- Overview
- Installing the Cisco VSG and the Cisco Prime NSC-Quick Start
- Installing Cisco Prime Network Services Controller
- Installing the Cisco VSG
- Registering Devices With the Cisco Prime NSC
- Installing the Cisco VSG on a Cisco Cloud Services Platform Virtual Services Appliance
- Upgrading the Cisco VSG and the Cisco Prime NSC
- Examples of Cisco Prime NSC OVA Template Deployment and Cisco Prime NSC ISO Installations
Installing the Cisco VSG
This chapter contains the following sections:
- Information About the Cisco VSG
- Prerequisites for Installing the Cisco VSG Software
- Obtaining the Cisco VSG Software
- Installing the Cisco VSG Software
- Configuring Initial Settings
- Verifying the Cisco VSG Configuration
- Where to Go Next
Information About the Cisco VSG
This section describes how to install and complete the basic configuration of the Cisco VSG for VMware vSphere software.
Host and VM Requirements
Cisco VSG and Supported Cisco Nexus 1000V Series Device Terminology
The following table lists the terminology is used in the Cisco VSG implementation.
Term |
Description |
---|---|
Distributed Virtual Switch (DVS) |
Logical switch that spans one or more VMware ESX servers. It is controlled by one VSM instance. |
ESXi |
Virtualization platform used to create the virtual machines as a set of configuration and disk files. |
NIC |
Network interface card. |
Open Virtual Appliance or Application (OVA) file |
Package that contains the following files used to describe a virtual machine and saved in a single archive using .TAR packaging: |
Open Virtual Machine Format (OVF) |
Platform-independent method of packaging and distributing Virtual Machines (VMs). |
vCenter Server |
Service that acts as a central administrator for VMware ESXi hosts that are connected on a network. vCenter Server directs actions on the VMs and the VM hosts. |
Virtual Ethernet Module (VEM) |
Part of the Cisco Nexus 1000V Series switch that switches data traffic. It runs on a ESX/ESXi host. Up to 64 VEMs are controlled by one VSM. All the VEMs that form a switch domain should be in the same virtual data center as defined by the VMware vCenter Server. |
Virtual Machine (VM) |
Virtualized x86 PC environment in which a guest operating system and associated application software can run. Multiple VMs can operate on the same host system concurrently. |
VMotion |
Practice of migrating virtual machines live from server to server. (The Cisco VSGs cannot be moved by VMotion.) |
vPath |
Component in the Cisco Nexus 1000V Series switch with a VEM that directs the appropriate traffic to the Cisco VSG for policy evaluation. It also acts as fast path and can short circuit part of the traffic without sending it to the Cisco VSG. |
Virtual Security Gateway (VSG) |
Cisco software that secures virtual networks and provides firewall functions in virtual environments using the Cisco Nexus 1000V Series switch by providing network segmentation. |
Virtual Supervisor Module (VSM) |
Control software for the Cisco Nexus 1000V Series distributed virtual device that runs on a virtual machine (VM) and is based on Cisco NX-OS. |
vSphere Client |
User interface that enables users to connect remotely to the vCenter Server or ESXi from any windows PC. The primary interface for creating, managing, and monitoring VMs, their resources, and their hosts. It also provides console access to VMs. |
Prerequisites for Installing the Cisco VSG Software
The following components must be installed and configured:
On the Cisco Nexus 1000V Series switch, configure two VLANs, a service VLAN, and an HA VLAN on the switch uplink ports. (The VLAN does not need to be the system VLAN.)
- On the Cisco Nexus 1000V Series switch, configure two port profiles for the Cisco VSG: one for the service VLAN and the other for the HA VLAN. (You will be configuring the Cisco VSG IP address on the Cisco VSG so that the Cisco Nexus 1000V Series switch can communicate with it.)
Details about configuring VLANs and port profiles on the Cisco Nexus 1000V Series switch are available in the Cisco Nexus 1000V Series switch documentation.
Obtaining the Cisco VSG Software
You can obtain the Cisco VSG software files at this URL:
http://www.cisco.com/en/US/products/ps13095/index.htmlInstalling the Cisco VSG Software
You can install the Cisco VSG software on a VM by using an open virtual appliance (OVA) file or an ISO image file from the CD. Depending upon the type of file that you are installing, use one of the installation methods described in the following topics
- Installing the Cisco VSG Software from an OVA File
- Installing the Cisco VSG Software from an ISO File
Installing the Cisco VSG Software from an OVA File
To install the Cisco VSG software from an OVA file, obtain the OVA file and either install it directly from the URL or copy the file to the local disk from where you connect to the vCenter Server.
