Cisco Virtual Application Container Services Self-Service Portal User
Guide, Release 5.2STV1.1
First Published: February 11, 2015
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
© 2015
Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Overview 1
About Cisco Virtual Application Container Services 1
About the Self-Service Portal 1
Logging Into the Cisco UCS Director 2
Understanding the Self-Service Portal 2
Related Documentation for the Cisco Virtual Application Container Services 3
CHAPTER 2
Managing Service Requests 5
About Service Requests 5
Service Request Workflows 5
Creating a Service Request for Service Container Catalogs 6
Viewing the Service Request Status 7
Viewing the Service Request History for a Group 8
Cancelling a Service Request 8
Searching the Service Request History for a Group 9
Exporting Group Service Requests History 9
CHAPTER 3
Performing VM Lifecycle Management 11
About VM Lifecycle Management Actions 11
Viewing All VMs 11
Managing VM Power 12
Viewing VM Details 13
Launching VM Client 13
Requesting Inventory Collection for VM 14
CHAPTER 4
Working with the Cisco VACS Self-Service Portal 15
Viewing Reports 15
Types of Reports 16
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
iii
Contents
Powering on the Application Container 16
Powering off the Application Container 17
Adding Virtual Machines 17
Deleting Virtual Machines 19
Configuring Static NAT to the Virtual Machines 20
Configuring ERSPAN 20
Managing Firewall Policies 22
Viewing Firewall ACL Rules 22
Adding Firewall ACL Rules 22
Editing Firewall ACL Rules 24
Deleting Firewall ACL Rules 25
Deleting Application Containers 26
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
iv
CHAPTER
1
Overview
This chapter contains the following sections.
• About Cisco Virtual Application Container Services, page 1
• About the Self-Service Portal, page 1
• Related Documentation for the Cisco Virtual Application Container Services, page 3
About Cisco Virtual Application Container Services
Cisco Virtual Application Container Services (Cisco VACS) is a software solution that automates the
coordinated licensing, installation, and deployment of multiple virtual services in your datacenter to enable
an easy and efficient setup of virtualized applications. Cisco VACS provides a fully customizable extended
application container abstraction to simplify deploying and provisioning the virtual services. Cisco VACS
allows you to define extended application container templates and to instantiate them through automated setup
and provisioning of the underlying virtual components. Cisco UCS Director provides the management interface
to deploy, provision, and monitor the Cisco VACS solution.
Cisco VACS provides you with a choice of ready-to-use application container templates that define the rules
for deploying a collection of virtual machines (VMs) within a private network secured by a firewall. An
application container is a set of virtual services such as virtual switches, routers, firewalls, and other network
devices configured in a consistent manner to deploy different workloads. When you create and instantiate an
application container template, Cisco VACS deploys VMs, and configures networks, the firewall, and virtual
switches, and enables quick provisioning of network and security at the virtual layer.
About the Self-Service Portal
You can use the Cisco UCS Director Self-Service Portal for self-service provisioning, monitoring, and
management capabilities. With the Self-Service Portal, you can create a request for a VACS container, perform
container related operations permitted for the service end user.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
1
Overview
Logging Into the Cisco UCS Director
Attention
This document describes the Self-Service Portal for a service end user only. For information on the
Self-Service Portal for administrators, see the http://www.cisco.com/c/en/us/support/
servers-unified-computing/ucs-director/products-maintenance-guides-list.html.
Logging Into the Cisco UCS Director
Step 1
Step 2
In the Address field of the browser, enter the IP address of the Cisco UCS Director and press Enter.
The Cisco UCS Director login page appears.
Enter the username and password in the Username and Password fields, and click Login.
The Cisco UCS Director home page appears.
Understanding the Self-Service Portal
This section describes the Self-Service portal and the Cisco VACS features that you can access using Cisco
UCS Director.
Figure 1: Self-Service Portal
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
2
Overview
Related Documentation for the Cisco Virtual Application Container Services
Table 1: Elements of the Self-Service Portal
Number
Description
1
The Menu bar displays tabs that allow you to view the Cisco VACS solution
interface, along with the UCS Director Self-Service tabs.
2
The sub menu displays the tabs that provide details corresponding to the
menu tabs.
3
The subset menu displays the Cisco VACS features that allow you to power
on/off a container, add and delete VMs, and configure the ERSPAN and
Static NAT features, and manage firewall policies.
