Configuring Extensions

Overview

The APIC policy model is available as a standalone extension on the CloudCenter platform and provides increased ease when creating ACI objects by allowing better, faster, and easier network isolation by:

  • Using Extensions on the CloudCenter platform, network administrators can access CloudCenter from the UI or the API to create, update, or delete the following objects:
    • Bridge domains
    • Virtual Machine Manager (VMM) domains
  • Allowing the consumption of newly-created bridge and VMM domains during the application deployment process or the deployment environment process without having to manually sync the configurations.

About Extensions

Once you configure an extension (procedure proved later in this page), select the cloud and cloud accounts in the Network Settings section to see that a configured network, such as Cisco ACI, is available for selection when configuring this deployment environment.

Configuring Extensions

When you have configured the cloud or datacenter resources (for example, the tasks listed in the ACI Integrations section), verify your network connectivity and launch a sample application to ensure everything is working from end-to-end. If all the requirements worked, you are ready to configure the extension from the CCM UI.

To configure an extension from the CCM UI, follow this procedure.

  1. Access the CCM UI and navigate to Admin > Extensions. The Extensions page displays and you can edit an existing extension or add a new extension as required for your ACI integration.

    The TYPE column in the Extensions page currently displays ACI for all extensions as this is the only type of extension that is currently accepted by the CloudCenter platform.

  2. Click Add Extension. The New ACI Extension page displays.
  3. Configure the following Cisco APIC endpoint information in the Connection Settings section:
    • The APIC Name
    • The APIC endpoint URL (HTTP or HTTPS)
    • The APIC access credentials (Username and Password)
    • The CCO used to manage this APIC endpoint (select the required CCO from the dropdown list)
  4. Click Connect to connect and save the ACI configuration information.
    1. The CloudCenter software validates the APIC endpoint connection and displays a status message displays at the top of this page.
    2. Once the APIC endpoint connects successfully, you also see the New ACI Extension page refresh to display the Bridge Domain Template section below the Connection Settings section. You can use this section to provide additional placement information. See the Bridge Domain Template section below for additional details.
  5. Click Save to save this new extension. The Extensions page refreshes to display the newly-configured extension to the list of configured and validated Extensions.

Launch the Configured ACI Extension

To launch the ACI integration in your cloud, follow this procedure.

  1. Access the CCM UI and navigate to Deployments. The Deployments page displays

  2. Click the Environments tab. The Deployments page refreshes to dis play the configured environments and you can edit an existing environment or add a new environment as required for your ACI integration.

  3. Click Add Environment. The New Deployment Environment page displays.

  4. In the General Settings section:
    1.  Provide the deployment environment Name
    2. Optionally, provide a Description.
    3. Identify if approval is required to deploy to this environment by switching On the button.
  5. In the Cloud Selection section:
    1. Select the checkbox for the required Cloud Region. This cloud region must be the same as the CCO cloud region (used to manage your new APIC extension in the above section).
    2. Select the Cloud Account from the dropdown list.
  6. Click Define Default Cloud Settings to define the Deployment Environment default settings for this cloud. See Deployment Environment Defaults for additional context.
     
  7. (Optional) Define the Networks Settings:
    1. Turn On the Use Network Types button. The Networks section expands to display the Network Types.
    2. Click + Network Type to add a new type. The New Network Type page displays.
      1. Provide the network type Name.
      2. Optionally, provide a Description.
      3. Configure the Network Settings. The available networks for this cloud are displayed in the Network Settings section.  The Network Settings section differs for each cloud.  
        •  VMware - Network Settings

          VMware Cloud Settings

          The following fields are available for VMware cloud regions.

          Select the required option from the dropdown lists for each field identified in the following table:

          FieldDescription
          DatacenterRequired. The name of the datacenter object in vSphere.
          Cluster

          Required.The name of the server group in this datacenter's virtual environment in vSphere where you want to deploy VMs.

          Datastore

          The list of DataStores (DS) from vSphere.

