Installing Cisco Prime Network Services Controller

This chapter contains the following sections:

Information About the Cisco PNSC

The Cisco Prime Network Services Controller (Cisco PNSC) is a virtual appliance that provides centralized device and security policy management for Cisco virtual services. Designed to support enterprise and multiple-tenant cloud deployments, the Cisco PNSC provides transparent, seamless, and scalable management for securing virtualized data center and cloud environments.

Installation Requirements

Cisco PNSC System Requirements

Requirement

Description

Virtual Appliance

Four Virtual CPUs

1.8 GHz for each virtual CPU

Memory

4 GB RAM

Disk Space

One of the following, depending on InterCloud functionality:

  • With InterCloud functionality, 220 GB on shared network file storage (NFS) or storage area network (SAN), and configured on two disks as follows:

    • Disk 1: 20 GB
    • Disk 2: 200 GB
  • Without InterCloud functionality, 40 GB on shared NFS or SAN, and configured on two disks as follows:

    • Disk 1: 20 GB
    • Disk 2: 20 GB

Management interface

One management network interface

Processor

x86 Intel or AMD server with 64-bit processor listed in the VMware compatibility matrix.

Note   

You can find VMware compatibility guides at http:/​/​www.vmware.com/​resources/​compatibility/​search.php.

   

VMware

VMware vSphere

5.5, 6.0, and 6.5a with VMware ESXi (English only)

VMware vCenter

5.5, 6.0, and 6.5a with VMware ESXi (English only)

   

Interfaces and Protocols

HTTP/HTTPS

Lightweight Directory Access Protocol (LDAP)

   

Intel VT

Intel Virtualization Technology (VT)

Enabled in the BIOS

Hypervisor Requirements

Cisco PNSC is a multi-hypervisor virtual appliance that can be deployed on VMware vSphere.

For more information on VMware compatibility with your hardware platform, see the VMware Compatibility Guide.

Table 1 Hypervisor Requirements
Requirement Description

VMware

VMware vSphere

5.5, 6.0, and 6.5a with VMware ESXi (English only)

VMware vCenter

5.5, 6.0, and 6.5a with VMware ESXi (English only)


Note


Cisco PNSC running as a virtual machine with version 3.4.1b and later can be hosted on VMware vSphere ESXi 6.0 hosts that are managed by VMware vCenter Server 6.0.


Web-Based GUI Client Requirements

Requirement

Description

Operating system

Any of the following:
  • Microsoft Windows

  • Apple Mac OS

Browser

Any of the following browsers:

  • Internet Explorer 10.0 or higher
  • Mozilla Firefox 26.0 or higher
  • Google Chrome 32.0 or higher
Note   

If you are running Firefox or IE and do not have Flash, or you have a version of Flash that is older than 11.9, a message displays asking you to install Flash and provides a link to the Adobe website.

Note   

Before using Google Chrome with Cisco PNSC, you must disable the Adobe Flash Players that are installed by default with Chrome. For more information, see Configuring Chrome for Use with Prime Network Services Controller.

Flash Player

Adobe Flash Player plugin 11.9 or higher

Firewall Ports Requiring Access

Requirement

Description

22

TCP

80

HTTP/TCP

443

HTTPS

843

Adobe Flash

Information Required for Configuration and Installation

Before installation, collect the following information:

Required Information Your Information/Notes

For Preinstallation Configuration

ISO or OVA image location

 

ISO or OVA image name

Network / Port Profile for VM management 1

VM name

VMware datastore Location

 

For Prime Network Services Controller Installation

IP address

Subnet mask

Hostname

Domain name

Gateway IP address

DNS server IP address

NTP server IP address

Admin password

Shared secret password for communication between Prime Network Services Controller and managed VMs. (See Shared Secret Password Criteria.)

1 The management port profile is the same port profile that is used for Cisco Virtual Supervisor Module (VSM). The port profile is configured in VSM and used for the Prime Network Services Controller management interface.

Shared Secret Password Criteria

A shared secret password is a password that is known to only those using a secure communication channel. Passwords are designated as strong if they cannot be easily guessed for unauthorized access. When you set a shared secret password for communications between , VSG, and VSM, adhere to the following criteria for setting valid, strong passwords:

  • Do not include special characters or spaces.

  • Make sure your password contains the characteristics of strong passwords and avoids the characteristics of weak passwords as described in the following table:

Strong Passwords

Weak Passwords

  • At least eight characters.

  • Contain characters from at least three of the following classes: lowercase letters, uppercase letters, and numbers.

  • Consecutive alphanumeric characters, such as abcd or 123.

  • Characters repeated three or more times, such as aaabbb.

  • A variation of the word Cisco, such as cisco, ocsic, or one that changes the capitalization of letters in the word Cisco.

  • The username or the username in reverse.

  • A permutation of characters present in the username or Cisco.

Examples of strong passwords are:

  • If2CoM18

  • 2004AsdfLkj30

  • Cb1955S21

  • Es1955Ap

Configuring Chrome for Use with Prime Network Services Controller

To use Chrome with Prime Network Services Controller, you must disable the Adobe Flash Player plugins that are installed by default with Chrome.


