Foundation Topics
Introducing Prime Service Catalog
IT service requests can come from anywhere within a business, and to deal with the various activities generated, most IT organizations have some form of help desk to triage and manage those requests. The bottleneck this generates slows down service delivery and often frustrates the end user, who has no idea of the complexity their request may involve. Prime Service Catalog was built to address this aspect of IT service delivery, through the automation of the request process and the ultimate provisioning of services, reducing inefficiencies and human intervention.
Prime Service Catalog accomplishes the goal of automating service delivery by allowing the user to self-provision common service offerings. When a user needs an IT service, or to make changes to a service already in production, they can log in to Prime Service Catalog and request the new service or change directly from the service catalog. As mentioned in previous chapters, the service catalog is really just a prepared menu of offerings or templates. By exposing this menu to the user, the whole process of provisioning services is greatly streamlined. Prime Service Catalog’s self-service portal provides the following:
Easy-to-use interface: The interface is simple and familiar, not unlike that of your favorite online retailer.
Comparison of standard options: You can view multiple offerings side by side to determine which best meets your requirements.
Rich interactive web forms: The user can choose from fully HTML5-based ordering forms that enable the creation of simple but sophisticated offerings. You can prepopulate values or ask for direct input from the user.
Policy control and governance: IT policy and governance are built in to the system to ensure that security and resource allocation is managed in real time.
Ordering and approvals: The ordering system includes cost and billing mechanisms as well as a built-in order approval workflow if needed for costly resources.
Online status updates: A built-in status system can provide real-time updates on the provisioning status of your application or service.
Figure 5-1 shows Prime Service Catalog’s role in managing IT service requests.
Figure 5-1 Prime Service Catalog and Managing IT Service Requests
Managing Requests for IT Services
Prime Service Catalog is the main portal for end-user interaction. The Service Catalog module is based on HTML5 and provides users with a shopping cart experience very similar to that of many mobile app stores or e-commerce sites. Its main function is to enable IT as a service (ITaaS), which is a term used to describe an operational model that is focused on providing IT services to the business in a user-friendly, simplified, and standardized manner. Although ITaaS is not an official NIST cloud service model, it is an effective way for business to reduce costs and increase IT customer satisfaction. The main Service Catalog module included with Prime Service Catalog provides
A home page that can be customized using custom style sheets either for the entire site or by different organizations, each of which may brand their IT experience in the catalog
Individual Showcase sections of the home page that can be defined by setting up service categories using concepts such as hierarchy, service name, or service description
Options to search for a service or browse through categories on the screen
A Manage My Stuff tool to help IT consumers manage subscriptions or orders
A Notification icon that lists all open orders and open authorizations for the user
A shopping cart where you can see ordered items and check out, similar to many popular e-commerce sites
A Home button to return to the home page at any time
Figure 5-2 shows the home page view of Prime Service Catalog.
Figure 5-2 Prime Service Catalog Home Page
Again, the main goal of Prime Service Catalog is to provide a self-service portal into the IT service catalog for full lifecycle management of IT services that allows the users in your organization to order those services with a pleasant “consumer of IT” shopping experience. Prime Service Catalog offers very advanced functionality, such as employee onboarding (processes such as ordering business cards, as a business process portal to order new employee laptops, and much more), but for the purposes of this book, we will focus on the use case of Prime Service Catalog as a tool for ordering Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).
In addition to the portal, Prime Service Catalog also includes the following:
Service Designer: Used to build a category-structured list of orderable service items that can consist of physical hardware, virtual services, account setup, or any other class of service that IT offers
Stack Designer: Used to build application stack templates that can consist of physical or virtual infrastructure and software
Portal Designer: Used to create and modify the layout of the web portal for organizational customization
On-Demand Service Delivery
The main interface for Prime Service Catalog is both intuitive and simple to understand at a glance. The end user can browse through the various categories and select the types of services they are looking for. Looking through the catalog, you can see the service offered, a description of the service itself, and even a user rating system. Figure 5-3 shows the catalog view.