4
The Application Containers area displays the available containers.
5
This sub menu displays buttons that allows you to do the following:
• customize the table
• export reports
• add an advance filter
• search
This sub menu displays buttons that allows you to do the following:
6
• view user information
• log out of the Cisco UCS Director interface
• view the Cisco web page
• view information about the Cisco UCS Director
• view the Cisco UCS Director Online Help
• search for objects
Related Documentation for the Cisco Virtual Application
Container Services
This section lists the documents used with the Cisco VACS components and are available on Cisco.com at
the following URL:
Cisco Virtual Application Container Services Documentation
General Information
Cisco Virtual Application Container Services Release Notes
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
3
Overview
Related Documentation for the Cisco Virtual Application Container Services
Installation
Cisco Virtual Application Container Services Installation and Upgrade Guide
Configuration
Cisco Virtual Application Container Services Configuration Guide
User Information
Cisco Virtual Application Container Self-Service Portal User Guide
Nexus 1000V Documentation
For the Cisco Nexus 1000V for VMware vSphere Documentation:
Cisco Nexus 1000V for VMware vSphere Documentation
Prime Network Services Controller Documentation
Cisco Prime Network Services Controller Documentation
Cloud Services Router 1000V Documentation
Cisco Cloud Services Router 1000V Documentation
Virtual Security Gateway Documentation
Cisco Virtual Security Gateway Documentation
UCS Director Documentation
Cisco UCS Director Documentation
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
4
CHAPTER
2
Managing Service Requests
This chapter contains the following sections.
• About Service Requests, page 5
• Service Request Workflows, page 5
• Creating a Service Request for Service Container Catalogs, page 6
• Viewing the Service Request Status, page 7
• Viewing the Service Request History for a Group, page 8
• Cancelling a Service Request, page 8
• Searching the Service Request History for a Group, page 9
• Exporting Group Service Requests History, page 9
About Service Requests
You can use the self-service provisioning feature to create a service request to provision virtual machines
(VMs), services, or applications.
Service Request Workflows
The service request workflow can be summarized into several stages:
• Initiation—Service request initiation.
• Resource Allocation—Resources required for VM provisioning.
• Provision—The act of provisioning a VM.
• Setup Lifecycle Schedule— The scheduled and termination time.
• Notify—An email notice that states information about the container is sent to the user.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
5
Managing Service Requests
Creating a Service Request for Service Container Catalogs
Creating a Service Request for Service Container Catalogs
The administrator publishes catalogs to a group and end users choose the required catalog to create a service
request.
Before You Begin
This type of service request requires that a service container catalog be available for selection.
Step 1
Step 2
On the menu bar, choose Catalog > Service Container.
Double click the appropriate catalog and then click Create Request.
The Create Service Request wizard appears.
Note
You can also create a service request using the Services tab. To navigate to the Create Service Request wizard,
do the following:
1 choose Services > Service Requests > Create Request.
2 In the Create Request dialog box, choose Service Container, and then click Submit to view the Create
Service Request wizard. You can then proceed with the service request procedure.
Step 3
In the Create Service Request screen, view the following fields:
Name
Description
Catalog Type drop-down list
The type of catalog is auto populated.
Select Catalog drop-down list
The catalog to be provisioned is auto populated.
Step 4
Click Next.
The Deployment Configuration screen appears.
Step 5
In the Deployment Configuration screen, do the following:
Name
Description
Comment
Enter the description for the service request.
Provision
Choose the deployment time
The available options are Now and Later.
If you select Later, you are allowed to choose a date and
time for this deployment.
Service Container
Step 6
Enter the container name.
Click Next.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
6
Managing Service Requests
Viewing the Service Request Status
The Summary screen appears.
Step 7
In the Summary screen, review the information for accuracy, and then click Submit.
Viewing the Service Request Status
Before You Begin
Create a service request.
Step 1
Step 2
Step 3
Choose Services > Service Request.
Choose a service request.
Click View Details.
The Service Request screen provides the details regarding the service request and the related workflow steps. From this
page you view the status for each workflow step. Details, such as the time, are also displayed in addition to each step's
status (color-coded).
• Grey—Indicates the step still needs to be completed.
• Green—Indicates the step completed successfully.
• Red—Indicates the step failed. The reason for the failure is also specified under the step.