Note


Because Chrome automatically enables Adobe Flash Player plugins each time the system reboots, you must perform this procedure each time your client machine reboots.


Procedure
    Step 1   In the Chrome URL field, enter chrome://plugins.
    Step 2   Click Details to expand all the files associated with each plugin.
    Step 3   Locate the Adobe Flash Player plugins, and disable each one.
    Step 4   Download and install Adobe Flash Player plugin version 11.9 or higher.
    Step 5   Close and reopen Chrome before logging in to Prime Network Services Controller.

    ESXi Server Requirement

    You must set the clock to the correct time on all ESXi servers that will run Cisco PNSC, ASA 1000V instances, Cisco VSG, or VSM. If you do not set the correct time on the server, the Cisco PNSC CA certificate that is created when the Cisco PNSC VM is deployed might have an invalid time stamp. An invalid time stamp can prevent you from successfully registering ASA 1000V instances to the Cisco PNSC.

    After you set the clock to the correct time on all ESXi servers that run the Cisco PNSC, you can, as an option, set the clock on the Cisco PNSC as follows:
    • If you set the clock manually, be sure to enter the correct time zone as a Coordinated Universal Time (UTC) offset.

    • If you set the clock by synchronizing with the Network Time Protocol (NTP), you can select the UTC time zone.

    VMware Installation Overview

    You can install Prime Network Services Controller on VMware by using either an ISO or an OVA image. The installation time varies from 10 to 20 minutes, depending on the host and the storage area network load.

    To install Prime Network Services Controller on VMware, complete the following tasks:

    Task Comments

    1. Configuring VMware for Prime Network Services Controller

    Required for ISO installations only.

    2. Installing Prime Network Services Controller

    Use the procedure appropriate for your environment:

    3. Performing VMware Post-Installation Tasks

    Required for all installations.

    Installing Prime Network Services Controller Using the OVA Image

    This procedure describes how to deploy the Prime Network Services Controller OVA image on VMware.

    Before You Begin
    • Set your keyboard to United States English.

    • Confirm that the Prime Network Services Controller OVA image is available from the VMware vSphere Client.

    • Make sure that all system requirements are met.

    • Gather the information identified in Information Required for Configuration and Installation.

    Procedure
      Step 1   Using the VMware vSphere Client, log in to the vCenter server.
      Step 2   Choose the host on which to deploy the Prime Network Services Controller VM.
      Step 3   Right-click Host and select  Deploy OVF Template from the Pop-up menu.
      Step 4   In the wizard, provide the information as described in the following table:
      Screen Action

      Source

      Choose the Prime Network Services Controller OVA.

      OVF Template Details

      Review the details.

      End User License Agreement

      Review the agreement and click Accept.

      Name and Location

      Enter a name and choose a location for the template.

      Deployment Configuration

      Choose Installer.

      Datastore

      Select the data store for the VM. The storage can be local or shared remote, such as NFS or SAN.

      Disk Format

      Choose either Thin provisioned format or Thick provisioned format to store the VM virtual disks.

      Network Mapping

      Choose the management network port group for the VM.

      Properties

      Address any errors that are indicated in red colored text below a selection box. You can enter placeholder information as long as your entry meets the field requirements.

      A. IP Address

      VM management IP address.

      B. IP Netmask

      VM subnet mask.

      C. Gateway

      Gateway IP address.

      D. DNS

      • VM hostname

      • VM domain

      • DNS server IP address

      E. NTP

      NTP server IP address.

      F. Operation Mode

      • Standalone—Operates as a standalone VM.

      • Orchestrator—Integrates through an orchestrator with a northbound application.

      Note    Prime Network Services Controller does not support Orchestrator mode.

      G. Passwords

      • Administrator password

      • Shared secret password

      H. Restore

      You can safely ignore the Restore fields.

      Ready to Complete

      Review the deployment settings.

      Caution    Any discrepancies can cause VM booting issues. Carefully review the IP address, subnet mask, and gateway information for accuracy.
      Step 5   Click Finish. A progress indicator shows the task progress until Prime Network Services Controller is deployed.
      Step 6   After Prime Network Services Controller is successfully deployed, click Close.
      Step 7   Power on the Prime Network Services Controller VM.

      Installing Prime Network Services Controller Using an ISO Image

      To install Prime Network Services Controller in a VMware environment using an ISO image, complete the tasks described in the following topics:

      1. Configuring VMware for Prime Network Services Controller

      2. Installing Prime Network Services Controller Using the ISO Image

      Configuring VMware for Prime Network Services Controller

      Before you install Prime Network Services Controller (PNSC) on VMware using an ISO image, you must configure a VM for Prime Network Services Controller. This procedure describes how to configure the VM so that you can install Prime Network Services Controller on it.

      Before You Begin
      Procedure
        Step 1   Download a Prime Network Services Controller ISO image to your client machine. In case of vSphere 6.5 and greater, upload the PNSC ISO image to datastore.
        Step 2   Open the VMware vSphere Client (for version 5.5 or 6.0) or Web client (version 6.5a).
        Step 3   Right-click the host on which to install the ISO image, and then choose New Virtual Machine.
        Step 4   Create a new VM by providing the information as described in the following table:

        Screen Action

        Configuration

        Choose Custom.

