- play_arrow Customer Portal
- play_arrow Introduction
- Unified Administration and Customer Portal Overview
- Customer Portal Overview
- Switching the Tenant Scope
- Accessing Customer Portal
- Setting Up Your Network with Customer Portal
- Changing the Password on First Login
- Changing the Customer Portal Password
- Resetting the Password
- Extending the User Login Session
- play_arrow Using the Dashboard
- play_arrow Managing Objects
- play_arrow Monitoring Security Alerts and Alarms
- play_arrow Monitoring Security and Device Events
- About the All Security Events Page
- About the Firewall Events Page
- About the Web Filtering Events Page
- About the IPsec VPNs Events Page
- About the Content Filtering Events Page
- About the Antispam Events Page
- About the Antivirus Events Page
- About the IPS Events Page
- About the Device Events Page
- About the Screen Events Page
- play_arrow Monitoring SD-WAN Events
- play_arrow Monitoring Applications
- play_arrow Monitoring Threats
- play_arrow Monitoring Jobs
- play_arrow Managing Devices
- play_arrow Managing Device Images
- play_arrow Configuring Network Services in a Distributed Deployment
- Network Service Overview
- About the Network Services Page
- About the Service Overview Page
- About the Service Instances Page
- Configuring VNF Properties
- vSRX VNF Configuration Settings
- LxCIPtable VNF Configuration Settings
- Cisco CSR-1000v VNF Configuration Settings
- Riverbed Steelhead VNF Configuration Settings
- play_arrow Managing Firewall Policies
- Firewall Policy Overview
- About the Firewall Policy Page
- Creating Firewall Policy Intents
- Editing, Cloning, and Deleting Firewall Policy Intents
- Selecting Firewall Source
- Selecting Firewall Destination
- Firewall Policy Examples
- Firewall Policy Schedules Overview
- About the Firewall Policy Schedules Page
- Creating Schedules
- Editing, Cloning, and Deleting Schedules
- play_arrow Unified Threat Management
- UTM Overview
- Configuring UTM Settings
- About the UTM Profiles Page
- Creating UTM Profiles
- Editing, Cloning, and Deleting UTM Profiles
- About the Web Filtering Profiles Page
- Creating Web Filtering Profiles
- Editing, Cloning, and Deleting Web Filtering Profiles
- About the Antivirus Profiles Page
- Creating Antivirus Profiles
- Editing, Cloning, and Deleting Antivirus Profiles
- About the Antispam Profiles Page
- Creating Antispam Profiles
- Editing, Cloning, and Deleting Antispam Profiles
- About the Content Filtering Profiles Page
- Creating Content Filtering Profiles
- Editing, Cloning, and Deleting Content Filtering Profiles
- About the URL Patterns Page
- Creating URL Patterns
- Editing, Cloning, and Deleting URL Patterns
- About the URL Categories Page
- Creating URL Categories
- Editing, Cloning, and Deleting URL Categories
- play_arrow Managing SD-WAN
- play_arrow Managing NAT Policies
- NAT Policies Overview
- About the NAT Policies Page
- Creating NAT Policies
- Editing and Deleting NAT Policies
- About the Single NAT Policy Page
- Creating NAT Policy Rules
- Editing, Cloning, and Deleting NAT Policy Rules
- Deploying NAT Policy Rules
- Selecting NAT Source
- Selecting NAT Destination
- NAT Pools Overview
- About the NAT Pools Page
- Creating NAT Pools
- Editing, Cloning, and Deleting NAT Pools
- play_arrow Managing SSL Proxies
- SSL Forward Proxy Overview
- About the SSL Proxy Policy Page
- Creating SSL Proxy Policy Intents
- Editing, Cloning, and Deleting SSL Proxy Policy Intents
- Understanding How SSL Proxy Policy Intents Are Applied
- About the SSL Proxy Profiles Page
- Creating SSL Forward Proxy Profiles
- Editing, Cloning, and Deleting SSL Forward Proxy Profiles
- Configuring and Deploying an SSL Forward Proxy Policy
- play_arrow Managing Shared Objects
- Addresses and Address Groups Overview
- About the Addresses Page
- Creating Addresses or Address Groups
- Editing, Cloning, and Deleting Addresses and Address Groups
- Services and Service Groups Overview
- About the Services Page
- Creating Services and Service Groups
- Creating Protocols
- Editing and Deleting Protocols
- Editing, Cloning, and Deleting Services and Service Groups
- Application Signatures Overview
- About the Application Signatures Page
- Creating Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- About the Departments Page
- Creating a Department
- Modifying a Department
- Deleting a Department
- play_arrow Managing Deployments
- play_arrow Managing Sites
- About the Sites Page
- Local Breakout Overview
- Multihoming Overview