          Be aware that any datastore CLUSTERS that you want to use for the CloudCenter platform must have DRS enabled. Otherwise, the CloudCenter platform will not know the exact DataStore within a cluster to which you want to deploy VMs – as VMware APIs do not return a DataStore for this scenario. From a CloudCenter UI, you can select a datastore cluster OR a datastore, but not both (so you can’t select the datastore cluster and then select the datastore within the cluster) – so your datastore cluster must select the datastore with DRS.

          While you can select one of two DRS mode, be sure to select full-auto mode for CloudCenter deployments.

          Resource PoolThe default computing resources used to manage resource allocations between VMs. Use the default source pool name from vSphere where you need to deploy instances.
          Target Deployment Folder

          The default folders used to group objects of the same type for  management and VM deployment.

          Enable Full Clone

          If you make changes to the callouts or attributes for a Cloud Region, you must restart the CCO for the changes to take effect.

          If you use VM Template when configuring images for VMware cloud environments, be aware of the following settings.

          SettingDescription
          Full Clone
          • Use if you select an image that is mapped to a VM Template.
          • The full clone is performed on the source VM or VM template, the cloned VM can be on either datastore or datastore cluster that you specify.
          • You can use the Full clone option for both Snapshots and VM Templates.
          Linked Clone
          • Use if the image is mapped to a snapshot.
          • Add a folder in vSphere (to store your CloudCenter snapshots), name it CliqrTemplates, and add this snapshot to the CliqrTemplates folder.

          When you use a Snapshot, both the Linked Clone and Full Clone options are possible settings. See Configure Image IDs for additional context.

          To configure these settings, you should have already configured the following entities in VMWare:

          • A vmware cluster
          • A datastore cluster

          To configure the clone settings in the CloudCenter platform, select the Enable Full Clone (linked clone) checkbox

          Full Clone SettingDescription
          Selected

          CloudCenter creates a full disk clone of the VM.

          If the root size reflects the same size as the template, be sure to resize the partition once the instance is up and running.

          Not Selected (default)CloudCenter creates a thin clone which is faster but relies on the original VM disk being available in its original location.
          Root Disk Resizable

          You can only select the Root Disk Resizable if the Cloning Mode is set to Full Clone (Enable Full Clone = Selected).

          This feature is only available for VMware VMs.

          The CloudCenter platform provides the capability to resize the root disk for VMware VMs by a configurable setting to specify the root disk size based on the OS type. This configuration setting is similar to the data store cluster setting.

          When you initially provision the VM, you can define the base OS disk size in the instance type configuration for each VM. A default VM includes a base (root) OS disk and an ephemeral disk. Some enterprises may have a requirement in place to only use one disk instead of both disks.

          You can only increase (not reduce) the VM root disk size – The new root disk size should not be smaller than the default root disk size.

          For example, if the root disk size is 250 GB, then you can only resize the instance type to be greater than 250 GB. The instance size in this case cannot be less than 250 GB.

          To resize the root disk for new deployments, follow this procedure:

          1. Log in to the CCO VM.
          2. Issue the following command:
            touch /usr/local/osmosix/etc/.isRootDiskResizable
          3. Restart the Tomcat service.
          VMware Network Settings
          1. Toggle the Visibility  switch to determine if you want to allow your end users to use pre-configured settings.  
            • OFF: (Default) End users are not allowed to use preconfigured ACI extensions.
              1. Select the Network in the NIC section. See IP Allocation Mode for additional context on NIC configuration.
              2. Add additional NICs, if required.
            • ON: End users are allowed to use preconfigured ACI extensions.
              1. Select the required extension, the corresponding options are displayed in the dropdown list for the remaining fields (see Extensions for additional details):
              2. Select the APIC Extension from the dropdown list (see Extensions for additional details).
              3. Select the APIC Virtual Machine Manager (VMM) associated with this APIC Extension from the filtered dropdown list .
              4. Select the APIC Tenant associated with this APIC Extension from the filtered dropdown list.
          2. Select the Network in the NIC section.
            • If you select VMware, select the Network in the NIC section. See IP Allocation Mode for additional context on NIC configuration.
            • If you select Cisco ACI, select the type in the End Point Group (EPG) Type field.
              1. Existing EPG: If you select this type, you must further select a pre-existing EPG (that is already connected to one of the Bridge Domains) from the Existing EPG dropdown, which appears if you select this type.
              2. New EPG: If you select this type, you must further select a pre-existing Bridge Domain (to which this EPG must connect) from the Bridge Domain dropdown list.
              3. Bridge Domain Template: See Extensions for additional context.
          3. Add additional NICs, if required.
          SSH Options

