Cisco Intercloud Services Telstra User Guide version 2.2
Contents
1. name lt group_name gt policies lt policy gt where e group name is the name of the server group e policy indicates the rules used by the server group for example affinity or anti affinity Copyright 2014 2015 Cisco Systems Inc All rights reserved 43 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Placing Instance on Different Computer Hosts To use the GroupAntiAffinityFilter capability specify a group name with the hint group parameter when booting the instances As long as you use the same hint group parameter the Nova Scheduler places each instance a different compute host Use the Nova Command Line Tool Deploy an instance using the following command syntax nova boot lt name gt net id lt private net uuid gt flavor lt flavor gt image lt image gt hint group lt anti affinity policy gt For example nova boot server Ol nic net id516783fc 2170 47f1 ba8d a4b39a839d51 flavor GP Small image centos 6 5_x86_64 2014 06 04 v3 group anti affinity Use the REST API Deploy an instance by sending a POST message POST v2 lt tenant_id gt os server groups The message in JSON format Server_group name lt group_name gt imageRef lt image id gt flavorRef lt flavor id gt os scheduler_hints group anti affinity policy Copyright 2014 2015 Cisco Systems2. Click Compute gt Volumes in the Horizon left panel if you are not already in the Volumes screen From the Volumes table click More in the target volume s Actions column then click Edit Attachments Inthe Manage Volume Attachments dialog select the desired instance from the Attach to Instance drop down Click Attach Volume To see the current list of the VM s devices and determine the volume s device name execute the following command fdisk l Note The parameter in this example is a lower case L Format the volume by making the file system WARNING mkfs erases the contents of the volume Do NOT execute mkfs if you are mounting a previously used volume whose contents you wish to persist mkfs t lt file system type gt dev lt device name gt Create a mount point the directory to read from and write to mkdir p lt mount point gt You can mount the device for one time use mount t lt file system type gt dev lt device name gt lt mount point gt Or you can configure the system so the volume will come up every time the VM reboots Consult the documentation for your version of Linux to see how add this volume to a permanent mount point in etc fstab Attach a Volume to a VM Windows 1 2 3 Click Compute gt Volumes in Horizon if you not already the Volumes screen From the Volumes table click More in the target volume s Actions column then click Edit Attachments In the
3. Attach a Volume to a WindowWS cccccccesssssecessececeeseeeecesseeeecsseeaecssseeaecsseeeecssseeeeceseeaaeeseeeaaeess 36 Detach a Volume froma iiscscssicctsccsisecssssciecssostessasastesseanscesvssasterssaserevessaseevseatusetassnceeeecstecseasscees 37 Object Storage sei iia hence Ait Bete eee elena 37 37 Create a Container 2 38 Upload an Object to a Container 38 Delete an ODj Ct 38 1 T 39 10 Accessing CIS via OpenStack CLIs amp REST 39 Generate Your API Key rissa ae a 39 Download the OpenStack RC file oo ee 39 11 1 8 enteral besides a E cane 40 12 Appendix 43 a 43 Use the Nova Command Line 43 Use the E T
4. Run as Administrator 2 Enter this command to set the activation server slmgr vbs skms kms telstra cloud cisco com 1688 3 Enter this command to activate Windows slmgr vbs ato Troubleshooting Error A problem occurred when Windows tried to activate Error Code 004 074 This error is received when Windows cannot reach the KMS server Make sure the instance has Internet connectivity Verify that the DNS settings are correct and point to or forward to a publicly available DNS server e Verify that the correct time zone and time are set on the Windows instance A time difference of more than 4 hours with the KMS server s will prevent successful activation e To verify that the appropriate KMS product client key is set execute the following command from an administrative prompt and check the results slmgr vbs dlv If the results show Error product key not found then the KMS key is not configured Look up the KMS key from the table of client product keys in the Verify the KMS Client Product Key section on page 22 and issue the following command from an administrative command prompt slmegr vbs lt KMSClientProductKey gt Affinity and Anti Affinity It s possible to create a VM on the same host as another VM affinity or on a different host anti affinity via OpenStack CLI or commands At this time affinity and anti affinity can t be specified via Horizon For more information refer to
5. e g 80 Server1 App Server2 Weight 50 Protocol Port 80 Admin State Cancel Add Copyright 2014 2015 Cisco Systems Inc All rights reserved 30 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Add Health Check Monitors to the Load Balancer Generally ping isn t the best way to monitor a load balancer For example a better way to monitor a web server might be to call a given URL and evaluate the HTTP response code returned However for simplicity you will use pings in this example Refer to Test the Load Balancer on page 32 To add Health Check Monitors 1 Click Monitors 2 Click Add Monitor ID Monitor Type Actions No items to display Displaying 0 items 3 Add monitor details using ping and configure the delay timeout and maximum retries 4 Click Add Add New Monitor Create a monitor template Select type of monitoring Specify delay timeout and retry limits required by the monitor Specify method URL Delay path and expected HTTP codes upon success 300 Timeout 30 Max Retries 1 10 5 Admin State Attach a Floating IP Address the Load Balancer The VIP that you created in the private subnet needs a public facing floating IP address To attach a floating IP address 1 In Horizon click Compute gt Access amp Security 2 Click Floating IPs Copyright 2014 2015 Cisco Systems Inc
6. API password environment variable as discussed in Generate Your API Key on page 39 The API key is not the same as the password that you use when you log into the system 1 In Horizon click Compute gt Access amp Security gt Access 2 Click Download OpenStack RC File for the environment variables that you ll need to use the OpenStack CLI 3 You see a table with a list of your project OpenStack REST API endpoints in the API Access screen Copyright 2014 2015 Cisco Systems Inc All rights reserved 39 Cisco Confidential Cisco Intercloud Services Telstra User Guide 11 Glossary July 3 2015 Term Definition Application Programming Interface A set of programming instructions and API standards for accessing a web based software application OpenStack has a number of APIs for creating Instances Images Authentication etc Block Storage A sequence of bytes usually a whole number of records having a maximum length called a block size Used in database management systems such as Oracle Block storage is typically mounted as a drive Cinder Cisco Intercloud Services An OpenStack Block Storage service that maintains block devices that can be attached to virtual machine instances The Cisco Cloud Infrastructure as a Service laaS that contains OpenStack plus many additional services Cisco Intercloud Services Console The Projects page on which you create and manage your CIS projects and ins
7. All rights reserved 31 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Oy OE Click Allocate IP to Project Select the floating IP pool in this case public floating 601 Click Allocate IP Click Associate in the Actions column for the floating IP address In the Manage Floating IP Associations dialog select the port to be associated This is the port that was assigned to the load balancer VIP Select it and click Associate You will now see the publicly accessible floating IP address for the load balancer Ping the floating IP address to verify that the load balancer is reachable If you try to ping the floating IP address and it doesn t work retry after waiting a minute or two for the floating IP address to be provisioned Test the Load Balancer To test the load balancer here is a simple test 1 2 Oe 10 Start app server on port 80 the port that the load balancer is directing HTTP traffic to Log into the VM S ssh lt path to your local private key gt root lt floating IP address gt Execute vi index html on the index file for the HTTP server Add this first line HTTP 1 0 200 OK Hello from App Server ONE Save the file and exit Run the HTTP Server sudo python m SimpleHTTPServer 80 The response should be Server 1 is listening Repeat the steps above for Server 2 with the text HTTP 1 0 200 OK Hello from App Server TWO Now bot
8. another network for example a public network for Internet access Note You can only create one router per project To create a router 1 2 3 4 5 6 7 po 10 Click Network gt Routers from the Horizon left panel Click Create Router Enter a name for the router in the Router Name field for example My Test Router Click Create Router The router appears in the Routers list To set up a gateway for the router click Set Gateway From the drop down list set the External Network to a public floating address Typically public floating 601 is available Click Set Gateway to attach the router to the public network Click Network Topology to see that the router was created and connected to the public floating IP network To connect the router to the private network you created earlier hover the mouse cursor over the icon for the router in the Network Topology screen then click View Router Details Alternatively you could click the router name in the Horizon Routers screen Copyright 2014 2015 Cisco Systems Inc All rights reserved 12 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 11 In the screen that appears click Add Interface 12 In the Subnet field select the my first private subnet subnet that was created earlier 13 Click Add Interface 14 To verify that the router was connected successfully click Network Topology Ensure that the private network di