Figure 5-3 Prime Service Catalog Service Offering View
When you click an offering, you are presented with a detailed description of the service itself and any details you may need to know about what you should expect from the service. There can be videos, tutorials, and links to other web resources that the user may find valuable. In addition, you can find other user “reviews” of the service, including their comments and lessons learned. Figure 5-4 shows the bring your own device (BYOD) service description.
Figure 5-4 BYOD Service Description
Under the My Stuff section of the main interface, you can see all of the services that are currently provisioned for your account. This view will show the service status, when it was provisioned, and other information about the service itself. You can also make changes to your services from here. Figure 5-5 shows the My Stuff view.
Figure 5-5 My Stuff View
Prime Service Catalog Concepts and Components
Prime Service Catalog (PSC) is a user interface for businesses that want to deliver IT services in an automated manner. By using standard services that are displayed as a catalog of items a user can choose from, it can become the front-end “face” of IT. Prime Service Catalog consists of a number of core components that allow it to automate and orchestrate the complex process of service provisioning and delivery. The following is an overview of the parts that make up PSC.
End-User Storefront
The end-user storefront is the primary interface for interacting with the system. It is built on an HTML5 graphical user interface that will run in any browser without the need for plug-ins. The end-user storefront is shown in Figure 5-6.
Figure 5-6 End-User Storefront
Stack Designer
Stack Designer allows you to develop standardized application offerings and publish them to the Prime Service Catalog portal. The Stack Designer uses the concepts of templates and services. Using Stack Designer, an application stack template can be constructed and published as an orderable service. Templates are created by adding application components, such as web servers and databases, into infrastructure logical containers through a graphical interface that makes it easy to visualize how the application components interact. Stack Designer also ships with many predefined templates. Services are the end result of publishing a container in the service catalog as a service that can be ordered, used, and consumed by a Prime Service Catalog end user. A service can be an application such as Microsoft SharePoint or a J2EE middleware server.
Stack Designer makes it easy to create application templates and publish them as a service in the service catalog. Stack Designer not only lets you visualize the logic connectivity of the application but also allows you to drag and drop application components into the application stack. Figure 5-7 shows the infrastructure view of Stack Designer.
Figure 5-7 Stack Designer Infrastructure View
Portal Designer
The Portal Designer lets you design and manage the pages and portal content displayed as part of Prime Service Catalog to the end user. It allows an administrator granular role-based access control of service content by user or group. Portal Designer can help create a highly customized user interface that affords control over the appearance and functionality of Prime Service Catalog. To access Portal Designer from the Prime Service Catalog home page, choose admin > Switch To > Portal Designer from the menu, as shown in Figure 5-8.
Figure 5-8 Accessing Portal Designer
Figure 5-9 shows the main page for Portal Designer, which gives you access to all of the customization capabilities for how Prime Service Catalog’s user portal looks and operates.
Figure 5-9 Portal Designer
The front-end portal exposes access to services, service items, standards, and offerings through portlets, which are small pieces of software that provide access to the technical underpinnings of a service. You can replace these portlets with your own custom code, enabling you to build your own interface. Portlets can be built in JavaScript/HTML, ad hoc lists, or third-party compliant portlets.
With Portal Designer you can do the following:
Create portlets from external or third-party sources
Create portlets to highlight common services
Create portlets to show users what they already own, with links to services related to those items
Show announcements, video, or other types of media
Leverage RBAC to create a flexible user interface that is at once simple for casual users and advanced for power users
With Portal Designer you can build a feature-rich, consumer-of-IT interface that matches how your own organization operates and is structured. While PSC is intuitive and easy to use out of the box, the ability to create a unique experience for your end users may be a requirement for your organization. Cisco uses Prime Service Catalog internally (called eStore) and has customized its look and operation. Figure 5-10 shows Cisco’s implementation of Prime Service Catalog.
Figure 5-10 Cisco’s Internal eStore
Service Designer
Service Designer is the module in Prime Service Catalog where you can configure and design service packages for end-user consumption from the service catalog. Service Designer allows you to do the following:
Create categories and keywords that end users may use to search for a particular service
Design the look and behavior of service forms, the interactive web page, determining which service requisitions are ordered and tracked in Prime Service Catalog
Construct request or service fulfillment plans
Configure authorization flows for service delivery
Configure service ordering permissions
Link email templates with processes that require email notifications
The Service Designer module is shown in Figure 5-11. The various tabs on the left side of the web interface are used to construct or modify a service, as described here:
Services: Create and modify service groups and their service definitions, including the delivery plan and presentation of the service. It also includes any active form components that are used in the service form. You can configure service order permissions, configure authorization flows for service delivery approval, and link email templates with processes that need email notification.