          See SSH Options for additional context.

        •  AWS - Network Settings
          AWS Cloud Settings

          The Instance Profile field is optional – provide the Amazon Resource Name (ARN) used for the Instance Profile configured in your AWS Cloud account. If you specify the Instance Profile name, the CloudCenter platform launches VMs within the IAM role that is associated with the corresponding instance profile.

           

          AWS Network Settings
          1. Select the required option from the dropdown list for the VPC field. See AWS Configurations for additional context.
          2. Toggle the Visibility  switch to determine if you want to allow your end users to use pre-configured settings.  
            • OFF: (Default) End users are not allowed to associate the public IP with the NIC.
            • ON: End users are allowed to associate the public IP with the NIC.
          3. Select the required Network in the NIC section.
          4. The Private IP Allocation mode in the NIC section defaults to DHCP. The DHCP strategy allows the IP to be allocated by the DHCP server to the instance on server boot up. This IP address is not known prior to server boot up. See IP Allocation Mode for additional context on NIC configuration.
          5. Add additional NICs, if required.
        •  Azure - Network Settings

          Azure Cloud Settings

          You must configure the Virtual Network for Azure cloud regions. See Azure Configurations for additional context.

          Azure Network Settings
          1. Toggle the Visibility  switch to determine if you want to allow your end users to use pre-configured settings.  
            • OFF: (Default) End users are not allowed to associate the public IP with the NIC.
            • ON: End users are allowed to associate the public IP with the NIC.
          2. Select the required Subnet in the NIC section.
          3. Add additional NICs, if required.

        •  AzureRM - Network Settings
          AzureRM Cloud Settings

          Configure the following fields for AzureRM cloud regions to access the portal. 

          FieldDescription
          Resource GroupThe same region as your CCO. 
          Storage Account

          The reason to create two storage accounts is that, some instance types (for example, Standard_DS1, Standard_GS1) can use the premium storage account to enhance performance and use standard storage account. The other instance type can use the standard storage account only.

          Diagnostics

          CloudCenter users can view diagnostics provided by Azure Resource Manager from multiple places in the Azure console. The metrics and logs are stored in the related storage account.

          Microsoft has multiple settings to determine how metrics are collected (time interval) and to specify the metrics to be collected. CloudCenter uses the default Microsoft settings.

          Enable Availability Set

          All VMs within a cluster are placed in the same subnet. So all VMs inside the same Availability Set are placed in the same subnet. If you do not enable the Availability Set, an availability set is NOT created. To ensure high availability, the VM(s) placement in fault/update domains are not guaranteed to be in different domains. See Availability Sets and Zones for additional context.

          Virtual NetworkBased on the Resource Group and the CCO location.

           

          AzureRM Network Settings
          1. Toggle the Visibility  switch to determine if you want to allow your end users to use pre-configured settings.  
            • OFF: (Default) End users are not allowed to associate the public IP with the NIC.
            • ON: End users are allowed to associate the public IP with the NIC.
          2. Select the required Subnet in the NIC section.
          3. Add additional NICs, if required.
        •  OpenStack - Network Settings
           
          OpenStack Cloud Settings

          The following fields are available for OpenStack cloud regions.

          FieldDescription
          Cloud Tenant

          Multiple OpenStack tenants share cloud accounts in the CloudCenter platform. At deployment time, the CloudCenter platform allows you to select the required OpenStack tenant. You can create access key pairs in the OpenStack console so these key pairs are visible when submitting jobs using the CloudCenter platform.