9. network components Virtual Storage The portion of the Cisco cloud that creates storage volumes Volume Storage Persistent block storage devices that may be attached and unattached from instances but only attached to one instance at a time VPN Virtual Private Network Copyright 2014 2015 Cisco Systems Inc All rights reserved 42 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 12 Appendix Resource Segregation Filters are used for scheduling VM instances When the filter scheduler receives a request for a resource it applies filters to determine which hosts are eligible for consideration when dispatching a resource Creating a Filter Policy You need to explicitly create a new server group and associate the group with the new affinity anti affinity filter policy You can create a server group using the command line client or REST API Use the Nova Command Line Tool Create a server group using the following command syntax nova server group create lt group_name gt lt policy gt where e group name is the name of the server group e policy indicates the rules used by the server group for example affinity or anti affinity For example nova server group create 1 anti affinity Use the REST API Create a server group by sending a POST message POST v2 lt tenant_id gt os server groups The message in JSON format Server_group
10. page 9 6 19 15 Added as a sub topic following the Accessing the 2 2 Cisco Intercloud Services Platform topic Choosing a Region page 9 6 22 15 Made the following changes 2 2 e Removed the first Note e Cropped the screen shot to remove URL and bookmarks Choosing a Region page 9 7 1 15 Made the following changes 2 2 e Updated text per Daniel s feedback e Used screen shot provided by Daniel Choosing a Region page 9 7 2 15 Made the following changes 2 2 e Used screen shot provided by Daniel which shows the error message e Re arranged Note text since screen shot was of log in screen Choosing a Region page 9 7 2 15 Made the following changes 2 2 e Per Darryl put the text back to its original flow with a screen shot of only the message e Include a log in screen shot Copyright 2014 2015 Cisco Systems Inc All rights reserved 6 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 1 Preface About This Guide This guide is for users who want to learn how to create and manage projects using the Cisco Intercloud Services CIS platform The information provided in this guide presumes you already have a CIS account Audience This guide is primarily intended for users of the cloud whose skill set can vary from beginners to advanced developers of cloud applications or system administrators managing 2 Cisco Intercloud Services Overview In some respects CI
11. port 80 Copyright 2014 2015 Cisco Systems Inc All rights reserved 15 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 You can also restrict the source of web requests to a specific remote subnet or a single IP address Likewise you can restrict outgoing traffic from your VMs Cisco strongly recommends restricting ingress and egress traffic to from your VMs to only allow required traffic For more information refer to Security Groups on page 21 Create or Modify Your Project Firewall You can also create modify your project s perimeter firewall capabilities to allow specific types of traffic to from your enterprise and you can limit the source destination of that traffic to specific local or remote subnets ports Cisco strongly recommends restricting ingress and egress traffic to from your project to only allow required traffic Create a Virtual Private Network You can create a virtual private network VPN that connects your CIS project to one of your data centers using the Cisco Intercloud Services Router 1000V CSR 1000V virtual router You can access to the Cisco Intercloud Services Router 1000V Policy based VPN Tunnel Guide at https www telstra com au content dam tcom business enterprise cloud services pdf cisco router 1000v vpntunnel guide pdf Firewall as a Service You can implement OpenStack Firewall as a Service FWaaS functionality in your project to add perimeter security for your
12. project via your router Although it s technically possible to have more than one router in a CIS project overwhelmingly the typical use case is one router per project While OpenStack security groups with their security rules are designed to add security to VMs OpenStack FWaas is designed to add security to the CIS project periphery at the router Note If your Windows VMs going to access the Remote Desktop Protocol RDP over the Internet then RDP port 3384 must be open in your project s FWaas The steps to set up FWaaS for a project are e Create one or more firewall rules e Create one or more firewall policies Add one or more rules to each policy e Create a firewall o Adda policy to the firewall Copyright 2014 2015 Cisco Systems Inc All rights reserved 16 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Create a Firewall Rule 1 In Horizon navigate to Network gt Firewalls 2 Click Firewall Rules 3 Click Add Rule a b for the firewall rule in the Name field Select a protocol from the Protocol drop down Select Allow or Deny in the Action drop down Specify source and or destination IP addresses subnets Specify source and or destination ports port ranges Create a Firewall Policy 1 In Horizon navigate to Network gt Firewalls 2 Click Firewall Policies 3 Click Add Policy a b a na
13. t created a key pair via CIS and you don t have an available SSH key pair that you have previously imported into CIS cancel out of this process of creating a VM and go to Generate a Key Pair from Horizon on page 18 or Import a Key Pair on page 19 When you have created or imported an SSH key pair return to the process of creating a VM and select a key pair in this step Click the Networking tab Copyright 2014 2015 Cisco Systems Inc All rights reserved 20 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 8 10 11 12 Click a network button in the Available Networks field The selected network moves to the Selected Networks field If you are following the tutorial click the plus button for my first network Click the Post Creation tab Although there are many possible post creation scripts for both Linux and Windows that discussion is out of scope for this procedure Note Refer to Appendix 14 CIS Instance Customization on page 40 for sample post creation scripts This section only describes what is necessary to log into a VM running a Linux OS via the Instance Console Windows instances are accessible from the Instance Console without a post configuration script Windows instance names cannot be longer than 15 characters LINUX For access to your instance using the Instance Console set up an initial password which you will be prompted to change upon first login For RHEL
14. 015 Cisco Systems Inc All rights reserved 34 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 242ee41a fc4e 4e0f 940a in use My First VM 50 None true 3fS5a3d7c 55f8 4a21 0352 cinder snapshot create force True My First Snap 242ee41a fc4e 4e0f 940a Create a Volume from a Snapshot To create a volume from a snapshot 1 Click Images amp Snapshots in the Horizon left panel 2 Inthe Actions column for the source snapshot image click Create Volume for the source snapshot 3 Enter a name for the volume the Volume Name field 4 Enter the size for the volume in gigabytes in the Size GB field 5 Click Create Volume 9 Storage for your VM Volume and Object Create Volume Storage and Attach Mount it to Your VM Volume storage also called block storage sometimes called a physical record is a sequence of bytes usually containing a number of records The most common types of block storage are relational database systems like Oracle MySQL and DB2 Here you can perform Create Read Update and Delete CRUD operations but unlike object storage you can modify the content of an individual record When you create a VM normally you will want to add storage to it and the following set of procedures tells you how to do that You can create a volume out of block storage and attach it to an instance running on CIS Volumes persist until you delete them or unt
15. 10 Starting With 10 Create a Project a AEA e e 10 Create Multiple Projects 10 4 Network da chabdanssagnds dust 11 View Your Network Elements and 11 Create a Private Network and Attach a Router to Make the Subnet Externally Accessible 11 Create a Network i 11 9 11 Create a 12 Telstra Next IP a ea i ee dee 13 Create Networks and Subnets in Your 13 Created RoUe inea aaa a a ee eee ee eee 13 Create Router Intertaces i sues a a as 13 Request Felstra Next IP 2 e a a cess nia tee testa Revenant 14 Configure Your Project 15 Modify Security Groups as 1 15 Create or Modify Your Project Firewall aisir 16 Create a Virtual Private Network ccceecceeesceceeeeeeeaeeeeaeeceeeeeeeaeeeeaaeceeaeeceeeeeeaaeceeaaee
16. 43 Placing Instance Different Computer 44 Nova Command Line Toolsi siiis saari 44 Wserthe REST dee 44 13 Appendix CIS Instance Customization cee ceeceecseeceeeseeeseeececaecsaecsaecsaeceaeeeeeeeseeeeeeseeeseaeeeaeeenaeeaaes 45 Cloud init and Cloudbaseanit 45 Sample Customization Options w i csccisccvsccsscceiecsiacsdacesessscsadecseecetaccssesdacessceseascessdessdectiaedieedsacdiecnterssesssects 46 Copyright 2014 2015 Cisco Systems Inc All rights reserved 5 Cisco Confidential Cisco Intercloud Services Telstra User Guide Document History July 3 2015 Topic Date of Change Description Create a Private Network and 6 11 15 Added a note that they can only create one Attach a Router to Make the router per project Subnet Externally Accessible gt Create a Router page 11 2 1 Firewall as a Service page 16 6 11 15 Removed any reference to the Shared check box 2 1 from these subordinate topics e Create a Firewall Rule step 3f and the Note which referred to step 3f e Create a Firewall Policy step 3c e Create a Firewall and Add a Policy step 3d Chapter 7 Load Balancing as a 6 15 15 Removed Choosing a Region topic Service 2 1 Choosing a Region
17. Cisco Intercloud Services Telstra User Guide July 3 2015 cisco 2 2 g 2 2 2 g g Cisco Intercloud Services Telstra User Guide 2 2 Copyright 2014 2015 Cisco Systems Inc All rights reserved 1 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Copyright 2014 2015 Cisco Systems Inc and or its affiliates All Rights Reserved The information contained in this document is proprietary and confidential to Cisco Systems Inc Cisco and or its affiliates and is furnished in confidence to you under the Confidentiality terms of the applicable agreement between you and Cisco with the understanding that it will not without the express written permission of Cisco be used or disclosed for other than for the purposes set forth in that agreement Information about Cisco Services and technology may be subject to export controls under the laws of the United States and other countries You and Cisco shall comply with such laws and you agree not to knowingly export re export or transfer such information without first obtaining any required United States or any other applicable authorizes or licenses The trademarks logos and service marks Marks displayed in this document are the property of Cisco or third parties Users are not permitted to use these Marks without the prior written consent of Cisco or such third party which may own the Mark Cisco is a registere
