The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter includes the following sections:
You can have Cisco UCS Central manage some or all of the Cisco UCS domains in your data center.
If you want to have Cisco UCS Central manage a Cisco UCS domain, you need to register that domain. When you register, you need to choose which types of policies and other configurations, such as backups and firmware, will be managed by Cisco UCS Central and which by Cisco UCS Manager. You can have Cisco UCS Central manage the same types of policies and configurations for all registered Cisco UCS domains or you can choose to have different settings for each registered Cisco UCS domain.
Before you register a Cisco UCS domain with Cisco UCS Central, do the following:
Note |
You cannot change or swap the IP addresses used by Cisco UCS Manager in a domain that is registered with Cisco UCS Central. If you need to change or swap that IP address, you must first unregister the domain from Cisco UCS Central. You can reregister the Cisco UCS domain after you have changed or swapped the IP address. |
For each Cisco UCS domain that you register with Cisco UCS Central, you can choose which application will manage certain policies and configuration settings. This policy resolution does not have to be the same for every Cisco UCS domain that you register with the same Cisco UCS Central.
You have the following options for resolving these policies and configuration settings:
The following table contains a list of the policies and configuration settings that you can choose to have managed by either Cisco UCS Manager or Cisco UCS Central:
When you register a Cisco UCS domain, you configure policies for local or global resolution. The behavior that occurs when the Cisco UCS domain is registered or when that registration or configuration changes, depends upon several factors, including whether a domain group has been assigned or not.
The following table describes the policy resolution behavior you can expect for each type of policy.
Policies and Configuration | Policy Source | Behavior in Cisco UCS Manager on Registration with Cisco UCS Central | Behavior in Cisco UCS Manager when Registration Changed | |||
---|---|---|---|---|---|---|
Cisco UCS Central | Cisco UCS Manager | Domain Group Unassigned |
Domain Group Assigned |
Unassigned from Domain Group |
Deregistered from Cisco UCS Central |
|
Call Home |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SNMP configuration |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
HTTP |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Telnet |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
CIM XML |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Management interfaces monitoring policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Power allocation policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Power policy (also known as the PSU policy) |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SEL policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Authentication Domains |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
LDAP |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
LDAP provider groups and group maps |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
TACACS, including provider groups |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
RADIUS, including provider groups |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SSH (Read-only) |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
DNS |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Time zone |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Web Sessions |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Fault |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Core Export |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Syslog |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Global Backup/Export Policy |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Default Authentication |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Console Authentication |
Domain group root |
Assigned domain group |
Local |
Can be local or remote |
Retains last known policy state |
Converted to a local policy |
Roles |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Locales - Org Locales |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Trust Points |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Firmware Download Policy |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
ID Soaking Policy |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
Locales - Domain Group Locales |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
Infrastructure Firmware Packs |
N/A |
Assigned domain group |
Local |
Local/Remote (if Remote exists) |
Retains last known policy state |
Converted to a local policy |
Catalog |
N/A |
Assigned domain group |
Local |
Local/Remote (if Remote exists) |
Retains last known policy state |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
For certain policies, the policy resolution behavior is also affected by whether or not one or more service profiles that include that policy have been updated.
The following table describes the policy resolution behavior you can expect for those policies.
Policy | Behavior in Cisco UCS Manager on Registration with Cisco UCS Central | Domain Group Assigned after Registration with Cisco UCS Central | |
---|---|---|---|
Domain Group Unassigned / Domain Group Assigned |
|||
Service Profile not Modified |
Service Profile Modified |
||
Maintenance Policy |
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
Schedule |
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
Host Firmware Packages |
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
The following table lists the Cisco UCS release for the Cisco UCS Manager and infrastructure in a Cisco UCS domain that you want to register with Cisco UCS Central. All patches for the maintenance release listed are supported.
