Components of the VM-Series for OpenStack Solution
The VM-Series firewall in an OpenStack environment has been tested with the following components.
VM-Series Hardware Resources
See VM-Series System Requirements for the minimum hardware requirements for your VM-Series model.
In OpenStack, flavors define the CPU, memory, and storage capacity of a compute instance. When setting up your Heat template, choose the compute flavor that meets or exceeds the hardware requirements for the VM-Series model.
Fuel is a web UI-driven deployment and management tool for OpenStack.
This node runs most of the shared OpenStack services, such API and scheduling. Additionally, the Horizon UI runs on this node.
The compute node contains the virtual machines, including the VM-Series firewall, in the OpenStack deployment. The compute node that houses the VM-Series must meet the following criteria:
Install the OpenStack compute node on a bare-metal server because the VM-Series firewall does not support nested virtualization.
The Contrail controller node is a software-defined networking controller used for management, control, and analytics for the virtualized network. It provides routing information to the compute and gateway nodes.
Additionally, the Contrail controller provides the necessary support for service chaining and service scaling.
The Contrail gateway node provides IP connectivity to external networks from virtual networks. MPLS over GRE tunnels from the virtual machines terminate at the gateway node, where packets are decapsulated and sent to their destinations on IP networks.
Ceilometer (OpenStack Telemetry)
In the case of the VM-Series firewall for OpenStack, Ceilometer monitors CPU utilization for service scaling. When CPU utilization meets the defined thresholds, a new service instance of the VM-Series firewall is deployed or shut down.
Heat Orchestration Template Files
Palo Alto Networks provides a sample Heat template for deploying the VM-Series firewall. This template is made up of a main template and an environment template. These files instantiate one VM-Series instance with one management interface and two data interfaces.
In a basic gateway deployment, the template instantiates a Linux server with one interface. The interface of the server attaches to the private network created by the template.
In a service chaining or service scaling deployment, the templates instantiate two Linux servers with one server attached to each data interface of the firewall.
VM-Series Firewall Bootstrap Files
The VM-Series firewall bootstrap files consist of a init-cfg.txt file, bootstrap.xml file, and VM-Series auth codes. Along with the Heat template files, Palo Alto Networks provides a sample init-cfg.txt and bootstrap.xml files. You must provide your own auth codes to license your VM-Series firewall and activate any subscriptions. See Bootstrap the VM-Series Firewall for more information about VM-Series bootstrap files.
Set Up the VM-Series Firewall on OpenStack
Set Up the VM-Series Firewall on OpenStack The VM-Series firewall for OpenStack allows you to deploy the VM-Series firewall in your OpenStack environment to provide ...
Basic Gateway The VM-Series firewall for OpenStack allows you to deploy the VM-Series firewall on the KVM hypervisor running on a compute node in your ...
VM-Series Firewall for OpenStack
VM-Series Deployments in OpenStack The Heat Orchestration templates provided by Palo Alto Networks allow you to deploy the VM-Series firewall individually, through service chaining, or ...
Install the VM-Series Firewall in OpenStack
Install the VM-Series Firewall in a Basic Gateway Deployment Complete the following steps to prepare the heat templates, bootstrap files, and software images needed to ...
Heat Template for a Basic GatewayDeployment
Heat Template for a Basic Gateway Deployment The heat template file includes the following four files to help you launch the VM-Series firewall on KVM ...
Service Chaining and Service Scaling
Service Chaining and Service Scaling Service chaining is a Contrail feature that deploys a VM-Series firewall as a service instance in your OpenStack environment. A ...
Install the VM-Series Firewall with ServiceChaining or Scaling
Install the VM-Series Firewall with Service Chaining or Scaling Complete the following steps to prepare the heat templates, bootstrap files, and software images needed to ...
Alarm The alarm parameters are used in service scaling and are not included in the service chaining environment files. These parameters define the thresholds used ...
Heat Templates for Service Chaining andService Scaling
Heat Templates for Service Chaining and Service Scaling The heat template environment file defines the parameters specific to the VM-Series firewall instance deployed through service ...