Getting Started with the Cisco ACI HTML5 vCenter Plug-in

Getting Started with the Cisco ACI HTML5 vCenter Plug-in

Getting started with the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in requires that you complete a series of steps:

Prerequisites for Installing the Cisco ACI HTML5 vCenter Plug-in

Fulfill the following prerequisites before you install the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in.

  • Ensure that you have a web server to host the Cisco ACI HTML5 vCenter plug-in file and that the VMware vCenter can reach it.

  • Ensure that a Windows server with the VMware PowerCLI module is installed to run the installation script.

  • Ensure that at least one virtual machine manger (VMM) domain exists between the Cisco APIC and the VMware vCenter where you will use the plug-in.

    For more information, see the Cisco Application Centric Infrastructure Fundamentals Guide.

  • Ensure that you have the following software installed:

    • VMware vSphere Client: Version 6.7 Update 2 or Version 7.0.

  • VMware vCenter: Cisco APIC supports any version of Linux Appliance and Windows Server that VMware supports. See VMware documentation for details.

  • Cisco APIC: Release 3.2(2x) and later.

  • VMware PowerCLI: Version 11.2.0 or later.

In addition, so you can use the Cisco ACI HTML5 vCenter plug-in after it is installed, ensure that you have VMware vCenter credentials.

Download the Cisco ACI HTML5 vCenter Plug-in Software (for releases prior to ACI HTML Plug-in Release 1.0.6)

This section describes how to download the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in. This procedure is applicable for releases prior to ACI HTML Plug-in release 1.0.6).

The following task is applicable for ACI HTML plug-in releases prior to release 1.0.6.

Before you begin

You must have completed the tasks in the section Prerequisites for Installing the Cisco ACI HTML5 vCenter Plug-in.

Procedure

Step 1

Go to the Application Policy Infrastructure Controller (APIC) Software Download page.

Step 2

In the Select a Software Type area, click ACI vCenter plugin.

Step 3

On the ACI vCenter plugin page, choose the desired release in the left-hand menu, and then choose and download the plug-in.

You must save the Cisco ACI HTML5 vCenter plug-in file on an HTTPS web server that the VMware vCenter can reach.

What to do next

Install the Cisco ACI HTML5 vCenter plug-in in VMware vCenter. See Install the Cisco ACI HTML5 vCenter Plug-in.

Download the Cisco ACI HTML5 vCenter Plug-in Software (for ACI HTML Plug-in Release 1.0.6)

This section describes how to download the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in.

The following task is applicable for ACI HTML plug-in release 1.0.6.

Before you begin

Complete the tasks in the section Prerequisites for Installing the Cisco ACI HTML5 vCenter Plug-in. Also, ensure that you have Python installed on your local machine. The minimum version required is Python 3. You can check if Python is installed on your machine using the following command: 


$ python3 --version
Python 3.9.6

Beginning with Cisco ACI HTML5 vCenter Plug-in release 1.0.6, the ACI HTML5 plug-in zip file used for installing the plugin on vCenter (vcplugin-1.0.6.zip) is enclosed inside an outer zip file, vcplugin-rel-1.0.6.zip. Ensure to use the inner vcplugin-1.0.6.zip file with the install script to successfully install vcplugin, 1.0.6 on vCenter.

Procedure

Step 1

Go to the Application Policy Infrastructure Controller (APIC) Software Download page.

Step 2

In the Select a Software Type area, click ACI vCenter plugin.

Step 3

On the ACI vCenter plugin page, choose the desired release in the left-hand menu, and then choose and download the plug-in (vcplugin-rel-1.0.6.zip).

Step 4

Unzip the outer vcplugin-rel-1.0.6.zip file to extract the contents: 


$ unzip vcplugin-rel-1.0.6.zip
Archive: vcplugin-rel-1.0.6.zip
extracting: vcplugin-1.0.6.zip
extracting: vcplugin-1.0.6.zip.signature
inflating: ACI_4070389ff0d61fc7fbb8cdfdec0f38f30482c22e.PEM inflating: cisco_x509_verify_release.py3

Step 5

Verify the signature.

Verify the signature for the release-key signed vcplugin image.