18. DAyMTUXNzI5MjFaFwOxNTAyMTQxNzI5MjFaMA0xCzAJBENVBAMMAmNhMIGf MAOGCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQCu7Q40sm47 E1Pf r8AYb V FWGPgc b0140mNoX7dgCxTDvps h8Vw555PdAFsW5 QhsGr31IJNI3kSYprFQcYf7A8tNWu 1MASW2CfaEiOEi9F1R3R4Q1z4ix iNoHiUDTjazw tZwEdxaQXQVLwgTGRwVataA qbutJKi93MILLWIDAQABo3kwdzA4BglghkgBhvhCAQOEKxYpUHVwcGVOIFJ1Ynkv T3BIbINTTCBHZWSlcmFOZWQgQ2VydGlmaWNhdGUwDwYDVROTAQH BAUWAWEB zAd BgNVHQ4EFgQUu4 jHB GYE5Vxo 0l10AhevspjAwCwYDVROPBAQDAgEGMAOGCSqG SIb3DQEBBQUAA4GBAH rxlUIjwNb3n7TXJcDJ6MMHUIwjr03BD XKb34UIndkpaf GAlzPXWa7b0908M9I8RnPfvtKnteLbvgTK h zX1XCty S2EQWk29i2AdoqOTxb hppiGMp0tT5Havu4aceCXiy2crVcudj3NFciy8X66SoECemW9UYDCb9ITSDOd END CERTIFICATE Copyright 2014 2015 Cisco Systems Inc All rights reserved 47 Cisco Confidential
19. Inc All rights reserved 44 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 13 Appendix CIS Instance Customization CIS VM instance customization occurs through standard Openstack cloud platform mechanisms by way of a metadata service and a process that runs at startup when new VM instances are booted The metadata service is a Nova component function that serves as a data source for VM instance data The default metadata source in use on CIS platform is a network based service that runs on the Nova API endpoints The system program that consumes the data is referred to as cloud init Cloud init and Cloudbase init Cloud init ships by default on all modern Linux operating systems It is enabled by default to run at boot up of an instance and consume parameters from various data sources either local disk or network based metadata service For Windows operating systems a third party product known as cloudbase init can be added to Windows guest instances to allow it to consume this VM instance data All CIS public Windows images ship with cloudbase init installed Typically a normal VM boot process leverages the metadata service and cloud init processes for injecting SSH keys and VM name parameters into the instance operating system as user data However you can insert a number of other customizations or scripts to be executed by cloud init by passing in additional user data either via the Horizon launch instance w
20. Manage Volume Attachments dialog select the desired instance from the Attach to Instance drop down Copyright 2014 2015 Cisco Systems Inc All rights reserved 36 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Click Attach Volume Click the MM link in the Attached To column for the volume Click the Console tab You may have to click the gray bar to invoke the VM ae Log into your Windows instance The volume that you attached will display as a disk in the Windows Disk Manager 8 Follow the standard procedures for adding a disk to Windows then create one or more volumes on your new Windows disk Detach a Volume from a VM WARNING Do NOT accidentally detach the volume attached to dev vda This is your root boot disk If you detach your root boot disk the VM will become inaccessible and all ephemeral data and all data on the root boot disk will be destroyed Note All commands in this section require root privileges as indicated by the prompt For the exact command for your system consult the documentation for your version of Linux To detach a volume from a VM 1 You MUST umount the volume WARNING Before you detach the volume you MUST umount the volume otherwise you may lose data umount lt mount point gt 2 Click Compute gt Volumes in the Horizon left panel 3 Click More in the target volume s Actions column 4 Click Edit Attachments for the correct vol
21. S might work slightly differently than other cloud services that you have used Review the relevant sections in this document before beginning your cloud development efforts Terminology You need to become familiar with the following terms to understand the procedures in this guide For a complete list of terms refer to the Glossary on page 40 e OpenStack An open source cloud computing platform e Project A virtual space or unit in the CIS cloud that can be assigned to a user or users Each project is provided access to VM instances and is assigned a quota of virtual resources e Tenant The entity that owns a project A tenant can have more than one project Region Data Center These terms are used interchangeably in Horizon and the CIS Console to refer to the data center that hosts the project account services e Virtual Machine VM Server or Instance In OpenStack a VM is created by a user and is composed of a guest operating system one or more CPUs cores storage and network components Also called a server or an instance InstanceType Flavor Describes the configuration of the various virtual machine flavors configurations that are available to users It includes parameters such as CPUs cores storage and memory When you launch an instance the flavor that you specify determines the amount of RAM disk space and the number of virtual CPUs used Copyright 2014 2015 Cisco Systems Inc All rights reserve
22. This section describes how to create instance snapshots volume snapshots and how to create a volume from a snapshot Note Do not take a snapshot of a snapshot Create an Instance Snapshot When you create an instance snapshot from Horizon you re creating a nova snapshot Nova snapshots are snapshots of the root disk and do not snapshot any attached volumes or ephemeral storage 1 Click Instances in the Horizon left panel 2 Inthe Actions column click Create Snapshot for the target instance 3 Inthe Create Snapshot dialog enter a name for the snapshot in the Snapshot Name field 4 Click Create Snapshot The snapshot is created and displays in the Horizon Images amp Snapshots screen Create a Volume Snapshot In this release detach the volume from the VM before creating a volume snapshot from Horizon To avoid having to detach the volume from the VM you can use the cinder CLI command as discussed below To create a snapshot of an in use volume attached to a running VM 1 Execute the cinder list command 2 Pipe the output of the cinder list command through the grep command to discover the ID of each volume attached to the VM 3 Using the ID of the volume and specifying a name for the snapshot execute the cinder snapshot create command to create the snapshot 4 Example Create the snapshot My First Snap for the volume attached to the VM My First cinder list grep My First VM Copyright 2014 2
23. aS software used by Cisco to create CIS Project A virtual workspace in the Cisco cloud in which users can create VM networks routers load balancers etc Red Hat Enterprise RHEL The default operating system used by VMs created using CIS Security Group A set of network traffic filtering rules applied to an instance A point by point copy of an OpenStack storage volume or image You can use Snapshot snapshots to back up volumes You can use image snapshots to back up data gold images or additional servers Tehni The entity that owns a project is called a tenant A tenant can have more than one project Virtual IP address This is an available unused private IP address that can be VIP assigned to a network resource in a project like a load balancer The VIP is then associated with a floating IP address so the network resource can communicate with the Internet Virtual Compute Copyright 2014 2015 Cisco Systems Inc All rights reserved 41 The section of Horizon from which you can create and manage instances volumes images snapshots and access and security Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Virtual Machine VM AVM also called an instance or a server is created by a user and is composed of a guest operating system an image a CPU storage and network components Virtual Network The portion of the Cisco cloud that creates the virtual
24. ample the VMs that traffic is directed to are located in the private subnet 192 168 3 0 24 Protocol The Load Balancer can accept various types of protocols You have the ability to choose the type of traffic distribution In this example use HTTP Load Balancing Method Choose the method algorithm that matches your needs Use Round Robin in this example 4 Click Add Assign a Virtual IP Address to the Load Balancer Assign a Virtual IP address VIP to the load balancer Load balancers listen at this address for incoming requests and route the requests to the appropriate pool members 1 Click More the load balancer s Actions column 2 Click Add VIP 3 Enter the parameters for the VIP Name Enter a name in the Name field for example My Test VIP IP address Specify the private IP address for the VIP on the subnet that the load balancer pool is on Ensure that the subnet is connected to the Internet Note that this IP address is unreachable Allocate a floating IP address to this VIP address to make the VIP address reachable routable for external use Notes Allocating a VIP directly from the floating IP pool is not supported If you have to use a public address use an available publicly accessible IP address This operation fails if you specify an IP address that is already allocated 4 Enter the appropriate information in the other fields then click Add Copyright 2014 2015 Cisco Systems Inc All righ
