- Preface
- Introduction
- UCS Central Implementation: Approaches and Challenges
- Small Cisco UCS Central Environment
- Medium Cisco UCS Central Environment
- Large Cisco UCS Central Environment
- Sizing and Scaling Considerations
- Domain Groups
- Registration
- Migrating Brownfield to Greenfield
- Organization
- Understanding Policy Differences in Cisco UCS Manager and Cisco UCS Central
- Configuration
- Deploying Global VLANs and VSANs
- Pools
- Authentication
- Firmware Management
- Backup and Import
- High Availability
- General Best Practices
- UCS Central Internal Processes Defined
- UCS Central Communications - Required Ports
- Creating a Testing & Development Environment
- Online Resources
- Platform Emulators
- General Best Practices
- Local Affinity Issues
- Local Visibility of Global Objects
- Hypervisor Contention
- ID Range Qualification Polices for Domain Management
- Reducing the Number of Global Service Profile Templates
- Before Upgrading Cisco UCS Central
- Best Practices for Upgrading Cisco UCS Central
- Cisco UCS Central Frequently Asked Questions
General Best Practices
- Platform Emulators
- General Best Practices
- Local Affinity Issues
- Local Visibility of Global Objects
- Hypervisor Contention
- ID Range Qualification Polices for Domain Management
- Reducing the Number of Global Service Profile Templates
- Before Upgrading Cisco UCS Central
- Best Practices for Upgrading Cisco UCS Central
- Cisco UCS Central Frequently Asked Questions
Platform Emulators
The best way to get oriented and familiar with Cisco UCS Manager and Cisco UCS Central, while minimizing risk, is to take advantage of the Platform Emulators.
The Platform Emulators (PE) run as virtual machines, yet are complete instances of Cisco UCS Manager and Cisco UCS Central. They maintain the Cisco UCS management information tree, and data management engine. They support the use of the Cisco UCS XML API. In addition, you can import both the physical hardware configuration and the logical configuration of an actual Cisco UCS domain.
With the PE, Cisco UCS administrators can effectively model their entire Cisco UCS environment. You can use a sandbox to configure all changes, testing, and everything else, without any impact to the actual production domain. You can also use modeling to facilitate a formal change management sign-off for Cisco UCS Central training.
For testing any integration with Cisco UCS Central, ensure that you use the latest version of the PE.
General Best Practices
Your Cisco UCS Central adoption approach depends primarily on whether you are using a Brownfield environment or a Greenfield environment.
-
Use global operational policies, global fault and inventory reporting, and global statistics universally, regardless of workload profile and existing Cisco UCS deployments.
-
Understand that new deployments that are 100% globally managed generally do not risk any namespace collision, or conflicts. Therefore, they do not require such attention (“G-“ prefix for managed objects).
-
Try to restrict new workloads to new domains that are exclusively globally managed.
-
Try not to mix global pools, policies, templates, local service profiles in domains that are also locally managed. This helps avoid name collisions and conflicts in local service profile creation and deployment. If a domain does mix local and global objects, use a segregated organization structure to reduce the potential for naming collisions and conflicts.
-
Do not import default objects.
-
Use named polices that communicate what the policy does, rather than a default named policy. Someone can accidentally change or hide the value-property behind the name. For example, you might make the mistake of changing a default scrub policy, one that is normally set to no for disk scrub or BIOS setting scrub, to yes. This would have catastrophic effects on local service profiles disassociated from blades containing local disk-installed operating systems.
-
Use the Cisco UCS Platform Emulator to model and test an adoption procedure.
The https://communities.cisco.com/ucs community site hosts valuable content related to Cisco UCS Central and adoption. It includes Brad TerEick’s helpful blog Cisco UCS Central and My Existing Environment - How do I get there?
UCS Central Best Practices
-
Ensure that the Cisco UCS Central installation disk (local or remote) read-speed is greater than 125 Mbps. Disk read-speed is critical for UCS Central HA-mode architectures.
-
Ensure that your network has less than 500-ms network latency between Cisco UCS Central and any managed UCS domain.
-
Ensure that there is 1.5-Mbps bandwidth between the Cisco UCS Central server and any remote UCS domain that it is managing.
-
Perform daily backups and configuration exports of Cisco UCS Central and all registered UCS domains. Use the remote-copy feature and copy files to an external file directory.
-
Leverage Hypervisor snapshots to protect Cisco UCS Central, especially prior to any upgrades.
-
Always register UCS domains to Cisco UCS Central using the FQDN (Fully Qualified Domain Name). Do not use the IP address.
