Step 1
| On the menu
bar, choose
.
|
Step 2
| Click the
Application Profile tab.
The
application profiles that are available in
Cisco UCS Director
appear. Choose an application profile and click
View to view the name, description, and service
offering of the application profile.
When you
choose an application profile and click
View
Details, the following tabs appear:
Name
|
Description
|
Tiers
|
Displays the tier name, description, physical network service
class, and virtual network service class of the application profile.
|
VMs
|
Displays the VM name, description, selected network, virtual
compute service class, and virtual storage service class of the application
profile.
|
BMs
|
Displays the VM name, description, selected network, physical
compute service class, and physical storage service class of the application
profile.
|
|
Step 3
| Click
Add.
|
Step 4
| In the
Add
Application Profile dialog box, complete the following fields:
Name
|
Description
|
Name field
|
The
name of the application profile.
Once
added, the name cannot be modified.
|
Description field
|
The
description of the application profile.
|
|
Step 5
| Click
Next.
|
Step 6
| In the
Networks screen, complete the following fields:
Name
|
Description
|
Service Offering drop-down list
|
Click
Select and choose a service offering from the list.
The service offering must belong to the tenant for which you will create
containers with this application profile.
Click the
+ icon to add a service offering. For more
information about how to add a service offering, see the
Cisco UCS Director APIC
Management Guide.
|
Networks field
|
Define
the network types and the number of networks that are needed in the
application. For more information on how to configure a network, see the
next Step.
|
|
Step 7
| (Optional). In
the Network field of the
Networks screen, click the
+ icon to configure the tier for application.
In the
Add
Entry to Networks dialog box, complete the following fields:
Name
|
Description
|
Network field
|
Enter the name of the network.
|
Description field
|
Enter the description of the network.
|
Network Type drop-down list
|
Choose one of the following as the network type:
-
Internal
-
External
-
Infrastructure
-
Failover
Note
|
When a tenant needs multiple private networks, you need to
define only
Internal and
External network types.
|
|
Interested Tag Value field
|
Click
Select and choose the tag values for each tier.
During container provisioning, resource is selected based on the tag associated
with the tier.
Note
|
You can select more than one tag (the tag that is used for
VMware cluster or datastore cluster ). For example, if you select a datastore
tag (ds tag - gold) and a VMware cluster tag (cluster tag - ESXi cluster tag),
during the datastore selection, the datastore tagged with the gold value is
selected.
|
Note
|
To avail shared L3Out support, choose the tag value that is used
for tagging the external network and contract of a common tenant.
|
|
APIC Network Policy drop-down list
|
This
field appears only when you choose network type as
Internal. Choose the APIC network policy from the
list.
Click the
+ icon to add an APIC network policy. For more
information about how to add an APIC network policy, see
Adding an APIC Network Policy.
|
L2/L3 Selection drop-down list
|
This
field appears only when you choose network type as
External. By default,
L2Out is selected to integrate the ACI fabric with
external Layer 2 network.
-
L2Out—To integrate the ACI fabric with external
Layer 2 network.
-
L3Out—To integrate the ACI fabric with external
Layer 3 network.
-
SharedL3Out—To integrate the ACI fabric with shared
external Layer 3 network. The network must be tagged and updated on Tenant vPOD
in advance and the same tag must be selected for the external network in case
of shared L3Out.
|
Use Existing L2/L3 Out config available in the
tenant check box
|
This
field appears only when you choose network type as
External. By default, the check box is checked to
use the L2/L3 out configuration defined in the tenant while creating a
container.
Note
|
When a container is created based on an application profile,
tenants having L2 out or L3 out configuration are displayed according to the
L2/L3 selection in the application profile.
|
|
|
Step 8
| Click
Next.
|
Step 9
| In the
Application screen, do the following:
- In the
VM
Based Application Components field, click the
+ icon.
- In the
Add
Entry to VM Based Application Components dialog box, complete the
following fields:
Name
|
Description
|
VM
Name field
|
Enter the name of the VM.
|
Description field
|
Enter the description of the VM.
|
Network drop-down list
|
Choose the network from the list.
|
Image Selection Type drop-down list
|
Choose one of the following for the image selection:
|
VM
image drop-down list
|
Choose the VM image from the list of images. The list varies
according to the option selected in the
Image Selection Type drop-down list.
Note
|
All the VM images are listed from managed cloud irrespective of
the cloud type.
|
Note
|
The images that satisfy the following conditions are displayed
for selection:
|
|
Virtual Compute Service Class drop-down list
|
Choose the service class for the virtual compute category.
|
Virtual Storage Service Class drop-down list
|
Choose the service class for the virtual storage category.
|
VM Password Sharing Option drop-down list
|
Choose how you want to share the root or administrator password
for the VM with end users:
Specify the root login ID and root password for the template
that appears when you choose
Share after password reset or
Share template credentials as the password sharing
option.
|
VM Network Interfaces field
|
Click the
+ icon to add a VM network interface.
|
Maximum Quantity field
|
The maximum number of VM instances per tier.
Note
|
This number allows you to determine the subnet size for each
tier. This number will be overridden with the value defined during application
container deployment. The value is accepted even when the number of resources
are less when compared to the maximum quantity in the application profile.
|
|
Initial Quantity field
|
The number of VM instances to be provisioned when the
application is created.
|
- Click
Submit.
|
Step 10
| In the
Application screen, do the following:
- In the
Bare Metal Application Components field, click the
+ icon.
- In the
Add
Entry to Bare Metal Application Components dialog box, complete the
following fields:
Name
|
Description
|
Instance Name field
|
Enter the name of the bare metal instance.
|
Description field
|
Enter the description of the bare metal instance.
|
Network drop-down list
|
Choose the network.
|
Target BMA drop-down list
|
Choose the bare metal agent (BMA) for PXE setup.
|
Bare Metal image drop-down list
|
Choose the bare metal image.
|
Blade Type drop-down list
|
Choose one of the following as the blade type for the APIC
container:
|
Physical Compute Service Class drop-down list
|
Choose the service class for the physical compute category.
|
Physical Storage Service Class drop-down list
|
Choose the service class for the physical storage category.
|
- Click
Submit.
|
Step 11
| Click
Next.
|
Step 12
| In the
Contracts screen, you can define the rule for
communication in multi-tier applications.
Contracts are
policies that enable inter-End Point Group (inter-EPG) communication. These
policies are the rules that specify communication between application tiers. If
no contract is attached to the EPG, inter-EPG communication is disabled by
default. No contract is required for intra-EPG communication because intra-EPG
communication is always allowed.
A contract
can contain multiple subjects. A subject can be used to realize uni- or
bidirectional filters. A unidirectional filter is a filter that is used in one
direction, either from consumer-to-provider (IN) or from provider-to-consumer
(OUT) filter. A bidirectional filter is the same filter that is used in both
directions. It is not reflexive.
A new
contract is created for each source-to-destination network pair. For example,
if there are multiple rules defined between Web tier as source and application
tier as destination network, a single contract will be created on APIC to hold
the contract information between Web tier as source and application tier as
destination network.
For a
contract, a new subject is created if the rule defines unidirectional or
bidirectional filter. A subject is reused for multiple rules under same
contract depending on whether rule includes unidirectional or bidirectional
filter.
A new filter
is created for a specific rule. A new filter rule is created for every rule
defined between networks.
Click the
+ icon to add the communication protocol details:
- In the
Add
Entry to Contracts dialog box, complete the following fields:
Name
|
Description
|
Rule Name field
|
Enter the name of the rule.
|
Select Source Network drop-down list
|
Choose the source network to which you want to apply the
contract rule.
When an external network is chosen as the source network, only
the
Rule Name field,
Select Source Network drop-down list, and
Select Destination Network drop-down list are
available for configuration.
Cisco UCS Director
uses the existing contract as tagged and updated in tenant vPOD previous to
configuring the application profile based on the tag used in the chosen
external network.
|
Select Destination Network drop-down list
|
Choose the destination network to which you want to apply the
contract rule.
|
Rule Description field
|
Enter the description of the rule.
|
Protocol drop-down list
|
Choose the protocol for communication.
|
Apply Both Directions check box
|
Check the check box to apply the same contract for traffic from
source to destination, or from destination to source.
|
An annotation states that the app/web tier allows the subnet to
be created as Shared and Public through the APIC network policy.
|
Action drop-down list
|
Choose the action to be taken for the communication:
|
- Click
Submit.
|
Step 13
| Click
Next.
|
Step 14
| In the
Policy screen, do the following:
- Choose a
policy from the
VMware System Policy drop-down list.
