriate permission.
On the menu bar, choose Virtual Resources > VMs.
Select the appropriate VM and click CD/DVD Drive Mount ISO.
In the CD/DVD Drive Mount ISO dialog box, complete the following fields:
Name
Description
ISO Image button
Click Select to choose the ISO image from the list of
available image. In the Select dialog box, select an image,
and then click Select.
Note
If the list of available images is not displayed,
contact your administrator.
Create New CD/DVD Drive radio button
Click the radio button if you want to create a new CD/DVD
drive.
Use Existing CD/DVD Drive radio button
Click the radio button if you want to use an existing
CD/DVD drive.
Power Off VMcheck box
Check the check box to power off the VM.
Note
Select CD/DVD Drive drop-down list
Select the desired drive from the list of available drive(s).
Note
Step 3
This check box appears only if you choose create
a new CD/DVD drive.
This drop down list appears only when you choose
to use an existing CD/DVD drive
Click Submit.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
29
Performing VM Lifecycle Management
Mounting the ISO Image as CD/DVD Drive
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
30
CHAPTER
4
Working with the Cisco VACS Self-Service Portal
This chapter contains the following sections:
• Viewing Reports, page 31
• Powering on the Application Container, page 34
• Powering off the Application Container, page 34
• Adding Virtual Machines, page 34
• Deleting Virtual Machines, page 37
• Managing Service VM Passwords, page 37
• Configuring Static NAT to the Virtual Machines, page 38
• Configuring ERSPAN, page 39
• Managing Firewall Policies, page 40
• Deleting Application Containers, page 45
Viewing Reports
The Self-Service Portal provides you an interface to view system generated reports. You can view the following
reports based on options provided by your network administrator:
1 When the network administrator allows you to view the Secure Container Details, the following secure
reports are available:
• Summary Report—Displays the workload VM details.
• Detailed Report—Display the VM credentials, in addition to the summary and other details of the
VMs that are associated with the selected application container. This report does not display the
details of the service VMs.
2 When the network administrator allows you to view all the details, the following reports are available:
• Summary—Displays the summary of all the VMs, including the details of the service VMs that are
associated with the selected application container.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
31
Working with the Cisco VACS Self-Service Portal
Types of Reports
• Detailed report with credentials—Display the VM credentials, in addition to the summary and other
details of the VMs that are associated with the selected application container.
• Detailed report without credentials—Displays the VM details without the credential details.
Step 1
Step 2
Step 3
Step 4
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click View Reports.
The View Report dialog box appears.
Choose the report type from the Report Type drop-down list.
Click Submit.
After clicking Submit, a pop-up window that appears , displays the corresponding report.
Types of Reports
Attention
• To view the login passwords and vnc details for the VMs, see the detailed report with credentials.
• The login user for CSR/VSG is admin and for SLB is root.
• The default enable password for CSR is cisco123.
• The Summary Report and the Detailed Report in the Secure Container details are displayed based
on the permissions granted by the administrator.
• The contents of the Detailed report depends on whether it is a secure report or a non secure report.
Cisco VACS generates the following types of reports for each container that you create:
1 Secure Reports—These reports are displayed based on the permissions granted by the administrator while
setting the end user options and they do not display the details of the service VMs.
The following secure reports are available:
• Summary Report displays the details of the workload VMs.
• Detailed Report
• Container:Name—displays the container name, container type, the group it belongs to, and the
date the template was created.
• Virtual Machines—displays the details of the workload VMs.
• event history—displays the deployment history.
• Virtual Machine Subnet Information—displays the network and gateway IP addresses and the
subnet mask.
• CSR Uplink Information—information about the CSR 1000V uplink.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
32
Working with the Cisco VACS Self-Service Portal
Types of Reports
• Static Nat Details—displays Static Nat related information.
Note
If the network administrator has granted permissions to view the secure container details,
the Stats URL displays the VIP IP address instead of the SLB Management IP Address.
2 Unsecure Reports—These reports are displayed based on the permissions granted by the administrator
while setting the end user options. The following reports are available:
• Summary
• Detailed report with credentials
• Detailed report without credentials
The summary report displays container details such the summary of all the VMs, including the details of the
service VMs that are associated with the selected application container.
The detailed report (with and without credentails) displays the following information:
• Container:Name—displays the container name, container type, the group it belongs to, and the date the
template was created.
• Virtual Machines—displays consolidated information about all the provisioned VMs and their status in
the container, resource consumption details such as disk size, memory, and CPU, details of the network
interface, hostname and status, and port mappings for the container.
• Container Port Groups—displays details about the container port groups with specific admin credentials.
