Have you heard about the Cisco UCS Director ?
Ready to get started with this product?
Then I will show how to make it possible for end users to independently create a request on the Cisco UCS Director self-service portal and automatically receive a ready-made virtual machine.

To do this, we will learn how to create sets of policies and combine several policies into a group within the framework of vDC, and also create a directory (template) based on these policies to provide users with access to this directory through the self-service portal.

Let's start with the infrastructure. The infrastructure on the basis of which we will perform all the settings consists of:

• NetApp Clustered DataONTAP 8.2 Simulator as a disk array;
• virtual infrastructure deployed based on:
• ESXi appliance 5.5.0;
• vCenter appliance 5.5.0a.

It looks something like this: Immediately, I note that all the settings for policies and settings for the virtual machine template (s) in our post will relate to the VMWare vSphere infrastructure.

Creating a policy-based template (directory)

In this section I will describe the process of preparing a template for a virtual machine based on the CentOS 6.4 distribution, the publication of this template on the Self-service portal and the organization of access for the end user to this template (directory).

Policies

First of all, we will create a set of policies that will allow us to manage the virtual machine template, limit the set of resources (CPU, Memory, Disk usage) and provide the user with the opportunity to select a certain amount of resources when creating the machine (within the allowed, of course).
First, let's understand what “Policy” is in UCSD terminology. An almost literal translation of the documentation sounds like this:
Policies are a set of rules that determine where and how a virtual machine will be deployed, taking into account the existing infrastructure and the availability of system resources.
In general, this is an exhaustive explanation. It remains to add that policies can (and should) be defined not only for virtual machines, but also for hardware servers, disk arrays, and even network devices. The description of such policies is beyond the scope of my post.
Policies for virtual machines in UCSD are divided into four groups:

• Computing;
• Storage
• Network
• System

Computing policy

This type of policy:

• Allows you to explicitly select the desired ESX server (s), cluster and resource pool to host the virtual machine;
• Automate the selection of the ESX server using the Minimum conditions for the location of the virtual machine (in other words, it allows you to specify criteria for choosing the ESX server);
• Change the deployment options of the machine;
• Provide the user with the opportunity to independently select the required amount of resources (the number of vCPU and memory) from the range specified by the administrator.

To create a policy in the UCSD interface, go to the Policies -> Computing -> VMWare Computing Policy tab and add a new policy by clicking on the Add button: In our case, we will set the following parameters:

Policy name	CentOS_vm_computing
Cloud name	IT-GRAD-TEST
Resizing options	Allow resizing of VM (checkbox enable)
Permitting value for vCPUs	1,2,4
Permitting value for Memory in Mb	1,024,2048,4192

We save the policy in the directory.

Storage policy

This type of policy:

• Defines a set of datastores on which it is possible to place the virtual machine, and also provides a choice of the required datastore for the user;
• Allows you to specify the type of datastore allowed for use;
• Allows you to specify a set of conditions (Minimum condition) for selecting a datastore (Capacity, latency, etc);
• Allows you to set additional policies for disks - select the type of disk: data, database, log, swap (do not ask me how these policies affect the distribution of disk space and performance, I have no answer to this question yet;)).

To create a policy in the UCSD interface, go to the Policies -> Storage -> VMWare Storage Policy tab. Set the parameters: Click Next, go to the same mysterious page with the Additional Disk Policy settings, leave everything unchanged on it. So we got a new entity - VMWare Storage Policy with the following settings:

Policy name	CentOS_vm_computing
Cloud name	IT-GRAD-TEST
Datastore scope	Include selected
Selected datastore	vs1_nfs1 (in our case)
Use shared datastore	checkbox uncheck
Use local storage	checkbox uncheck
Use NFS	checkbox enable
Use san	checkbox enable
Allow resizing of disk	checkbox enable
Permitted values ​​of disk in Gb	16.40

Network policy

I’ll clarify right away that the described policy has nothing to do with network equipment and is only responsible for the configuration of the network subsystem of the created virtual machine.
This type of policy:

• Allows you to configure the options for selecting ip addresses (DHCP, IP Pool or Static IP);
• Allow the addition of additional network adapters when creating a virtual machine;
• Allows you to specify the required PortGroup to host the virtual machine;
• Allows you to determine the type of network adapter.