25. ance must have Internet access to be able to obtain activation e KMS activations are valid for 180 days the activation validity interval To remain activated KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days If a VM is in an isolated network and unable to contact the KMS host activation will fail Verify the KMS Client Product Key Consult the following table to see if the Windows version you are activating has the correct KMS client product key Operating System Edition KMS Client Product Key Windows Server 2008 R2 Standard YC6KT GKW9T YTKYR T4X34 R7VHC Windows Server 2008 R2 Enterprise 489J6 VHDMP X63PK 3K798 CPX3Y Windows Server 2012 R2 Standard D2N9P 3P6X9 2R39C 7RTCD MDVJX If you don t have the correct client product key you can change it using the following steps 1 Click the start button right click the command prompt icon and select Run as Administrator 2 Enter this command using the correct KMS client product key slmgr vbs ipk lt KMSClientProductKey gt 3 To verify that the key is set execute simgr vbs dlv Copyright 2014 2015 Cisco Systems Inc All rights reserved 22 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Manually Activating Windows When you have the correct KMS client product key manually activate the KMS client 1 Click the start button right click the command prompt icon and select
26. ata will be destroyed This does not apply to ephemeral data and the root boot disk When an instance is terminated the instance s ephemeral data are destroyed and all data in the instance s root boot disk are destroyed Before terminating a VM 1 Carefully document the name and ID of each attached volume that you want to persist If you are using Horizon the name will be sufficient if you are using cinder you will also need the volume ID 2 Detach each volume from the targeted VM one by one For information about detaching a volume from a VM refer to Detach a Volume from a VM on page 33 3 Attach each volume to a new VM and verify that the volumes and their data are intact 4 When you are certain that all the volumes you want to persist are detached and safely stored verified reattached to another instance terminate the targeted VM as discussed below Terminate a VM Instance WARNING If you want attached volumes and their data to persist the volumes MUST be detached before terminating the VM Otherwise the attached volumes and their data will be destroyed This does not apply to ephemeral data and the root boot disk When an instance is terminated the instance s ephemeral data are destroyed and all data in the instance s root boot disk are destroyed Refer to Managing Volumes before Terminating a VM Instance on page 27 1 Click Compute gt Instances in the Horizon left panel 2 Attached volumes will be destroyed in th
27. d 7 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Summary of Available Services CIS offers the following services e Virtual Compute Virtual servers VM instances with a choice of flavors virtual CPU RAM and storage e Virtual Storage Choice of volume storage and object storage services e Virtual Network Provision your own network topologies with virtual routers and public and private IP addresses e Virtual Private Network VPN connectivity e Load Balancing as a Service LBaaS e Heat Orchestration Beta CIS platform capabilities include e Security Groups Ability to apply security rules and policies that govern access to VMs e Firewall as a Service Ability to apply security rules and policies that govern access to project networks via FWaaS the router e Programming Support Ability to access cloud services using OpenStack Command line interface CLI access to CIS OpenStack Representational State Transfer REST API access to CIS Cisco Intercloud Services Interfaces A web browser is your access to all CIS user interfaces Mozilla Firefox is recommended Note The CIS user interfaces support the current release and one prior release of Mozilla Firefox Google Chrome Microsoft Internet Explorer and Apple Safari on a rolling basis The Cisco Intercloud Services Console From the Cisco Intercloud Services Console you can e Access CIS documentati
28. d SSH key pair generated Linux only WARNING If you haven t created a key pair via CIS and you don t have an available valid SSH key pair that you have previously imported into CIS cancel out of this process of creating a VM Go to Generate a Key Pair from Horizon on page 18 or Import a Key Pair on page 19 When you have created or imported an SSH key pair return to this section and continue with the next step Click Compute gt Instances Click Launch Instance Enter the following Instance Details Availability Zone Note Availability zones may vary depending on the data center Instance Name Type the name for your instance Flavor GP Small availability may vary depending on the data center Number of instances You can provision as much as allowed by the project quota You can see your project quotas on the right side of the screen in the Flavor Details and Project Limits sections Enter the number 1 Instance Boot Source You can point to any source First time users select Boot from Image Image Name Select an image from the drop down list Note Projects can deploy multiple instances using the same source image Click the Access amp Security tab This step is for Linux only For Windows images skip to step 7 Click the Networking tab In the Import Key Pair dialog select an available key pair This step is for Linux only for Windows images skip to step 7 Click the Networking tab Linux If you haven
29. d trademark of Cisco and or its affiliates The design in this document may contain or reference software from the open source community including OpenStack technology that must be licensed under the specific license terms applicable to such software http www apache org licenses LICENSE 2 0 Copyright 2014 2015 Cisco Systems Inc All rights reserved 2 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Table of Contents DOCUMENE 6 Ts Preface iA a a aS 7 About This 7 VATO TE TO 7 2 Cisco Intercloud 1 1 iiaii ii 7 Terminology nin 7 Summary Or Available Services 8 Cisco Intercloud Services Interfaces 8 The Cisco Intercloud Services 8 8 Accessing the Cisco Intercloud Services 9 ChOOSING a REGION dens 9 Other Ways to Access CIS EE AEA
30. e a Neutron router provisioned in your project a Neutron router will be provisioned for you However you will then have to create an interface on your project s router for each network that you want to connect to Telstra Next IP Copyright 2014 2015 Cisco Systems Inc All rights reserved 14 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 IMPORTANT Do not add any VMs or any other network components to the dedicated Telstra Next provider network All OpenStack networks that existed in the project and were connected to the Neutron router when Telstra Next IP was provisioned will be connected to your enterprise via Telstra Next IP when you configure your project router Subsequent OpenStack networks added to your project will not be connected to Telstra Next IP unless you create router interfaces for them and then submit another request for Telstra Next IP from the Cloud Direct Connect page When the new request is implemented all existing networks that are connected to the Neutron router in your CIS project will have Telstra Next IP connectivity Configure Your Project Router After your Telstra Next IP network is provisioned in your project you must configure your project s router with e The CIDR addresses of the destination subnets that you want to reach in your enterprise and e The next hop IP address needed to reach those networks Configuring static routes via Horizon is not currently possib
31. e next step Be certain that you don t have any volumes that you want to persist attached to the instance targeted for termination If you wish to save any volumes you must do so before proceeding Refer the instructions in the Managing Volumes before Terminating a VM Instance section on page 3 When you are sure that you don t have any attached volumes that you wish to save click More in the target instance s Actions column In the drop down click Terminate Instance Copyright 2014 2015 Cisco Systems Inc All rights reserved 27 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 4 In the Confirm Terminate Instance dialog click Terminate Instance if you are certain that you want to terminate the selected instance 7 Load Balancing as a Service Note Load balancing does not display on the Horizon Network Topology screen A load balancer is a logical device that belongs to a cloud account It is used to distribute workloads among multiple back end systems or services based on the criteria defined as part of its configuration CIS offers load balancers as a service that you can provision on demand and then configure to balance loads among a pool of resources such as VMs The current capabilities are Self service provisioning of load balancers via Horizon or via the OpenStack CLIs or REST APIs e Configuring the load balancer with the following parameters Supported protocols HTTP no SSL ter
32. eating instances virtual volumes and virtual network components etc and managing your projects Also known as the Horizon Dashboard Copyright 2014 2015 Cisco Systems Inc All rights reserved 40 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Image Refer to snapshot Instance Same as virtual machine VM or VM instance Also called a server Instance Type Same as flavor Key pair Used for authentication of your instances Each key has two parts public and private You use Create Keypair to generate public and private keys The public key is maintained and supplied by OpenStack You can use the Horizon Console to generate a key pair Load Balancer Distributes inbound network traffic across multiple VMs or other network resources to optimize resources and throughput to lessen the likelihood that a single network resource will be overwhelmed Nova An OpenStack Compute service that controls cloud computing fabric virtualization CPU RAM NICs and hard drives Object Storage OpenStack Collection of digital content such as photos MRI scans videos etc Provides eventually consistent and redundant storage as well as retrieval of fixed digital content Differs from block storage because with object storage you have no update ability you can insert and retrieve an object but you cannot modify it The open source infrastructure as a service la
33. eeeeeseaeeeeaaeeseaeeeeeeeees 16 Fire wallasa Services dc snssseectiacsd hacienda adie eee 16 Firewall Rule ede 17 Copyright 2014 2015 Cisco Systems Inc All rights reserved 3 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Create a Firewall 17 Create a Firewall Add a Policy cei ceecessceeeeeeeeeeeeeaeeeaeecaaecaaecaeceaeceaeeeaeeeeeeeeeeseneseaeeeaeesaaeeaaees 17 5 ryptogtaphic Key Pairs for Security 18 Generate a Key Pair from 18 Importa Key Parr 19 6 Provision a Virtual Machine 1 20 Create Your First VM Instance ives a 20 Windows VM Key Management Service 22 Activating Windows 22 1 1 23 Affinity and Anti Affinity 23 SECULITYAGIOUPS wei 23 Using the Default S curity Rulesissa aeiaai 24 Adding Rule for Security Groups ic csccscesccscecss