- Device Redundancy Support Overview
- Upgrading Sites Overview
- Creating Spoke Sites for Hybrid WAN Deployment
- Creating Local Service Edge Sites for Hybrid WAN Deployment
- Creating Regional Service Edge Sites for Hybrid WAN Deployment
- Creating On-Premise Hub Sites for SD-WAN Deployment
- Creating On-Premise Spoke Sites for SD-WAN Deployment
- Creating Cloud Hub Sites for SD-WAN Deployment
- Creating Cloud Spoke Sites for SD-WAN Deployment
- Provisioning a Cloud Spoke Site in AWS VPC
- Importing Multiple Sites
- Managing a Single Site
- Configuring a Single Site
- Upgrading Sites
- Managing LAN Segments on a Tenant Site
- Activating a CPE Device
- Activating Dual CPE Devices (Device Redundancy)
- Viewing the History of Tenant Device Activation Logs
- Configuring VRFs and PNE Details for a Site in a Centralized Deployment
- play_arrow Managing Site Groups
- play_arrow Security Reports
- Reports Overview
- About the Security Report Definitions Page
- Performing Different Actions on Reports
- About the Security Generated Reports Page
- Creating Log Report Definition
- Creating Bandwidth Report Definition
- Editing and Deleting Log Report Definitions
- Editing and Deleting Bandwidth Report Definitions
- play_arrow SD-WAN Reports
- play_arrow Managing Tenant Users
- play_arrow Managing Audit Logs
- play_arrow Managing Tenant User Roles
- play_arrow Licenses
- play_arrow Signature Database
- play_arrow Managing Certificates
- play_arrow Managing Juniper Identity Management Service
-
- play_arrow Designer Tools
- play_arrow Configuration Designer
- Configuration Designer Overview
- Accessing the Configuration Designer
- Using the Configuration Designer
- Changing Your Password
- About the Requests Page for the Configuration Designer
- Creating Requests for Configuration Templates
- Designing Templates with a YANG Configuration
- Designing Templates with a Configuration
- Publishing Configuration Templates
- About the Designs Page for the Configuration Designer
- Cloning Configuration Templates
- Deleting Configuration Template Designs
- play_arrow Resource Designer
- Resource Designer Overview
- Using the Resource Designer
- Accessing the Resource Designer
- About the Requests Page for the Resource Designer
- VNF Overview
- Creating Requests for VNF Packages
- Designing VNF Packages
- Adding VNF Managers
- Publishing VNF Packages
- About the Designs Page for the Resource Designer
- Cloning VNF Packages
- Importing VNF Packages
- Exporting VNF Packages
- Deleting VNF Packages
- play_arrow Network Service Designer introduction
- play_arrow Creating Requests for Network Services
- play_arrow Creating Network Services
- About the Build Page for the Network Service Designer
- Viewing Information About VNFs
- Designing Network Services
- Connecting VNFs in a Service Chain
- Defining Ingress and Egress Points for a Service Chain
- Monitoring Performance Goals
- Configuring Network Services
- vSRX Configuration Settings
- LxCIPtable VNF Configuration Settings
- Cisco CSR-1000v VNF Configuration Settings
- Riverbed Steelhead VNF Configuration Settings
- Fortinet VNF Configuration Settings
- Ubuntu VNF Configuration Settings
- play_arrow Managing Network Services
-
- play_arrow Downloads
Creating a Cloud VIM
You can use the VIMs page to create virtualized infrastructure managers (VIMs) for each POP in the network. You create one VIM object for each POP in your network. Although the Contrail Cloud Reference Architecture (CCRA) provides a VIM, when you create a VIM you can specify several Contrail OpenStack settings. See Table 1.
You can only create a VIM for a centralized deployment. A distributed deployment has a default VIM that is created when the deployment is installed.
There are two authentication methods, namely, CSO Keystone (Central Keystone) authentication and independent VIM Instances’s keystone (also known as regional keystone) authentication. Customers can authenticate and authorize their own system through OpenStack. Customers have to configure service profiles as a part of VIM and associate it with a tenant.
For example, consider ABC as a service provider and customer-a as the tenant for ABC. The workflow for associating the service profile with the tenant is listed below:
- The cspadmin configures the POP (vim-instance and domain creations) along with vim-service-profiles when configuring the vim-instance. The vim-service-profiles contains the respective VIM’s infra tenant details.
- Configure ABC data center as a VIM.
