Presentation is loading. Please wait.

Presentation is loading. Please wait.

VRealize ACI Plugin.

Published byBethanie Mitchell Modified over 8 years ago

Similar presentations

Presentation on theme: "VRealize ACI Plugin."— Presentation transcript:

1 vRealize ACI Plugin

2 Provision Network and VMWare Compute resources simultaneously

3 Bringing the Compute (VMWare) team closer to the Network (ACI) team

4 Value For Customers Integrate with existing vRealize installs
Speed up deployment time of ACI network Offer tiered service levels Faster application deployment times Consistent, orchestrator driven policy Compute provision networking dynamically

5 What Is vRealize?

6 What Is vRealize? Two products bundled together in a suite
vRealize Orchestrator vRealize Automation

7 vRealize Orchestrator (vRO)
The work horse of the suite Plugins integrate 3rd party devices No tenancy model Terminology: Workflows Similar to Cisco UCSD

8 vRealize Automation (vRA)
Catalog service layered over vRO workflows Provides Multi-Tenancy Previously known as vCAC Terminology: Blueprints Similar to Prime Services Catalog

9 vRO workflows work without vRA
vRealize Orchestrator provides a workflow that vRealize Automation consumes vRA Blueprint vRO Workflow

10 vRealize Suite vRealize Automation (vRA 6.x)
vRealize Orchestrator (vRO 6.x) Level Of Abstraction vCenter Plugin APIC Plugin vSphere SDK APIC REST API Compute Network & Services

11 Workflow Trace – APIC Plugin
INPUT – Create Network Network Name Subnet DVS/VMM-Domain Name

12 Workflow Trace – APIC Policies
APIC Plugin INPUT – Create Network Network Name Subnet DVS/VMM-Domain Name APIC POLICIES CREATED in APIC by plugin Tenant Application Profile (AP) End Point Group (EPG) L3 Context/VRF (CTX) L2 Bridge Domain (BD) Association of EPG to DVS/VMM-Domain

13 Workflow Trace – APIC Policies
APIC Plugin INPUT – Create Network Network Name Subnet DVS/VMM-Domain Name APIC POLICIES CREATED in APIC by plugin Tenant Application Profile (AP) End Point Group (EPG) L3 Context/VRF (CTX) L2 Bridge Domain (BD) Association of EPG to DVS/VMM-Domain vCenter Resources created by APIC PortGroup for Tenant Network/EPG in specified DVS

14 Network Plans

15 Similar to Amazon VPC Bring your own IP address space Extend your private cloud to public Similar to Default Plan in Amazon You need network service but don’t care about what IP addresses.

16 Features Shared Network Virtual Private Network Isolated Networks Firewall Shared Load Balancer Shared Services Public Internet Access Private Address Space

17 In Practice Shared Bridge Domain is in common VPC
Bridge Domain is in Tenant

18 Shared Network Plan vRealize Tenant user can create EPG(Network) and Security Policy (Contract). All EPGs are in the BD default in common tenant. VRF: default (in common tenant) Tenant-Pepsi Tenant-Coke Tenant-Common L3out: default BD1 /24 App DB Web C App DB Web C BD: default /24

19 Virtual Private Network Plan
vRealize Tenant user can create Bridge Domain in addition to EPG and Contract. For L3out connectivity, the EPG needs to be leaked into the common BD. Tenant-Coke Tenant-Pepsi Tenant-Common VRF VRF VRF: vpcDefault BD-Coke /24 BD: vpcDefault /24 BD-Pepsi /24 Web App DB Web App DB C L3out: vpcDefault C C C C

20 Service Blueprints Service Blueprints act on the Network (ACI) only

21 Service Blueprints Admin: Tenant: Create APIC Handles
Create VMM Domains Create Tenants Create Subnets in Common Create L4-7 Devices Create EPGs Create Contracts Provide Contracts Consume Contracts Consume L3Outs Consume L4-7 Devices

22 Example logical topology
Create Network - Shared Example logical topology Bridge Domain: default Primary Gateway /24 web-host1 EPG: web-hosts ANP: default VRF: default Tenant: coke Tenant: Common

23 Attach L3 Example logical toplogy Outside EPG: defaultInstP
External Host /24 Outside Node-101/eth1/5 Node-102/eth1/5 EPG: defaultInstP Bridge Domain: default web-host1 EPG: web-hosts Contract = Allow Communication Primary Gateway /24 ANP: default VRF: default Tenant: coke Tenant: Common

24 Machine Blueprints create Compute and Network resources simultaneously

25 No more placing the NIC into the right portgroup

26 Admin: Tenant: Create Machine Blueprint Web Create Machine Blueprint App Create Machine Blueprint DB Deploy Machine Web Deploy Machine App Deploy Machine DB Deploy Multi-Machine Web-App-DB

27 Single Machine – Web Tier
Example logical topology Bridge Domain: default Primary Gateway /24 web-XX EPG: web-XX XX ANP: default VRF: default Tenant: green Tenant: Common