$ ./cisco_x509_verify_release.py3 -e ACI_4070389ff0d61fc7fbb8cdfdec0f38f30482c22e.PEM -i vcplugin-1.0.6.zip -s vcplugin-1.0.6.zip.signature -v dgst -sha512
Retrieving CA certificate from https://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully retrieved and verified crcam2.cer.
Retrieving SubCA certificate from https://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully retrieved and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from ACI_4070389ff0d61fc7fbb8cdfdec0f38f30482c22e.PEM.
Successfully verified the signature of vcplugin-1.0.6.zip using ACI_4070389ff0d61fc7fbb8cdfdec0f38f30482c22e.PEM

You must save the Cisco ACI HTML5 vCenter plug-in file on an HTTPS web server that the VMware vCenter can reach.

What to do next

Install the Cisco ACI HTML5 vCenter plug-in in VMware vCenter. See Install the Cisco ACI HTML5 vCenter Plug-in.

Install the Cisco ACI HTML5 vCenter Plug-in

This section describes how to install the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in so the VMware vCenter can deploy it.


Note

The installation process is different for ACI HTML Plug-in Release 1.0.6 and releases prior to release 1.0.6. Check for release-specific information, as indicated.

(for releases prior to ACI HTML Plug-in Release 1.0.6)

The plug-in (to install in VMware vCenter) is delivered in the format vcplugin-1.0.x.zip. You can also separately download the install/upgrade script, ACIPlugin-Install.ps1, and the uninstall script, ACIPlugin-Uninstall.ps1, from the same location as the plug-in file.

  • README: Contains installation instructions and references to the documentation.

  • vcenter-plugin-x.x.x.zip: Is the plug-in to install in VMware vCenter.

  • ACIPlugin-Install.ps1: Is the script to manage the installation and upgrade of the plug-in.

  • ACIPlugin-Uninstall.ps1: Is the script to manage uninstallation of the plug-in

(for ACI HTML Plug-in Release 1.0.6) The plug-in is delivered as a .zip archive in the format vcplugin-rel-x.x.x.zip. The archive includes the following:

  • vcplugin-x.x.x.zip: Is the plug-in to install in VMware vCenter

  • ACI_4070389ff0d61fc7fbb8cdfdec0f38f30482c22e.PEM : Public key for release signature validation

  • cisco_x509_verify_release.py3: Python script for signature validation

  • vcplugin-1.0.6.zip.signature : Signature file for plugin

  • Download the installation scripts separately from Cisco.com:

    • ACIPlugin-Install.ps1: Is the script to manage the installation and upgrade of the plug-in.

    • ACIPlugin-Uninstall.ps1: Is the script to manage uninstallation of the plug-in

Before you begin

Procedure

Step 1

Open a VMware PowerCLI console.

Step 2

Run the installation script by completing the following steps:

  1. Run the ACIPlugin-Install.ps1 script.

  2. When prompted, in the vCenter IP / FQDN field, enter the VMware vCenter where the plug-in needs to be installed.

  3. When prompted, In the Plugin .zip file URL field, enter the URL where the VMware vCenter will be able to download the plug-in.

    Ensure you have not renamed the .zip file.

  4. In the console pop-up window, enter your credentials for the VMware vCenter.

    You can use any VMware vCenter user credentials so long as you have the correct permissions to install the plug-in. Typically, you can use administrator credentials.

    VMware vCenter installs and registers the Cisco ACI HTML5 vCenter plug-in.

Note

 

During installation, you may see the following error on the console:

Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificationAction option to Prompt if you'd like to connect once or to add a permanent exception for this server.

To avoid seeing this error, enter the following command before installation:

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

Step 3

Log into the VMware vSphere Client after the installation is completed.

The first login can take a while because the VMware vCenter downloads the Cisco ACI HTML5 vCenter plug-in from the web server and then deploys it.

Once the VMware vSphere Client loads, you can see the Home page. You can access the Cisco ACI Fabric in the left navigation area or from the Menu drop-down list at the top of the page. The Cisco ACI Fabric link is where you begin to manage your allows you to manage your Cisco ACI fabric.

Note

 
After you install the Cisco ACI HTML5 vCenter plug-in, when you launch the VMware vSphere Client for the first time, you might see an error message asking you to reload the client. Click Reload to refresh the page; the error message will not appear again.

What to do next

Connect the Cisco ACI HTML5 vCenter plug-in to a Cisco ACI fabric. See Connecting the Cisco ACI HTML5 vCenter Plug-in to your Cisco ACI Fabric.

Connecting the Cisco ACI HTML5 vCenter Plug-in to your Cisco ACI Fabric

This section describes how to connect the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in to your Cisco ACI fabric. Once you have done so, you can use the plug-in to perform basic configurations in VMware vCenter.


