Self-service with Cisco UCS Director: How to Give Users the Power to Create Virtual Servers

  • Tutorial
Create a virtual machine yourself online

Have you heard about the Cisco UCS Director ?
Ready to get started with this product?
Then I will show how to make it possible for end users to independently create a request on the Cisco UCS Director self-service portal and automatically receive a ready-made virtual machine.

To do this, we will learn how to create sets of policies and combine several policies into a group within the framework of vDC, and also create a directory (template) based on these policies to provide users with access to this directory through the self-service portal.

Let's start with the infrastructure. The infrastructure on the basis of which we will perform all the settings consists of:
  • NetApp Clustered DataONTAP 8.2 Simulator as a disk array;
  • virtual infrastructure deployed based on:
  • ESXi appliance 5.5.0;
  • vCenter appliance 5.5.0a.

It looks something like this: Immediately, I note that all the settings for policies and settings for the virtual machine template (s) in our post will relate to the VMWare vSphere infrastructure.
Virtual Machine Deployment Infrastructure

Creating a policy-based template (directory)

In this section I will describe the process of preparing a template for a virtual machine based on the CentOS 6.4 distribution, the publication of this template on the Self-service portal and the organization of access for the end user to this template (directory).


First of all, we will create a set of policies that will allow us to manage the virtual machine template, limit the set of resources (CPU, Memory, Disk usage) and provide the user with the opportunity to select a certain amount of resources when creating the machine (within the allowed, of course).
First, let's understand what “Policy” is in UCSD terminology. An almost literal translation of the documentation sounds like this:
Policies are a set of rules that determine where and how a virtual machine will be deployed, taking into account the existing infrastructure and the availability of system resources.
In general, this is an exhaustive explanation. It remains to add that policies can (and should) be defined not only for virtual machines, but also for hardware servers, disk arrays, and even network devices. The description of such policies is beyond the scope of my post.
Policies for virtual machines in UCSD are divided into four groups:

  • Computing;
  • Storage
  • Network
  • System

Computing policy

This type of policy:

  • Allows you to explicitly select the desired ESX server (s), cluster and resource pool to host the virtual machine;
  • Automate the selection of the ESX server using the Minimum conditions for the location of the virtual machine (in other words, it allows you to specify criteria for choosing the ESX server);
  • Change the deployment options of the machine;
  • Provide the user with the opportunity to independently select the required amount of resources (the number of vCPU and memory) from the range specified by the administrator.

To create a policy in the UCSD interface, go to the Policies -> Computing -> VMWare Computing Policy tab and add a new policy by clicking on the Add button: In our case, we will set the following parameters:

Creating a Computing Policy in the UCSD Interface

Setting Computing policy settings

Policy nameCentOS_vm_computing
Cloud nameIT-GRAD-TEST
Resizing optionsAllow resizing of VM (checkbox enable)
Permitting value for vCPUs1,2,4
Permitting value for Memory in Mb1,024,2048,4192

We save the policy in the directory.

Storage policy

This type of policy:

  • Defines a set of datastores on which it is possible to place the virtual machine, and also provides a choice of the required datastore for the user;
  • Allows you to specify the type of datastore allowed for use;
  • Allows you to specify a set of conditions (Minimum condition) for selecting a datastore (Capacity, latency, etc);
  • Allows you to set additional policies for disks - select the type of disk: data, database, log, swap (do not ask me how these policies affect the distribution of disk space and performance, I have no answer to this question yet;)).

To create a policy in the UCSD interface, go to the Policies -> Storage -> VMWare Storage Policy tab. Set the parameters: Click Next, go to the same mysterious page with the Additional Disk Policy settings, leave everything unchanged on it. So we got a new entity - VMWare Storage Policy with the following settings:

Creating Storage policy in UCSD

Setting options for Storage policy

Setting options for Storage policy

Setting options for Storage policy

Setting options for Storage policy

Policy nameCentOS_vm_computing
Cloud nameIT-GRAD-TEST
Datastore scopeInclude selected
Selected datastorevs1_nfs1 (in our case)
Use shared datastorecheckbox uncheck
Use local storagecheckbox uncheck
Use NFScheckbox enable
Use sancheckbox enable
Allow resizing of diskcheckbox enable
Permitted values ​​of disk in Gb16.40

Network policy

I’ll clarify right away that the described policy has nothing to do with network equipment and is only responsible for the configuration of the network subsystem of the created virtual machine.
This type of policy:
  • Allows you to configure the options for selecting ip addresses (DHCP, IP Pool or Static IP);
  • Allow the addition of additional network adapters when creating a virtual machine;
  • Allows you to specify the required PortGroup to host the virtual machine;
  • Allows you to determine the type of network adapter.

