Managing a VIM

You can deploy a VIM in one of your data centers or on a uCPE device. Deploying the VIM in a data center implies centralized management of the virtual network function lifecycle. Deploying the VIM on a uCPE device lets you deliver virtual network functions to remote data centers and manage them locally.

To display the table of VIMs, go to the Infrastructure menu section, click the created data center, and select the IPAM → Compute resources tab. Information about VIMs is displayed in the following columns of the table:

• Name is the name of the VIM.
• Type is the type of the VIM. Kaspersky SD-WAN uses the OpenStack cloud platform as the VIM.
• Function is the data center or uCPE device on which the VIM is deployed.
• VIM IP is the IP address of the VIM.
• Status is the connection status of the VIM to the OpenStack cloud platform:
  • Connected
  • Disconnected
• SDN cluster is the SDN cluster to which OpenStack is connected.
• Behind NAT lets you specify whether the VIM is behind NAT (Network Address Translation):
  • Yes
  • No

The actions you can perform with the table are described in the Managing solution component tables instructions.

Configuring a VIM deployed in a data center

To configure a VIM deployed in a data center:

1. In the menu, go to the Infrastructure section.

   This opens the resource management page. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

2. In the Resources pane, select the created domain, then select the added data center in which you deployed the VIM.
3. Select the Compute resources tab.

   A table of VIMs is displayed.

4. In the upper part of the page, click + VIM.
5. This opens a window; in that window, in the Name field, enter the name of the VIM.
6. In the IP field, enter the IP address or domain name for connecting the orchestrator to the VIM.
7. In the Port field, enter the port number for connecting the orchestrator to the VIM identification service. Default value: 5000.
8. In the Protocol drop-down list, select the protocol for connecting the orchestrator to the VIM:
   • http Default value.
   • https
9. In the Login and Password fields, enter the user name and password of an account with administrator privileges to authenticate the orchestrator in the OpenStack cloud platform. If authentication is successful, the orchestrator gains access to management of virtual infrastructure that is available to the administrator.
10. Specify advanced orchestrator authentication settings in the OpenStack cloud platform:
    1. In the Administrator project field, enter the name of the administrator project for orchestrator authentication in this administrator project.
    2. In the Domain field, enter the OpenStack domain name for orchestrator authentication in this OpenStack domain.
11. In the Behind NAT drop-down list, select whether the VIM is behind NAT:
    • Enabled to indicate that the VIM is behind NAT and network address translation happens when the VIM interacts with the SD-WAN instance.
    • Disabled to indicate that the VIM is not behind NAT. Default value.
12. Specify the overcommitment ratios for physical resources:
    1. In the CPU overcommitment field, enter the CPU core overcommitment ratio. Default value: 1.
    2. In the RAM overcommitment field, enter the RAM overcommitment ratio. Default value: 1.
    3. In the Disk overcommitment field, enter the disk space overcommitment ratio. Default value: 1.

    Overcommitment ratios let you provision virtual machines with more virtual resources than physically present. This is possible because virtual machines do not simultaneously use all available physical resources to the maximum. For example, if you specify a disk space overcommitment factor of 3, the available virtual disk space can be three times as large as the disk space physically available on the host.

    When configuring overcommitment, you must consider how the capabilities of your hardware relate to the requirements of the virtual machines. If you specify a high overcommitment ratio for physical resources and virtual machines happen to use them up, this may lead to the network lagging and/or parts of network becoming completely unavailable.

13. In the Parallelism field, enter the maximum number of simultaneous operations between the orchestrator and the VIM. Default value: 1. This setting lets you reduce the overall processing time for operations, but creates an additional load on the virtual infrastructure.

    We recommend not changing the default value unless the overall operation processing speed is critical for you.

14. In the SDN cluster drop-down list, select the SDN cluster to which OpenStack is connected. If OpenStack is not connected to an SDN cluster, select None.
15. In the Maximum number of VLANs field, enter the maximum number of VLANs that the VIM may use. This setting lets the orchestrator keep track of the number of segments available for use. Range of values: 0 to 4,094.
16. If the VIM supports SR-IOV, enter the physnet name in the SR-IOV physical network field. The orchestrator uses the SR-IOV physical network name to connect virtual machines with the SR-IOV interface type.
17. If you are using a network with the VLAN segmentation type for management, in the VLAN physical network field, enter the VLAN tag.
18. If you selected an SDN cluster in the SDN cluster drop-down list, configure the connection to that cluster:
    1. If you want to map the logical networks of the SD-WAN instance to a physical network, enter the physnet name in the OpenStack physical network field.
    2. In the Interface group drop-down list, select the port group through which all OpenStack nodes are connected to the SDN cluster.
    3. In the Control group drop-down list, select the port group through which the OpenStack control nodes are connected to the SDN cluster.
    4. If necessary, in the Compute group drop-down list, select the port group through which OpenStack compute nodes are connected to the SDN cluster.
19. If in the SDN cluster drop-down list, you selected None, configure the network:
    1. If you want to map the flat networks of the SD-WAN instance to a physical network, enter the physnet name in the Flat physical network field.
    2. If you want to map the VXLAN of the SD-WAN instance to a physical network, enter the physnet name in the VXLAN physical network field.
    3. In the Control network segmentation drop-down list, select the type of segmentation for isolating and securing
       control plane

