Working with Cisco UCS Manager
Domain Management
Cisco UCS Domains and Cisco UCS Central
Cisco UCS Central provides centralized management capabilities to multiple Cisco UCS domains across one or more data centers. Cisco UCS Central works with Cisco UCS Manager to provide a scalable management solution for a growing Cisco UCS environment. Cisco UCS Central does not replace Cisco UCS Manager, which is the basic engine for managing a Cisco UCS domain. Instead, it builds on the capabilities provided by Cisco UCS Manager and works with Cisco UCS Manager to effect changes in individual domains.
Cisco UCS Central does not reduce or change any local management capabilities of Cisco UCS Manager, such as its API. This allows you to continue using Cisco UCS Manager the same way you did before Cisco UCS Central. This also allows all existing third party integrations to continue to operate without change.
Registering Cisco UCS Domains
To manage Cisco UCS Manager through Cisco UCS Central, you must register the Cisco UCS domains in Cisco UCS Central. You can register a Cisco UCS domain as a part of a domain group or as an ungrouped domain. When you have domain group, all registered domains in the domain group can share common policies and other configurations.
You can use a Fully Qualified Domain Name (FQDN) or IP address to register Cisco UCS domains in Cisco UCS Central.
Note | During the initial registration process with Cisco UCS Central, all the active Cisco UCS Manager GUI sessions will be terminated. |
Before registering a domain in Cisco UCS Central, do the following:
-
Configure an NTP server and the correct time zone in both Cisco UCS Manager and Cisco UCS Central to ensure that they are in sync. If the time and date in the Cisco UCS domain and Cisco UCS Central are out of sync, the registration might fail.
-
Obtain the hostname or IP address of Cisco UCS Central. You cannot use the same hostname for both Cisco UCS Central and Cisco UCS Manager. For standalone mode, use individual VM IP address. If you plan to setup in cluster mode, use virtual IP address.
Note
We recommend that you always register Cisco UCS domains using a Fully Qualified Domain Name (FQDN).
-
Obtain the shared secret that you configured when you deployed Cisco UCS Central.
Warning | You should upgrade the Cisco UCS Manager to Release 2.1(2) before registering with Cisco UCS Central. If you try to register Cisco UCS Manager, Release 2.1(1) with Cisco UCS Central Release 1.1, Cisco UCS Manager will display the registration as positive. But Cisco UCS Central inventory will not display the registered Cisco UCS Domain. Cisco UCS Central faults will display a critical fault on the registration failure. |
- Registering a Cisco UCS Domain Using Cisco UCS Manager GUI
- Registering a Cisco UCS Domain Using Cisco UCS Manager CLI
- Unregistering a Cisco UCS Domain Using Cisco UCS Manager GUI
- Unregistering a Cisco UCS Domain Using Cisco UCS Manager CLI
Registering a Cisco UCS Domain Using Cisco UCS Manager GUI
1. In Cisco UCS Manager Navigation pane, click Admin tab.
2. On the Admin tab, expand .
3. Click the UCS Central node.
4. In the Actions area, click Register With UCS Central.
5. In the Register with UCS Central dialog box,
6. In the Policy Resolution Control area, click Global if you want the policy or configuration to be managed by Cisco UCS Central or click Local to manage the policy or configuration by Cisco UCS Manager.
7. Click OK.
DETAILED STEPS
Registering a Cisco UCS Domain Using Cisco UCS Manager CLI
1. UCS-A# scope system
2. UCS-A/system # create control-ep policy ucs-central
3. Shared Secret for Registration: shared-secret
4. UCS-A/system/control-ep # commit-buffer
DETAILED STEPS
The following example registers a Cisco UCS Domain with a Cisco UCS Central system with a FQDN, and commits the transaction:
UCS-A# scope system UCS-A /system # create control-ep policy UCSCentral.MyCompany.com Shared Secret for Registration: S3cretW0rd! UCS-A /system/control-ep* # commit-buffer UCS-A /system/control-ep #
Unregistering a Cisco UCS Domain Using Cisco UCS Manager GUI
Caution | If you want to unregister any registered Cisco UCS Domain in a production system, contact Cisco Technical Support. |
When you unregister a Cisco UCS Domain from Cisco UCS Central:
-
You can no longer manage the service profiles, policies and other configuration for the Cisco UCS Domain from Cisco UCS Central.
