Installing the Cisco Prime Network Services Controller
This chapter contains the following sections:
Information About the Cisco PNSC
The Cisco Prime Network Services Controller (Cisco PNSC) is a virtual appliance that provides centralized device and security policy management for Cisco virtual services. Designed to support enterprise and multiple-tenant cloud deployments, the Cisco PNSC provides transparent, seamless, and scalable management for securing virtualized data center and cloud environments.
The dynamic nature of cloud environments requires organizations to apply and enforce frequent changes to networks. These networks can consist of thousands of virtual services elements, such as firewalls, load balancers, routers, and switches. Cisco PNSC simplifies operations with centralized, automated multi-device and policy management for Cisco network virtual services.
Cisco PNSC is the primary management element for Cisco Nexus 1000V (Nexus 1000V) switches and services that can enable a transparent, scalable, and automation-centric network management solution for virtualized data center and hybrid cloud environments. Nexus 1000V switches and services deliver a highly secure multi-tenant environment by adding virtualization intelligence to the data center network. These virtual switches are built to scale for cloud networks. Support for Virtual Extensible LAN (VXLAN) helps enable a highly scalable LAN segmentation and broader virtual machine (VM) mobility.
Cisco PNSC enables the centralized management of Cisco virtual services to be performed by an administrator, through its GUI, or programmatically through its XML API. Cisco PNSC is built on an information-model architecture in which each managed device is represented by its sub-components (or objects), which are parametrically defined. This model-centric approach enables a flexible and simple mechanism for provisioning and securing virtualized infrastructure using Cisco VSG and Cisco Adaptive Security Appliance 1000V (ASA 1000V) Cloud Firewall virtual security services.
In addition, Prime Network Services Controller supports Cisco Cloud Services Router 1000V (CSR 1000V) edge routers, and Citrix NetScaler 1000V and Citrix NetScaler VPX load balancers. This combination of virtual services brings numerous possibilities to customers, enabling them to build virtual data centers with all of the required components to provide best-in-class cloud services.
For detailed information on how to install Cisco Prime Network Services Controller, see Cisco Prime Network Services Controller 3.4 Installation Guide.
Installation Requirements
Cisco PNSC System Requirements
Hypervisor Requirements
Web-Based GUI Client Requirements
Requirement |
Description |
---|---|
Operating system |
|
Browser |
Any of the following browsers: |
Flash Player |
Adobe Flash Player plugin 11.9 or higher |
Firewall Ports Requiring Access
If Cisco PNSC is protected by a firewall, the following ports on the firewall must be open so that clients can contact Cisco PNSC.
Requirement |
Description |
---|---|
22 |
TCP |
80 |
HTTP |
443 |
HTTPS |
843 |
Adobe Flash |
6644, 6646 |
TCP, UDP |
Cisco Nexus 1000V Series Switch Requirements
Requirement |
Notes |
---|---|
General |
|
The procedures in this guide assume that the Cisco Nexus 1000V Series switch is up and running, and that endpoint Virtual Machines (VMs) are installed. |
— |
VLANs |
|
|
Neither VLAN needs to be the system VLAN. |
Port Profiles |
|
One port profile configured on the Cisco Nexus 1000V Series Switch for the service VLAN. |
— |
Information Required for Installation and Configuration
Required Information | Your Information/Notes |
---|---|
For Preinstallation Configuration |
|
ISO or OVA image location |
|
ISO or OVA image name |
|
Network / Port Profile for VM management 1 |
|
VM instance name |
|
KVM flavor name |
|
KVM Instance Security Group |
|
VMware datastore location |
|
For Prime Network Services Controller Installation |
|
IP address For OpenStack environments, use the IP address that is assigned to the Prime Network Services Controller instance in OpenStack. |
|
Subnet mask |
|
Hostname |
|
Domain name |
|
Gateway IP address |
|
DNS server IP address |
|
NTP server IP address |
|
Admin password |
|
Shared secret password for communication between Prime Network Services Controller and managed VMs. (See Shared Secret Password Criteria.) |
Shared Secret Password Criteria
A shared secret password is a password that is known only to those using a secure communication. Passwords are designated strong if they cannot be easily guessed for unauthorized access. When you set a shared secret password for communications between the Cisco PNSC, Cisco VSG, and VSM, adhere to the following criteria for setting valid, strong passwords:
Configuring Chrome for Use with Cisco PNSC
To use Chrome with Cisco PNSC, you must disable the Adobe Flash Player plugins that are installed by default with Chrome.
Note | Because Chrome automatically enables Adobe Flash Player plugins each time the system reboots, you must perform this procedure each time your client machine reboots. |
OpenStack Installation Overview
You install Cisco PNSC on OpenStack by using the ISO image. The installation time varies from 10 to 20 minutes depending on the host and the storage area network load.