Note
The registration is VMware vCenter-wide and it does not take into account the user that performs it. It is a configuration for the whole VMware vCenter, not just for the logged-in user who performs it.

You can connect the plug-in to your Cisco ACI fabric, using one of the following ways:


Note
If you connect using a previous login, you can connect only a fabric that you have connected to previously. Connecting with an IP address or a self-signed certificate enable you to connect to a fabric that you have not connected to previously as well as one you have connected to.

Connect the Cisco ACI HTML5 vCenter Plug-in with a Self-Signed Certificate

This section describes how to connect the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in to your Cisco ACI fabric using a self-signed certificate.

Before you begin

You must have fulfilled the requirements in the section Prerequisites for Installing the Cisco ACI HTML5 vCenter Plug-in.

Procedure

Step 1

Log into the VMware vSphere Client.

Step 2

Click Cisco ACI Fabric, either in the left navigation pane or from the Menu pull-down menu.

Step 3

In the upper right of the fabric work pane, click + FABRIC.

The Login to another Fabric dialog box appears. It enables you to choose an authentication method and register your fabric with VMware vCenter.

Step 4

In the Login to another Fabric dialog box, complete the following steps:

  1. In the APIC IP / FQDN area, in the APIC IP / FQDN field, enter your Cisco Application Policy Infrastructure Controller (APIC) IP address.

  2. In the Fabric Name field, enter a name for the new fabric.

  3. In the CREDENTIALS area, from the drop-down menu, choose Generate self-signed certificate.

  4. In the Username field, enter the username that you want to use for the certificate.

  5. In the Certificate name field, enter a name for the certificate.

  6. Click GENERATE.

    The dialog box displays a message that the certificate was generated successfully, followed by the text of the certificate itself.

  7. Copy the certificate, making sure to include -----BEGIN CERTIFICATE----- and -----end CERTIFICATE-----.

Step 5

Log in to Cisco APIC.

Do not log out of or close VMware vCenter.

Step 6

Go to Admin > AAA > Users.

Step 7

In the Users work pane, in the Login ID column, click admin.

The Local admin - user dialog box opens.

Step 8

Click the task icon at the upper right of the dialog box and then choose Create X509 Certificate from the drop-down menu.

Step 9

In the Create X509 Certificate dialog box, complete the following steps:

  1. In the Name field, enter the name of the certificate.

  2. In the Data field, paste the certificate that you copied earlier.

  3. Click Submit.

Step 10

In VMware vCenter, in the Login to another Fabric dialog box, click CHECK CONNECTION.

You should see a message saying that the connection was successful.

Step 11

In the message box, in the Passphrase field, enter a passphrase to encrypt the private key, which is stored in VMware vCenter.

Step 12

Click CONNECT TO APIC.

The work pane displays information about the fabric.

Step 13

Verify that the fabric is registered in vCenter:

  1. In the fabric work pane, open the ACI Tasks & Settings pane by clicking the clipboard icon at the upper right.

  2. Look at the queue of tasks and settings for a Register Fabric entry showing the name of the new fabric as an object and the time that the fabric was registered.

What to do next

See the other sections in this guide for information about Cisco ACI HTML5 vCenter plug-in and tasks that you can perform with the plug-in.

Connect the Cisco ACI HTML5 vCenter Plug-in with Your Username and Password

This section describes how to connect the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in to your Cisco ACI fabric using your Cisco Application Policy Infrastructure Controller (APIC) username and password.

Before you begin

You must have fulfilled the requirements in the section Prerequisites for Installing the Cisco ACI HTML5 vCenter Plug-in.

Procedure

Step 1

Log into the VMware vSphere Client.

Step 2

Click Cisco ACI Fabric, either in the left navigation pane or from the Menu pull-down menu.

Step 3

In the upper right of the fabric work pane, click + FABRIC.

The Login to another Fabric dialog box appears. It enables you to choose an authentication method and register your fabric with VMware vCenter.

Step 4

In the Login to another Fabric dialog box, complete the following steps:

  1. In the APIC IP / FQDN area, in the APIC IP / FQDN field, enter your Cisco APIC IP address.

  2. In the Fabric Name field, enter a name for the new fabric.

  3. In the CREDENTIALS area, in the User Name field, enter your Cisco APIC username.

  4. In the Password field, enter your Cisco APIC password.

  5. Click CONNECT TO APIC.

    The work pane displays information about the fabric.