• event history—displays the deployment history.
• Server Load Balancing—displays the server load balancing (SLB) primary and secondary virtual machine
names, IP addresses, netmask, network gateway, data and management port-groups, Stats URL, Stats
username and password, information about the VIP, zone, and real server.
• Virtual Machine Subnet Information—displays the network and gateway IP addresses and the subnet
mask.
• CSR 1000V License Details—displays details about the CSR 1000V virtual appliances deployed by
Cisco VACS and the corresponding license states.
• CSR Uplink Information—information about the CSR 1000V uplink.
• Static Nat Details—displays Static Nat related information.
• ERSPAN Details—displays ERSPAN related information.
• Upstream Router Configuration Required—This section is displayed when the edge gateway is disabled
in a container.
Note
The detailed report with credentials (for Self-Service Users and Administrators) also displays the service
VM passwords that were reset or reconfigured using the manager service VM password feature.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
33
Working with the Cisco VACS Self-Service Portal
Powering on the Application Container
Powering on the Application Container
Using the Self-Service Portal, you can power on an application container.
Note
• The Power On option is available based on the permission granted by the administrator.
• If any VM is powered on in the Secure Report mode, the service VMs are powered on automatically.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Power On Container.
The Power On Container dialog box that appears, displays the VMs that have been provisioned.
Step 3
Select the VM that you want to power on and click Submit.
The Submit Result confirmation box appears.
Step 4
Click OK.
Powering off the Application Container
Using the Self-Service Portal, you can power off an application container.
Note
• The Power Off option is available based on the permission granted by the administrator.
• If any VM is powered off in the Secure Report mode, the service VMs are powered on automatically.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Power Off Container.
The Power Off Container dialog box that appears, displays the VMs that have been provisioned.
Step 3
Select the VM that you want to power off and click Submit.
The Submit Result confirmation box appears.
Step 4
Click OK.
Adding Virtual Machines
Using the Self-Service Portal you can add a virtual machine (VM) exclusively for any of the deployed
application containers available for a user in a defined group.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
34
Working with the Cisco VACS Self-Service Portal
Adding Virtual Machines
Note
Step 1
Step 2
Step 3
The Help link provides you access to the corresponding online help.
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Add VMs.
In the Add VMs dialog box, complete the following fields:
Name
Description
Security Zone drop-down list
Choose a security zone.
VM Name field
Enter a unique name for the virtual machine, up to 32
characters long. The complete virtual machine name will
include the name provided in this field, the zone name and
the container name.
Image Type drop-down list
Choose the image type. The available options are VM
template or OVF.
Note
ISO images are not
supported.
Image File Image drop-down list
Choose a virtual machine image to deploy from the list.
The list contains the virtual machine templates that are
present on the chosen vCloud account. If the list is empty,
then the chosen vCloud account does not have any
templates.
Note
1 The drop-down list shows only the VM
templates which are added to one of the hosts
on the datacenter where Virtual Machines are
deployed.
2 If the drop-down list does not show the added
VM templates, you must perform inventory
collection to display them : Virtual >
Compute > Polling > Request Inventory
Collection.
3 If the available OVF file does not have
VMware tools installed, the workflow fails
while configuring the IP addresses on the VM.
Number of Virtual CPUs drop-down list
Choose the number of vCPUs that are required for the
newly created VM.
Memory drop-down list
Choose the memory that is required for the newly created
VM.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
35
Working with the Cisco VACS Self-Service Portal
Adding Virtual Machines
Name
Description
VM Password Sharing Option drop-down list
Choose the virtual machine password sharing option:
• Do not share
• Share after password reset
• Share template credentials
VM Network Interfaces table
Note
This table is visible only for the custom
containers.
Choose the virtual machine network interface from the list
of interfaces.
Click + to add an interface.
Note
If SLB has been enabled in the template, you must
choose at least one virtual machine network
interface that is in the same network as that of the
SLB.
To add an interface, do the following:
Name
Description
VM Network Interface
Name field
Enter a unique name for the
VM network interface.
Select the Network
drop-down list
Choose the network to
which the Network
Interface Card (NIC) should
be attached.
Adapter Type drop-down Select the appropriate
list
adapter type.
Click Submit.
Number of VM instances field.
Step 4
Enter the number of virtual machine instances to provision
to an existing container.
Click Submit.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the workflow.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
36
Working with the Cisco VACS Self-Service Portal
Deleting Virtual Machines
Deleting Virtual Machines
Using the Self-Service Portal, you can delete workload VMs from a selected application container that has
been deployed and the VMs that have been provisioned.
Note
• The Delete VMs option is available based on the permission granted by the administrator.
