Table Of Contents
Release Notes for Cisco Virtual Network Management Center, Release 1.2
Context-Aware Security Policies
Dynamic Security Policy and Zone Provisioning
Cisco VNMC VM Manager and VMware vCenter Server Connections
Characters in Names Fetched from the vCenter
Value Displayed in Parent Application or Resource Pool Fields
Cisco Virtual Network Management Center Documentation
Cisco Virtual Security Gateway Documentation
Cisco Nexus 1000V Series Switch Documentation
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco Virtual Network Management Center, Release 1.2
August 16, 2011OL-25158-01 A0This document describes the features, caveats, and limitations for Cisco Virtual Network Management Center. Use this document in combination with the documents listed in the "Related Documentation" section.
Note Release notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of the Release Notes for Cisco Virtual Network Management Center, Release 1.2:
http://www.cisco.com/go/techdocsTable 1 shows the online change history for this document.
Contents
This document includes the following sections:
•Obtaining Documentation and Submitting a Service Request
Introduction
The Cisco Virtual Network Management Center (Cisco VNMC) is a virtual appliance, based on Red Hat Enterprise Linux, that provides centralized device and security policy management of Cisco Virtual Security Gateways (Cisco VSGs) for the Cisco Nexus 1000V Series switch. Designed for multi-tenant operation, the Cisco VNMC provides seamless, scalable, and automation-centric management for virtualized data center and cloud environments. With built-in GUI, CLI, and XML APIs, the Cisco VNMC allows you to manage Cisco VSGs that are deployed throughout the data center from a centralized location. The Cisco VNMC is built on the information model-driven architecture where each managed device is represented by its sub-components (or objects) that are parametrically defined. This model-centric approach enables a flexible and simple mechanism to securing virtualized infrastructure with Cisco VSG.
System Requirements
Cisco VNMC has the following system requirements:
•Cisco VNMC Virtual Appliance—1 virtual CPU at 1.5-GHz, 2-Gb RAM, 25-Gb hard disk (vDisk), 1 management network interface
•Hypervisor and Hypervisor Manager—
–VMware vSphere 4.0.1, 4.0.2, 4.1.0 releases with VMware ESX or ESXi
–VMware vCenter 4.0.1, 4.0.2, and 4.1.0 releases
•Interfaces and Protocols—HTTP/HTTPS, Lightweight Directory Access Protocol (LDAP)
•Web-based GUI client—
–Adobe Flash Player 10.1
–Operating System—Support is as follows (see Table 2):
Table 2 Operating System Support Matrix for Client Device Cisco VNMC GUI
Operating System Internet Explorer 7.x and 8.x Firefox 3.xWindows
Supported
Supported
Apple MAC OS
X
X
Linux
X
X
Software Features
This section briefly describes the new features introduced in Cisco VNMC Release 1.2.
This section includes the following topics:
•Stateless Device Provisioning
•Context-Aware Security Policies
•Dynamic Security Policy and Zone Provisioning
Multi-device Management
All Cisco VSG devices are centrally managed, which simplifies provisioning and troubleshooting in a scaled-out data center. In addition, the device profile object specifies device configuration policies that you can apply to one or more firewall profile managed resources.
Security Profile
A security profile enables you to represent the Cisco VSG security policy configuration in a profile, which simplifies provisioning, reduces administrative errors during security policy changes, reduces audit complexities, and enables a highly scaled-out data center environment.
Stateless Device Provisioning
The stateless configuration model is enabled with a management agent that is embedded with Cisco VSGs, that allows the Cisco VNMC to be a highly scalable device provisioning model.
Security Policy Management
Security policies are authored, edited and provisioned for all Cisco VSGs in a data center, which simplifies the operation and management of security policies as well as ensures that the security requirements are accurately represented in the associated security policies.
Context-Aware Security Policies
The Cisco VNMC interacts with VMware vCenter to obtain VM contexts that you can leverage to institute granular policy controls across their virtual infrastructure.
Dynamic Security Policy and Zone Provisioning
The Cisco VNMC interacts with the Cisco Nexus 1000V Series switch VSM to bind the security profile with the corresponding Cisco Nexus 1000V Series switch port profile. When VMs are dynamically instantiated and applied to appropriate port profiles, their association to trust zones is also established.
Multi-Tenant Management
The Cisco VNMC can manage Cisco VSGs and security policies in a dense multi-tenant environment, so that you can rapidly add or delete tenants and update tenant-specific configurations and security policies. This feature significantly reduces administrative errors, ensures segregation of duties within the administrative team, and simplifies audit procedures.
Role-Based Access Control
Role-Based Access Control (RBAC) simplifies operational tasks across different types of administrators, while allowing subject-matter experts to continue with their normal procedures. With RBAC, organizations are able to reduce administrative errors and simultaneously simplify auditing requirements. The Cisco VNMC supports local and remote authentication with RBAC.