- Configuring OpenStack for Cisco PNSC
- Installing Cisco PNSC on OpenStack KVM
- Rebooting Cisco PNSC from OpenStack
Configuring OpenStack for Cisco PNSC
-
Confirm that you have met the requirements in Requirements Overview. OpenStack Havana is required for Cisco PNSC, Release 3.4 functionality.
Note
Although you can install Cisco PNSC, Release 3.4 on OpenStack Grizzly, you will not have access to release 3.4 functionality unless you use OpenStack Havana.
-
Gather the information required for configuration as identified in Information Required for Configuration and Installation.
-
Confirm that you have admin privileges.
-
Confirm that the Cinder service is up and running.
-
Create a project on which to install Cisco PNSC.
-
Create a Cinder volume with the size of 20 GB.
-
Configure a security group that allows TCP, UDP, and ICMP traffic with Cisco PNSC.
For information on how to configure these items, see the OpenStack documentation at docs.openstack.org.
What to Do Next
Install Cisco PNSC as described in Installing Prime Network Services Controller on OpenStack KVM.
Installing Cisco PNSC on OpenStack KVM
-
All system requirements are met as specified in System Requirements.
-
Confirm that you have admin privileges.
-
You have configured the hypervisor for the Cisco PNSC installation procedure.
-
A VM has been created for Cisco PNSC and has network access.
-
You can access the VM console.
-
You have the IP address for the instance launched in OpenStack.
Note | For information on how to configure these items, see the OpenStack documentation at docs.openstack.org. |
Note | For more information on how to install Cisco PNSC, see Cisco Prime Network Services Controller 3.4 Installation Guide. |
What to Do Next
Reboot the Cisco PNSC from OpenStack, see Cisco Prime Network Services Controller 3.4 Installation Guide.
Rebooting Cisco PNSC from OpenStack
If you reboot a Cisco PNSC instance from the OpenStack Horizon UI, the reboot operation fails and the console contains a message stating that no bootable image can be found. This situation occurs for instances that were created using an ISO image, such as Cisco PNSC.
In OpenStack, the first time an instance is created by using an ISO image and rebooted, the root device name is set to /dev/hda. After the instance is created, the bootable image is located on hda. However, with the implementation of hard and soft reboot options in OpenStack, the disk definitions change. As a result, a bootable image cannot be found for the Cisco PNSC instance.
To reboot Cisco PNSC in OpenStack, use either of the following procedures:
Rebooting Cisco PNSC Without an Image
Use this procedure to reboot a Cisco PNSC instance in OpenStack. For more information about OpenStack, see http://docs.openstack.org/.
Step 1 | Create a flavor with the following attributes: |
Step 2 | Using either
the Horizon GUI or the CLI, create one volume (vda) for
Cisco PNSC
and one volume (vdb) for storing imported images.
To use the CLI, enter the following commands: cinder create --display-name vda-name 20 cinder create --display-name vdb-name 200 |
Step 3 | Using the CLI,
boot the instance and install
Cisco PNSC
as follows:
|
Step 4 | Terminate the instance created in Step 3 to remove the instance while retaining the required two volumes. |
Step 5 | To boot the
Cisco PNSC
instance, enter the
boot command without the
--image parameter and using the correct volume IDs:
nova boot --flavor=flavor-id --nic net-id=network-id,v4-fixed-ip=pnsc-ip --block-device-mapping vda=vda-id:::0 --block-device-mapping vdb=vdb-id:::0 pnsc-image-name |
Rebooting Cisco PNSC by Changing the Disk Files
Use this procedure to reboot a Cisco PNSC instance in OpenStack. For more information about OpenStack, see http://docs.openstack.org.
Step 1 | Create a flavor with the following attributes: The ephemeral disk will act as the Cisco PNSC system disk. |
Step 2 | Using either
the Horizon UI or the CLI, create one volume (vdb) for storing imported images.
To use the CLI, enter the following command: cinder create --display-name vdb-name 200 |
Step 3 | Using the CLI,
boot the instance and install
Cisco PNSC
by entering the following command:
nova boot --flavor=flavor-id --image=image-id --nic net-id=network-id,v4-fixed-ip=pnsc-ip --block-device-mapping vdb=volume-id:::0 pnsc-image-name |
Step 4 | When prompted, disconnect from the media source and click Reboot. Cisco PNSC is then installed on the VM. |
Step 5 | Change the disk
files by entering the following commands:
mv /var/lib/nova/instance-uuid/disk /var/lib/nova/instance-uuid/disk.tmp ln -s /var/lib/nova/instance-uuid/disk.local /var/lib/nova/instance-uuid/disk |