To create a policy in the UCSD interface, go to the Policies -> Network -> VMWare Network Policy tab. Set the parameters: Next, click Submit to win. As a result, we got a policy that defines the number of adapters, the type of adapter, PortGroup on the virtual switch, the pool of static addresses from which it will be possible to take the address for the virtual machine.

Policy name	CentOS_vm_computing
Cloud name	IT-GRAD-TEST
VM Network
Nic alias	vNIC1
Adapter type	VMXNET3
Port group	VM Network
IPv4 configuration
Select IP address type	Static
Select IP address source	Inline IP Pool
Static IP Pool	192.168.1.2-192.168.1.10
Netmask	255.255.255.0
Gateway IP address	192.168.1.1

System policy

The final type of policy that we will cover in this post is system policy.
This type of policy:

• Defines the system parameters of the virtual machine, such as the VM name pattern and host name pattern (hostname at the OS level);
• DNS settings, such as name servers and domain suffix;
• Timezone settings for Linux OS;
• Choosing which operating system to install and many more (see the Cisco UCS Director Administration Guide, Release 4.1).

To create a policy in the UCSD interface, go to the Policies -> Service Delivery -> VMWare System Policy tab. There are few settings in this section:

Policy name	CentOS_vm_computing
VM name template	vm - $ {USER_NAME}
Power on after deploy	Checkbox enable
Host name template	testvm1
DNS domain	Test.local
Linux time zone	Europe / Moscow
VM Image Type	Linux only

This completes the policy settings, all the necessary policies are created. Next, we must combine all our policies into a group and publish our template (application) on the self-service portal.

VDC creation

In terminology, UCSD vDC is an object within which a certain set of virtual resources, images of virtual machines (templates), and policies are grouped. vDC makes it possible to provide management of a strictly defined set of resources at the level of user groups or organizations created in UCSD.

Using vDC, we can:

• Provide the ability to manage resource sets to organizations or groups;
• Set resource quotas for organizations or groups;
• Define the set of actions allowed to the end user in relation to virtual machines associated with vDC;
• Define the policy that will perform the set of actions described using WorkFlow, after the end user creates virtual machines;
• Define a set of predefined actions (based on regular workflows) that a user can perform with a virtual machine in a given vDC;
• Set requirements for resource allocation requests and determine the users responsible for request growth at the vDC level.

To create a policy in the UCSD interface, go to the Policies -> Virtual Data Centers -> vDC tab: In our case, we determined the following settings:

vDC Name	vDC_cust1
Group	Cust1
Cloud name	IT-GRAD-TEST
Policies
System policy	CentOS_vm_system
Computing policy	CentOS_vm_computing
Network policy	CentOS_vm_network
Storage policy	CentOS_vm_storage
End User self-service options
Vm power management	checkbox enable
VM snapshot management	checkbox enable
VM Network Management	checkbox enable

So, we have completed the vDC settings. Setting a group in the settings of our vDC means that users of the specified group get access to the resources grouped for our vDC.

We also gave our users the opportunity to manage the state (on / off), manage snapshots and network settings for virtual machines associated with vDC.

Creating a catalog

We are gradually approaching the finale of our work and at the final stage we need to create a catalog. What is it?

Catalog is an object on the basis of which a user on the self-service portal will be able to generate a request for creating a virtual machine (and not only that, of course, but we will analyze a special case). In other words, this is the interface for providing a particular service or set of services for the end user.

There are four types of directories in UCSD (for details, see the Cisco UCS Director Administration Guide, Release 4.1). In our case, we will use a directory of type Standard, which is designed specifically for storing virtual machine templates designed to create ready-made VMs at the user's request.

