VLAN or IP address settings for LAN switch blades, virtual switches, and L2 switches is automatically performed based on the definition information of network resources in Resource Orchestrator. For L2 switches, firewalls, and server load balancers, configuring, modifying, or deleting the definitions that include VLAN settings is automatically performed using scripts. Scripts are prepared for each model of the network devices by infrastructure administrators.
The simplified network settings will be executed when the following operations are performed:
Target | Operation | Firewall Devices | Server Load Balancers |
|---|---|---|---|
Network resources | Creation | - | - |
Modification | - | - | |
Deletion | - | - | |
Automatic network configuration | - | - | |
Pool migration | - | - | |
VM pool | Registering to pools | - | - |
Network pool | Tenant migration | - | - |
Network devices | Creation | - | - |
Modification | - | - | |
Deletion | - | - | |
Virtual L-Server | Creation | - | - |
Modification | - | - | |
Addition of NICs | - | - | |
Deletion of NICs | - | - | |
Deletion | - | - | |
Physical L-Server | Creation | - | - |
Modification | - | - | |
Deletion | - | - | |
L-Platform | Creation | Yes | Yes |
Modification | Yes | Yes | |
Deletion | Yes | Yes |
Yes: Available
-: Not available
Target | Operation | L2 Switch | Ethernet Fabric Switches | LAN Switch Blades | |||
|---|---|---|---|---|---|---|---|
VLAN Port Profiles (*2) | Internal Connection Ports (*2)(*3)(*4) | VLAN Settings (*5) | Internal Connection Ports | External Connection Ports | |||
Network resources | Creation | Yes | Yes | - | Yes | - | Yes (*6) |
Modification | Yes | Yes | Yes (*7) | Yes | - | Yes (*6) | |
Deletion | Yes | Yes | - | Yes | Yes | - | |
Automatic network configuration | - | - | - | - | Yes | - | |
Pool migration | - | - | - | Yes | - | - | |
VM pool | Registering to pools | - | - | - | - | Yes | - |
Network pool | Tenant migration | - | - | - | Yes | - | - |
Network devices | Creation | - | - | - | Yes | - | - |
Modification | - | - | - | Yes (*10) (*11) | - | - | |
Deletion | - | - | - | - | - | - | |
Virtual L-Server | Creation | - | - | Yes | - | Yes | - |
Modification | - | - | - | - | - | - | |
Addition of NICs | - | - | Yes | - | Yes | - | |
Deletion of NICs | - | - | Yes | - | - | - | |
Modification of connection destination networks | - | - | Yes | - | Yes | - | |
Deletion | - | - | Yes | - | - | - | |
Physical L-Server | Creation | Yes (*8) | - | - | - | Yes | - |
Modification | Yes (*8) | - | - | - | Yes | - | |
Deletion | Yes (*8) | - | - | - | Yes | - | |
L-Platform | Creation | Yes (*9) | - | Yes | - | Yes | - |
Modification | Yes (*9) | - | Yes | - | Yes | - | |
Deletion | Yes (*9) | - | Yes | - | Yes | - | |
Yes: Available
-: Not available
*1: When using an Ethernet Fabric switch or an Ethernet Fabric switch blade which constitutes an Ethernet Fabric, the timing of auto-configuration is the same as that of the Ethernet Fabric switch.
*2: It is automatically configured when using an Ethernet fabric switch and "port profile configuration" is set to "Enable".
*3: A VLAN is automatically configured for the internal connection port used for L-Server communications according to the link between the NIC of the L-Server and the VLAN port profile.
*4: It is automatically configured when all of the following conditions are met.
- When using an Ethernet fabric switch and "port profile configuration" is set to "Enable"
- When the VM host connected to the Ethernet fabric switch is VMware or a Hyper-V virtual L-Server
*5: When performing some type of auto-configuration for the Converged Fabric port, the interface group including the relevant port is configured in Converged Fabric.
*6: When automatic network configuration and automatic VLAN configuration for uplink ports are enabled, settings are automatically configured at the point when an external connection port (including an external connection port with link aggregation configured) is added.
*7: If an uplink port of the Ethernet fabric switch is added, the link between the L-Server connected to the network resource and the VLAN port profile will operate.
*8: Available when using rack mount servers.
*9: Available when using rack mount servers and physical LAN segments have been specified.
*10: When deleting tenants related to VFABs by modifying network devices in Converged Fabric, if the tenants to be deleted are not related to any other VFABs, the relevant tenants belong to the default VFAB. At this time, the linking information of the port profiles and the MAC addresses for the L-Server in the tenant will not be configured automatically as the default VFAB is out of the VFAB auto-configuration target.
In this case, log in to the Converged Fabric and modify the linkage between the port profile and the MAC address for the tenant in the relevant tenant using the relevant command.