XML-Based API
The Cisco VNMC full-featured XML API allows external system management and orchestration tools to programmatically provision Cisco VSGs and provide seamless and scalable operational management.
New and Changed Information
The following features are new or have changed in Release 1.2:
•The VNMC GUI toolbar has a Preferences button where you can set the time for an inactivity timeout.
•The reset action is available when configuring rules.
•Two new attributes are available to create rule conditions:
–VM DNS name
–Resource pool in VM
•Firewall rules can be exported to a PDF or CSV file.
•Under the Resource Managment tab, the health status and connection status of VMs and hypervisors are available.
•Data Center in the Tenant Management tab is displayed as Virtual Data Center.
•Zone in the Policy Management tab is displayed as vZone.
Limitations
This section describes the limitations in Cisco VNMC Release 1.2 for the Cisco Nexus 1000v switch and the Cisco Virtual Security Gateway.
This section includes the following topics:
•Cisco VNMC VM Manager and VMware vCenter Server Connections
•Characters in Names Fetched from the vCenter
•Value Displayed in Parent Application or Resource Pool Fields
Cisco VNMC VM Manager and VMware vCenter Server Connections
Cisco VNMC VM Manager automatically connects to the VMware vCenter server on HTTP port 80. A vCenter extension file is required to establish a connection between VM Manager and vCenter. The extension file is exported from Cisco VNMC and linked on the VM Managers tab. You install it as a plugin on all the vCenter servers to which you want to connect.
Characters in Names Fetched from the vCenter
In the Resource Management > Resources > Virtual Machines area, the following set of characters are not allowed in names that are fetched from the vCenter:
", ', ^, &, `, <, >, ?, =, \, "
If any name attribute that is fetched from the vCenter, such as the following name attributes, contains the preceding characters, Cisco VNMC will not recognize the characters:
•VM name
•VM DNS name
•Parent Application name property of VM
•Resource Pool name property of VM
•Cluster name property of Hypervisor
As a result, the VNMC attribute names will not display correctly on the GUI and may also be evaluated differently when these attributes are used in policy conditions.
Value Displayed in Parent Application or Resource Pool Fields
In the Resource Management > Resources > Virtual Machines area, the VM Properties pane displays Parent Application names and Resource Pool names. If the name of the Parent Application displays, the name of the Resource Pool does not display. The VM can only be part of a Parent Application or part of a Resource Pool, so only one of these fields will display a value at a time.
Caveats
This section describes the caveats in Cisco VNMC and includes the following sections:
Open Caveats
This section describes the open caveats in Cisco VNMC, Release 1.2:
Resolved Caveats
This section describes the caveats that were open in Cisco VNMC, Release 1.0.1 and are resolved in Cisco VNMC, Release 1.2:
Related Documentation
This section contains information about the documentation available for Cisco Virtual Network Management Center and related products.
This section includes the following topics:
•Cisco Virtual Network Management Center Documentation
•Cisco Virtual Security Gateway Documentation
•Cisco Nexus 1000V Series Switch Documentation
Cisco Virtual Network Management Center Documentation
The following Cisco Virtual Network Management Center documents are available on Cisco.com at the following URL:
http://www.cisco.com/en/US/products/ps11213/tsd_products_support_series_home.html
•Release Notes for Cisco Virtual Network Management Center, Release 1.2
•Cisco Virtual Security Gateway, Release 4.2(1)VSG1(2) and Cisco Virtual Network Management Center, Release 1.2 Installation and Upgrade Guide
•Cisco Virtual Network Management Center CLI Configuration Guide, Release 1.2
•Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.2
•Cisco Virtual Network Management Center XML API Reference Guide, Release 1.2
Cisco Virtual Security Gateway Documentation
The following Cisco Virtual Security Gateway for the Nexus 1000V Series Switch documents are available on Cisco.com at the following URL:
http://www.cisco.com/en/US/products/ps11208/tsd_products_support_model_home.html
•Cisco Virtual Security Gateway for Nexus 1000V Series Switch Release Notes, Release 4.2(1)VSG1(2)
•Cisco Virtual Security Gateway, Release 4.2(1)VSG1(2) and Cisco Virtual Network Management Center, Release 1.2 Installation and Upgrade Guide
•Cisco Virtual Security Gateway for Nexus 1000V Series Switch License Configuration Guide, Release 4.2(1)VSG1(2)
•Cisco Virtual Security Gateway for Nexus 1000V Series Switch Configuration Guide, Release 4.2(1)VSG1(2)
•Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
•Cisco Virtual Security Gateway for Nexus 1000V Series Switch Troubleshooting Guide, Release 4.2(1)VSG1(2)
Cisco Nexus 1000V Series Switch Documentation
The Cisco Nexus 1000V Series switch documentation is available at the following URL:
http://www.cisco.com/en/US/products/ps9902/tsd_products_support_series_home.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2011 Cisco Systems, Inc. All rights reserved.