       The control part of the network that controls the transmission of traffic packets through CPE devices. Performs functions such as network discovery, route calculation, traffic prioritisation, and security policy enforcement. The control plane allows centrally managing the network by providing a full-scale view of all performed operations. Consists of an orchestrator and an SD-WAN controller.

       traffic in the SD-WAN structure:
       • VLAN
       • VXLAN
    4. In the Control segment ID field, enter the segment ID of the management network. The range of values depends on the value selected in the Control network segmentation drop-down list:
       • If you selected VLAN, the range of values is 0 to 4,095.
       • If you selected VXLAN, the range of values is 0 to 16,000,000.
    5. In the Port security drop-down list, select whether you want to enable the Port security function:
       • Enabled
       • Disabled
    6. In the Permit CIDR field, enter the IPv4 prefox of the allowed subnet for the management network.
20. Click Create.

The VIM is created and displayed in the table on the Compute resources tab.

Configuring a VIM deployed on a uCPE device

To configure a VIM deployed on a uCPE device, you must specify the settings of the VIM in a uCPE template. VIM settings specified in a uCPE template are automatically applied to all CPE devices that are using this uCPE template.

To configure a VIM deployed on a uCPE device:

1. In the menu, go to the SD-WAN → CPE templates section.

   A table of CPE templates is displayed.

2. Click the uCPE template in which you want to configure a VIM.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Information tab is selected, which displays general information about the CPE template.

3. Select the VIM tab.

   The VIM settings are displayed.

4. In the Port field, enter the port number for connecting the orchestrator to the VIM identification service. Default value: 5000.
5. In the Protocol drop-down list, select the protocol for connecting the orchestrator to the VIM:
   • http Default value.
   • https
6. In the Login and Password fields, enter the user name and password of an account with administrator privileges to authenticate the orchestrator in the OpenStack cloud platform. If authentication is successful, the orchestrator gains access to managing the virtual infrastructure that is available to the administrator.
7. Specify advanced orchestrator authentication settings in the OpenStack cloud platform:
   1. In the Administrator project field, enter the name of the administrator project for orchestrator authentication in this project.
   2. In the Domain field, enter the OpenStack domain name for orchestrator authentication in this domain.
8. If you are using a network with the VLAN segmentation type for management, in the VLAN physical network field, enter the VLAN tag.
9. In the Behind NAT drop-down list, select whether the VIM is behind NAT:
   • Enabled to indicate that the VIM is behind NAT and network address translation happens when it interacts with the SD-WAN instance.
   • Disabled to indicate that the VIM is not behind NAT. Default value.
10. Specify the overcommitment ratios for physical resources:
    1. In the CPU overcommitment field, enter the CPU core overcommitment ratio. Default value: 1.
    2. In the RAM overcommitment field, enter the RAM overcommitment ratio. Default value: 1.
    3. In the Disk overcommitment field, enter the disk space overcommitment ratio. Default value: 1.

    Overcommitment ratios let you provision virtual machines with more virtual resources than physically present. This is possible because, as a rule, virtual machines do not simultaneously use all available physical resources to the maximum. For example, if you specify a disk space overcommitment factor of 3, the available virtual disk space can be three times as large as the disk space physically available on the host.

    When configuring overcommitment, you must consider how the capabilities of your hardware relate to the requirements of the virtual machines. If you specify a high overcommitment ratio for physical resources and virtual machines happen to use them up, this may lead to the network lagging and/or parts of network becoming completely unavailable.

11. In the Maximum number of VLANs field, enter the maximum number of VLANs that the VIM may use. This setting lets the orchestrator keep track of the number of segments available for use. Range of values: 0 to 4,094.
12. In the upper part of the settings area, click Save to save CPE template settings.

Editing a VIM deployed in a data center

To edit a VIM deployed in a data center:

1. In the menu, go to the Infrastructure section.

   This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

2. In the Resources pane, select the created domain, then select the added data center in which you deployed the VIM.
3. Select the Compute resources tab.

   A table of VIMs is displayed.

4. Click Management → Edit next to the VIM that you want to edit.
5. This opens a window; in that window, edit the VIM settings, if necessary. For a description of the settings, refer to the instructions for configuring a VIM deployed in a data center.
6. Click Save.

The VIM is modified and updated in the table.

Viewing computing resources being used by a VIM

You can view the utilization of the following computing resources by the VIM:

• CPU
• RAM
• Disk space
• Network segments

To view the computing resources used by the VIM:

1. In the menu, go to the Infrastructure section.

   This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

2. In the Resources pane, select the created domain, then select the added data center in which you deployed the VIM.
3. Select the Compute resources tab.

   A table of VIMs is displayed.

4. Click Management → Show usage next to the VIM.

This opens a window with information about the computing resources used by the VIM.

Deleting a VIM

Deleted VIMs cannot be restored.

To delete a VIM:

1. In the menu, go to the Infrastructure section.

   This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

2. In the Resources pane, select the created domain, then select the added data center in which you deployed the VIM.
3. Select the Compute resources tab.

   A table of VIMs is displayed.

4. Click Management → Delete next to the VIM that you want to delete.
5. In the confirmation window, click Delete.

The VIM is deleted and is no longer displayed in the table.