ucs central best practices
DESCRIPTION
UCS Central Best Practices. UCS. Jeff Silberman ([email protected]). Compute Capacity: Units of Scale. UCS Central. UCS Manager. Global Datacenters. Single Datacenter. Domain. Chassis. Server. Operational Model. Administrative power is HIGHLY concentrated - PowerPoint PPT PresentationTRANSCRIPT
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
UCS
UCS CentralBest Practices
Jeff Silberman ([email protected])
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Compute Capacity: Units of Scale
ServerChassis
DomainSingle
Datacenter
GlobalDatacenters
UCS CentralUCS Manager
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Operational Model
• Administrative power is HIGHLY concentrated Slightest changes can have broadest consequences
• Everything is “Opt-In” and “Bottom-Up”- Registration is Bottom Up- Global Policy Resolution is not the default- UCS Central does not “take control”. Control is given
• Migrate to Global Policies over time, as comfort increaseso Global resolution can revert back to Local
• Global Policy resolution promotes administrative scalability• UCS Central :
- Depends on UCS Manager- Is an extension of UCS Manager and the UCS Management Model- Is NOT a replacement for UCS Manager
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
UCS Central 1.1(1a) Main Features• Global Policies and Global Service Profiles
• Cluster-mode High Availability
• Statistics with optional External Database Support
• Improved Graphics Display
Solid Fit For:
• Global Inventory Visibility, Global Faults,
• Global Operational Policies (Backups, TZ, DNS, …)
• Global Service Profiles for Net-new Workload
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
5
Requirements• UCS Central 1.0(1a) works with UCSM 2.1.1 and above
• UCS Central 1.1(1a) works with UCSM 2.1.2 and above (UCSM 2.1.3 recommended)
• 4 vCPUs , 12GB Memory
• Licenses:•L-UCS-CTR-INI= •L-UCS-CTR-LIC=
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
6
Domain Group Design• Admin-defined grouping
• Any domain can only be in one DG at a time
• Domains are in “Ungrouped Domain Group” by default
• Operational Policies resolve on DGs
• Domains can move between DG’s --- but it might be disruptive
• Domain Group Policy Qualifications allow for “auto-join” in to a DG
• Hierarchical Policy resolution allows local overrides
Domain Group EUROPE
Domain Group US
Domain GroupASIA-PACIFIC
Sub Domain Group
DALLAS
Sub Domain Group LOS
ANGELES
Sub Domain Group NEW YORK
UCS Central
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
7
Authentication• UCS Central 1.1(1a) supports either Local or LDAP
• LDAP Attribute-based authentication requires a schema changeUCS Role to LDAP Group support is currently missing
• UCS Central uses “root” DG for authentication. If using global authentication, then do not populate the “root” DG with UCS domains
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
8
Name Resolution (and ambiguity)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
9
Name Resolution (and ambiguity)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
10
Naming Best Practice• Use “G-” prefix for Global Objects
• Avoid using “global-default” or “default”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
11
Global IDs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
12
Global IDs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
13
Operational Policies Best Practice• Maintain the default local policy resolution. Gain comfort and understanding, prior
to a broader adoption of global policies
• Use “Import” when possible
BestPractice
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
14
Adoption Approaches and Challenges
• Use the UCS Platform Emulator
• Use UCS Central with Global Objects for Net-New Workload deployments
• Leave existing workloads in Locally managed mode, until end of lifecycle
• Local Affinity exists for External IP Pools and Boot Policies
BestPractice
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
15
UCS and UCS Central Backups
• Just Do ItUCS Central Objects can’t be automatically re-created from UCS backups Domain Groups don’t’ exist in UCSM Operational Policies terminate on Domain Groups
BestPractice
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
16
UCS Central : Things to Note
o Global Objects visible from “drop-down” menus, or “pulled in” to UCSM when needed upon deployment of Global Service Profiles --- but are not pushed upon creation
o Maintenance Policies• For user acknowledgement locally within UCSM, create and use Maintenance Policies
based on “user-ack”. • For acknowledgement within UCS Central, chose “timer-automatic”, and select a
Schedule that uses the “user-ack”option.
o Host OS version coverage. Check release noteso External Statistics Database is not backed up automaticallyo UCSM may require a forced Time synco Avoid Hypervisor Resource Contention with other VMso Cluster HA Mode requires proper configuration of Shared Disk
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
17
UCS Central 1.1(1a) Known Caveats
• UCS Central Admin policies are in “root” DG
• LDAP Authentication missing Group mappings
• Adopting Global IDs causes service interruption in UCSM 2.1.1 and 2.1.2
• Global UUID Pools can’t be easily adopted for existing workload
• Domain Group Re-assignment based on DG Policy now requires “Re-evaluate Membership”
• Server Pool members are not masked by RBAC
• Fault Summary occasionally goes blank
• Host FW and Maintenance Policies now under “Orgs” instead of DG’s (some backward compatibility issues exist)
• VLANs can appear unreferenced
• Default FCoE VLAN is “1” (VHBAs won’t configure, since VLAN conflicts with “default”)
• VLANs and VSANs may persist locally, even if domain is de-registered
• Local backups will not have global references
• Moving objects from Local to Global mode (or back) is not supported
• SDK programmability is a work in progress
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 18
UCS Central Resources• The UCS Community Spacehttps://communities.cisco.com/ucs
• UCS Central Release Noteshttp://www.cisco.com/en/US/products/ps12502/prod_installation_guides_list.html
• The UCS Central Best Practice Guidehttps://communities.cisco.com/docs/DOC-35264
• The UCS Platform Emulatorhttp://developer.cisco.com/web/unifiedcomputing/ucsemulatordownload
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Summary
• Be Conservative
• Create a Test/Dev Sandbox, using PE’s to get comfortableo PE’s can even be populated from live UCSM configs
• UCS Central is the most important and ambitious product since UCS Manager itself
With Great Power Comes Great ResponsibilityPlease Be Careful
Thank you.