Figure 5-11 Service Designer Interface
Dictionaries: Create and modify the dictionaries that specify the data fields required in a service. Dictionaries, a basic building block of a service form, include a group of data elements (fields) that allow users and service performers to enter and view data required to fulfill the service request.
Active Form Components: Create and modify reusable form components, which specify both the service’s look (via the configuration of previously defined dictionaries) and feel (via the definition of rules that can dynamically adjust both the form’s appearance and behavior). The appearance and behavior of a service form is determined by how the dictionaries and their component fields are configured as part of the active form components that are used in the service definition. Active form components provide the potential for reusability across service forms. With careful and thoughtful design, a designer may create an active form component from a commonly used dictionary, or set of dictionaries, and configure it only once. Then this form component can be included in as many services as necessary, with no additional configuration.
Scripts: Write JavaScript functions to supplement the rules defined in active form components and maintain JavaScript libraries.
Categories: Specify how services and service categories are displayed in the Service Catalog module. Customers may use categories to search for a particular service.
Keywords: Define and manage the keywords used in the service catalog search engine. Customers may use keywords to search for a particular service.
Objectives: Define and manage the measurable service delivery objectives defined in the Service Definition Offer tab.
Extensions: Define custom attributes for services and categories and manage the presentation of categories on the landing page of the Service Catalog module.
History: Track the service design change history and view the details based on the entity type or filter by the username.
UCS Director
UCS Director plays a crucial role in provisioning services through Prime Service Catalog, and is used for infrastructure provisioning and management. The supported components that can be orchestrated through PSC are Standard Catalog, Service Container Catalog, Fenced Container Template, Cisco VACS, and Cisco APIC (the brains of Cisco Application Centric Infrastructure). In addition, all of UCS Director users and groups are mapped to Prime Service Catalog directly, removing the need to manage multiple user accounts. If the organization uses LDAP, however, PSC (and UCS Director) will use those accounts instead. Chapter 4, “Cisco Cloud Automation/Orchestration Suites,” discusses UCS Director in more detail.
RabbitMQ
RabbitMQ is an open source application message broker that allows applications to exchange information in an asynchronous manner. Modern distributed applications must be able to exchange data reliably and flexibly, especially in a work environment where automation and orchestration can dynamically add and remove components of an application on-the-fly as scaling needs change. RabbitMQ handles the communication of those types of applications using an open standard called Advanced Message Queuing Protocol (AMQP). RabbitMQ is included in PSC to enable open interaction with other systems and orchestrators that speak AMQP.
Puppet
Puppet is an open source configuration management tool that enables a standard method for delivering and managing software and the underlying hardware. Configuration management is different from just writing a script that performs some task or another. Configuration management is a process that systematically handles changes to a system while maintaining the integrity of the system as a whole. Puppet uses a modeling language that describes the desired state and then uses automation to add software or change configuration of the infrastructure to achieve that state. The concept of infrastructure as code is derived from this process where the modeling language (or code) configures the infrastructure dynamically at run time from a pool of resources.
Puppet uses an easy-to-read modeling language built on Ruby (a programming language) that allows you to deploy and provision software and hardware as needed. Puppet operates in a client/server model with the Puppet master as the server and the Puppet agent as the client. Puppet is model driven and very popular among organizations leveraging DevOps practices. Prime Services Catalog does not bundle a full Puppet implementation, but it does include a Puppet master to communicate with a Puppet environment if it is used to automate application or infrastructure deployment within IT. Cisco has a number of infrastructure platforms, such as the Nexus 9000 Series, that have a Puppet agent built in. Puppet is just one more way to interoperate with existing systems.
Intercloud Fabric for Business
Prime Service Catalog has built-in support for the Cisco hybrid cloud solution Intercloud Fabric for Business. Intercloud Fabric enables you to offer services that extend from your private cloud environment into the public cloud. Intercloud Fabric handles the provisioning and deployment of your application automatically just like any other service catalog item, allowing for consistent security and policy implementation regardless of where the actual workload resides.
Navigating the End-User Storefront
As mentioned previously in this chapter, the end-user storefront is the main interface that your users will see when ordering a service from IT. It is essential that you are comfortable with the process of ordering a service and verifying its successful delivery as part of your preparation for the CCNA Cloud Admin exam.
In this section you will see how to navigate the Prime Service Catalog interface, order a service from within it, and validate that your service is up and running.
Logging In
Step 1. At the Cisco Prime Service Catalog login page, shown in Figure 5-12, enter your username and password and click Log In.
Figure 5-12 Login Screen
Step 2. Your home page will be displayed. You will see in the upper left of the page the home button (looks like a small house) and a Browse Categories drop-down link to browse categories of service catalog items, as shown in Figure 5-13. If they are configured, you can also see commonly ordered services with a direct link at the bottom of the page.
Figure 5-13 Prime Service Catalog Home Page
Locating Services
Before you can order a service, you must locate the service you want to order. In Prime Service Catalog the various services and offerings are grouped into categories. You can locate a particular service either by browsing through the categories or searching for keywords.
Browsing for Services
Step 1. On the home page, click the Browse Categories button and select a category name or its icon from the drop-down list. Prime Service Catalog displays the subcategories and services in that category, as shown in Figure 5-14 for Cloud Computing Services. In addition, you can click Browse All to get a complete list of all catalog items.
Figure 5-14 Browse Categories
Step 2. If there are additional subcategories within a category, continue to click through each subcategory until you locate the service you want. In Figure 5-15 you can see the two subcategories Application Platforms and Private Cloud IaaS, with Application Platforms selected.
Figure 5-15 Category List
Step 3. Once you have found the service you are looking for, do either of the following:
Click the name of the service to view a complete description of the service, cost structure, and any other pertinent information.
OR
Click Order to fill in the order form and order the service.
Searching for Services
Step 1. On the Prime Service Catalog home page, click the Search icon to open the search box (see Figure 5-16), enter a word or phrase in the search box, and then press Enter. Service Catalog displays an alphabetical list of services that match your search criteria, as shown in Figure 5-17.
Figure 5-16 Search Field
Figure 5-17 Search Results
You can also perform a wildcard search by using the options shown in Table 5-2. Search parameters are not case sensitive.
Table 5-2 Wildcard Search Methods
Wildcard (*) Search Criteria
Search Results
Enter the * symbol alone
All services in the system. You must enter the wildcard alone to see all possible selections. (The full list of options does not necessarily appear by default.)
Enter * before the service name or * after the service name (with no spaces; for example, *service or service*)
All services with something either in front of the service name or after the service name that match the search entry.
Enter * before and after the service name (with no spaces; for example, *service*)
All services that have something in front of the service name and after the service name that match the search entry.
Step 2. Once you have found the service you are looking for, do either of the following:
Click the name of the service to view a complete description of the service, cost structure, and any other pertinent information.
OR
Click Order to fill in the order form and order the service.
Service Overview
When you click the name of a service in the search results, the service overview that appears describes the service and provides summary information about pricing and service delivery, as shown in Figure 5-18.
Figure 5-18 Service Description
The service description can include some or all of the following information as seen in Table 5-3.
Table 5-3 Service Overview
Service Item |
Description |
Standard Duration |
Amount of time, usually in business days, in which IT has committed to delivering the service, after any required authorizations have been approved |
Service Level Description |
Description of the service |
Price |
Price, if any, for this service, which is used for showback/ chargeback purposes |
Price Type |
Type of pricing, such as Fixed pricing or Time & Materials, for this service |
Price Description |
Brief description or explanation of the pricing for the service |
Ordering a Service
Once you have located the service you want to order, understand how much it will cost you, and are ready to initiate the order, your next step is to complete the order form itself. Once you click the Order button for the service, you will be presented with an interactive form that you will need to fill out.
Step 1. Click Order and complete the order form (see Figure 5-19).