-
All global service profiles and policies become local and continues to operate as local entities. When you re-register the domain, the service profiles and polices still remain local.
1. In Cisco UCS Manager Navigation pane, click Admin tab.
2. On the Admin tab, expand .
3. Click the UCS Central node.
4. In the Actions area, click Unregister With UCS Central.
5. If the Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.
6. Click OK.
DETAILED STEPS
Unregistering a Cisco UCS Domain Using Cisco UCS Manager CLI
Caution | If you want to unregister any registered Cisco UCS Domain in a production system, contact Cisco Technical Support. |
When you unregister a Cisco UCS Domain from Cisco UCS Central:
-
You can no longer manage the service profiles, policies and other configuration for the Cisco UCS Domain from Cisco UCS Central.
-
All global service profiles and policies become local and continues to operate as local entities. When you re-register the domain, the service profiles and polices still remain local.
1. UCS-A# scope system
2. UCS-A/system # delete control-ep policy
3. UCS-A/system # commit-buffer
DETAILED STEPS
Command or Action | Purpose |
---|
The following example unregisters a Cisco UCS Domain from Cisco UCS Central and commits the transaction:
UCS-A# scope system UCS-A /system # delete control-ep policy UCS-A /system* # commit-buffer UCS-A /system #
Domains and Domain Groups
When you register a Cisco UCS Manager instance in Cisco UCS Central, that instance is becomes an ungrouped domain in Cisco UCS Central. You will have assign this domain to a domain group to start managing this domain using global policies in Cisco UCS Central.
Cisco UCS Central creates a hierarchy of Cisco UCS domain groups for managing multiple Cisco UCS domains. You will have the following categories of domain groups in Cisco UCS Central:
-
Domain Group— A group that contains multiple Cisco UCS domains. You can group similar Cisco UCS domains under one domain group for simpler management.
- Ungrouped Domains—When a new Cisco UCS domain is registered in Cisco UCS Central, it is added to the ungrouped domains. You can assign the ungrouped domain to any domain group.
If you have created a domain group policy, and a new registered Cisco UCS domain meets the qualifiers defined in the policy, it will automatically be placed under the domain group specified in the policy. If not, it will be placed in the ungrouped domains category. You can assign this ungrouped domain to a domain group.
Each Cisco UCS domain can only be assigned to one domain group. You can assign or reassign membership of the Cisco UCS domains at any time. When you assign a Cisco UCS domain to a domain group, the Cisco UCS domain will automatically inherit all management policies specified for the domain group.
Before adding a Cisco UCS domain to a domain group, make sure to change the policy resolution controls to local in the Cisco UCS domain. This will avoid accidentally overwriting service profiles and maintenance policies specific to that Cisco UCS domain. Even when you have enabled auto discovery for the Cisco UCS domains, enabling local policy resolution will protect the Cisco UCS domain from accidentally overwriting policies.
-
Make sure to create a separate domain groups for all M Series modular server domains. Also make sure the modular server domain groups are not hierarchical.
-
You must create separate infrastructure firmware policy for M Series modular domains in Cisco UCS Central. The infrastructure firmware policies must be unique to modular servers. This will prevent any issues in firmware policy resolution with other domain groups.
Creating or Editing a Domain Group
Step 1 | In the Task
bar, type
Create
Domain Group and press Enter.
This launches the Create Domain Group dialog box. |
Step 2 | In Basic, click Domain Group Location and select the location in which you want to create the domain group. |
Step 3 | Enter a
Name and optional
Description.
The name is case sensitive. |
Step 4 | In
Qualification, select the
Qualification Policies that you want to use to
identify the
Cisco UCS Manager domains.
All domains that meet the qualification policy are automatically added to the domain group. |
Step 5 | In
Domains, select the
Cisco UCS Manager domains that you want to add to the domain group.
M Series modular server domains should not be added to a domain group that contains UCS Classic (B Series) domains or UCS Mini domains. |
Step 6 | Click Create. |
Adding a Domain to a Domain Group
Step 1 | In the Task bar, type
Assign Domain to Domain Group.