34. ernally Accessible Create a Network You can create your own private network For example you could create a private network called my first network and assign it an RFC 1918 address space of 192 168 1 0 24 Note The address spaces used in this document are for example purposes only 1 Click Network gt Networks in the Horizon left panel 2 Click Create Network 3 Inthe Create Network dialog enter my first network in the Network Name field Create a Subnet 1 Click Next 2 Inthe Create Subnet dialog enter my first private subnet in the Subnet Name field 3 Enter 192 168 1 0 24 in the Network Address field 4 The first address of this range 192 168 1 1 is the default gateway You will use the default gateway so leave the Gateway IP field empty Click Next pa 6 You can specify additional attributes for the subnet in Subnet Details Ensure that the Enable DHCP check box is selected All other parameters in this screen are optional Copyright 2014 2015 Cisco Systems Inc All rights reserved 11 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Click Create to complete private network provisioning You ll see that my first private subnet was created and appears in the list of networks Click Network Topology to see that your private network was added to the network topology view Create a Router Create a virtual router to route traffic between a private network and
35. h servers are running Go to a browser and enter the address of the load balancer The Load Balancer gets the request and assigns it to App Server 1 which responds with Hello from App Server One Access amp Security Open lt 1 0 200 OK Hello from AppServer ONE When you send the request from the browser for the second time the load balancer gets the request and assigns it to App Server 2 as it is a Round Robin assignment App Server 2 responds with Hello from AppServer TWO Copyright 2014 2015 Cisco Systems Inc All rights reserved 32 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 8 Images and Snapshots Images AVM image is a collection of files for a specific operating system that you use to create a server CIS provides default pre built images that you access via Launch Instance You can create a bootable image by taking a snapshot of an instance from the Horizon Instances screen These bootable images display in the Images section of the Horizon Images and Snapshots screen Click Launch for the image from the Images section the process is the same as launching a new instance from the Instances screen You can also import your own images into the Images section and launch them as described above Launch a VM from an Existing Image To launch a new VM using an existing image refer t
36. il you delete a VM to which they are attached enabling you to control how long you keep your data You can attach volume block storage to your VMs using Horizon or via the OpenStack CLIs APIs For this discussion you will use Horizon Create Volume Storage 1 Click Compute gt Volumes the Horizon left panel You can see a list of other volumes that you have already provisioned if any 2 Click Create Volume Enter the information needed to create a volume e Name of the volume For example my first volume e Size in GB Note the amount of available storage displayed the Volume Limits section on the right side of the dialog e You have the option to choose the volume source It can be empty for example for Windows volumes or you have the option to preload an image Copyright 2014 2015 Cisco Systems Inc All rights reserved 35 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 e You have the option to choose an availability zone e Click Create Volume This creates a new volume Now you can attach the volume to a VM Attach a Volume to a VM Linux All commands in this section require root privileges as indicated by the prompt For the exact command for your system consult the documentation for your version of Linux 1 To see the VM s existing devices log into the instance and execute the following command fdisk l Note The parameter in this example is a lower case L
37. izard or via the CLI and API The most common formats of user data are shell scripts bin bash or cloud config cloud config Cloud init scripts run late in the boot sequence so you can run any type of customization or software installation process for which you can write a script The cloud config option supports a YAML based format that allows you to configure a wide array of options including additional SSH keys custom run commands puppet recipes or some other system level configurations You can find a comprehensive list of cloud config options at this site http cloudinit readthedocs org en latest topics examples html Copyright 2014 2015 Cisco Systems Inc All rights reserved 45 Cisco Confidential Cisco Intercloud Services Telstra User Guide Sample Customization Options Sample 1 July 3 2015 From the Horizon dashboard the Post Creation tab has a Customization Script field that allows you to insert user data for cloud init to process at VM start up The following example uses cloud config to configure a fully qualified domain name for the system and inject multiple SSH authorized keys then shows how to run commands for configuring an application Launch Instance bad Post Creation Customization Script cloud config manage_etc_hosts True ssh_authorized_keys AAAAB3NzaC lyc2EAAAADAQABAAABAQC2IFWmCksODL 9jcsdvLCbcu01 pnjT WOHKUZ2uZbhW7P8hBioefF JfSp7czxH FXLSDjRSulAkkjVVgcCki45eKTMyvzYQ dQtwekn
38. le so you must do this via the OpenStack CLIs or APIs This example configures a project router with the CIDR addresses of three destination subnets in an enterprise and the IP address of the next hop router The IP address of the next hop router is the same for all destination subnets neutron router update lt project router name gt routes type dict list true 0 30 0 30 0 24 The destination subnets shown above represent subnets your enterprise that are reachable via the Telstra Next IP service The nexthop IP address is the last host address in the transition subnet that you supplied when you submitted your request for Telstra Next IP To see the static routes that the router update command configured in the project s Neutron router execute the neutron router show command neutron router show lt project router name gt Modify Security Groups as Appropriate You may need to modify the security groups in your project to permit various types of traffic between your enterprise and your VMs For example if you have web server on a VM in your project receiving requests from clients in your enterprise you will have to modify the VM s security group to allow TCP ingress on
39. me for the firewall policy the Name field Optionally type a description for the policy in the Description field Click the Audited check box if you want to audit changes to underlying rules or policies Click Rules Click the plus sign for each of the rules you wish to add to this policy Click Add In a few moments the new policy will appear in the Firewall Policies screen Create a Firewall and Add a Policy 1 In Horizon navigate to Network gt Firewalls 2 Click Firewalls 3 Click Create Firewall a b Type name for the firewall in the Name field Optionally type a description of the firewall in the Description field Select the policy for this firewall in the Policy drop down WARNING If you deselect Admin State the firewall will be turned off Click Add The new firewall appears in the Firewalls screen Copyright 2014 2015 Cisco Systems Inc All rights reserved 17 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 5 Cryptographic Key Pairs for Security Create a key pair before creating a Linux VM CIS Windows images do not use keypairs Cisco strongly recommends using cryptographic keys to add security to your VMs You can use a cryptographic key pair that you have used previously for secure shell SSH or you can create a new key pair using the CIS user interface Refer to Generate a Key Pair from Horizon on page 18 Key pairs are SSH credentials that are injec
40. mination HTTPS or custom TCP o Session persistence support Available load balancing methods round robin least connection or source IP Create a Load Balancer To create a load balancer e Create a load balancer pool Assign a Virtual IP VIP to the load balancer e Add VM members to the Pool e Add Health Check Monitors to the load balancer e Attach a Public Facing Floating IP to the load balancer e Test the load balancer Copyright 2014 2015 Cisco Systems Inc All rights reserved 28 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Create a Load Balancer Pool A load balancer pool is a logical set of devices such as web servers grouped together to receive and process traffic All requests to the pool first hit the load balancer The load balancer processes the requests and sends them to the appropriate server in the pool based on the load balancing method that was configured 1 Create the subnet that s connected to the Internet for the load balancing pool if it doesn t already exist 2 Click Network gt Load Balancers in the Horizon left panel 3 Click Add Pool then enter the details for the load balancer pool Name A unique name for the load balancer Use My Test LoadBalancer Provider The current implementation of load balancing is based on HAProxy Accept the default Subnet The subnet should point to the address space where the VMs Pools are located In this ex
41. ml lt router id gt lt interface gt Where router id is the ID of the previously created router interface is in the format of lt subnet ID gt subnet lt subnet ID gt optional just listing the subnet ID is permitted port lt port ID gt A subnet or a port must be specified Optional arguments h help show this help message and exit request format json xml Example adding an interface to the router my router with the subnet ID of neutron router interface add my router To list the interfaces attached to the router execute the following command with the router s name or ID as the only argument neutron router port list lt router name router ID gt Example neutron router port list my router Request Telstra Next IP Click Telstra Cloud Services Portal in the CIS Console navigate to the Cloud Direct Connect page and follow the Telstra instructions for implementing Telstra Next IP in your project You need to submit the following information e NRENN optional e AneBGP Interconnect Subnet 29 If you have projects multiple CIS regions an Interconnect Subnet is required for each region e ATransition Network Subnet 29 for your project When Telstra Next IP is provisioned in your CIS project it displays as a new provider network icon in the Horizon Network Topology view It will be attached to your project router If you did not hav