-
Specify a name for the new Cisco VSG that is unique within the inventory folder and has up to 80 characters.
-
Know the name of the host where the Cisco VSG will be installed in the inventory folder.
-
Know the name of the datastore in which the VM files will be stored.
-
Know the names of the network port profiles used for the VM.
-
Know the Cisco VSG IP address.
-
Know the mode in which you will be installing the Cisco VSG:
Step 1 | Choose the host on which to deploy the Cisco VSG VM. | ||
Step 2 | Choose . | ||
Step 3 | In the Deploy OVF Template—Source window, do the following: | ||
Step 4 | In the Deploy OVF Template—OVF Template Details window, review the product information including the size of the file and the VM disk and then click Next. | ||
Step 5 | In the Deploy OVF Template—End User License Agreement window, click Accept after reviewing the end user license agreement, and then click Next. | ||
Step 6 | In the Deploy OVF Template—Name and Location window, do the following: | ||
Step 7 | In the
Deploy
OVF Template—Deployment Configuration window, do the following:
| ||
Step 8 | In the Disk Format dialog box, choose the radio button for the selected format and click Next. | ||
Step 9 | In the Host or Cluster window, choose the host where the Cisco VSG will be installed, and then click Next. | ||
Step 10 | From the Select a datastore field in which to store the VM files pane, choose your datastore, and then click Next. | ||
Step 11 | Click the drop-down arrows for Data (Service), Management, and HA to associate port profiles, and then click Next. | ||
Step 12 | In the
Deploy
OVF Template—Properties window, do the following:
| ||
Step 13 | In the
Ready
to Complete window, review the deployment settings information.
| ||
Step 14 | Click
Finish. The
Deploying Nexus 1000VSG dialog box opens.
The progress bar in the Deploying Nexus 1000VSG dialog box shows how much of the deployment task is completed before the Cisco PNSC is deployed. | ||
Step 15 | Wait and click Close after the progress indicator shows that the deployment is completed successfully. | ||
Step 16 | Power on the Cisco VSG VM. | ||
Step 17 | If you chose the Standalone mode for installation earlier, you now see the Cisco VSG login prompt. Log in with your Cisco VSG administration password. You may now proceed with configuring the Cisco Virtual Security Gateway. For details, see the Cisco Virtual Security Gateway for VMware vSphere Configuration Guide. | ||
Step 18 | If you chose the
manual installation in the Configuration field earlier, see
Configuring Initial Settings
to configure the initial settings on the
Cisco
VSG.
|
Installing the Cisco VSG Software from an ISO File
You can install the Cisco VSG from an ISO file.
-
Specify a name for the new Cisco VSG that is unique within the inventory folder and has up to 80 characters.
-
Know the name of the host where the Cisco VSG will be installed in the inventory folder.
-
Know the name of the datastore in which the VM files will be stored.
-
Know the names of the network port profiles used for the VM.
-
Know the Cisco VSG IP address.
Step 1 | Upload the Cisco Virtual Security Gateway ISO image to the vCenter datastore. | ||
Step 2 | From the data
center in the vSphere Client menu, choose your ESXi host where you want to
install the Cisco VSG and choose
New
Virtual Machine.
For VM requirements, see the Host and VM Requirements. For detailed information about how to create a VM, see the VMware documentation. | ||
Step 3 | In the Create New Virtual Machine dialog box, do the following: | ||
Step 4 | In the
Create
New Virtual Machine dialog box, do the following:
| ||
Step 5 | In the Datastore dialog box, choose your datastore from the Select a datastore and then click Next. | ||
Step 6 | In the
Virtual
Machine Version dialog box, click the
Virtual
Machine Version.
| ||
Step 7 | In the Guest Operating System dialog box, do the following: | ||
Step 8 | In the
CPUs dialog box, choose 1 socket with 2 cores or 2
sockets each with one core, and then click
Next.
By default, the Cisco VSG virtual machine deployed with OVA has only one1 vCPU. You can choose 2 vCPUs. For an older version of the ESX hosts, you can directly select the number of vCPUs. | ||
Step 9 | In the Memory dialog box, choose 2 GB memory size, and then click Next. | ||
Step 10 | In the
Create
Network Connectors dialog box, do the following:
| ||
Step 11 | Click
Next. The
SCSI
Controller dialog box opens.
