Cisco Prime Network Services Controller (Prime Network Services Controller) is the primary management element for
Cisco Nexus 1000V (Nexus 1000V) Switches and Services that can enable
a transparent, scalable, and automation-centric network management solution for
virtualized data center and hybrid cloud environments.
Nexus 1000V switches and services deliver a highly
secure multitenant environment by adding virtualization intelligence to the
data center network. These virtual switches are built to scale for cloud
networks. Support for Virtual Extensible LAN (VXLAN) helps enable a highly
scalable LAN segmentation and broader virtual machine (VM) mobility.
Prime Network Services Controller enables the centralized management of
Cisco virtual services to be performed by an administrator, through its GUI, or
programmatically through its XML API.
Prime Network Services Controller is built on an information-model
architecture in which each managed device is represented by its subcomponents
(or objects), which are parametrically defined. This model-centric approach
enables a flexible and simple mechanism for provisioning and securing
virtualized infrastructure using
Cisco VSG and
Cisco Adaptive Security
Appliance 1000V (ASA 1000V) Cloud Firewall virtual security
services.
InterCloud
With Cisco
Nexus 1000V InterCloud, the enterprise network can
be securely extended to the cloud, with its enterprise network and security
configurations such as VLANs and policies extended to the cloud. Using
Prime Network Services Controller, workloads can be migrated from the
enterprise data center to the public cloud while retaining the same IP
addresses and other networking parameters, thus avoiding the need to redesign
the application.
Using
Prime Network Services Controller, workloads in the public cloud can use
the same security policies as their counterparts in the enterprise data center.
System administrators get the policy consistency and network visibility that
they require while retaining control of the cloud environment as a transparent
extension of the enterprise data center.
With
Prime Network Services Controller, customers have a unified view of the
workloads across the enterprise data center (private cloud) and public cloud.
They can select and migrate workloads from the enterprise data center to the
public cloud.
Hypervisor
Support
The
Prime Network Services Controller platform supports multiple VM Managers
through their APIs and through tight integration with
Nexus 1000V
Virtual Supervisor
Modules (VSMs) and Virtual Ethernet Modules (VEMs).
Consistent and
Efficient Security Policies
Prime Network Services Controller uses security profiles for
template-based configuration of security policies. A security profile is a
collection of security policy sets and integrated policies and rules that can
be predefined and applied on demand at the time of virtual machine
instantiation. This profile-based approach significantly simplifies authoring,
deployment, and management of security policies, including dense multi-tenant
environments, while enhancing deployment agility and scaling. Security profiles
also help reduce administrative errors and simplify audits.
The XML API for
Prime Network Services Controller facilitates integration with
northbound network provisioning tools for programmatic network and security
provisioning and management of
Cisco VSG (VSG) and
ASA 1000V. The option of programmatic control of
those virtual appliances can greatly simplify operational processes and reduce
infrastructure management costs.
Nondisruptive
Administration Model
By providing visual
and programmatic controls,
Prime Network Services Controller can enable the security operations
team to author and manage security policies for virtualized infrastructure and
enhance collaboration with the server and network operations teams. This
nondisruptive administration model helps ensure administrative segregation of
duties to reduce errors and simplify regulatory compliance and auditing:
- Network administrators can
author and manage port profiles, and manage
Nexus 1000V switches. Port profiles with
referenced security profiles are available in VMware vCenter through the
Nexus 1000V
VSM programmatic interface with VMware
vCenter.
Efficient Management
for Easier Scalability
Prime Network Services Controller implements an information-model
architecture in which each managed device, such as
VSG or Cisco
ASA 1000V, is represented by the device's
object-information model. This model-based architecture helps enable the use
of:
-
Dynamic device
allocation—A centralized resource management function manages pools of devices
that are commissioned (deployed) in service and a pool of devices that are
available for commissioning. This approach simplifies large-scale deployments
because managed devices can be preinstantiated and then configured on demand,
and devices can be allocated and deallocated dynamically across commissioned
and noncommissioned pools.
The following table
describes the features and benefits of
Prime Network Services Controller.
Table 1 Features and
BenefitsFeatures
|
Description
|
Benefits
|
InterCloud
Management
|
Prime Network Services Controller extends your enterprise data center
into a public cloud through the configuration and management of InterCloud
resources.
|
-
Provides
secure connections to the cloud via InterCloud links using VMware ESXi
hypervisors.
-
Enables easy
creation of templates and VMs on the cloud.
-
Supports
high availability across the InterCloud link.
|
Multiple-Device
Management
|
Prime Network Services Controller provides central management of
VSG and
ASA 1000V for
Nexus 1000V switches.
|
Simplifies
provisioning and troubleshooting in a scaled-out data center.
|
Security
Profiles
|
A security
profile represents the
VSG or
ASA 1000V security policy configuration in a
profile (template).
|
Simplifies
provisioning, reduces administrative errors during security policy changes,
reduces audit complexities, and helps enable a highly scaled-out data center
environment.
|
Stateless
Device Provisioning
|
The
management agents in
VSG and
ASA 1000V are stateless, receiving information
from
Prime Network Services Controller.
|
|
Security
Policy Management
|
Security
policies are authored, edited, and provisioned centrally.
|
|
Context-Aware
Security Policies
|
Prime Network Services Controller obtains virtual machine contexts
from VMware vCenter.
|
Allows a
security administrator to institute highly specific policy controls across the
entire virtual infrastructure.
|
Dynamic
Security Policy and Zone Provisioning
|
Prime Network Services Controller interacts with the
Nexus 1000V
VSM to bind the security profile to the
corresponding
Nexus 1000V port profile. When virtual machines
are dynamically instantiated by server administrators and appropriate port
profiles applied, their association with trust zones is also established.
|
Helps enable
security profiles to stay aligned with rapid changes in the virtual data
center.
|
Multi-Tenant
(Scale-Out) Management
|
Prime Network Services Controller is designed to manage
VSG and
ASA 1000V security policies in a dense
multi-tenant environment so that administrators can rapidly add and delete
tenants and update tenant-specific configurations and security policies.
|
Reduces
administrative errors, helps ensure segregation of duties in administrative
teams, and simplifies audit procedures.
|
Role-Based
Access Control (RBAC)
|
RBAC
simplifies operational tasks across different types of administrators, while
allowing subject-matter experts to continue with their normal procedures.
|
|
XML-Based API
|
Prime Network Services Controller XML API allows external system
management and orchestration tools to programmatically provision
VSG and
ASA 1000V.
|
|