• Blue—Indicates more input is required from the user for the step to be completed. For example, if an approver was
defined for this service request, blue indicates that the service request is waiting for approval.
Name
Description
Overview section
Request ID field
The service request ID number.
Request Type field
The type of request (for example, VM)
Workflow Name field
The name of the workflow.
Request Time field
The time the service request was created.
Request Status field
The status of the service request (for example, Complete,
Canceled, or Failed).
Comments field
Comments added during the service request creation.
Ownership section
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
7
Managing Service Requests
Viewing the Service Request History for a Group
Name
Description
Group field
The group to which the user requesting the service request
belongs.
Initiating User field
The user who initiated the service request.
Note
Approvers can view service requests that need their approval under the Approvals
tab.
Viewing the Service Request History for a Group
End users can view all service requests created for your group.
Before You Begin
Create a service request.
On the menu bar, click Services and choose the Service Requests tab (see step 1 above).
Cancelling a Service Request
After submitting a service request, you can cancel it for any reason.
Before You Begin
Creating a service request.
Step 1
Step 2
Step 3
Step 4
On the menu, choose Services > Service Requests.
Choose the service request entry that needs to be canceled.
Click Cancel Request.
Click Submit to cancel the service request.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
8
Managing Service Requests
Searching the Service Request History for a Group
Searching the Service Request History for a Group
End users can search for the service request history for their group.
Before You Begin
Create a service request.
Step 1
Step 2
On the menu bar, choose the Services > Service Request tab.
Enter the text or service request number in the search field.
Note
Criteria can be any text from any of the
columns.
Exporting Group Service Requests History
Reports of service requests for all groups or any particular group can be exported into a tabular format.
Before You Begin
Creating service requests.
Step 1
Step 2
On the menu bar, choose Services > Service Requests.
Click the Export Report icon to generate a report of service requests.
Reports can be exported in PDF, CSV, or XLS format.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
9
Managing Service Requests
Exporting Group Service Requests History
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
10
CHAPTER
3
Performing VM Lifecycle Management
This chapter contains the following sections.
• About VM Lifecycle Management Actions, page 11
• Managing VM Power, page 12
• Viewing VM Details, page 13
• Launching VM Client, page 13
• Requesting Inventory Collection for VM, page 14
About VM Lifecycle Management Actions
You can perform post provisioning lifecycle management actions that are permitted by administrators. You
can also view the entire list of virtual machines (VMs) provisioned using service requests under their group.
All VMs that belong to a particular group are displayed. The available lifecycle management actions are as
follows You are also allowed to manage the power usage of a VM.
Viewing All VMs
The viewing all VMs feature displays all of the VMs and their details such as VM ID, host name, IP address
and power state.
Note
Step 1
Step 2
To view the VM actions on a VM, the administrator has to give permission by checking the End User
Self-Serve options in the group's vDC.
On the menu bar, click Virtual Resources and choose the VMs tab.
Choose a VM entry from the list or right-click on a VM to bring up available actions for that VM.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
11
Performing VM Lifecycle Management
Managing VM Power
What to Do Next
Manage the VMs resources.
Managing VM Power
Managing a VM's power functions includes power on, powering off, suspending power, resetting the VM and
more.
Before You Begin
Provision a VM.
Step 1
Step 2
Click Virtual Resources and choose VMs.
Right-click on a VM and choose Power On.
In the VM Task dialog box, complete the following fields:
Name
Description
VM Name field
Name of the VM.
Task field
Selected power management task.
Comments field
Enter comments if required.
Schedule Action field
Specify either to power on the VM now or at a specific date and time.
Note
Step 3
The following actions appear in Similar field's Comments and Schedule Actions
panes:
Action
Description
Power Off
Power Off the VM.
Suspend
Places the VM in a suspended state.
Shutdown Guest
Shuts down the Guest OS on the VM.
Standby
Moves the VM to standby state.
Reset
Performs a hard reset of the VM.
Reboot
Performs a soft reboot of the VM.
Click Proceed.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
12
Performing VM Lifecycle Management
Viewing VM Details
Viewing VM Details
This feature lets you view details about the VM, such as VM action request, vNICs, VM snapshots and general
summary information.
Step 1
Step 2
On the menu bar, click Virtual Resources and choose VMs.
Right-click on a VM and choose View Details.
The Summary screen appears.