Step 5

Verify that the fabric is registered in vCenter:

  1. In the fabric work pane, open the ACI Tasks & Settings pane by clicking the clipboard icon at the upper right.

  2. Look at the queue of tasks and settings for a Register Fabric entry showing the name of the new fabric as an object and the time that the fabric was registered.

    You can also see the fabric from the Fabric drop-down list.

What to do next

See the other sections in this guide for information about Cisco ACI HTML5 vCenter plug-in and tasks that you can perform with the plug-in.

Connect the Cisco ACI HTML5 vCenter Plug-in Using a Previous Login

This section describes how to connect the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in to your Cisco ACI fabric using previously used login credentials.


Note
You cannot connect using this procedure when you use the Cisco ACI HTML5 vCenter plug-in for the first time. Even if you used a previous version of the plug-in on the same VMware vCenter, the cached settings are not available in the new version of the plug-in.

Before you begin

You must have fulfilled the requirements in the section Prerequisites for Installing the Cisco ACI HTML5 vCenter Plug-in.

Procedure

Step 1

Log into the VMware vSphere Client.

Step 2

Click Cisco ACI Fabric, either in the left navigation pane or from the Menu pull-down menu.

Step 3

In the upper right of the fabric work pane, click + FABRIC.

The Login to another Fabric dialog box appears. It enables you to choose an authentication method and register your fabric with VMware vCenter.

Step 4

In the History area, click a login that was used previously to connect to a fabric.

Step 5

In the Connect to dialog box, complete the following steps:

  1. In the Fabric Name field, enter the name of the fabric you previously connected to.

  2. In the Password field, enter the password that you previously used to connect to fabric.

    The user name and the Cisco Application Policy Infrastructure Controller (APIC) IP address used in the previous login are cached and added to the dialog box fields automatically.

  3. Click CONNECT.

    The work pane displays information about the fabric.

Step 6

Verify that the fabric is registered in vCenter:

  1. In the fabric work pane, open the ACI Tasks & Settings pane by clicking the clipboard icon at the upper right.

  2. Look at the queue of tasks and settings for a Register Fabric entry showing the name of the new fabric as an object and the time that the fabric was registered.

What to do next

See the other sections in this guide for information about Cisco ACI HTML5 vCenter plug-in and tasks that you can perform with the plug-in.

Uninstalling the Cisco ACI HTML5 vCenter Plug-in

You can uninstall the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in by accessing a URL or by running a script.

Uninstall the Cisco ACI HTML5 vCenter Plug-in Using a Script

Complete this procedure to delete the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in.

Procedure

Step 1

Open a VMware PowerCLI console.

Step 2

Execute the ACIPlugin-Uninstall.ps1script.

Example:

.\ACIPlugin-Uninstall.ps1

Step 3

When prompted, provide the VMware vCenter IP address or fully qualified domain name (FQDN).

Step 4

In the pop-up window, provide your VMware vCenter credentials with administrator rights.

The Cisco ACI HTML5 vCenter plug-in uninstalls.

Step 5

Log in into the VMware vSphere Client and make sure that the plug-in is no longer there.

If you were already logged in to the VMware vSphere Client, log out and log in again.

Step 6

Restart your vsphere-ui service:

For Linux server:

service-control --stop vsphere-ui
service-control --start vsphere-ui

For Windows server:

cd C:\Program Files\VMware\vCenter Server\bin
service-control --stop vsphere-ui 
service-control --start vsphere-ui

Uninstall Cisco ACI HTML5 vCenter Plug-in Using a URL

Complete this procedure to delete the Cisco Application Centric Infrastructure (ACI) HTML5 vCenter plug-in.

Procedure

Step 1

Enter the following URL in your browser:

https://vCenter_IP_address/mob/?moid=ExtensionManager&method=unregisterExtension

When prompted, log in with your VMware vCenter credentials.

Step 2

In the Parameters section, in the Value field, enter com.cisco.aci.vcplugin, and then click Invoke Method.

Step 3

Log into the VMware vSphere Client and ensure that the Cisco ACI Fabric is not present in the GUI.

Note

 
If you were already logged into the VMware vSphere Client, you must log out and log back in to ensure that the Cisco ACI Fabric is not present.

Step 4

Restart your vsphere-ui service:

For Linux server:

service-control --stop vsphere-ui
service-control --start vsphere-ui

For Windows server:

cd C:\Program Files\VMware\vCenter Server\bin
service-control --stop vsphere-ui 
service-control --start vsphere-ui