• The Help link provides you access to the corresponding online help.
Step 1
On the menu bar, choose Virtual Resources > Application Containers.
Step 2
Step 3
Select the appropriate Application Container and click Delete VMs.
The Delete VMs dialog box that appears, displays the VMs that have been provisioned.
Check the checkbox against the VMs that you choose to delete. and click Submit.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the Workflow.
Step 4
(Optional) Click Close to cancel the deletion.
Managing Service VM Passwords
Cisco VACS allows you to reconfigure passwords for service VMs (CSR, VSG, and SLB) in a Cisco VACS
application container. The Manage Service VM Password feature is enabled to the Self-Service users only
when the secure container report is unchecked by the network administrator. You can either set the same
password for all the service VMs or a different password for each of these services VMs.
Note
• The password must be alphanumeric and must contain at least one uppercase letter, one lowercase
letter, and one numeric digit, and must be between 8 to 64 characters long. The password must not
contain special characters.
• The Help link provides you access to the corresponding online help.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate application container and click Manage Service VM Password.
The Manage Service VM Password screen appears.
Step 3
In the Select Containers screen, check the check box(es) against the container for which you want to reconfigure the
service VM password(s).
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
37
Working with the Cisco VACS Self-Service Portal
Configuring Static NAT to the Virtual Machines
Note
The following list of Cisco VACS application containers are not displayed in the list of container
list.
• Those that have a service request in progress.
• Those that do not have a service VM.
Step 4
Click Next.
The Set Service VM Password screen appears.
Step 5
In the Set Service VM Password screen, complete the following fields:
Step 6
Name
Description
CSR Password field
Enter a password for the CSR.
Confirm CSR Password field
Re-enter the password.
Apply this password for all services check box
Check this check box if you want the set the defined CSR
password as a common password for all the service VMs.
VSG Password field
Enter a password for VSG.
Confirm VSG Password field
Re-enter the password.
SLB Password field
Enter a password for SLB.
Confirm SLB Password field
Re-enter the password.
Click Submit.
Note
After the service VM passwords are changed, the detailed report (for both, the Self-Service Users and the
administrators) is updated to reflect the changed passwords.
Configuring Static NAT to the Virtual Machines
Static NAT mappings are required for allowing the outside public IP addresses to reach the virtual machines
that are inside the container. The static NAT screen allows you to specify the outside public IP address and
map it to the private IP address of the virtual machine.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
38
Working with the Cisco VACS Self-Service Portal
Configuring ERSPAN
Note
• The static NAT operation is blocked for containers that do not have the edge gateway enabled.
• The static NAT operation is applicable only if the IP type = Private. If you try to configure this
feature on a container whose IP type=public, then you will get an error message and cannot proceed
with the configuration.
• The Help link provides you access to the corresponding online help.
• The option to configure StaticNAT is available based on the permission granted by the administrator.
Step 1
Step 2
Step 3
Step 4
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Static NAT.
In the Static NAT dialog box, check the check box for each provisioned VM that require Static NAT enablement.
If none of the workload VMs are provisioned on the container, the Static NAT screen is be empty. If the workload VMs
are already provisioned, this screen displays the VMs with check boxes next to each of them.
Click Submit.
Note
If Private addressing was specified in the container template, Cisco VACS will provision NAT overloading
to allow internal VMs with private addresses to initiate connections to the outside, during the container
provisioning.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the workflow.
Configuring ERSPAN
Traffic to and from individual virtual machines can be monitored using the encapsulated remote switched
port analyzer (ERSPAN) feature after workload virtual machines are provisioned. ERSPAN is generally
enabled on a per veth for interface basis for troubleshooting. You must supply an ERSPAN destination for
forwarding and analyzing traffic. Use the following procedure to enable ERSPAN for the workload VMs and
the SLB VM:
Note
• The option to configure ERSPAN is available based on the permission granted by the administrator.
• The Help link provides you access to the corresponding online help.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click ERSPAN.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
39
Working with the Cisco VACS Self-Service Portal
Managing Firewall Policies
Step 3
Step 4
Step 5
The Cisco VACS ERSPAN Configuration wizard appears.
In the ERSPAN Destination IP address Specification screen specify the Destination IP Address for forwarding and
analyzing traffic.
If ERSPANs are already present, they are displayed in the Destination IP Address Report table in this screen. This
table also lists the ERSPAN session ID and the corresponding Destination IP address.
Click Next to proceed to the ERSPAN Configuration screen.
In the ERSPAN Configuration screen, complete the following details:
Name
Description
VM Name drop-down list
Choose the workload VM that you want to monitor.