To create a policy in the UCSD interface, go to the Policies -> Catalog tab:

Catalog name	CentOS_vm_Cust1
Catalog type	Standard
Catalog icon	VM: CentOS Linux
Selected groups	Cust1
Cloud name	IT-GRAD-TEST
VM Images	CentOS
Category	Generic VM
Specify OS	Linux - CentOS

Actually, we set all the necessary settings on the first two pages of the catalog creation form: Basic Information and Application Details. I will leave the rest of the settings unchanged if someone wants to know more about these settings - to Wellcomes to the UCSD administrator’s guide I have repeatedly indicated.

After creating the catalog, it is automatically published on the self-service portal and is available to members of the group that we have chosen.

So, we finished the basic part of our settings, getting a vDC with a set of policies and a directory with a given operating system template. What's next?

Work with Self-Service Portal

Users and Groups in UCSD

First of all, I will describe the procedure for creating a group (I hope everyone understands that our group Cust1 was created before the creation of vDC and the directory). To do this, go to the Administration tab -> Users and Groups -> User Groups: And run the form for creating a new group: Actually creating a group should not cause any difficulties. We will do the most interesting thing after creating the group - we will set a set of restrictions on resources that can be used by users included in our group. We can set limits for:

• Virtual resources;
• Operating system resources;
• Physical resources.

In order to set limits, you need to select the group we need from the list of already created ones and run the “Edit resource limits” form.





Do not forget to enable the “Enable resource limits” checkbox. A detailed description of all the form settings is in the Cisco UCS Director Administration Guide, Release 4.1.

Now let's create our user, who will be given access to the self-service portal. To do this, go to the Administration tab -> Users and Groups -> Login Users And add a new user A few comments:

1. The Service End-User type of user defines the ability for the user to log in and use the self-service portal. In other words, this is a built-in role that defines the user's access rights to the set of resources of the service portal.
2. Обратите внимание на группу, которую мы задаем для пользователя. Это та самая группа, которую мы указывали при создании vDC и каталога. Собственно за счет привязки нашего пользователя к нужной группе мы даем ему возможность пользоваться созданным нами каталогом (другими словами получать услугу).

Self-Service portal

And finally, for what we did all the previous settings - the self-service portal. Access to the portal is very simple, for this you just need to follow the standard link under the enduser user that we created.



On the portal interface, the CentOS-vm_Cust1 directory created earlier will be automatically available to us. Let's try to create a virtual machine deployment request. To do this, you can either select an available directory and click on “Create Request”



Or simply double-click on the desired directory. In both cases, a request creation form will appear:



Click Next.



Here we can choose the vDC available to us and the time of deployment of the virtual machine (we can schedule the time we need). We say that we want to deploy the machine right now and click Next.



I want to get a virtual machine with 2 vCPU, 4 gigs of RAM and 16 GB vHDD. I set the necessary parameters, as shown in the figure above. And I press Next.



We haven’t attached custom workflows to our template yet, so just click Next.



This completes the creation of the request, you can view the summary and click Submit

Service Request Status

Of course, it will be interesting for us to monitor the progress of our application. The UCSD self-service portal has a convenient interface for viewing the status and logs of the request.

We need to go to the portal page called “Services” and select the request we need from the list: To view the details, either double-click on the desired request or click “View Details” We see the stages of the request and their current status. What is done, what is done, what are the results. All stages of our request were completed successfully. The result is a new virtual machine. And now a few words about setting up user actions confirmation on the UCSD self-service portal.

Configuring user actions confirmation on the UCSD self-service portal

To do this, go to the Policies -> Virtual Data Centers menu. We select vDC vDC_Cust1, the creation of which was described in the post "Self-service using Cisco UCS Director: how to give users the opportunity to create virtual servers themselves" and edit it.



We are interested in the section "Approvers and Contacts". In the "First Approver Username" field, we can specify the name of the user to whom the confirmation request will be sent. Let's set the username admin and save the settings.

A user in the self-service portal generates a request to create a VM. Let's see the query execution log:



To confirm the execution of the request, the administrator needs to go to the menu Organizations -> My approvals, select the desired request in the Pending status



And choose either Approve or Reject.







On this I will end the story about the UCSD functionality in the field of provisioning virtual machines and the self-service portal. Thanks to those who have read to the end, I hope the post will be useful for those who begin to get acquainted with the product.