42. ntercloud Services Telstra User Guide July 3 2015 Delete a Container NOTE Before attempting to delete a container make sure that the container is empty To delete a container 1 Navigate to Object Store gt Containers in the Horizon left panel 2 Click the container More button 3 Click Delete Container 10 Accessing CIS via OpenStack amp REST APIs You can access CIS using Open Stack CLIs OpenStack APIs are available but some not supported Ceilometer Autoscaling Availability Zones and VPN as a Service Generate Your API Key 1 Click the down arrow to the right of your login email address in the menu bar 2 Click Settings gt Generate API Key 3 Note the API key that appears 4 Use the API key as your OpenStack password environment variable 05 PASSWORD when making OpenStack CLI API calls 5 Use your login your email address for your OpenStack API username environment variable OS_USERNAME when making OpenStack CLI API calls 6 If you click Regenerate Key you will need to update all of your OpenStack CLI API scripts with your new OS_PASSWORD environment variable Download the OpenStack RC file You ll need to know the appropriate environment variables to access the OpenStack CLI and you ll need a list of your project s OpenStack REST API endpoints to access the API Note Use your login email address for your API username environment variable and use your API key for your
43. o Create Your First VM Instance on page 20 Create an Image You can create your own image with these formats e 50 qcow2 e raw e vdi e vhd e vmdk When building your own image Windows requires para virtualized drivers for storage network and system devices Cisco supports Microsoft certified drivers Drivers for Red Hat are available here Note Cisco recommends that you only use supported drivers To create an image 1 Click Images amp Snapshots in Horizon 2 Click Create Image 3 On the Create an Image form type a name for the image 4 Optional Type a description 5 From the Image Source drop down list select Image Location or Image File e f you selected Image File enter the URL for the image e If you selected Image Location browse the image location 6 Inthe Format field select the image format Copyright 2014 2015 Cisco Systems Inc All rights reserved 33 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Note Windows images created in VHDX format do not convert correctly to VHD When you are creating a VHD image be sure to configure the disk as a static disk not dynamic 7 Optional Enter the minimum disk usage in gigabytes 8 Optional Enter the minimum RAM usage in gigabytes 9 Optional Select the Protected check box to prevent users from deleting this image 10 Click Create Image You can now create an instance using this image Snapshots
44. on via the Support link e View quota limits for various network components e View reports on project usage for time periods that you specify e Access the Telstra Cloud Services Portal to manage users or sign up to connect your CIS project to your enterprise via Telstra Next IP Horizon Horizon allows you to implement and manage CIS functionality including e Networks network topology routers firewall as a service FwaaS and load balancer as a service LBaaS Copyright 2014 2015 Cisco Systems Inc All rights reserved 8 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 e Key pairs e VMs e Security groups e Volumes e Images e Snapshots Accessing the Cisco Intercloud Services Platform To access the Cisco Intercloud Services Console 1 Log to the Telstra Cloud Services Portal https mycloud telstra com 2 Click the Cisco console tab 3 The first time you log in you are prompted to agree to the Acceptable Use Policy AUP Read the AUP and if you agree to the terms and conditions of the AUP accept it The CIS Console opens Use of CIS indicates that you accept the terms and conditions of the AUP Choosing a Region When you log in you can choose the region containing the project you want to work on by clicking the button for that region in the login window 15 Cisco Cloud Services After logging in you can dynamically switch regions to acces
45. p 7EQ3v47s7IYDAA qntMzJ 1132 1 CDxp45jPwyajU5 1jvuS07ZrU6rKJEoj B4Zr4LhxgXPhOxnprsi6VGd3USTNEGQ33jYZRBEIzyYI6GIKX xMEobEFH ZYupO O DWYr2bRQH35D0UVi133nNJBIWZERXQNWIxo4A2 OmJqV 1wmdE 0mP4r8Us m8MSaHrv 1234B3NzaC 1yc2EAAAADAQABAAABAQC2IFWmCksODLSjcsdvLCbcu01pnjTW OHkUZ2uZbhW7P8hBioefF JfSp7czxH FXLSDJRS5SulAkkjVVgcCki45ekK TMyvzYQd Qfweknp 7EQ3v47s7IYDAA qntMz66666 CDxp45jPwyajU5 1 jvu507 ZrU6rKJEojB 4Zr4LhxgXPhOxnprsi6VGv funemd touch opt app file opt app configure sh You can customize your instance after it s launched using the options available here The Customization Script field is analogous to User Data in other systems 2 From the you can insert custom data by passing the user data option the Nova boot command nova boot flavor GP2 Medium nic net id 4c3bd6e9 fc80 4988 b415 f829f3cba47c image RHEL7 user data userdata txt superspecial vm1 where userdata txt contains the shell script or cloud config data you want executed Copyright 2014 2015 Cisco Systems Inc All rights reserved 46 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Sample 2 This example from cloud config puppet txt has the instance contact a specific puppet master at boot for further processing cloud config puppet conf agent server puppetmaster example org ca_cert MIICCTCCAXKgAwIBAgIBATANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDDAJjYTAe Fw0xM
46. reate more than one project if you need to However there are times when you ll want to keep expanding an existing project instead of creating a new one For example VMs that are going to communicate with each other should be on the same private network range in the same project As a rule of thumb don t create situations in which projects have to talk to each other However if the VMs are not going to communicate with each other and are going to be isolated you can just put one or a few VMs in each project Copyright 2014 2015 Cisco Systems Inc All rights reserved 10 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 4 Network Management All virtual machines VMs must be attached to a network in order to be functional When a new project is created by default there is no network associated with the project Therefore the first thing you have to do is provision a network Cisco Intercloud Services CIS offers a comprehensive set of network services that allows you to e Define and configure your own private virtual networks using routers and gateways e Allocate and manage public floating IP addresses that allow your users to access your VMs via the Internet View Your Network Elements and Routers To view a screen with layout of your network elements and routers click Network gt Network Topology from the Horizon left panel Create a Private Network and Attach a Router to Make the Subnet Ext
47. s RDP over the Internet then you will also need to open RDP port 3389 in the project s perimeter via Firewall as a Service Floating IP Addresses Floating IP addresses allow you to assign a public accessible IP address to a private VM that s located on a private subnet Floating IP addresses are not limited to VMs Floating IP addresses can also be mapped to load balancers and other network resources A floating IP address and a private IP address can be used at the same time on a single network interface For example the private IP address is likely to be used for accessing the VM by other VMs in the private network The floating IP address is likely to be used for accessing the VM from the Internet Note Before associating a floating IP address with a VM or other network resource a router must front the private subnet In other words the VM or other network resource must be reachable via a router A floating IP address can be reassigned from a VM or other network resource to a different VM or other network resource Floating IP addresses are allocated from a shared pool of IP addresses There is currently no way to reserve a specific IP address To create a floating IP address and associate it with a private VM 1 Click Compute gt Access amp Security Click the Floating IPs tab Click Allocate IP to Project 2 3 4 Inthe Allocate Floating IP dialog click Allocate IP After a few moments a new IP address appears 5 Click As
48. s a project in another region Click the down arrow next to the region name in the black navigation bar top right and select Switch Region ahale OF cisco Cisco Cloud Services 2 Switch Region Use the Telstra Cloud Services Portal to add or remove projects manage users connect to your Telstra Next network or get help Telstr Note If you attempt to access a region which you have a project you will get an error message You are not authorized for any projects Copyright 2014 2015 Cisco Systems Inc All rights reserved 9 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Other Ways to Access CIS There are other ways to access CIS that are detailed in this guide e Command Line Interface CLI Refer to Accessing CIS via OpenStack CLIs amp REST APIs on page 39 e Application Programming Interface Refer to Accessing CIS via OpenStack CLIs amp REST APIs on page 39 3 Starting with a Project You can start using CIS after you are added to your first project You ll receive a welcome email with next steps Create a Project Project creation is managed via the Telstra Cloud Services Portal To create a project 1 Log into the Telstra CIS Portal https mycloud telstra com 2 Click the Cisco Intercloud Services tab 3 Click Add Project 4 Follow the prompts for creating a project Create Multiple Projects You can c
49. s to the Load 31 T st the Load Balancer cud e seacedeeTancaulh tea idle 32 8 Amages and Snapshots iii potini Ed abana KEP 33 van 33 Launch a VM from an Existins Ima gesessen 33 Copyright 2014 2015 Cisco Systems Inc All rights reserved 4 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Create TM a Se ici 33 Snapshots senaia anie aa 34 Cr ate an Instatice Tsaa 34 Cr ate a Volume Snapshots sipohini einn e TNn eaa 34 Create a Volume from a Snapshot cccsccsscccssscesscssssesscosesecussseeseceesseesseesssesscessssesssessescesscessseesoneess 35 9 Storage for your VM Volume and Object oo eee eee esecsse 35 Create Volume Storage and Attach Mount it to Your 35 Create Volume Storage 35 Attach a Volume to a VM Linux 36
50. scssectscsadocsstectsesseessassesstdqatecssdostsdeniaetiasstastepessecteeasdents 24 Remote Desktop Protocol for Windows 24 8 25 Access Your First VM Instat ssi 25 SSH from an External Terminal 1 25 Access Linux VM via the Instance 26 Access a Windows VM via the Instance 1 2 26 DNS ReSiStration devas 27 Managing Volumes before Terminating a VM Instance eeeeeesceesceceeeeeceeeeeaaeeeeaeeceeeeeesaeeeeaaeeeeaeeees 27 Terminateca VM Instante 27 72 Moad Balancing asia Service nasie 28 2 terre antec aurea 28 Create a Load Balancer enn 29 Assign a Virtual IP Address to the Load 29 Add VM Members t the Pool sii i nae i ia ag A ee laa bites 30 Add Health Check Monitors to the Load Balancer cece seseeseceseceseceseeeeeeseeeeeaeeeaeeeaeecaaecaaessaeenaeeeaeees 31 Attach a Floating IP Addres
51. sioned and is attached to your private subnet Tip You can click elements in the Networking Topology screen to get more information about them and jump to relevant detail and configuration screens Copyright 2014 2015 Cisco Systems Inc All rights reserved 21 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Windows VM Key Management Service Activation ClS provided Windows images have been configured to automatically activate using the key management service KMS provided by CIS A public DNS record has been created for these KMS servers If you re using a ClS provided Windows images and your VMs have Internet access you do not need to do anything else you can skip this section However if you created a Windows image refer to Create an Image on page 33 you will have to activate Windows CIS provides a key management solution for activating Windows Server operating systems The CIS Microsoft Windows 2012 R2 Server license supports activation of the following operating systems e Windows Server 2008 R2 Standard e Windows Server 2008 R2 Enterprise e Windows Server 2012 R2 Standard Activating 5 Windows Images All Non ClS Windows images launched from an image that you created need to be activated using the ClS provided KMS Prerequisites e Every Windows VM requires at least one network adapter to establish connectivity with the host kms telstra cloud cisco com e Each Windows inst
52. sociate from the Actions column for the new IP address 6 In the Manage Floating IP Associations dialog select the private IP address of the private VM from the Port to be Associated drop down 7 Click Associate The VM is now associated with a public IP address and the VM is accessible from both private and public networks Note This may take a few minutes to activate Refresh the Instances screen in Horizon every minute or so When the floating IP address appears under the VM s IP address the association has been activated Access Your First VM Instance SSH from an External Terminal Linux Your VM is up and running You can ping or SSH into your VM via the floating IP address that you associated with the VM 1 Open a terminal window on your local machine Copyright 2014 2015 Cisco Systems Inc All rights reserved 25 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 2 SSH into your VM via the VM s floating IP address S ssh i lt path to your local private key gt root lt floating IP address gt Notes Depending on your version of Linux you may need to use a different login besides root for example ubuntu To find the floating IP address that you associated with the VM in Horizon click Compute gt Access amp Security then click the Floating IPs tab Your SSH session may prompt you for your Unix password This is your password that you configured in the Pos
53. splays in orange and that the router displays as a small box that connects the public network to the private network Telstra Next IP If you have the Telstra Next IP service you can connect your CIS project s deployed OpenStack networks to your enterprise via Telstra Next IP Create Networks and Subnets in Your Project The first step is to create networks and subnets in your project if you haven t done so already You can add additional networks and subnets at a later date and make an additional request for Telstra Next IP as described below Create a Router If you haven t already done so create an OpenStack Neutron router for L3 routing capabilities via Horizon the OpenStack CLIs or the OpenStack APIs Note You can only create one router per project Create Router Interfaces Create an interface on the project s router for any networks which need L3 routing capacities either between other CIS networks or your enterprise networks reachable via Telstra Next IP Any networks that are connected to the router will be advertised i e L3 routing destinations to your enterprise Copyright 2014 2015 Cisco Systems Inc All rights reserved 13 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 You can add an internal network interface to your router via Horizon Network gt Routers gt Add Interface or via the OpenStack CLI neutron router interface add h request format json x
54. stances in the Horizon left panel and then click an instance in the Instance Name column Click the Console tab You may need to wait a couple of minutes the first time the Console initializes itself You may need to click the gray status bar to give focus to the console The Windows image will take approximately 3 8 minutes to boot up Click once on the screen if the installation process seems to hang on Please wait for the Local Session Manager Copyright 2014 2015 Cisco Systems Inc All rights reserved 26 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 6 You will be prompted to create a password This will be your Windows Administrator password for this Windows instance As mentioned earlier you may have to click on the grey bar and press Enter in order for the password fields to accept input and you may also have to wait for a minute before it is ready DNS Registration CIS does not automatically assign a fully qualified domain name FQDN for newly created VMs CIS does not offer domain name hosting or registration services for non Cisco domains at this time For non Cisco domains use the normal procedures for assigning a domain name with your DNS registration or hosting service Managing Volumes before Terminating a VM Instance WARNING If you want attached volumes and their data to persist the volumes MUST be detached before terminating the VM Otherwise the attached volumes and their d
55. storage for object storage You can create containers set permissions on them also known as Access Control Lists or ACL and upload and download objects via Horizon or the OpenStack CLIs APIs The data in object storage consists of a location container the object s name and any metadata consisting of key value pairs Create a Container To create a container 1 Click Object Store gt Containers in the Horizon left panel 2 Click Create Container 3 Enter a container name the Container Name field 4 The Container Access default is Private WARNING If you change the default to Public anyone with the public URL can gain access to the objects in the container 5 Click Create Container Upload an Object to a Container Click the Containers tab in the Horizon left panel Click the name of the target container Click Upload Object Enter a name for the object in the Object Name field Click Browse to locate a file to upload to the container Select the file Click Open A ae Click Upload Object The object name appears next to the container the object was uploaded to Delete an Object To delete an object 1 Navigate to Object Store gt Containers in the Horizon left panel 2 Click the object check box To delete multiple objects select multiple object check boxes 3 Click Delete Objects Copyright 2014 2015 Cisco Systems Inc All rights reserved 38 Cisco Confidential Cisco I
56. t select either Ingress or Egress Typically rules focus on ingress 6 From the Open Port drop down select Port or Port Range For TCP and UDP rules you can open either a single port or a range of ports a Select Port for a specific port such as Port 80 for HTTP b Select Port Range to specify both the starting and ending ports for the range For ICMP rules instead specify an ICMP type and code in the spaces provided 7 From the Remote drop down list specify the traffic source Select CIDR or Security Group 8 If you select Classless Inter domain Routing CIDR CIS displays a CIDR field Enter a CIDR address 9 If you select a Security Group you can choose the default security group or a security group that has already been created Selecting a security group as the source allows any instance in that security group to access to any other instance according to this rule 10 Click Add Remote Desktop Protocol for Windows Images The Windows images provided in the image catalog have Remote Desktop Protocol RDP port 3389 open by default However you will need to open RDP port 3389 in your Windows VMs security groups to allow the appropriate traffic If you created your own Windows image you will have to open RDP port 3389 in your Windows firewall as well Copyright 2014 2015 Cisco Systems Inc All rights reserved 24 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 If you re going to acces
57. t Creation script You may be prompted to change your password Access a Linux VM via the Instance Console 1 Click an instance link There are many ways to click an instance link For example you could click Compute gt Instances in the Horizon left panel and then click an instance in the Instance Name column Click the Console tab You may need to wait a couple of minutes the first time the Console initializes itself and displays the login prompt however it s typically faster to click the gray status bar and then press Enter to give focus to the console At the Login prompt enter the appropriate login name for your Linux distribution For example root for RHEL ubuntu for Ubuntu and centos for Centos Note If you have accessed this instance from a terminal via SSH you may have changed this password If so going forward you must use this new password when you log into this Instance Console If you are still using the password from the Post Creation script for example you haven t changed the original password via SSH change the original password now a Existing password lt Enter your password from the Post Creation script refer to page 21 gt b New password lt enter your new password gt c Retype new password lt reenter your new password gt Access a Windows VM via the Instance Console 1 Os OS Click an instance link There are many ways to click an instance link For example you could click In
58. tances and from which you can launch instances view instances view data center system status and access Horizon Cisco Intercloud Services Portal The initial point of entry into CIS https cloud cisco com CLI OpenStack Command Line Interface Provides users with a series of commands and arguments so they can interact with OpenStack For example you can create an instance or volume create a snapshot attach a volume etc Data Center Houses critical component resources computers storage networks ina controlled environment under centralized management that enables enterprises to operate around the clock according their business needs Ephemeral Storage Ephemeral storage also known as an ephemeral disk is like a temporary scratch pad that the systems reads from and writes to It is non persistent storage that is automatically created when a VM is created and destroyed when a VM is terminated and the ephemeral data is not saved Flavor Defines the CPU type RAM and the amount of storage for an instance Gateway You connect a router to an external URL via a gateway Floating IP Address In CIS a floating IP address is a public IP address reachable from the Internet that can be allocated to a project from a pool of public IP addresses and then associated with a network resource in the project like a VM Horizon The OpenStack Horizon graphical user interface that is used for cr
59. ted into instances when they are launched Creating a new key pair registers the public key and downloads the private key a pem file The public key is associated with the image for the instance The private key is stored on your computer You can create multiple keys for an instance For example you might want to have a set of keys to use in multiple locations Alternately you can use one key pair for a set of instances IMPORTANT Protect and use the key as you would any SSH private key Each keypair has two parts the public key and the private key e The public key is maintained and supplied by the OpenStack identity management system When an instance is generated the public key is automatically injected into the instance by CIS You need the private key to authenticate the SSH session e The private key is stored on your computer as a pem file Generate a Key Pair from Horizon To generate a key pair for an instance from Horizon 1 Click Compute gt Access amp Security 2 Click Key Pairs 3 Click Create Key Pair 4 Inthe Keypair Name field enter a name like my first keypair Lower case is recommended to avoid potential system level case conversion incompatibilities 5 Click Create Keypair 6 Inthe dialog that appears select Save File then click OK to download the pem file 7 You use this pem as part of SSH access This is the private key Note The pem file that was downloaded onto your computer must ha
60. the section in the Resource Segregation Appendix on page 41 Security Groups Security Groups control the network traffic associated with each instance Each instance can be configured by rules to allow specific types of inbound and or outbound traffic Copyright 2014 2015 Cisco Systems Inc All rights reserved 23 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Using the Default Security Rule The default security rule permits TCP ingress for SSH on port 22 from any remote network ICMP ingress on all ports from any remote network To allow other types of inbound traffic you must explicitly open a port associated with the type of traffic you want to allow For example if your project has a web server open port 80 for TCP ingress You can optionally restrict the origin of web requests coming in on port 80 to a specific remote subnet or the IP address of a specific machine Adding a Rule for Security Groups Rules define which traffic is allowed to instances assigned to the security group To add a rule to a security group 1 Click Compute gt Access amp Security gt Security Groups 2 Click Manage Rules for the security group to which you want to add remove a rule or to create a new security group click Create Security Group 3 To add a rule click Add Rule The Add Rule dialog appears 4 From the Rule drop down list select the protocol for the rule 5 From the Direction drop down lis
61. ts reserved 29 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Add VM Members to the Pool To add VM Members to the pool 1 Click the Members tab 2 Click Add Member This adds VMs to the pool to which all the traffic is routed by the load balancer 3 Provide the following details e Pool Provide the name of the load balancer pool to which you want to add the members In this example you are using the My Test LoadBalancer pool that you previously created that points to the private subnet 192 168 3 0 24 e Members The system displays all of the VMs in the pool Click them In this example two VMs App Server 1 and App Server 2 are available in this network as shown Click their check boxes to add them to the pool It is assumed that you ve created one or more VMs in your project If not do so and then return to this step e Weight Assign a weight to the distribution This example shows 50 for equal distribution e Protocol Port Because the VMs in this example are configured as web servers enter port 80 Or you can enter another port number based on your needs 4 Click Add to add the members to the pool Add Member Add New Member Pool Add member to selected pool My Test LoadBalancer 4 Choose or listed instances to be added to the pool as member s Assign a numeric weight for this Member s member Specify the port number the member s operate VY App on
62. ume WARNING Ensure that you are detaching the correct volume Do NOT detach the root boot disk 5 Click Detach Volume Object Storage You can create containers and upload and download objects to containers Overview Object storage manages data objects With objects you can execute Create Read Write and Delete CRUD operations but unlike block storage you cannot update or modify your objects To modify or update objects you must completely replace them in other words create new versions of them You create containers and store your objects in containers Object store is used most often for unstructured data such as text images MRI scans digital photos logs files and media movies audio and is especially used when you want to store huge amounts of information terabytes and above So when you view Object storage think of massively scalable and highly redundant storage Copyright 2014 2015 Cisco Systems Inc All rights reserved 37 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 OpenStack object storage is ideal for cost effective scale out distributed storage It is used to store static data such as virtual machine images photos videos email storage backups and archives Object storage works via containers and objects A container is a storage compartment used to organize data For example you might create a Movie container to store all your movies Objects are basic units of
63. use the login name root for Ubuntu use the login name ubuntu Copy and paste the sample script below into the Post Creation Customization Script text box including cloud config Replace the password placeholder with an appropriate temporary password cloud config password my initial password Click Launch CIS provisions your new VM and the new VM appears in the Instances screen Wait until provisioning is complete before trying to inspect or use the VM The VM is attached to your private network and the VM uses the image and SSH key pair that you selected during the creation process To manage control an instance select an action from the instance s More button You can associate or disassociate a floating IP address edit the instance or its security groups navigate to the instance console view the instance s log or you can pause suspend soft reboot hard reboot shut off or terminate the instance WARNING If you want attached volumes and their data to persist the volumes MUST be detached before terminating the VM Otherwise the attached volumes and their data will be destroyed This does not apply to ephemeral data and the root boot disk When an instance is terminated the instance s ephemeral data are destroyed and all data in the instance s root boot disk are destroyed Refer to Managing Volumes before Terminating a VM Instance on page 27 Click Network gt Network Topology to see that your instance has been provi
64. ve rw permissions to SSH into the VM If not change the permissions S Is la my first keypair pem S chmod 600 my first keypair pem S Is la my first keypair pem Copyright 2014 2015 Cisco Systems Inc All rights reserved 18 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 Import a Key Pair You can import a key pair into CIS For example you might have an SSH key pair that you have generated and used previously that you want to keep using To import a key pair 1 2 3 4 5 6 Click Compute gt Access amp Security in the Horizon left panel Click the Key Pairs tab Click Import Key Pair Type the key pair name in the Key Pair Name field Copy the contents of your public key and paste that text into the Public Key textbox Click Import Key Pair Copyright 2014 2015 Cisco Systems Inc All rights reserved 19 Cisco Confidential Cisco Intercloud Services Telstra User Guide July 3 2015 6 Provision a Virtual Machine Instance Create Your First VM Instance 1 Before you create your first VM instance ensure that you have the following a You have a valid network subnet created The VM creation process needs a network name IMPORTANT If you have not created a network cancel out of this process of creating a VM and provision a network subnet If the VM has to be publicly accessible provision a router and associate the router to the Gateway b You have a vali
Download Pdf Manuals
Related Search