*11: When deleting a port in dot1ad mode from VFAB by modifying the network device for Converged Fabric, settings for disabling dot1ad mode of the relevant port are not configured. The following is the reason for this:
- When using the port in dot1ad mode for a VFAB operation other than performing auto-configuration, if the dot1ad mode is disabled due to auto-configuration, it may be unable to communicate with the operational system.
When disabling dot1ad mode of the relevant port, log in to the Converged Fabric, and configure it using the relevant command.
Target | Operation | Virtual Switch | L-Server |
|---|---|---|---|
Network resources | Creation | - | - |
Modification | - | - | |
Deletion | Yes | - | |
Automatic network configuration | Yes (*1) | - | |
Pool migration | - | - | |
VM pool | Registering to pools | Yes (*1) | - |
Network pool | Tenant migration | - | - |
Network devices | Creation | - | - |
Modification | - | - | |
Deletion | - | - | |
Virtual L-Server | Creation | Yes (*1) | Yes |
Modification | - | - | |
Addition of NICs | Yes (*1) | - | |
Deletion of NICs | - | - | |
Modification of connection destination networks | Yes (*1) | - | |
Deletion | - | - | |
Physical L-Server | Creation | - | Yes (*2) |
Modification | - | Yes (*3) | |
Deletion | - | - | |
L-Platform | Creation | Yes (*1) (*4) | Yes |
Modification | Yes (*1) (*4) | - | |
Deletion | - | - |
Yes: Available
-: Not available
*1: Available when using rack mount servers and physical LAN segments have been specified.
*2: Requires a script that configures an IP address for the OS.
*3: The IP address is configured or modified when the network resource is modified.
*4: Available when using virtual L-Servers.
The simplifying network settings will be executed for the following scope.
Figure 2.4 Scope of Automatic Network Settings Execution (For L2 Switches)
Figure 2.5 Scope of Automatic Network Settings Execution (For Ethernet Fabric Switches)
CIR: Clean Interface with Redundancy (Port that connects to an external device)
EP: End Point (Port that connects with the server)
*Note: CIR is not automatically configured.
For details on automatic network settings for virtualized environments, refer to the relevant sections explaining how to prepare and setup server virtualization software in "Chapter 8 Configuration when Creating Virtual L-Servers" in the "Setup Guide CE".
The following network information is hidden, depending on the network resource.
Virtual Switches
Port Groups
LAN Switch Blades
L2 Switches
Ethernet Fabric Switches
Figure 2.6 Hiding of Network Device Information (For L2 Switches)
Figure 2.7 Hiding of Network Device Information (For Ethernet Fabric Switches)
CIR: Clean Interface with Redundancy (Port that connects to an external device)
EP: End Point (Port that connects with the server)
There are two types of modes for auto-configuration of network devices.
User Customization Mode
Firewalls, server load balancers, and L2 switches are the targets.
Simple configuration mode
Firewalls (NSAppliance) and server load balancers (NSAppliance) are the targets.
Information
When performing auto-configuration of NS Appliances, it is recommended to use simple configuration mode. Regarding the selection criteria for which method to use, refer to "2.1.3 Designing the L-Platform Network Environment" in the "NS Option Instruction".
User Customization Mode
The infrastructure administrator creates the ruleset necessary to configure the definitions for the network devices (firewalls, server load balancers, and L2 switches), and registers it in Resource Orchestrator.
In Resource Orchestrator, perform auto-configuration for the target network devices using the ruleset registered by the infrastructure administrator.
For details on preparation for auto-configuration using user customization mode, refer to "Appendix F Preparing for Automatic Configuration and Operation of Network Devices".
For details on operation image of modifying configuration of firewalls using user customization mode, refer to "When an L-Platform that uses a firewall is deployed with the use of a ruleset" in "8.3.9 Setup Firewall" in the "User's Guide for Tenant Administrators CE" or "5.3.8 Setup Firewall" in the "User's Guide for Tenant Users CE".
For details on the operation image of modifying configuration of firewalls using user customization mode, refer to "8.3.11.2 When an L-Platform that Uses a Server Load Balancer (SLB) Is Deployed Using a Ruleset" in the "User's Guide for Tenant Administrators CE" or "5.3.10.2 When an L-Platform that Uses a Server Load Balancer (SLB) Is Deployed Using a Ruleset" in the "User's Guide for Tenant Users CE".
Simple configuration mode
The infrastructure administrator is not required to create the rulesets necessary for configuring definitions for network devices (firewalls and server load balancers) in advance.
In Resource Orchestrator, it is possible to easily perform auto-configuration by using the defined definitions.
Simple configuration mode enables deployment of L-Platforms using firewalls and server load balancers, without using rulesets.