Launching VM Client
This feature lets you set up either web access, remote, or a VNC console. The VNC console provides access
for each VM. The console provides full control capabilities of the VM. The console is accessible using any
standalone web browser and no plug-in is required. Cisco UCS Director provides automatic configuration of
the console.
Note
You can access a VM's login credential when it is setup for Web or remote desktop access. An administrator
must provide the proper catalog (and necessary privileges) from which the VM is provisioned.
Before You Begin
The administrator must enable the feature.
Step 1
Step 2
On the menu bar, click Virtual Resources and choose VMs.
Right-click on a VM and choose Launch VM Client.
The Launch Client dialog box appears.
Step 3
In the Launch Client dialog box, select an access scheme:
Step 4
Name
Description
Access Scheme drop-down list
Choose an access scheme from the drop-down list. The schemes are VNC
Console, Web Access, and Remote Access.
Click Proceed.
The VNC console (in a Web browser) appears. Additional login is required to access the VM console.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
13
Performing VM Lifecycle Management
Requesting Inventory Collection for VM
Requesting Inventory Collection for VM
You can select a VM and request an on demand inventory collection
Note
Modifying the allocated resources could change the chargeback amount for the VM. Chargeback for a
VM is calculated based on the cost model defined by the administrator for a catalog. A VM's chargeback
is calculated based upon the catalog selected for provisioning the VM.
Step 1
Step 2
On the menu bar, click Virtual Resources and choose VMs.
Right-click on a VM and choose Request Inventory Collection Request for VM.
The Request VM Inventory Collection dialog box appears.
Step 3
Click Submit.
The VM inventory collection is completed.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
14
CHAPTER
4
Working with the Cisco VACS Self-Service Portal
This chapter contains the following sections:
• Viewing Reports, page 15
• Powering on the Application Container, page 16
• Powering off the Application Container, page 17
• Adding Virtual Machines, page 17
• Deleting Virtual Machines, page 19
• Configuring Static NAT to the Virtual Machines, page 20
• Configuring ERSPAN, page 20
• Managing Firewall Policies, page 22
• Deleting Application Containers, page 26
Viewing Reports
The Self-Service Portal provides you an interface to view system generated reports. You can view the following
reports:
• Summary—Displays the summary of all the VMs that are associated with the selected application
container.
• Detailed Report without Credentials—Displays the details of all the VMs, in addition to the summary
of the VMs that are associated with the selected application container.
• Detailed Report with Credentials—Display the VM credentials, in addition to the summary and other
details of the VMs that are associated with the selected application container.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click View Reports.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
15
Working with the Cisco VACS Self-Service Portal
Types of Reports
Step 3
Step 4
The View Report dialog box appears.
Choose the report type from the Report Type drop-down list.
Click Submit.
After clicking Submit, a pop-up window that appears , displays the corresponding report.
Types of Reports
Cisco VACS generates the following types of reports for each container that you create:
• Summary Report —This report lists the container details including the name, template type, and the date
it was created and provides consolidated information about all the provisioned VMs and their status in
the container.
• Detailed Report without Credentials—This report lists the VM name and type, the resource consumption
details (disk size, memory, and CPU), details of the network interface, hostname and status, and port
mappings for the container without specific credentials.
• Detailed Report with Credentials—This report lists the VM name and type, resource consumption details
(disk size, memory, and CPU), hostname and status, details of the network interface, and port mappings
for the container along with the specific credentials.
Powering on the Application Container
Using the Self-Service Portal, you can power on an application container.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Power On Container.
The Power On Container dialog box that appears, displays the VMs that have been provisioned.
Step 3
Select the VM that you want to power on and click Submit.
The Submit Result confirmation box appears.
Step 4
Click OK.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
16
Working with the Cisco VACS Self-Service Portal
Powering off the Application Container
Powering off the Application Container
Using the Self-Service Portal, you can power off an application container.
Step 1
Step 2
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Power Off Container.
The Power Off Container dialog box that appears, displays the VMs that have been provisioned.
Step 3
Select the VM that you want to power off and click Submit.
The Submit Result confirmation box appears.
Step 4
Click OK.
Adding Virtual Machines
Using the Self-Service Portal you can add a virtual machine (VM) exclusively for any of the deployed
application containers available for a user in a defined group.
Note
Step 1
Step 2
Step 3
The Online Help link provides you access to the product documentation corresponding to adding virtual
machines.