To create a policy in the UCSD interface, go to the Policies -> Network -> VMWare Network Policy tab. Set the parameters: Next, click Submit to win. As a result, we got a policy that defines the number of adapters, the type of adapter, PortGroup on the virtual switch, the pool of static addresses from which it will be possible to take the address for the virtual machine.

Creating a Network Policy in the UCSD Interface

Setting options for Network policy

Setting options for Network policy

Setting options for Network policy

Setting options for Network policy

Setting options for Network policy

Policy nameCentOS_vm_computing
Cloud nameIT-GRAD-TEST
VM Network
Nic aliasvNIC1
Adapter typeVMXNET3
Port groupVM Network
IPv4 configuration
Select IP address typeStatic
Select IP address sourceInline IP Pool
Static IP Pool192.168.1.2-
Gateway IP address192.168.1.1

System policy

The final type of policy that we will cover in this post is system policy.
This type of policy:

  • Defines the system parameters of the virtual machine, such as the VM name pattern and host name pattern (hostname at the OS level);
  • DNS settings, such as name servers and domain suffix;
  • Timezone settings for Linux OS;
  • Choosing which operating system to install and many more (see the Cisco UCS Director Administration Guide, Release 4.1).

To create a policy in the UCSD interface, go to the Policies -> Service Delivery -> VMWare System Policy tab. There are few settings in this section:

Creating a system policy in the USCD interface

System policy setting
Policy nameCentOS_vm_computing
VM name templatevm - $ {USER_NAME}
Power on after deployCheckbox enable
Host name templatetestvm1
DNS domainTest.local
Linux time zoneEurope / Moscow
VM Image TypeLinux only

This completes the policy settings, all the necessary policies are created. Next, we must combine all our policies into a group and publish our template (application) on the self-service portal.

VDC creation

In terminology, UCSD vDC is an object within which a certain set of virtual resources, images of virtual machines (templates), and policies are grouped. vDC makes it possible to provide management of a strictly defined set of resources at the level of user groups or organizations created in UCSD.

Using vDC, we can:

  • Provide the ability to manage resource sets to organizations or groups;
  • Set resource quotas for organizations or groups;
  • Define the set of actions allowed to the end user in relation to virtual machines associated with vDC;
  • Define the policy that will perform the set of actions described using WorkFlow, after the end user creates virtual machines;
  • Define a set of predefined actions (based on regular workflows) that a user can perform with a virtual machine in a given vDC;
  • Set requirements for resource allocation requests and determine the users responsible for request growth at the vDC level.

To create a policy in the UCSD interface, go to the Policies -> Virtual Data Centers -> vDC tab: In our case, we determined the following settings:

Creating Virtual DataCenters (vDC)

Configure Virtual DataCenter (vDC)

Configure Virtual DataCenter (vDC)

vDC NamevDC_cust1
Cloud nameIT-GRAD-TEST
System policyCentOS_vm_system
Computing policyCentOS_vm_computing
Network policyCentOS_vm_network
Storage policyCentOS_vm_storage
End User self-service options
Vm power managementcheckbox enable
VM snapshot managementcheckbox enable
VM Network Managementcheckbox enable

So, we have completed the vDC settings. Setting a group in the settings of our vDC means that users of the specified group get access to the resources grouped for our vDC.

We also gave our users the opportunity to manage the state (on / off), manage snapshots and network settings for virtual machines associated with vDC.

Creating a catalog

We are gradually approaching the finale of our work and at the final stage we need to create a catalog. What is it?

Catalog is an object on the basis of which a user on the self-service portal will be able to generate a request for creating a virtual machine (and not only that, of course, but we will analyze a special case). In other words, this is the interface for providing a particular service or set of services for the end user.

There are four types of directories in UCSD (for details, see the Cisco UCS Director Administration Guide, Release 4.1). In our case, we will use a directory of type Standard, which is designed specifically for storing virtual machine templates designed to create ready-made VMs at the user's request.

To create a policy in the UCSD interface, go to the Policies -> Catalog tab:

Creating a catalog

Creating a catalog

Catalog Settings
Catalog nameCentOS_vm_Cust1
Catalog typeStandard
Catalog iconVM: CentOS Linux
Selected groupsCust1
Cloud nameIT-GRAD-TEST
VM ImagesCentOS
CategoryGeneric VM
Specify OSLinux - CentOS

Actually, we set all the necessary settings on the first two pages of the catalog creation form: Basic Information and Application Details. I will leave the rest of the settings unchanged if someone wants to know more about these settings - to Wellcomes to the UCSD administrator’s guide I have repeatedly indicated.