          In this case, the concept of Tenant Name and Tenant ID is specific to the OpenStack cloud, not the CloudCenter platform. See OpenStack Configurations for additional context.

          Availability Zone(s)The default and/or additional Availability Zone(s) for this region. See Availability Sets and Zones for additional context.

           

          OpenStack Network Settings
          1. Toggle the Visibility  switch to determine if you want to allow your end users to use pre-configured settings.  
            • OFF: (Default) End users are not allowed to associate the public IP with the NIC.
            • ON: End users are allowed to associate the public IP with the NIC.
          2. Select the required Network in the NIC section.
          3. Select the Private IP Allocation mode in the NIC section. See IP Allocation Mode for additional context on NIC configuration.
            1. DHCP: (Default) This strategy allows the IP to be allocated by the DHCP server to the instance on server boot up. This IP address is not known prior to server boot up.
            2. Preallocate IP: This strategy allows the cloud infrastructure IP allocation to be dynamically provided before the server boots up.
          4. Add additional NICs, if required.

  8. Click Save to save this new deployment environment. The Environments page refreshes to display the newly-configured deployment environment to the list of configured and validated Environments.
  9.  Designate a Bridge domain from the ACI environment. The list of bridge domains is pulled from ACI. See the Bridge Domain Template section for additional context.

Bridge Domain Template

A bridge domain represents a Layer 2 forwarding construct within the fabric. The Bridge Domain template (Layer 2 space) is linked to an ACI Virtual Routing and Forwarding (VRF) template (Layer 3 space). See the Cisco ACI Fundamentals Guide for additional details.

From the CloudCenter context, the ACI integration requires a routable IP subnet to a New Tenant that is configured with Layer 3 Out for external internet connectivity. When configuring an ACI Extension as part of the Deployment Environment Defaults, you have the option to select Bridge Domain Template in the Cisco ACI, End Point Group (EPG) Type field.
If you do, you should have already configured the Bridge Domain Template so it displays in the dropdown list for that field.

CloudCenter administrators can create a Bridge Domain template to configure ACI extensions:

  • Each time CloudCenter admins configure an ACI extension, they also have the option to configure a Bridge Domain template.
  • The Layer 3 out connection to the external world is through the CloudCenter EPG Type selection. If you are deploying this instance into an existing EPG type, you do not need to update the subnet mask each time. 

  • To restrict this subnet from being accessed by any other network, update the subnet mask with the database tier ID in the Bridge Domain template. This way, the subnet is exposed to the world on this external network and allows the destination to be open to the DB node.

  • When connecting to the database tier, the database Layer 3 out is linked to one of the IP addresses displayed in a dropdown list — instead of allowing everyone to connect to a tier.

To add a Bridge Domain Template, follow this procedure.

  1. Access an ACI Extension as outlined in the section above (Admin > Extensions) and edit an existing extension. You can also opt to create a new extension in the process outlined above and continue to add a Bridge Domain Template as an extension of that process.
  2. In the Add ACI Extension page or Edit ACI Extension page, scroll down to the Bridge Domain Templates section.
  3. Click Add Template. The New Bridge Domain Template pages displays.
  4. Configure the following Bridge Domain Template details in the General Settings section:
    • Template Name: A name reference by which you can refer to this Bridge Domain template.
    • Bridge Domain Name Configuration: The exact name variable for the Bridge Domain that is used by the ACI.
    • VRF Selection:
      • Existing VRF: Select the VRF from the dropdown list. Templates are listed by tenant in the dropdown list, be sure to select the VRF template for the correct ACI tenant.

        Shared resources are saved in the Common tenant.

        When you select a VRF from a Common tenant (highlighted in the dropdown list image), that Bridge Domain Template can be selected by any tenant and consequently deployed to any other tenant. If you select a VRF that is specific to just one tenant, you can only deploy the Bridge Domain Template to just that tenant.