-
Always make sure UCS domains and Cisco UCS Central have a valid time source configured before attempting any registration of the UCS domain to Cisco UCS Central.
-
Never unregister a UCS domain from Cisco UCS Central that contains global objects pushed down to the UCS domain. Only unregister if there is no intention of ever registering the specific UCS domain back to Cisco UCS Central. Also, perform this with the guidance of Cisco TAC, backed with Cisco UCS Central Engineering approval.
-
In mixed Greenfield and Brownfield environments, consider naming all Global ID pools, policies, templates, and service profiles with a prefix such as “G-” to differentiate global objects from local UCS domain objects.
Local Affinity Issues
As you centralize policy and control in Cisco UCS Central, certain challenges may surface that highlight issues best managed with local resources and control points. These are called Local Affinity issues when referencing local domains. The common affinity points are:
External IP Pools Affinity Issues
External IP pools (global-ext-mgmt) contain the addresses for out-of-band management of physical blade servers. However, Cisco UCS Central does not automatically associate these addresses with blade servers and with the CIMC, unlike Cisco UCS Manager.
With UCS Central, there is no hardware-assigned management IP address. Therefore, Cisco UCS Central assigns management IP pool addresses to the global service profile. For greater flexibility and global service profile migration to UCS domains with different management subnets, consider leveraging ID Access Control policies.
Workaround
Use management IP addresses associated with service profiles, or templates, so that Cisco UCS Central can reference global external IP pools.
 Note | The behavior of external management IP pools is different in Cisco UCS Central than in Cisco UCS Manager. New global service profile support for ID range-qualification policies provides greater ability to maintain flexibility and efficiency in assigning global management IP addresses. |
VLAN and VSAN Affinity Issues
To mitigate local affinity issues for VLANs, use the VLAN ID alias feature. This translates the VLAN IDs for a domain, based on their domain group and organization permissions. VSAN aliasing does not exist, requiring you to map both the domain group and organization contexts.
Note | When using a VLAN alias, do not include the actual VLAN ID in the name. When creating VSAN names, append their respective domain group name. For example, use the “VSAN-DG” name pair when creating references such as VHBA templates. |
Local Visibility of Global Objects
When you create global objects, they are not automatically presented or pushed to Cisco UCS Manager. Global objects do not appear automatically in the Cisco UCS Manager navigation pane. However, global IDs and global policies may be visible from the Cisco UCS Manager drop-down menus when you are creating or modifying local objects.
Global objects display in the Cisco UCS Manager once you deploy global service profiles to a server. This means that a local service profile, running on the Cisco UCS Manager, references the global objects. At deployment time, the local Cisco UCS Manager receives a read-only copy of the global object and its dependent objects, and then displays them in the GUI.
Hypervisor Contention
Because Cisco UCS Central runs as a virtual appliance, it is subject to resource sharing, governed by the host OS hypervisor.
One method for promoting reasonable performance characteristics is to use resource pools in either the VMware or Hyper-V environments. Resource pools ensure that you avoid or minimize CPU and memory contention for Cisco UCS Central.
To ensure that Cisco UCS Central is favored, place it in its own dedicated resource pool, with both CPU and memory share settings set to High. Refer to the Installation and Upgrade Guide for more information.
ID Range Qualification Polices for Domain Management
Use ID range qualification policies to ensure that Cisco UCS uses the correct blocks of management IPs when a global service profile is migrated from one Cisco UCS domain to another.
You can assign blocks of IPs for a domain or domain group with the ID range qualification policy. As you migrate the local service profile, a new management IP accompanies the association to the respective Cisco UCS domain.
Reducing the Number of Global Service Profile Templates
Some organizations are always looking for ways to reduce the number of global service profile templates they create and maintain in their Cisco UCS Central architecture.
One method is to leverage the hierarchy policy resolution capabilities of Cisco UCS and Cisco UCS Central. Some organizations put their ID pools at a high level, because they cannot justify the need to segregate IDs based on the downstream organizations. Similarly, they also place the most common configuration policies high in the organizational structure.
They then rely on policy resolution for Cisco UCS and Cisco UCS Central. This allows for a policy with the same name to exist at different organizational levels, but to have different values embedded within those policies. Therefore, when they create or import a global service profile within that organization, the global service profile accesses that particular named policy with the proper values for that particular organization.
In general, define unique LAN connectivity policies and storage connectivity policies at a lower, more granular level. As long as they have the same names in the different organizations, the global service profile uses the correct policy with the correct values.