For details on the logical network configuration realized using simple configuration mode, the target devices, or configuration details, refer to "Appendix I Auto-configuration and Operations of Network Devices Using Simple Configuration Mode".
When using simple configuration mode, the virtual IP addresses used for address translation functions of firewalls (public addresses) can be managed, and the IP addresses can be allocated to the L-Platform automatically. When using this function, it is necessary to create the address set resources of global IP addresses.
For details, refer to "14.6 Address Set Resources" in the "User's Guide for Infrastructure Administrators (Resource Management) CE".
For details on operation image of modifying configuration of firewalls using simple configuration mode, refer to "When an L-Platform that uses a firewall is deployed without the use of a ruleset" in "8.3.9 Setup Firewall" in the "User's Guide for Tenant Administrators CE" or "5.3.8 Setup Firewall" in the "User's Guide for Tenant Users CE".
For details on the operation image of modifying configuration of server load balancers using simple configuration mode, refer to "8.3.11.1 When an L-Platform that Uses a Server Load Balancer (SLB) Is Deployed Without Using a Ruleset" in the "User's Guide for Tenant Administrators CE", or "5.3.10.1 When an L-Platform that Uses a Server Load Balancer (SLB) Is Deployed Without Using a Ruleset" in the "User's Guide for Tenant Users CE".
Auto-configuration Timing and Images
This section explains auto-configuration timing and images.
Automatic configuration of firewalls and server load balancers when creation, modification, or deletion of an L-Platform is performed
The detailed timing is as follows:
When an L-Platform is created from an L-Platform template that includes a network device (firewall or server load balancer)
When L-Server addition or deletion is performed for an L-Platform
When the settings of a network device (firewall or server load balancers) in an L-Platform are modified
When an L-Platform created from an L-Platform template that includes a network device (firewall or server load balancer) is deleted
Automatic configuration for L2 switches when creation, modification, or deletion of an network resource is performed
Automatic configuration for L2 switches when creation or modification of a physical L-Server is performed on rack mount servers
Figure 2.8 Network Device Automatic Configuration Image
Recovery (deletion of incomplete settings, etc.) of network devices can be performed by preparing a recovery script in advance in case automatic configuration of network devices fails.
Figure 2.9 Network Device Automatic Configuration Image (Recovery Process)
The following files are available as network device (firewall, server load balancer and L2 Switch) configuration files.
Network Device Configuration Files
A configuration file containing settings related to communication, such as address and VLAN information of devices and interfaces, and rules for firewalls and server load balancers
Network Device Environment Files
Files required for the operation of devices such as CA certificates, user authentication databases and user customized information (excluding network device configuration files)
In this product, a function that manages device configuration files using generations is provided. Using this function modification changes can be checked and restoration of configurations can be performed easily when network devices are exchanged.
The following features are provided by the network device configuration file management function.
Backing up and restoration of configuration files
Network device configuration files can be backed up by this product and managed using generations.
Further, the latest configuration files that have already been backed up can be restored to network devices.
Export of configuration files
The files that are backed up and managed using generations can be exported from the manager.
Backing up and restoration of environment files
Network device configuration files can be backed up to this product.
Further, backed up environment files can be restored to network devices.
Export of environment files
The backed up files can be exported to the infrastructure admin's terminal.
Registration of external server information
For network devices which do not have an ftp server, the information of an external ftp server, which is used for backing up and restoration of network devices, can be registered.
Specify this external server in the network configuration information (XML definition) file when registering the network device.
This section provides a brief overview of simple network monitoring.
Visualize Networks (NetworkViewer Function)
Resource Orchestrator provides NetworkViewer, which helps visualize and relate logical networks (within L-Servers and L-Platforms) and physical and virtual networks (comprised of servers, network devices, VLANs, and virtual switches). It has the following features.
Visualizes connection relationship (topology) and link statuses regardless of the type of the network device or the server virtualization software.
Visualizes the connection relationships of L-Platforms and L-Servers.
Facilitates the checking of relationships between resources and L-Platforms or L-Servers.
Facilitates consistency between the physical and virtual networks and the logical network, and also identification of the resources affected by a network issue.
Displays comprehensive content that can be used in communication between server and network administrators, thus smoothing out coordination between the two parties.
For details on NetworkViewer, refer to "Chapter 11 NetworkViewer" in the "User's Guide for Infrastructure Administrators (Resource Management) CE".
Note
For VMware virtual switches, network links are only displayed when using the standard switches.
When using switches other than the standard switches, such as distributed virtual switches, those virtual switches and the network links are not displayed.
Status Monitoring
Resource Orchestrator monitors the status of network devices (Firewalls, server load balancers, and L2 switches) in order to automatically perform network settings for them.