28 Multi-Machine – 3 Tier Example logical topology Outside
Node-101/eth1/5 EPG: defaultInstP Bridge Domain: default Contract = Allow Communication Contract = Allow Communication Contract = Allow Communication EPG: db-xx EPG: app-xx EPG: web-xx ANP: default Primary Gateway /24 VRF: default Tenant: green Tenant: Common

29 vRA IPAM

30 vRealize Can Provide IPAM Using Network Profiles

31 Installation

32 Prerequisites ie. Day 0 Operations
Fabric bring-up Access Policies L3 Out Configuration Service Graph Templates/Devices Security Domains/Tenant User AEP

33 Fabric Bring-Up and Access Policies
Brazos based image required (1.2+) Bring up the fabric as usual – all topologies are supported Configure access policies between Leaf switches and ESXi Hosts – as usual ensure there is CDP/LLDP enabled between leaf and host.

34 L3 Out Configuration Create any L3 Out configurations in the Common Tenant that you wish to be consumed in User Tenants Name the L3 Out policy anything you like Critical: External EPG must be named “[L3OutName]InstP” Create two policies “default” for shared plan, “vpcDefault” for VPC plan

35 Security Domains / Users
vRealize plugin will require TWO user accounts Account ONE needs administrative privileges i.e. can create/read/update/destroy objects in the Common Tenant, Access Policies, and VMM Domains. Account TWO needs restricted Tenant privileges i.e. can only read Common Tenant and VMM Domains, but can CRUD objects in their own tenant. RBAC rules are enforced through APIC not the Plugin

36 The Plugin Package vRealize Automation (vRA) Plugin
vRealize Orchestrator (vRO) Plugin

37 Utils Gets Troubleshooting logs
Installs restart/rmapic on Automation Appliance

38 Builds setup specific Templates
Services Builds setup specific Templates Push templates to APIC

39 vRO Plugin - Install Follow the install guide in the documentation
Tips: Make sure services are all running on vRealize appliance Enabling vco configuration server By default the server is stopped – SSH to application VM and ‘service vco-configurator start’ Plugin Upload Browser issues: Chrome and Safari won’t allow upload of .dar Does plugin say “Installation ok” Version Mismatch: Need to reset plugin numbering Corrupted Installation: Full plugin removal using script

40 vRO Plugin – Install (cont.) Verification
Cisco APIC Plugin appears on left hand tab Orchestrator Client Switch to Design mode Under packages check com.cisco.apic package is present Under workflows check Cisco APIC workflows folder and workflows are present

41 Troubleshooting

42 vRO Troubleshooting - Running
Must add at least TWO APIC handles vRO Inventory View ONLY Tenants that have been “Added” via vRO will show in the inventory – even if they already exist on APIC you need to add them again Inventory is collected using permissions of APIC handle – if you can’t see it on APIC then vRO can’t see it Run Workflow by Clicking green arrow String inputs are case sensitive (e.g. make sure to spell VMM domain correctly) Logs are available for each run APIC exceptions are passed up to vRO (e.g. user does not have RBAC permission)

43 vRO Troubleshooting – Running (cont.)
Collecting Logs: Handy script included with package apic-vrealize <build>/utilsl/get_logs.sh Collects /var/lib/vco/configuration/logs/catalina.out /var/lib/vco/app-server/logs/catalina.out /var/lib/vco/app-server/logs/server.log

44 vRA Troubleshooting – Running
Must add at least TWO APIC handles (can be done in vRO) Must add at least one Tenant (can be done in vRO) Request Blueprint: String text boxes are case sensitive again View Request state via “Requests” Click view details to see parameters Status should read “Successful” – if it says “Failed” check out the vRO logs

45 vRA Troubleshooting – Running (cont.)
The vRA blueprint calls a vRO workflow If the vRA blueprint fails check the corresponding workflow Connection between vRA – vRO can fail “Failed to retrieve form from provider” – refresh connection between vRA and vRO using Advanced Services

46 vRA Troubleshooting – Running (cont.)
Machine Prefixes: These MUST be equal for the multi-machine workflow to work If you provision a single machine it will increment and cause an issue Go to Infrastructure > Blueprints > Machine Prefixes

Download ppt "VRealize ACI Plugin."

Similar presentations

Service Manager 2012 Overview

Service Manager 2012 Overview
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
© 2010 VMware Inc. All rights reserved Cloud Andy Steven: Enterprise Cloud Architect Northern EMEA

© 2010 VMware Inc. All rights reserved Cloud Andy Steven: Enterprise Cloud Architect Northern EMEA
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Introduction to XTMv WatchGuard Training.

Introduction to XTMv WatchGuard Training.
NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.

NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.

Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
........ Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.

Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.
Additional SugarCRM details for complete, functional, and portable deployment.

Additional SugarCRM details for complete, functional, and portable deployment.
System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.

System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Similar presentations

Ads by Google