- ABC admin configures customer-a along with service-profile-name. This enables VIM microservice to map customer-a to equivalent infra tenant as specified in service-profile-name.
- ABC admin, ABC tenant details, customer-a tenant, and customer-a account details are present in CSO Keystone (Central Keystone), while infra tenant details that are available as part of vim-service-profile is present only in regional keystone.
- When creating a service, customer-a instantiates a network service. The customer-a’s request is received at NSO with customer-a’s authentication token from the regional VIM keystone.
- Based on tenant-name customer-a, the VIM region maps to “admin” infra tenant, because when configuring “customer-a ” tenant, the service-profile-name with admin was provided.
- VIM regional microservice can now use the infra tenant for its service instantiation activities.
To create a VIM in the cloud:
- Click Resources > POPs > POP Name > VIMs.
- Click the plus icon (+).
The Add Cloud VIM page appears.
- Configure the fields using the information provided in Table 1.
- Click Save. If you want to discard your changes, click Cancel instead.
Table 1: Fields on the Add Cloud VIM Page
Field | Guidelines |
|---|---|
Name | Specify the name of the virtualized infrastructure manager (VIM) for a centralized deployment. You can add multiple VIMs to a point of presence (POP). You can use letters, numbers, spaces, periods, dashes, underscores, commas, @, #, $, %, &, and *. Maximum length is 255 characters. Example: vcpe-vim |
Type | View the VIM type. The default VIM type is cloud. Example: Cloud |
Connection Information | |
IP address | Specify the IP address of the Contrail Controller node in the Contrail Cloud Platform that provides the virtualized infrastructure manager (VIM). Example: 10.102.28.36 |
Auth URL | Specify the authentication URL for the Contrail OpenStack Keystone. Example: http://ip:5000/v3 |
User Name | Specify the username for logging into Contrail Service Orchestration. The default is cspadmin. Example: cspadmin |
Password | Specify the password for logging into Contrail Service Orchestration. The default is passw0rd. Example: passw0rd |
Domain | Specify the name of the Contrail OpenStack domain that you configured for the Contrail Cloud Platform. Example: default |
Tenant | Specify the name of the Contrail OpenStack tenant that you configured for the Contrail Cloud Platform. Example: admin |
Network Information Resource Pools | |
Resource Pool | Specify a resource pool name and the corresponding compute zone, which is a group of compute nodes. You configure compute zones as availability zones in Contrail OpenStack. The default availability zone is Nova, and you can run the nova availability-zone-list command on the Contrail controller node to view a list of available zones. |
Resource Pool Name | Specify a resource pool, which identifies the location in which the virtual network functions (VNFs) are implemented. You can use an unlimited number of alphanumeric characters, including special characters. Example: north-east. |
Compute Zone | Specify the availability zone in Contrail OpenStack in which the virtual machines for network services reside. The default availability zone is nova. You can run the nova availability-zone-list command on the Contrail OpenStack to find the list of available zones. Example: nova |
Does Management Network Exists? | Specify whether to use an existing virtual network in Contrail OpenStack or to create a new one.
|
Management Network Name | Specify the name of the existing network in Contrail or of the new network that you want to create in Contrail. Example: mgmt-net |
Management Network Information | |
Route Target | Specify one or more route targets for the management network to be created in Contrail Example: 64512:10000. |
Subnet | Specify one or more prefixes that define the subnets for the Contrail Compute nodes. You can use an IPv4 address. Example: 192.0.2.0/24. |
Internet Network Information | |
Network Name | Specify the name of the Internet network. Example: int-net |
Does Exist? | Select to add a new Internet connection for the VIM in Contrail OpenStack. |
Route Target | Select the route target for the internet network in Contrail. Example: 64512:10000. |
Subnet | Select the prefix that defines the subnet for the Contrail Compute nodes. You can use an IPv4 address. Example: 192.0.2.0/24. |
Service Profile Information | |
Profile Name | Specify the name of the service profile in a VIM instance. Example: vim-service-profile |
Tenant Name | Specify the infra tenant for whom you want to assign the service profile. Example: test-tenant |
Domain Name | Specify the Infra domain name. Example: Default |
User Name | Specify the username of the tenant. Example: admin |
Password | Specify the password for the tenant user. Example: password123 |
Default Service Profile | If you use a dedicated OpenStack Keystone for Contrail Service Orchestration, specify the name of the default service profile. If you do not specify a service profile when you configure the tenant, Contrail Service Orchestration uses the default profile to authenticate the tenant. Example: default-service-profile |
Infra Tenants such as admin is available only in Regional Keystone and not in CSO Keystone (Central Keystone).
