End-of-Life (EoL)
The Heat Orchestration templates provided by Palo Alto Networks allow you to deploy the VM-Series firewall individually, through service chaining, or dynamically with service scaling.
Basic Gateway
The VM-Series firewall for OpenStack allows you to deploy the VM-Series firewall on the KVM hypervisor running on a compute node in your OpenStack environment. This solution uses Heat Orchestration Templates and bootstrapping to deploy the VM-Series firewall and a Linux server. The VM-Series firewall protects the deployed Linux server by inspecting the traffic going in and out of the server. The sample bootstrap files allow the VM-Series firewall to boot with basic configuration for handling traffic.
These heat template files and the bootstrap files combine to create two virtual machines, the VM-Series firewall and Linux server, in a network configuration similar to that shown below.
Service Chaining and Service Scaling
Service chaining is a Contrail feature that deploys a VM-Series firewall as a service instance in your OpenStack environment. A service chain is a set of service virtual machines, such as firewalls or load balancers, and each virtual machine in the service chain is a service instance. Service scaling allows you to dynamically deploy additional instances of the VM-Series firewall. Using CPU utilization or incoming bytes per second metrics gathered by Celiometer, OpenStack deploys or shuts down additional instances of the VM-Series firewall to meet the current needs of your network.
The VM-Series firewall in OpenStack solution leverages heat orchestration templates to configure and deploy the components required for service chaining and service scaling. The heat templates provided by Palo Alto networks create a service template, service instance, and service policy (to direct traffic to the VM-Series firewall) to deploy two Linux servers and the VM-Series firewall service instance between them.

Recommended For You