After creating the catalog, it is automatically published on the self-service portal and is available to members of the group that we have chosen.

So, we finished the basic part of our settings, getting a vDC with a set of policies and a directory with a given operating system template. What's next?

Work with Self-Service Portal

Users and Groups in UCSD

First of all, I will describe the procedure for creating a group (I hope everyone understands that our group Cust1 was created before the creation of vDC and the directory). To do this, go to the Administration tab -> Users and Groups -> User Groups: And run the form for creating a new group: Actually creating a group should not cause any difficulties. We will do the most interesting thing after creating the group - we will set a set of restrictions on resources that can be used by users included in our group. We can set limits for:

Creating a group in UCSD

Group settings

  • Virtual resources;
  • Operating system resources;
  • Physical resources.

In order to set limits, you need to select the group we need from the list of already created ones and run the “Edit resource limits” form.

Create resource limits for a specific group

Create resource limits for a specific group

Do not forget to enable the “Enable resource limits” checkbox. A detailed description of all the form settings is in the Cisco UCS Director Administration Guide, Release 4.1.

Now let's create our user, who will be given access to the self-service portal. To do this, go to the Administration tab -> Users and Groups -> Login Users And add a new user A few comments:

Creating a user with access rights to the self-service portal

Add new user

  1. The Service End-User type of user defines the ability for the user to log in and use the self-service portal. In other words, this is a built-in role that defines the user's access rights to the set of resources of the service portal.
  2. Обратите внимание на группу, которую мы задаем для пользователя. Это та самая группа, которую мы указывали при создании vDC и каталога. Собственно за счет привязки нашего пользователя к нужной группе мы даем ему возможность пользоваться созданным нами каталогом (другими словами получать услугу).

Self-Service portal

And finally, for what we did all the previous settings - the self-service portal. Access to the portal is very simple, for this you just need to follow the standard link under the enduser user that we created.

Self-Service Portal Interface

On the portal interface, the CentOS-vm_Cust1 directory created earlier will be automatically available to us. Let's try to create a virtual machine deployment request. To do this, you can either select an available directory and click on “Create Request”

Create a request to create a virtual machine

Or simply double-click on the desired directory. In both cases, a request creation form will appear:

Virtual Machine Request Form

Click Next.

Choosing an Available vDC and Virtual Machine Deployment Time

Here we can choose the vDC available to us and the time of deployment of the virtual machine (we can schedule the time we need). We say that we want to deploy the machine right now and click Next.

Setting the required virtual machine resources

I want to get a virtual machine with 2 vCPU, 4 gigs of RAM and 16 GB vHDD. I set the necessary parameters, as shown in the figure above. And I press Next.

Custom workflow

We haven’t attached custom workflows to our template yet, so just click Next.

Virtual Machine Creation Summary

This completes the creation of the request, you can view the summary and click Submit

Service Request Status

Of course, it will be interesting for us to monitor the progress of our application. The UCSD self-service portal has a convenient interface for viewing the status and logs of the request.

We need to go to the portal page called “Services” and select the request we need from the list: To view the details, either double-click on the desired request or click “View Details” We see the stages of the request and their current status. What is done, what is done, what are the results. All stages of our request were completed successfully. The result is a new virtual machine. And now a few words about setting up user actions confirmation on the UCSD self-service portal.

View status and query execution logs

View request details

Этапы выполнения запроса и текущий статус

Configuring user actions confirmation on the UCSD self-service portal

To do this, go to the Policies -> Virtual Data Centers menu. We select vDC vDC_Cust1, the creation of which was described in the post "Self-service using Cisco UCS Director: how to give users the opportunity to create virtual servers themselves" and edit it.

Настройка подтверждения действий пользователя

We are interested in the section "Approvers and Contacts". In the "First Approver Username" field, we can specify the name of the user to whom the confirmation request will be sent. Let's set the username admin and save the settings.

A user in the self-service portal generates a request to create a VM. Let's see the query execution log:

Лог выполнения запроса на создание виртуальной машины

To confirm the execution of the request, the administrator needs to go to the menu Organizations -> My approvals, select the desired request in the Pending status

Подтверждение запроса на создание виртуальной машины

And choose either Approve or Reject.

Подтверждение запроса на создание виртуальной машины

Подтверждение запроса на создание виртуальной машины


On this I will end the story about the UCSD functionality in the field of provisioning virtual machines and the self-service portal. Thanks to those who have read to the end, I hope the post will be useful for those who begin to get acquainted with the product.

Also popular now: