ucs central best practices

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

UCS

UCS CentralBest Practices

Jeff Silberman ([email protected])


Compute Capacity: Units of Scale

ServerChassis

DomainSingle

Datacenter

GlobalDatacenters

UCS CentralUCS Manager


Operational Model

• Administrative power is HIGHLY concentrated Slightest changes can have broadest consequences

• Everything is “Opt-In” and “Bottom-Up”- Registration is Bottom Up- Global Policy Resolution is not the default- UCS Central does not “take control”. Control is given

• Migrate to Global Policies over time, as comfort increaseso Global resolution can revert back to Local

• Global Policy resolution promotes administrative scalability• UCS Central :

- Depends on UCS Manager- Is an extension of UCS Manager and the UCS Management Model- Is NOT a replacement for UCS Manager


UCS Central 1.1(1a) Main Features• Global Policies and Global Service Profiles

• Cluster-mode High Availability

• Statistics with optional External Database Support

• Improved Graphics Display

Solid Fit For:

• Global Inventory Visibility, Global Faults,

• Global Operational Policies (Backups, TZ, DNS, …)

• Global Service Profiles for Net-new Workload


5

Requirements• UCS Central 1.0(1a) works with UCSM 2.1.1 and above

• UCS Central 1.1(1a) works with UCSM 2.1.2 and above (UCSM 2.1.3 recommended)

• 4 vCPUs , 12GB Memory

• Licenses:•L-UCS-CTR-INI= •L-UCS-CTR-LIC=


6

Domain Group Design• Admin-defined grouping

• Any domain can only be in one DG at a time

• Domains are in “Ungrouped Domain Group” by default

• Operational Policies resolve on DGs

• Domains can move between DG’s --- but it might be disruptive

• Domain Group Policy Qualifications allow for “auto-join” in to a DG

• Hierarchical Policy resolution allows local overrides

Domain Group EUROPE

Domain Group US

Domain GroupASIA-PACIFIC

Sub Domain Group

DALLAS

Sub Domain Group LOS

ANGELES

Sub Domain Group NEW YORK

UCS Central


7

Authentication• UCS Central 1.1(1a) supports either Local or LDAP

• LDAP Attribute-based authentication requires a schema changeUCS Role to LDAP Group support is currently missing

• UCS Central uses “root” DG for authentication. If using global authentication, then do not populate the “root” DG with UCS domains


8

Name Resolution (and ambiguity)


9

Name Resolution (and ambiguity)


10

Naming Best Practice• Use “G-” prefix for Global Objects

• Avoid using “global-default” or “default”


11

Global IDs


12

Global IDs


13

Operational Policies Best Practice• Maintain the default local policy resolution. Gain comfort and understanding, prior

to a broader adoption of global policies

• Use “Import” when possible

BestPractice


14

Adoption Approaches and Challenges

• Use the UCS Platform Emulator

• Use UCS Central with Global Objects for Net-New Workload deployments

• Leave existing workloads in Locally managed mode, until end of lifecycle

• Local Affinity exists for External IP Pools and Boot Policies

BestPractice


15

UCS and UCS Central Backups

• Just Do ItUCS Central Objects can’t be automatically re-created from UCS backups Domain Groups don’t’ exist in UCSM Operational Policies terminate on Domain Groups

BestPractice


16

UCS Central : Things to Note

o Global Objects visible from “drop-down” menus, or “pulled in” to UCSM when needed upon deployment of Global Service Profiles --- but are not pushed upon creation

o Maintenance Policies• For user acknowledgement locally within UCSM, create and use Maintenance Policies

based on “user-ack”. • For acknowledgement within UCS Central, chose “timer-automatic”, and select a

Schedule that uses the “user-ack”option.

o Host OS version coverage. Check release noteso External Statistics Database is not backed up automaticallyo UCSM may require a forced Time synco Avoid Hypervisor Resource Contention with other VMso Cluster HA Mode requires proper configuration of Shared Disk


17

UCS Central 1.1(1a) Known Caveats

• UCS Central Admin policies are in “root” DG

• LDAP Authentication missing Group mappings

• Adopting Global IDs causes service interruption in UCSM 2.1.1 and 2.1.2

• Global UUID Pools can’t be easily adopted for existing workload

• Domain Group Re-assignment based on DG Policy now requires “Re-evaluate Membership”

• Server Pool members are not masked by RBAC

• Fault Summary occasionally goes blank

• Host FW and Maintenance Policies now under “Orgs” instead of DG’s (some backward compatibility issues exist)

• VLANs can appear unreferenced

• Default FCoE VLAN is “1” (VHBAs won’t configure, since VLAN conflicts with “default”)

• VLANs and VSANs may persist locally, even if domain is de-registered

• Local backups will not have global references

• Moving objects from Local to Global mode (or back) is not supported

• SDK programmability is a work in progress

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 18

UCS Central Resources• The UCS Community Spacehttps://communities.cisco.com/ucs

• UCS Central Release Noteshttp://www.cisco.com/en/US/products/ps12502/prod_installation_guides_list.html

• The UCS Central Best Practice Guidehttps://communities.cisco.com/docs/DOC-35264

• The UCS Platform Emulatorhttp://developer.cisco.com/web/unifiedcomputing/ucsemulatordownload

https://communities.cisco.com/ucs

http://www.cisco.com/en/US/products/ps12502/prod_installation_guides_list.html

https://communities.cisco.com/docs/DOC-35264

http://developer.cisco.com/web/unifiedcomputing/ucsemulatordownload


Summary

• Be Conservative

• Create a Test/Dev Sandbox, using PE’s to get comfortableo PE’s can even be populated from live UCSM configs

• UCS Central is the most important and ambitious product since UCS Manager itself

With Great Power Comes Great ResponsibilityPlease Be Careful

Thank you.

ucs central best practices

Documents

cisco andor

cisco confidential

global resolution

global authentication

global faults

global objectsavoid

global ids11

global ids12