The radio button for the default SCSI controller is chosen. | ||
Step 12 | Click
Next. The
Select
a Disk dialog box opens.
The radio button for the default disk is chosen. | ||
Step 13 | Click
Next. The
Create
a Disk dialog box opens.
The default virtual disk size and policy is chosen. | ||
Step 14 | Click
Next. The
Advanced Options dialog box opens.
The default options are chosen. | ||
Step 15 | Click Next. The Ready to Complete dialog box opens. | ||
Step 16 | Review your settings in the Settings for the new virtual machine area. | ||
Step 17 | Check the Edit the virtual machine before completion check box and click Continue to open a dialog box with the device details. | ||
Step 18 | In the Work pane, choose your New CD/DVD (adding) in the Hardware area. | ||
Step 19 | Click Datastore ISO File, and select your ISO file from the drop-down list. | ||
Step 20 | In the work
pane, check the
Connect at power on check box and click
Finish.The
Summary
tab window opens.
The Create virtual machine status completes. | ||
Step 21 | From the vSphere Client menu, choose your recently installed VM. | ||
Step 22 | In the work pane, click Power on the virtual machine. | ||
Step 23 | Click the
Console tab to view the VM console. Wait for the
Install Virtual Firewall and bring up the new image to boot.
See the Configuring Initial Settings section to configure the initial settings on the Cisco VSG.
|
Configuring Initial Settings
This section describes how to configure the initial settings on the Cisco VSG and configure a standby Cisco VSG with its initial settings. For configuring a standby Cisco VSG, see Configuring Initial Settings on a Standby Cisco VSG section.
When you power on the Cisco VSG for the first time, depending on which mode you used to install your Cisco VSG, you might be prompted to log in to the Cisco VSG to configure initial settings at the console on your vSphere Client. For details about installing Cisco VSG, see Installing the Cisco VSG Software in this chapter.
The following table determines if you must configure the initial settings as described in this section.
Your Cisco Virtual Security Gateway Software Installation Method |
Do You Need to Proceed with “Configuring Initial Settings”? |
---|---|
Installing an OVA file and choosing Manually Configure Nexus 1000 VSG in the configuration field during installation. |
Yes. Proceed with configuring initial settings described in this section. |
Installing an OVA file and choosing any of the options other than the manual method in the configuration field during installation. |
No. You have already configured the initial settings during the OVA file installation. |
Installing an ISO file. |
Yes. Proceed with configuring initial settings described in this section. |
Configuring Initial Settings on a Standby Cisco VSG
You can add a standby Cisco VSG by logging in to the Cisco VSG you have identified as secondary and using the following procedure to configure a standby Cisco VSG with its initial settings.
Step 1 | Navigate to the Console tab in the VM. Cisco Nexus 1000V Series switch opens the Console window and boots the Cisco VSG software. | ||
Step 2 | At the Enter the password for "admin" prompt, enter the password for the admin account and press Enter. | ||
Step 3 | At the prompt, confirm the admin password and press Enter. | ||
Step 4 | At the Enter HA role[standalone/primary/secondary] prompt, enter the secondary HA role and press Enter. | ||
Step 5 |
At the Enter the ha id(1-4095) prompt, enter 25 for the HA pair id and press Enter.
| ||
Step 6 | At the VSG login prompt, enter the name of the admin account you want to use and press Enter. The default account name is admin. | ||
Step 7 | At the Password prompt, enter the name of the password for the admin account and press Enter. You are now at the Cisco VSG node. |
Verifying the Cisco VSG Configuration
To display the Cisco VSG configuration, perform one of the tasks:
Command |
Purpose |
---|---|
show interface brief |
Displays brief status and interface information. |
show vsg |
Displays the Cisco VSG and system-related information. |
This example shows how to verify the Cisco VSG configurations:
vsg# show interface brief -------------------------------------------------------------------------------- Port VRF Status IP Address Speed MTU -------------------------------------------------------------------------------- mgmt0 -- up 10.193.77.217 1000 1500 vsg# show vsg Model: VSG HA ID: 3437 VSG software version: 5.2(1)VSG2(2.1) build [5.2(1)VSG2(2.1)] PNSC IP: 10.193.75.73
Where to Go Next
After installing and completing the initial configuration of the Cisco VSG, you can configure firewall policies on the Cisco VSG through the Cisco PNSC.