      • Dynamic VRF: Select a VRF that is provisioned for this APIC. The VRF hosts the Bridge Domain that is created using the Bridge Domain Template.
    • Associated L3 Outs: Optional. Depending on the tenant selected in the VRF settings, you can now associate the L3 Out networks from the Common tenant (or the selected tenant).
    • L3 Out for Route Profile: Optional. Depending on the tenant selected in the VRF settings, you can now select the desired L3 Out for route profile from the Common tenant (or the selected tenant).
    • DHCP Relay Label: Optional. Depending on the tenant selected in the VRF settings, you can now select the one or more DHCP relay labels from the Common tenant (or the selected tenant) that is applied to the new bridge domain.
  5. Configure the following network details in the Subnet section.
    • Scope: APIC concept – See the Cisco ACI Fundamentals Guide for additional details.
      • Private to VRFAn APIC setting that refers to a Private Network (context) is equivalent to a virtual routing and forwarding (VRF) instance in the networking world.
      • Advertised Externally: An APIC setting that refers to an EPG that provides a shared service must have its subnet configured under that EPG (not under a bridge domain), and its scope must be set to advertised externally, and shared between VRFs.
      • Shared between VRFs: An APIC setting that refers to shared subnets must be unique across the VRF involved in the communication. When a subnet under an EPG provides a Layer 3 external network shared service, such a subnet must be globally unique within the entire ACI fabric.
    • Subnet Control: APIC concept – See the Cisco ACI Fundamentals Guide for additional details.
      • ND RA Prefix: An APIC setting to control Neighbor Discovery (ND) – Router Advertisement (RA) message communications between an outside public or private network and the ACI fabric.
      • Querier IP: An APIC setting to enable Internet Group Management Protocol (IGMP) snooping on the subnet.
    • Subnet Pools: CloudCenter concept – Prevents any subnet in the pool from being wrongly reused. When you deploy a Bridge Domain Template on an application with multiple tiers, then each tier will use a different subnet from within this pool to ensure that the same subnet is not reused multiple times. If you deployment uses more subnets than are defined in this pool, the deployment will fail as all configured subnets are already used in this deployment.)
      • Master Subnet: The IP address of the first subnet in the tenant network.
      • Pool Subnet: A dropdown list to identify the last subnet in the tenant network.
      • Networks: This section automatically updates to reflect the number of networks in the pool based on the Master and Pool Subnet configurations.
      • You can add multiple subnet pools by clicking the Add Subnet Pool button.
      • Delete Icon: Allows you to delete a previously configured subnet pool from the CloudCenter platform.

        Once you add a subnet pool, you cannot update the pool. You can only delete the configured pool and add a new subnet pool.

  6. Click Save to save this new Bridge Domain Template along with the configured ACI extension. The Extensions page displays the Success message below the header to state the the extension is saved.

ACI Actions

Administrators can perform the following actions for each ACI extension listed in the Extensions page.

The Deployment Environment pages list configured information and allows you perform the following actions:

Actions Dropdown
Description
Edit

Change configurations for an existing extension. Once configured, you can only perform the following changes to an Extension:

  • Change the name of the ACI Extension – you cannot edit any other configured details for the extension
  • Add a new Bridge Domain Templates for the extension.
  • Delete a configured Bridge Domain Template.

See the Adding a Deployment Environment section (below) for additional details.

Share

Share an Extension. See Permission Control > Extension Permissions for details.

Delete

Delete an Extension .

If you choose to delete a configured Extension, the Delete Extension popup confirms your intention, deletes the configured Extension, and displays a status message at the top of the Extension page.

Troubleshooting

If you set the cliqrIgnoreAppFailure parameter (see Troubleshooting Parameters), then the APIC resources (ANP, EPGs, Contracts, and so forth) created using the CloudCenter platform are not removed if the deployment fails. The launched VMs and related APIC policies are only removed when the user terminates the deployment from the Deployments page. See Termination for additional context.