NIC Name drop-down list
Choose the VM NIC attached to the workload VM.
Rx Tx Both drop-down list
Choose the direction of the traffic that you want to monitor.
The options are:
1 Receive direction (Rx)
2 Transmit direction (Tx)
3 Both directions (Both)
Step 6
Step 7
Step 8
Click Submit to add the entry to the VM NIC Configuration table.
Note
You can also edit, delete, or move an entry up and down using the respective
icons.
Click Submit in the ERSPAN Configuration screen to submit the ERSPAN configuration request. The service request
is submitted to the workflow to configure the ERSPAN monitoring.
Upon successful execution of the workflow, the ERSPAN session will be visible from ERSPAN screen after a few
minutes. You can view the status of the service request from the Service Requests screen under the Services Menu.
1 If you want to stop an existing ERSPAN session, check the checkbox corresponding to the Destination IP
Note
address and Session ID, delete the VM NIC configuration, and click Submit.
2 You cannot change the session ID and the session type (Rx, Tx, or Both) when a session is configured
through the ERSPAN configuration. To change these details, you must first delete the session and then create
a new session.
Click Submit.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the workflow.
Managing Firewall Policies
Cisco Virtual Application Cloud Segmentation (VACS) Services allows you to modify existing firewall access
control lists (ACLs) rules for each container that is already deployed. This includes adding new ACL rules
and modifying or deleting existing ACL rules. In a firewall policy, you can change only the ACLs that are
defined for a container. You cannot add new zones or modify existing zones.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
40
Working with the Cisco VACS Self-Service Portal
Viewing Firewall ACL Rules
Note
• This option is not functional if the zone security for tiers (VSG) is not enabled in the template from
which the container was deployed.
• Use this procedure to modify existing firewall access control lists (ACLs) rules for the deployed
containers. To modify firewall ACL rules for templates, you must use the PNSC Firewall Policies
tab available at Physical > Network > Multi-Domain Manager > PNSC Accounts. For more
information, see the Viewing and Editing the ACLs for the 3 Tier Templates section in the Cisco
Virtual Application Cloud Segmentation Services Configuration Guide.
• The Help link available within the wizard provides you access to the corresponding online help.
Viewing Firewall ACL Rules
You can view existing ACL rules associated with a firewall policy that is defined for a container.
Note
Step 1
Step 2
Step 3
The Help link provides you access to the corresponding online help.
On the menu bar, choose Virtual Resource > Application Containers.
Select the appropriate Application Container and click Firewall Policy.
The Edit Firewall dialog box appears.
The PNSC Firewall Specification screen displays the policy name and description. Click Next.
The PNSC-ACL Rules screen appears. You can view the existing PNSC ACL rules.
Adding Firewall ACL Rules
You can add new ACL rules to a firewall policy that is defined for a container.
Note
• The option to add firewall ACL rules is available based on the permission granted by the administrator.
• The Help link provides you access to the corresponding online help.
Step 1
Step 2
Step 3
On the menu bar, choose Virtual Resource > Application Containers.
Select the appropriate Application Container and click Firewall Policy.
The Edit Firewall dialog box appears.
The PNSC Firewall Specification screen displays the policy name and description. Click Next.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
41
Working with the Cisco VACS Self-Service Portal
Adding Firewall ACL Rules
The PNSC-ACL Rules screen appears.
Step 4
In the PNSC-ACL Rules screen, click the + icon to add a new PNSC ACL rule.
The Add Entry to PNSC ACL Rules screen appears.
Step 5
In the Add Entry to PNSC ACL Rules screen, complete the following fields:
Name
Description
Name field
Enter a unique name for the PNSC ACL rule.
This name can be an alpha-numeric and special character set between 2-32
characters long.
Description field
Enter a description for the PNSC ACL rule. This description can be less than or
equal to 256 characters long.
Action drop-down list
Choose an action to take if the rule conditions are not met. The available options
are:
• Drop—Drops traffic or denies access.
• Permit—Forwards traffic or allows access.
• Reset—Resets the connection.
Condition Match Criteria
drop-down list
Choose the condition match criteria. The available options are:
• Choose match-all for the ACL Policy Rule to match all the conditions (AND).
• Choose match-any for the ACL Policy Rule to match any one condition (OR).
Protocol/Service drop-down list
Choose between protocol or service.
Service table
In a given protocol if you want to specify any application service related port
number to be opened, then you must choose this . Currently, Cisco UCS Directors
supports http and https.
Note
This option appears if you choose
Service.
To add a service, click the + icon to add an entry to the service table and complete
the following fields:
• From the Operator drop-down list. choose the operator. The available options
are: Equals and Not equals.