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Add VMs.
In the Manage VMs dialog box, complete the following fields:
Name
Description
Security Zone drop-down list
Choose a security zone.
VM Name field
Enter a unique name for the virtual machine, up to 32
characters long. The complete virtual machine name will
include the name provided in this field, the zone name and
the container name.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
17
Working with the Cisco VACS Self-Service Portal
Adding Virtual Machines
Name
Description
VM Image drop-down list
Choose a virtual machine image to deploy from the list.
The list contains the virtual machine templates that are
present on the chosen vCloud account. If the list is empty,
then the chosen vCloud account does not have any
templates.
Note
1 The drop-down list shows only the VM
templates which are added to one of the hosts
on the datacenter where Virtual Machines are
deployed.
2 If the drop-down list does not show the added
VM templates, you must perform inventory
collection to display them : Virtual >
Compute > Polling > Request Inventory
Collection.
Number of Virtual CPUs drop-down list
Choose the number of vCPUs that are required for the
newly created VM.
Memory drop-down list
Choose the memory that is required for the newly created
VM.
VM Password Sharing Option drop-down list
Choose the virtual machine password sharing option:
• Do not share
• Share after password reset
• Share template credentials
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
18
Working with the Cisco VACS Self-Service Portal
Deleting Virtual Machines
Name
Description
VM Network Interfaces table
Choose the virtual machine network interface from the list
of interfaces.
Click+ to add an interface.
To add an interface, do the following:
Name
Description
VM Network Interface
Name field
Enter a unique name for the
VM network interface.
Select the Network
drop-down list
Choose the network to
which the Network
Interface Card (NIC) should
be attached.
Adapter Type drop-down Select the appropriate
list
adapter type.
Click Submit.
Number of VM instances field.
Step 4
Enter the number of virtual machine instances to provision
to an existing container.
Click Submit.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the workflow.
Deleting Virtual Machines
Using the Self-Service Portal, you can delete workload VMs from a selected application container that has
been deployed and the VMs that have been provisioned.
Step 1
Step 2
Step 3
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Delete VMs.
The Delete VMs dialog box that appears, displays the VMs that have been provisioned.
Check the checkbox against the VMs that you choose to delete. and click Submit.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the Workflow.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
19
Working with the Cisco VACS Self-Service Portal
Configuring Static NAT to the Virtual Machines
Step 4
(Optional) Click Close to cancel the deletion.
Configuring Static NAT to the Virtual Machines
Static NAT mappings are required for allowing the outside public IP addresses to reach the virtual machines
that are inside the container. The static NAT screen allows you to specify the outside public IP address and
map it to the private IP address of the virtual machine. To configure Static NAT to the workload virtual
machines, use the following procedure:
Note
The static NAT operation is applicable only if the IP type = Private. If you try to configure this feature
on a container whose IP type=public, then you will get an error message and cannot proceed with the
configuration.
Note
The Online Help link provides access to the product documentation corresponding to configuring Static
NAT.
Step 1
Step 2
Step 3
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Static NAT.
In the Static NAT dialog box, click the checkbox for each provisioned VM that require Static NAT enablement.
If none of the workload VMs are provisioned on the container, the Static NAT screen is be empty. If the workload VMs
are already provisioned, this screen displays the VMs with check boxes next to each of them.
Step 4
Click Submit.
Note
If Private addressing was specified in the container template, Cisco VACS will provision NAT overloading
to allow internal VMs with private addresses to initiate connections to the outside, during the container
provisioning.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the workflow.
Configuring ERSPAN
Traffic to and from individual virtual machines can be monitored using the encapsulated remote switched
port analyzer (ERSPAN) feature after workload virtual machines are provisioned. ERSPAN is generally
enabled on a per veth for interface basis for troubleshooting. You must supply an ERSPAN destination for
forwarding and analyzing traffic. Use the following procedure to enable ERSPAN to the workload VMs:
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
20
Working with the Cisco VACS Self-Service Portal
Configuring ERSPAN
Note
Step 1
Step 2
Step 3
Step 4
Step 5
The Online Help link provides access to the product documentation corresponding to configuring ERSPAN.
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click ERSPAN.
The Cisco VACS ERSPAN Configuration wizard appears.
In the ERSPAN Destination IP address Specification screen specify the Destination IP Address for forwarding and
analyzing traffic.
