Cisco Cisco Prime Network Services Controller 3.0
© 2013, 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 169
Chapter 1
Overview
The following sections provide basic information about Prime Network Services Controller and the Prime Network
Services Controller CLI:
●
●
Information About Prime Network Services Controller
Prime Network Services Controller is a virtual appliance, based on Red Hat Enterprise Linux (RHEL), that provides
centralized device and security policy management of the Cisco Virtual Security Gateway (VSG) and Cisco
Adaptive Security Appliance 1000V (ASA 1000V) Cloud Firewall.
VSG is a virtual firewall appliance for the Cisco Nexus 1000V Series switch. VSG provides trusted access to virtual
data center and cloud environments. VSG enables a broad set of multi-tenant workloads that have varied security
profiles to share a common compute infrastructure in a virtual data center private cloud or in a public cloud. By
associating one or more virtual machines (VMs) with distinct trust zones, VSG ensures that access to trust zones is
controlled and monitored through established security policies.
ASA 1000V is a virtual appliance that was developed using the ASA infrastructure to secure the tenant edge in
multi-tenant environments with Nexus 1000V deployments. It provides edge features and functionality (including
site-to-site VPN, NAT, and DHCP), acts as a default gateway, and secures the VMs within the tenant against any
network-based attacks.
Designed for multi-tenant operation, Prime Network Services Controller provides seamless, scalable, and
automation-centric management for virtualized data center and cloud environments. With a web-based GUI, CLI,
and XML APIs, Prime Network Services Controller allows you to manage VSGs and ASA 1000Vs that are
deployed throughout the data center from a centralized location.
Multi-tenancy refers to the architectural principle, where a single instance of the software runs on a Software-as-a-
Service (SaaS) server, serving multiple client organizations or tenants. Multi-tenancy is contrasted with a multi-
instance architecture, where separate software instances are set up for different client organizations. With a multi-
tenant architecture, a software application is designed to virtually partition data and configurations, so that each
tenant works with a customized virtual application instance.
Prime Network Services Controller is built on an information model-driven architecture, where each managed
device is represented by its subcomponents. This architecture enables Prime Network Services Controller to
provide greater agility and simplification for securing multi-tenant infrastructure.
Prime Network Services Controller communicates with vCenter, VSM, ASA 1000V, and VSG over a management
VLAN.