        Name and Location

        Enter a name and choose a location for the VM.

        Storage

        Choose the data store.

        Virtual Machine Version

        Choose Version 8.

        Guest Operating System

        Choose Linux and Red Hat Enterprise Linux 5 (64-bit).

        CPUs

        Set the number of virtual sockets to 4.

        Memory

        Set the memory to 4 GB.

        Network

        1. Set the number of NICs to 1. A single NIC is required for Prime Network Services Controller.

        2. Choose a NIC.

        3. From the Adapter drop-down list, choose E1000. Prime Network Services Controller supports only E1000 adapters.

        SCSI Controller

        Choose LSI Logic Parallel.

        Select a Disk

        Choose Create a new virtual disk.

        Create a Disk

        1. Disk Size—Enter a minimum of 20 GB.

        2. Disk Provisioning—Choose Thin Provision or Thick Provision.

        3. Location—Specify the location of the data store.

        Advanced Options

        Specify options as needed.

        Step 5   For VMware vSphere version 5.5 and 6.0, in the Ready to Complete screen, review the information for accuracy, check the Edit the Virtual Machine Settings Before Completion check box, and then click Continue.
        Step 6   In the Virtual Machine Properties dialog box in the Hardware tab, do the following:
        1. Click Memory and in the Memory Size field, choose 4 GB.
        2. Click CPUs and in the Number of Virtual Sockets field, choose 4.
        3. Click New Hard Disk and then click Add to create a new hard disk. The disk requires a minimum of 20 GB.
        4. Create an additional hard disk with 200 GB memory with thin provisioning. For VMware vSphere 6.5 webclient, choose the Network and ISO disk from the datastore and select the Connect check box.
        5. After you supply the information in the Add Hardware Wizard, click Finish to create the new disk and to return to the Virtual Machine Properties dialog box.
        6. For VMware vSphere 6.5 webclient, choose the Network for the VM. For the Image choose your uploaded ISO disk from datastore.
        Step 7   In the Options tab, choose Boot Options, check the Force BIOS Setup check box, and then click Finish.
        Step 8   After the new VM is created, power it on.
        Step 9   For VMware vSphere 5.5 and 6.0, mount the ISO to the VM CD ROM drive as follows:
        1. Right-click the VM and choose Open Console.
        2. From the VM console, click Connect/Disconnect the CD/DVD Devices of the virtual machine.
        3. Choose CD/DVD Drive 1.
        4. Choose Connect to ISO Image on Local Disk.
        5. Choose the ISO image that you downloaded in Step 1.

        What to Do Next

        Install Prime Network Services Controller as described in Installing Prime Network Services Controller Using the ISO Image.

        Installing Prime Network Services Controller Using the ISO Image

        This procedure describes how to install the ISO image on a VM that has been configured for Prime Network Services Controller.

        Before You Begin

        Confirm the following items:

        • All system requirements are met.

        • You have the information identified in Information Required for Configuration and Installation.

        • You have configured the hypervisor for the Prime Network Services Controller installation procedure.

        • A VM has been created for Prime Network Services Controller and has network access.

        • You can access the VM console.

        Procedure
          Step 1   Open the VM console if it is not already open. If you have just finished configuring the hypervisor, the Prime Network Services Controller installer displays within a few minutes.
          Step 2   In the Network Configuration screen, click Edit in the Network Devices area, enter the IP address and netmask for the Prime Network Services Controller VM, and click OK.
          Step 3   In the Network Configuration area, enter the hostname, domain name, and IP addresses for the gateway, DNS server, and NTP server.
          Step 4   In the Modes screen, choose the required modes, and click Next:
          • Prime Network Services Controller Operation Mode: Choose Standalone. This release of Prime Network Services Controller is available in Standalone mode only.

          • Prime Network Services Controller Configuration:

            • Prime Network Services Controller Installation—Choose if this is the initial Prime Network Services Controller installation on the VM.

            • Restore Prime Network Services Controller—Choose to restore a previous Prime Network Services Controller installation.

          Step 5   In the Administrative Access screen, enter the administrator and shared secret passwords with confirming entries.

          For information on creating a strong password, see Shared Secret Password Criteria.

          Note    If you configure a weak shared secret password, no error message is generated during entry here, but the shared secret password is not usable when the VM is started during the installation process.
          Step 6   In the Summary screen, confirm that the information is accurate, and then click Finish. Prime Network Services Controller installs on the VM. This takes a few minutes.
          Step 7   When prompted, disconnect from the media source and then click Reboot. For vSphere 6.5a Webclient, you need to power off the VM and edit the configuration to uncheck the Connect check box for ISO disk and then power on the VM again to complete the reboot. Prime Network Services Controller is then installed on the VM.
          Step 8   To confirm that Prime Network Services Controller is accessible, connect to Prime Network Services Controller through the console for the CLI or a browser for the GUI.