If ERSPANs are already present, they are displayed in the Destination IP Address Report table in this screen. This
table also lists the ERSPAN session ID and the corresponding Destination IP address.
Click Next to proceed to the ERSPAN Configuration screen.
In the ERSPAN Configuration screen, complete the following details:
Name
Description
VM Name drop-down list
Choose the workload VM that you want to monitor.
NIC Name drop-down list
Choose the VM NIC attached to the workload VM.
Rx Tx Both drop-down list
Choose the direction of the traffic that you want to monitor.
The options are:
1 Receive direction (Rx)
2 Transmit direction (Tx)
3 Both directions (Both)
Step 6
Step 7
Step 8
Click Submit to add the entry to the VM NIC Configuration table.
Note
You can also edit, delete, or move an entry up and down using the respective
icons.
Click Submit in the ERSPAN Configuration screen to submit the ERSPAN configuration request. The service request
is submitted to the workflow to configure the ERSPAN monitoring.
Upon successful execution of the workflow, the ERSPAN session will be visible from ERSPAN screen after a few
minutes. You can view the status of the service request from the Service Requests screen under the Services Menu.
1 If you want to stop an existing ERSPAN session, check the checkbox corresponding to the Destination IP
Note
address and Session ID, delete the VM NIC configuration, and click Submit.
2 You cannot change the session ID and the session type (Rx, Tx, or Both) when a session is configured
through the ERSPAN configuration. To change these details, you must first delete the session and then create
a new session.
Click Submit.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the workflow.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
21
Working with the Cisco VACS Self-Service Portal
Managing Firewall Policies
Managing Firewall Policies
Cisco Virtual Application Container Services (Cisco VACS) allows you to modify existing firewall access
control lists (ACLs) rules. This includes adding new ACL rules and modifying or deleting existing ACL rules.
In a firewall policy, you can change only the ACLs that are defined for a container. You cannot add new zones
or modify existing zones.
Note
The Online Help link available within the wizard provides access to the product documentation
corresponding to managing firewall policies.
Viewing Firewall ACL Rules
You can view existing ACL rules associated with a firewall policy that is defined for a container.
Note
Step 1
Step 2
Step 3
The Online Help link provides access to the product documentation corresponding to managing firewall
policies.
On the menu bar, choose Virtual Resource > Application Containers.
Select the appropriate Application Container and click Firewall Policy.
The Edit Firewall dialog box appears.
The PNSC Firewall Specification screen displays the policy name and description. Click Next.
The PNSC-ACL Rules screen appears. You can view the existing PNSC ACL rules.
Adding Firewall ACL Rules
You can add new ACL rules to a firewall policy that is defined for a container.
Note
Step 1
Step 2
Step 3
The Online Help link provides access to the product documentation corresponding to managing firewall
policies.
On the menu bar, choose Virtual Resource > Application Containers.
Select the appropriate Application Container and click Firewall Policy.
The Edit Firewall dialog box appears.
The PNSC Firewall Specification screen displays the policy name and description. Click Next.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
22
Working with the Cisco VACS Self-Service Portal
Adding Firewall ACL Rules
The PNSC-ACL Rules screen appears.
Step 4
In the PNSC-ACL Rules screen, click the + icon to add a new PNSC ACL rule.
The Add Entry to PNSC ACL Rules screen appears.
Step 5
In the Add Entry to PNSC ACL Rules screen, complete the following fields:
Name
Description
Name field
Enter a unique name for the PNSC ACL rule.
This name can be an alpha-numeric and special character set between 2-32
characters long.
Description field
Enter a description for the PNSC ACL rule. This description can be less than or
equal to 256 characters long.
Action drop-down list
Choose an action to take if the rule conditions are not met. The available options
are:
• Drop—Drops traffic or denies access.
• Permit—Forwards traffic or allows access.
• Reset—Resets the connection.
Condition Match Criteria
drop-down list
Choose the condition match criteria. The available options are:
• Choose match-all for the ACL Policy Rule to match all the conditions (AND).
• Choose match-any for the ACL Policy Rule to match any one condition (OR).
Protocol/Service drop-down list
Choose between protocol or service.
Service table
In a given protocol if you want to specify any application service related port
number to be opened, then you must choose this . Currently, Cisco UCS Directors
supports http and https.
Note
This option appears if you choose
Service.