• From the Protocol drop-down list. choose the protocol.
• From the Service drop-down list, choose the service. The available options
are: http and https.
• In the Port field, enter the application service related port number.
• Click Submit to add the entry to the list of zone conditions.
You can edit or delete an existing service.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
42
Working with the Cisco VACS Self-Service Portal
Editing Firewall ACL Rules
Name
Description
Any Protocol check box
To apply the rule to any protocol, check the Any check box.
Note
Source Conditions table
This option appears if you choose
Protocol.
Click the + icon to add an entry to the source conditions table and complete the
following fields:
• From the Attribute Type drop-down list, choose the attribute : Network,
VM, or Zone.
• From the Attribute Name drop-down list, choose the name.
• From the Operator drop-down list, choose the operator : Range or Equals
or Not Equals or Prefixed by or Range.
• In the Attribute Value field, enter the corresponding value.
• Click Submit to add the entry to the list of zone conditions.
Destination Conditions table
Click the + icon to add an entry to the destination conditions table and complete
the following fields:
• From the Attribute Type drop-down list, choose the attribute : Network,
VM, or Zone.
• From the Attribute Name drop-down list, choose the name.
• From the Operator drop-down list, choose the operator : Range or Equals
or Not Equals or Prefixed by or Range.
• In the Attribute Value field, enter the corresponding value.
• Click Submit to add the entry to the list of zone conditions. The new ACL
rule is added to the list of zone conditions and is listed at the end of the existing
list.
Step 6
Step 7
Click the Up arrow icon to move the newly created ACL rule in an ascending order.
Click Submit.
Editing Firewall ACL Rules
Cisco Virtual Application Cloud Segmentation (VACS) Services (Cisco VACS) allows you to modify existing
firewall ACL rules.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
43
Working with the Cisco VACS Self-Service Portal
Deleting Firewall ACL Rules
Note
• Use this procedure to modify existing firewall access control lists (ACLs) rules for the deployed
containers. To modify firewall ACL rules for templates, you must use the PNSC Firewall Policies
tab available at Physical > Network > Multi-Domain Manager > PNSC Accounts. For more
information, see Viewing and Editing the ACLs for the 3 Tier Templates.
• The Help link provides you access to the corresponding online help.
Step 1
Step 2
Step 3
On the menu bar, choose Virtual Resource > Application Containers.
Select the appropriate Application Container and click Firewall Policy.
The Edit Firewall dialog box appears.
The PNSC Firewall Specification screen displays the policy name and description. Click Next.
The PNSC-ACL Rules screen appears.
Step 4
In the PNSC-ACL Rules screen, select the PNSC ACL rule that you want to edit, and click the edit (pencil) icon.
The Edit Entry to PNSC ACL Rules screen appears.
Step 5
In the Edit Entry to PNSC ACL Rules screen, modify the corresponding fields, and click submit.
Step 6
Step 7
Click the Up or down arrow icon to move the modified ACL rule in an ascending or descending order.
Click Submit.
Deleting Firewall ACL Rules
Cisco Virtual Application Cloud Segmentation (VACS) Services (Cisco VACS) allows you to delete existing
ACL rules.
Note
Step 1
Step 2
Step 3
The Help link provides you access to the corresponding online help.
On the menu bar, choose Virtual Resource > Application Containers.
Select the appropriate Application Container and click Firewall Policy.
The Edit Firewall dialog box appears.
The PNSC Firewall Specification screen displays the policy name and description. Click Next.
The PNSC-ACL Rules screen appears.
Step 4
In the PNSC-ACL Rules screen, click the delete (x) icon to delete an existing PNSC ACL rule.
The Delete PNSC ACL Rules Entry confirmation box appears.
Step 5
Click Submit to delete the selected PNSC ACL rule.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
44
Working with the Cisco VACS Self-Service Portal
Deleting Application Containers
Deleting Application Containers
Using the Self-Service Portal you can delete any of the deployed application containers. When you delete an
application container, all the associated resources are deleted automatically.
Note
The Delete Container option is available based on the permission granted by the administrator.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Delete Container.
The Delete Container dialog box confirming the deletion appears.
Step 3
Click Submit to proceed with the deletion.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the workflow.
Step 4
(Optional) Click Close to cancel the deletion.
Note
If the delete container workflow fails, then trace the container deployment service request and Issue a 'Rollback
Request' to complete/clean-up the failed deletion.
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
45
Working with the Cisco VACS Self-Service Portal
Deleting Application Containers
Cisco Virtual Application Cloud Segmentation Services Self-Service Portal User Guide, Release 5.4STV2.1
46