Figure 5-19 Order Form
Mandatory fields on the order form are indicated by a red asterisk (*) and require you to fill them out before continuing. The information that you input on the order form is used by reviewers, authorizers, and service performers during the services delivery process. Whenever possible, Service Catalog will prefill information about you from your LDAP or local PSC profile.
Step 2. Once you complete the order form, click Submit. You will then see your order on the My Cart page, as shown in Figure 5-20.
Some of the items you can order immediately. With others you can add multiple items to the shopping cart and order them all together.
Figure 5-20 My Cart
Step 3. Click Place Order on the My Cart page to order the service and finish the ordering process.
Viewing Order Status Details
The requisition status page displays details about the status of a single request, along with all the services in the request. You can create and view comments, as well as attach and view documents.
To view order status details:
Step 1. Go to Service Catalog > Manage My Stuff > Open Orders; example results are shown in Figure 5-21.
Figure 5-21 Open Orders
Step 2. Click the requisition number to view the order details shown in Figure 5-22. As shown in the box on the right, three different views are available: Summary, Comments & History, and Attachments.
Figure 5-22 Summary View
The Summary view of the requisition displays the following sections:
Requisition: Provides customer and initiator information, overall status of the requisition, and create/submit dates.
Services: Lists the name of each service in the requisition, along with its current status, standard duration, and cost information. Click the service name to view the completed order form.
Delivery Process: Lists the milestones (the major tasks of reviewers, approvers, and service performers) in the service delivery process, along with the due date for each milestone and its current status. The possible Status column values are
TBD: The due date will be determined when any required authorizations have been completed.
Approximate: The due date forecast has been approximated based on the calendar of the task’s default delivery team.
Estimated: The due date forecast estimate has been based on the duration of scheduled tasks when the order is submitted.
Completed: A task in a service delivery plan has been successfully completed.
The Comments & History view displays the comments of reviewers, authorizers, and performers who work on the service request. It also displays a history of actions, such as automated email and task completions, that are logged by the system. To add a comment, enter it in the Add Comments field and then click Add. Your comment will be visible to all users who can view the requisition.
The Attachments view enables you to view and attach documents associated with the requisition. To associate a document to the requisition, click Browse, locate and choose the file you wish to attach to the requisition, and click Add.
Stack Designer
Stack Designer allows you to create application templates that include the application and infrastructure components as one complete unit. You can dynamically assemble application components and infrastructure in a graphical interface that can then be reused. Once the stack is defined, it can then be published to the catalog and provisioned by end users.
Stack Designer Templates
When you launch Stack Designer, you are presented with predefined application templates that you can use as is, or clone and modify. If you want to create a new application, you can do that as well by clicking Add New Template. Figure 5-23 shows the Stack Designer Application Templates page.
Figure 5-23 Stack Designer Application Templates
In addition to Application Templates, Stack Designer has tabs for Infrastructure Templates, Global Parameters, and Target Types.
Infrastructure templates are imported from UCS Director and, if installed, Cisco Virtual Application Cloud Segmentation (VACS) and Intercloud Fabric for Business. The types of services available from UCS Director are container templates, container catalogs, and standard catalog virtual machines. These infrastructure templates include networking configuration, virtual machine images, and topology. From VACS, Prime Service Catalog imports the following templates: Cloud Services Router virtual machine, Virtual Security Gateway virtual machine, and application virtual machines. Figure 5-24 shows the Infrastructure Templates tab.
Figure 5-24 Stack Designer Infrastructure Templates
The Global Parameters tab, shown in Figure 5-25, stores commonly used configuration parameters needed for application provisioning. These can be added here or as part of the application stack building process.
Figure 5-25 Stack Designer Global Parameters
Target types are integration points that the application stack can be built against. The default target type for Enterprise Cloud Suite is UCS Director. Figure 5-26 shows the Target Types tab.
Figure 5-26 Stack Designer Target Types
When a user orders an application template, Prime Service Catalog begins the process of managing the fulfillment of the request. PSC starts off by processing any required approval steps. Once the request is approved for execution, PSC determines if any UCS Director–managed infrastructure provisioning must take place. If so, PSC makes a remote call to UCS Director and initiates the requisite workflow. PSC can also initiate external actions via internal scripts, integration with Cisco Process Orchestrator, and other external components. As PSC moves into the application configuration element of the request, it leverages its internal Puppet service and Heat templates to complete the application deployment.