To add a service, click the + icon to add an entry to the service table and complete
the following fields:
• From the Operator drop-down list. choose the operator. The available options
are: Equals and Not equals.
• From the Protocol drop-down list. choose the protocol.
• From the Service drop-down list, choose the service. The available options
are: http and https.
• In the Port field, enter the application service related port number.
• Click Submit to add the entry to the list of zone conditions.
You can edit or delete an existing service.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
23
Working with the Cisco VACS Self-Service Portal
Editing Firewall ACL Rules
Name
Description
Any Protocol check box
To apply the rule to any protocol, check the Any check box.
Note
Source Conditions table
This option appears if you choose
Protocol.
Click the + icon to add an entry to the source conditions table and complete the
following fields:
• From the Attribute Type drop-down list, choose the attribute : Network,
VM, or Zone.
• From the Attribute Name drop-down list, choose the name.
• From the Operator drop-down list, choose the operator : Range or Equals
or Not Equals or Prefixed by or Range.
• In the Attribute Value field, enter the corresponding value.
• Click Submit to add the entry to the list of zone conditions.
Destination Conditions table
Click the + icon to add an entry to the destination conditions table and complete
the following fields:
• From the Attribute Type drop-down list, choose the attribute : Network,
VM, or Zone.
• From the Attribute Name drop-down list, choose the name.
• From the Operator drop-down list, choose the operator : Range or Equals
or Not Equals or Prefixed by or Range.
• In the Attribute Value field, enter the corresponding value.
• Click Submit to add the entry to the list of zone conditions. The new ACL
rule is added to the list of zone conditions and is listed at the end of the existing
list.
Step 6
Step 7
Click the Up arrow icon to move the newly created ACL rule in an ascending order.
Click Submit.
Editing Firewall ACL Rules
Cisco Virtual Application Container Services (Cisco VACS) allows you to modify existing firewall ACL
rules.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
24
Working with the Cisco VACS Self-Service Portal
Deleting Firewall ACL Rules
Note
Step 1
Step 2
Step 3
The Online Help link provides access to the product documentation corresponding to managing firewall
policies.
On the menu bar, choose Virtual Resource > Application Containers.
Select the appropriate Application Container and click Firewall Policy.
The Edit Firewall dialog box appears.
The PNSC Firewall Specification screen displays the policy name and description. Click Next.
The PNSC-ACL Rules screen appears.
Step 4
In the PNSC-ACL Rules screen, select the PNSC ACL rule that you want to edit, and click the edit (pencil) icon.
The Edit Entry to PNSC ACL Rules screen appears.
Step 5
In the Edit Entry to PNSC ACL Rules screen, modify the corresponding fields, and click submit.
Step 6
Step 7
Click the Up or down arrow icon to move the modified ACL rule in an ascending or descending order.
Click Submit.
Deleting Firewall ACL Rules
Cisco Virtual Application Container Services (Cisco VACS) allows you to delete existing ACL rules.
Note
Step 1
Step 2
Step 3
The Online Help link provides access to the product documentation corresponding to managing firewall
policies.
On the menu bar, choose Virtual Resource > Application Containers.
Select the appropriate Application Container and click Firewall Policy.
The Edit Firewall dialog box appears.
The PNSC Firewall Specification screen displays the policy name and description. Click Next.
The PNSC-ACL Rules screen appears.
Step 4
In the PNSC-ACL Rules screen, click the delete (x) icon to delete an existing PNSC ACL rule.
The Delete PNSC ACL Rules Entry confirmation box appears.
Step 5
Click Submit to delete the selected PNSC ACL rule.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
25
Working with the Cisco VACS Self-Service Portal
Deleting Application Containers
Deleting Application Containers
Using the Self-Service Portal you can delete any of the deployed application containers. When you delete an
application container, all the associated resources are deleted automatically.
Step 1
Step 2
Step 3
Step 4
On the menu bar, choose Virtual Resources > Application Containers.
Select the appropriate Application Container and click Delete Container.
The Delete Container dialog box confirming the deletion appears.
Click Submit to proceed with the deletion.
After clicking Submit, a pop-up window that appears , displays a service request number that can be used to track the
progress of the workflow.
(Optional) Click Close to cancel the deletion.
Cisco Virtual Application Container Services Self-Service Portal User Guide, Release 5.2STV1.1
26