Before Upgrading Cisco UCS Central
Prior to attempting an upgrade of Cisco UCS Central:
-
Upgrade all registered Cisco UCS domains to a minimum of Cisco UCS Manager release 2.1(2a). Use the most recent maintenance and patch release in the Cisco UCS Manager release 2.1 tree if using Cisco UCS Manager release 2.1.
-
Use Snapshot Manager and take a snapshot of the VM to preserve the state of the original VM.
-
Take both a full-state backup and a config-all backup of Cisco UCS Central. Ensure that the backup state is enabled for both, and make sure that these backups are available offline.
Note
During the backup, the local Cisco UCS domains lose visibility to Cisco UCS Central, but the state changes back to registered once the upgrade completes.
-
Complete all infrastructure firmware updates prior to upgrading to Cisco UCS Central release 1.5. The schedule information for infrastructure firmware update jobs does not transfer to the new release. In release 1.5, you create infrastructure firmware update jobs for maintenance groups, not for domain groups.
Note | Do Not perform an unregister/reregister cycle for your Cisco UCS domain as part of the Cisco UCS Central upgrade. |
Best Practices for Upgrading Cisco UCS Central
-
Verify upgrade compatibility. Consult release notes for Cisco UCS Manager and Cisco UCS Central.
-
Verify that Cisco UCS Central is not performing any operations. Ensure that no administrators are performing actions.
-
Verify that Cisco UCS Central does not have any pending acknowledgments.
-
Back up Cisco UCS Central. Perform both full-state and configuration backups. Store them remotely and offline.
-
From the CLI, gracefully shut down Cisco UCS Central using the shutdown command.
-
After shutdown, take a hypervisor snapshot of the existing Cisco UCS Central state.
-
Download the new version of UCS Central.
-
In the Hypervisor Manager, mount the new Cisco UCS Central ISO to the existing Cisco UCS Central VM.
-
In the BIOS, edit the Boot Order sequence so that Cisco UCS Central boots from the ISO.
-
Boot Cisco UCS Central from the ISO.
-
Select the upgrade option.
-
Complete the upgrade and automatic reboot.
-
Verify that the Cisco UCS Central upgrade was successful.
-
Back up Cisco UCS Central. Perform both full state and configuration backups. Store them remotely and offline.
For more information on performing these tasks, see the UCSC Getting Started Guide.
Upgrading Cisco UCS Central
Review all available release notes at the time of upgrade: Product Installation Upgrade Guides.
Note the version compatibility requirements:
-
Cisco UCS Central 1.2(1a) and forward supports communication only with Cisco UCS Manager 2.1.2 and higher.
-
Some new features of Cisco UCS Central may only be available in higher versions of Cisco UCS Manager. For example, Policy Search works with Cisco UCS Manager 2.1(2a) and higher, but Policy Import only works with 2.2(1b) and higher.
The current ISO upgrade method is documented in the Product Installation Upgrade Guides.
Cisco UCS Central Frequently Asked Questions
- Can you compare imports from two domains to see if they are different? If you have two domains that you think are configured the same, can you import both and find out?
-
No, Cisco UCS Central does not have a native Diff function today. It may be considered for a future release. You can create tech-support logs from Cisco UCS Central, extract the log files, and import them into an XML editor or repository that performs a Diff function, to compare two configurations.
- Can we export Cisco UCS Central reports in CSV or PDF format?
-
Yes.
- How large can the embedded database be? The documentation shows up to five domains with the embedded database, but is vague on how large the database is.
-
For five domains, it's about 240-GB. There is no limit. Cisco UCS Central can support up to 10,000 servers.
- Does Cisco UCS Central support alternate Disaster Recovery architectures such as VMware Site Recovery Manager (SRM)?
-
No. Use hypervisor HA tools, like VMware HA, snapshots of VMs, clones, daily backups, and targets. Backup is a Disaster Recovery functionality. Set up a remote copy. Store the remote copies on a different server, like an FTP server. If the Cisco UCS Central fails, you can deploy a new Cisco UCS Central with your backup. Also do not use clustering, use a single VM.
- Do I have to still use a global service profile and server association as a delivery mechanism to deliver a VLAN or VSAN down to the Cisco UCS domain?
-
No. Use local service profiles for something that has to be local. If you want to push a target, use a global VLAN service profile. Global VLANS and VSANS stay on the domains, even if you remove the global service profile. Now we have an API that you can use in the CLI to push global VLANS or VSANS down from Cisco UCS Central to a domain. Use an SSH application to access Cisco UCS Central to perform these tasks.
Feedback