This launches the Domain to Domain Group dialog box. | ||
Step 2 | In the
Domain drop-down, select the
Cisco UCS Manager domain that you want to add to the domain group.
| ||
Step 3 | In the
Domain
Group Location drop-down, select domain group where you want to add
the domain.
| ||
Step 4 | Click Assign. |
Managing Domain Group SNMP
Step 1 | In the Task bar, type
Manage Domain Group SNMP and press Enter.
This launches the Manage Domain Group SNMP dialog box. |
Step 2 | In
Basic, click
Enabled, then enter the
Community/User Name.
Cisco UCS includes the SNMP v1 or v2c community name or the SNMP v3 username when it sends the trap to the SNMP host. This must be the same as the community or username that is configured in SNMP Traps. |
Step 3 | Enter the optional System Contact and System Location. |
Step 4 | In SNMP Traps, click Add and complete the following: |
Step 5 | In SNMP Users, click Add and complete the following: |
Step 6 | Click Save. |
Domain Group Qualification Policy
Domain group qualification policy enables you to automatically place new Cisco UCS domains under domain groups. You can create qualifiers based on Owner, Site and IP Address of various Cisco UCS domains based on your management requirements. When you register a new Cisco UCS domain, Cisco UCS Central analyses the domain based on the pre defined qualifiers in the domain group qualification policy and places the domain under a specific domain group for management.
Creating or Editing a Domain Group Qualification Policy
Step 1 | In the Task
bar, type
Create
Domain Group Qualification Policy and press Enter.
This launches the Create Domain Group Qualification Policy dialog box. |
Step 2 | In Basic, click Organization and select the location in which you want to create the domain group qualification policy. |
Step 3 | Enter a
Name and optional
Description.
The policy name is case sensitive. |
Step 4 | In Owner, enter the owner name and regex. |
Step 5 | In Site, enter the site name and regex. |
Step 6 | In IP Address, add the IP address ranges. |
Step 7 | Click Create. |
Policies in Cisco UCS Central and Cisco UCS Domains
You can create and manage global policies in Cisco UCS Central and include them in service profiles or service profile templates for one or more Cisco UCS domains. The service profiles and service profile templates that include global policies can be either of the following:
-
Local service profiles or service profile templates that are created and managed by Cisco UCS Manager in one Cisco UCS domain. You can only associate local service profiles with servers in that domain. When you include a global policy in a local service profile, Cisco UCS Manager makes a local read-only copy of that policy.
-
Global service profiles or service profile templates that are created and managed by Cisco UCS Central. You can associate global service profiles with servers in one or more registered Cisco UCS domains.
You can only make changes to global policies in Cisco UCS Central. Those changes affect all service profiles and service profile templates that include the global policy. All global policies are read-only in Cisco UCS Manager.
You can configure all operational policies under a domain group using IPv6 addresses. These policies are located in the Operations Management tab of the Cisco UCS Central GUI.
This feature helps the Cisco UCS Manager to use an IPv6 address while importing these policies from Cisco UCS Central.
- Policy Resolution between Cisco UCS Manager and Cisco UCS Central
- Consequences of Policy Resolution Changes
- Consequences of Service Profile Changes on Policy Resolution
Policy Resolution between Cisco UCS Manager and Cisco UCS Central
For each Cisco UCS domain that you register with Cisco UCS Central, you can choose which application will manage certain policies and configuration settings. This policy resolution does not have to be the same for every Cisco UCS domain that you register with the same Cisco UCS Central.
You have the following options for resolving these policies and configuration settings:
-
Local—The policy or configuration is determined and managed by Cisco UCS Manager.
-
Global—The policy or configuration is determined and managed by Cisco UCS Central.