- Click the
+ icon to add a new policy to the system policy
drop-down list.
- In the
System Policy Information dialog box, complete the
following fields:
Name
|
Description
|
Policy name field
|
Enter the name of the system policy.
|
Policy Description field
|
Enter the description of the system policy.
|
VM Name Template field
|
The template to use for the VM name.
Note
|
If the name template is not specified, the name provided by the
end user is used as the VM name.
|
|
VM Name Validation Policy drop-down list
|
Choose the policy for validating the VM name.
|
End User VM Name or VM Prefix check box
|
Check the check box to allow the end user to specify the name or
prefix for the VM.
|
Power On after deploy check box
|
Check the check box to power on the VM after provisioning.
|
Host Name Template field
|
Enter the template of the hostname.
|
Host Name Validation Policy drop-down list
|
Choose the policy for validating the host name.
|
Linux Time Zone drop-down list
|
Choose the time zone for the Linux VM.
|
Linux VM Max Boot Wait Time drop-down list
|
Choose the value to specify the maximum length of time that the
VM will pause during startup.
|
DNS Domain field
|
The name of the DNS domain.
|
DNS Suffix List field
|
The list of domain name suffixes that get appended to DNS.
|
DNS Server List field
|
The list of DNS servers.
|
VM Image Type drop-down list
|
Choose one of the following as the VM image type:
-
Windows and
Linux
-
Linux Only
|
Define VM Annotation check box
|
Check the check box to define the VM annotation.
|
- Click
Close.
- Choose a
cost model from the
Cost Model drop-down list to compute the chargeback.
- Choose
the HyperV deployment policy for the HyperV container provision from the
HyperV Deployment Policy drop-down list.
- Click
Next.
|
Step 15
| In the
L4-L7
Service Policy screen, check the
Configure L4-L7 Service check box to configure the
Layer 4 to Layer 7 service in the application profile. If the
Configure L4-L7 Service check box is checked, the
following fields appear:
- L4-L7 Service
Policy drop-down list—Choose the Layer 4 to Layer 7 service policy
from the list. Click the
+ icon to add a Layer 4 to Layer 7 service policy.
For more information about how to add a Layer 4 to Layer 7 service policy, see
Adding a Layer 4 to Layer 7 Service Policy.
- Application L4-L7 Service
Definition field—Click the
+ icon. In the
Add
Entry to Application L4-L7 Service Definition dialog box, complete
the following fields:
Name
|
Description
|
Service Name
field
|
Enter the name of the service.
|
Consumer drop-down list
|
Choose the internal tier.
Note
| When you are deploying ASA/ASAv between the tiers, you can
create a VDC with the shared Layer 3 network without any dependancy on the
tenant with the Layer 2 network.
|
|
Provider drop-down list
|
Choose the external tier.
|
Protocol drop-down list
|
Choose a protocol.
Note
|
This field appears only for the load balancer service.
|
|
Port drop-down list
|
The port number of the selected protocol.
Note
|
This field appears only for the load balancer service.
|
|
Services field
|
Choose the service type by checking one of the following check
boxes:
-
FIREWALL—To provide firewall service between
consumer and provider.
-
LB_SINGLE_ARM—To configure the load balancer service
between consumer and provider in the single-arm mode. In the single-arm mode,
the load balancer is connected to the network through a single interface.
Note
|
The single-arm load balancer service is the only supported
service type for a tenant with multiple private networks.
|
-
FW_LB_ONE_ARM—To configure both firewall and
single-arm load balancer services between consumer and provider. In the
single-arm mode, the load balancer is connected to the network through a single
interface.
|
- Check the
Customize Firewall Security For Tiers check box to
customize the firewall security for the network tiers in the application
profile. The
Firewall Security Levels field displays the security
level configured for the tiers. Choose a tier and click the edit icon to edit
the security level.
|
Step 16
| Click
Submit.
|