Configuring an Application Template with Stack Designer
The following steps detail how to configure an application template with Stack Designer.
Step 1. Log in as an administrator in Prime Service Catalog.
Step 2. Choose admin > Switch To > Stack Designer (see Figure 5-27).
Figure 5-27 Switching to Stack Designer Module
Step 3. In Stack Designer, click Create a New Template (see Figure 5-28).
Figure 5-28 Creating a New Template
Step 4. Enter basic information about your application, as shown in the Catapp example in Figure 5-29.
Figure 5-29 Application Information
Step 5. Click Add Image to select an image that will be displayed in the service catalog.
Step 6. Enter the URL for the image location (see Figure 5-30) and click Save.
Figure 5-30 Enter URL for Image
Step 7. Select an infrastructure template. Figure 5-31 shows the result of selecting the template for a two-tier application.
Figure 5-31 Infrastructure Template Selected
Step 8. Add software components and input required service parameters, similar to the example shown in Figure 5-32.
Figure 5-32 Adding Software Components
Step 9. Click the Build Service button.
Step 10. After you click the Build Service button, the Edit Service window will appear. Click Include to select the folder categories under which the new service will appear when searching or browsing through the catalog (see Figure 5-33).
Figure 5-33 Select Categories Dialog Box
Step 11. Click the Permissions tab of the Edit Service window, and then click the Add Permission drop-down arrow to select who in the organization can see the new template (see Figure 5-34).
Figure 5-34 Selecting Permissions
Step 12. You will be notified when the service has been saved successfully, as shown in Figure 5-35. Click Save and then Close.
Figure 5-35 Save and Close
Step 13. Return to the list of applications and you will see the new application listed, as shown for Catapp in Figure 5-36.
Figure 5-36 New App Template
Heat Orchestration
Prime Service Catalog utilizes Heat orchestration as its embedded orchestration service along with OpenStack Keystone and RabbitMQ server. Heat is an OpenStack project whose main goal is to allow administrators to describe complex cloud-based applications in a logical modeling language text file. These text files, referred to as templates, then get interpreted by the Heat engine for execution. This service allows you to orchestrate a large number of components as a single unit. Keystone handles identity management, while RabbitMQ is responsible for passing service requests from Prime Service Catalog to the orchestrator for provisioning via the AMQP protocol.
Heat is exclusively used in Prime Service Catalog to orchestrate application model templates that are built with Stack Designer. These templates can be constructed in the Heat Orchestration Template (or HOT) format and allow for interoperability because Heat is a nonproprietary open source technology. HOT is often written in YAML (Yet Another Markup Language) and is easy to read. These templates have become a common way to provide Heat resource plug-ins that allow Heat to orchestrate UCS Director and Puppet. The goal of Heat is to create a stack that represents a collection of virtual machines and their configurations, including networks, security groups, and other parameters. A Heat Template file is made up of four sections:
Resources: This has the details of the stack you are building and includes the objects that will be created and/or modified when Heat orchestration executes. Resources can be virtual machines, data store volumes, security groups, IP addresses, or any other object within UCS Director.
Properties: Properties are the variables within your template and can either be hard coded (i.e., a specific virtual machine image) or can be placeholders that the user is prompted to input.
Parameters: Parameters are the actual property values that must be passed when executing the Heat template.
Output: Output includes the return values sent to the user or Prime Service Catalog upon execution of the template.
Example 5-1 shows a HOT file example written in YAML.
Example 5-1 Output of a HOT File Example Written in YAML
{ "heat_template_version" : "2013-05-23", "parameters" : { "CreateServiceName" : { "type" : "string", "description" : "Create Service name" }, }, "resources" : { "container" : { "type" : "Cisco::ServiceCatalog::Service", "properties" : { "createservice" : { "Ref" : "CreateServiceName" }, "deleteservice" : { "Ref" : "DeleteServiceName" }, "customerloginname" : { "Ref" : "CustomerName" }, "sections" : { "UCSD_ContainerInformation" : { "Name" : { "Ref" : "ContainerName"