The following table contains a list of the policies and configuration settings that you can choose to have managed by either Cisco UCS Manager or Cisco UCS Central:
Name | Description |
---|---|
Infrastructure & Catalog Firmware |
Determines whether the Capability Catalog and infrastructure firmware policy are defined locally in Cisco UCS Manager or come from Cisco UCS Central. |
Time Zone Management |
Determines whether the time zone and NTP server settings are defined locally in Cisco UCS Manager or comes from Cisco UCS Central. |
Communication Services |
Determines whether HTTP, CIM XML, Telnet, SNMP, web session limits, and Management Interfaces Monitoring Policy settings are defined locally in Cisco UCS Manager or in Cisco UCS Central. |
Global Fault Policy |
Determines whether the Global Fault Policy is defined locally in Cisco UCS Manager or in Cisco UCS Central. |
User Management |
Determines whether authentication and native domains, LDAP, RADIUS, TACACS+, trusted points, locales, and user roles are defined locally in Cisco UCS Manager or in Cisco UCS Central. |
DNS Management |
Determines whether DNS servers are defined locally in Cisco UCS Manager or in Cisco UCS Central. |
Backup & Export Policies |
Determines whether the Full State Backup Policy and All Configuration Export Policy are defined locally in Cisco UCS Manager or in Cisco UCS Central. |
Monitoring |
Determines whether Call Home, Syslog, and TFTP Core Exporter settings are defined locally in Cisco UCS Manager or in Cisco UCS Central. |
SEL Policy |
Determines whether the SEL Policy is defined locally in Cisco UCS Manager or in Cisco UCS Central. |
Power Allocation Policy |
Determines whether the Power Allocation Policy is defined locally in Cisco UCS Manager or in Cisco UCS Central. |
Power Policy |
Determines whether the Power Policy is defined locally in Cisco UCS Manager or in Cisco UCS Central. |
Equipment Policy |
Determines whether the Equipment Policy is defined locally in Cisco UCS Manager or in Cisco UCS Central. |
Port Configuration |
Determines whether port configuration is defined locally in Cisco UCS Manager or in Cisco UCS Central. |
Consequences of Policy Resolution Changes
When you register a Cisco UCS domain, you configure policies for local or global resolution. The behavior that occurs when the Cisco UCS domain is registered or when that registration or configuration changes, depends upon several factors, including whether a domain group has been assigned or not.
The following table describes the policy resolution behavior you can expect for each type of policy.
Policies and Configuration | Policy Source | Behavior in Cisco UCS Manager on Registration with Cisco UCS Central | Behavior in Cisco UCS Manager when Registration Changed | |||
---|---|---|---|---|---|---|
Cisco UCS Central | Cisco UCS Manager |
Domain Group Unassigned |
Domain Group Assigned |
Unassigned from Domain Group |
Deregistered from Cisco UCS Central |
|
Call Home |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SNMP configuration |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
HTTP |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Telnet |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
CIM XML |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Management interfaces monitoring policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Power allocation policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Power policy (also known as the PSU policy) |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SEL policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Authentication Domains |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
LDAP |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
LDAP provider groups and group maps |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
TACACS, including provider groups |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
RADIUS, including provider groups |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SSH (Read-only) |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
DNS |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Time zone |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Web Sessions |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Fault |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Core Export |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Syslog |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Global Backup/Export Policy |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Default Authentication |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Console Authentication |
Domain group root |
Assigned domain group |
Local |
Can be local or remote |
Retains last known policy state |
Converted to a local policy |
Roles |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Locales - Org Locales |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Trust Points |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Firmware Download Policy |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
ID Soaking Policy |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
Locales - Domain Group Locales |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
Infrastructure Firmware Packs |
N/A |
Assigned domain group |
Local |
Local/Remote (if Remote exists) |
Retains last known policy state |
Converted to a local policy |
Catalog |
N/A |
Assigned domain group |
Local |
Local/Remote (if Remote exists) |
Retains last known policy state |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
Consequences of Service Profile Changes on Policy Resolution
For certain policies, the policy resolution behavior is also affected by whether or not one or more service profiles that include that policy have been updated.
The following table describes the policy resolution behavior you can expect for those policies.
Policy | Behavior in Cisco UCS Manager on Registration with Cisco UCS Central | Domain Group Assigned after Registration with Cisco UCS Central | |||
---|---|---|---|---|---|
Domain Group Unassigned / Domain Group Assigned |
|||||
Service Profile not Modified |
Service Profile Modified |
||||
Maintenance Policy
|
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
||
Schedule |
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
||
Host Firmware Packages |
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
Organization
The Organization page enables you to view logical entities created under an organization that exists in a registered Cisco UCS domain.
Click one of the following icons to launch the specific page.
-
Service Profiles—Displays all service profiles in the organization.
-
Service Profile Templates—Displays all service profile templates in the organization.
-
Pools—Displays all pools in the organization.
-
Policies—Displays all policies in the organization.
-
Permitted VLANs—Displays VLANs permitted in the organization.
Updating Organization Descriptions
After an organization is created, you can update the description.