Cisco UCS Central | Cisco UCS Domain |
---|---|
Cisco UCS Central, Release 1.0(1) |
Cisco UCS Manager, Release 2.1(1) |
Note |
You cannot change or swap the IP addresses used by Cisco UCS Manager in a domain that is registered with Cisco UCS Central. If you need to change or swap that IP address, you must first unregister the domain from Cisco UCS Central. You can reregister the Cisco UCS domain after you have changed or swapped the IP address. |
Configure an NTP server and the correct time zone in both Cisco UCS Manager and Cisco UCS Central to ensure that they are in sync. If the time and date in the Cisco UCS domain and Cisco UCS Central are out of sync, the registration might fail.
When you unregister a Cisco UCS domain from Cisco UCS Central, Cisco UCS Manager no longer receives updates to global policies.
Note |
You cannot change or swap the IP addresses used by Cisco UCS Manager in a domain that is registered with Cisco UCS Central. If you need to change or swap that IP address, you must first unregister the domain from Cisco UCS Central. You can reregister the Cisco UCS domain after you have changed or swapped the IP address. |
Configure an NTP server and the correct time zone in both Cisco UCS Manager and Cisco UCS Central to ensure that they are in sync. If the time and date in the Cisco UCS domain and Cisco UCS Central are out of sync, the registration might fail.
The following example registers a Cisco UCS Domain with a Cisco UCS Central system at IP address 209.165.200.233, and commits the transaction:
UCS-A# scope system UCS-A /system # create control-ep policy 209.165.200.233 Shared Secret for Registration: S3cretW0rd! UCS-A /system/control-ep* # commit-buffer UCS-A /system/control-ep #
Configure policy resolution between Cisco UCS Manager and Cisco UCS Central.
You must register the Cisco UCS Domain with Cisco UCS Central before you can configure policy resolution.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCS-A# scope system | Enters system mode. |
Step 2 | UCS-A/system # scope control-ep policy | Enters control-ep policy mode. |
Step 3 | UCS-A/system/control-ep # set backup-policy-ctrl source {local | global} | Determines whether the Full State Backup Policy and All Configuration Export Policy are defined locally or in Cisco UCS Central. |
Step 4 | UCS-A/system/control-ep # set communication-policy-ctrl source {local | global} | Determines whether HTTP, CIM XML, Telnet, SNMP, web session limits, and Management Interfaces Monitoring Policy settings are defined locally or in Cisco UCS Central. |
Step 5 | UCS-A/system/control-ep # set datetime-policy-ctrl source {local | global} | Determines whether the time zone and NTP server settings are defined locally or comes from Cisco UCS Central. |
Step 6 | UCS-A/system/control-ep # set dns-policy-ctrl source {local | global} | Determines whether DNS servers are defined locally or in Cisco UCS Central. |
Step 7 | UCS-A/system/control-ep # set fault-policy-ctrl source {local | global} | Determines whether the Global Fault Policy is defined locally or in Cisco UCS Central. |
Step 8 | UCS-A/system/control-ep # set infra-pack-ctrl source {local | global} | Determines whether the Capability Catalog and infrastructure firmware policy are defined locally or come from Cisco UCS Central. |
Step 9 | UCS-A/system/control-ep # set mep-policy-ctrl source {local | global} | Determines whether the SEL Policy is defined locally or in Cisco UCS Central. |
Step 10 | UCS-A/system/control-ep # set monitoring-policy-ctrl source {local | global} | Determines whether Call Home, Syslog, and TFTP Core Exporter settings are defined locally or in Cisco UCS Central. |
Step 11 | UCS-A/system/control-ep # set powermgmt-policy-ctrl source {local | global} | Determines whether the Global Power Allocation Policy is defined locally or in Cisco UCS Central. |
Step 12 | UCS-A/system/control-ep # set psu-policy-ctrl source {local | global} | Determines whether the Power Policy is defined locally or in Cisco UCS Central. |
Step 13 | UCS-A/system/control-ep # set security-policy-ctrl source {local | global} | Determines whether authentication and native domains, LDAP, RADIUS, TACACS+, trusted points, locales, and user roles are defined locally or in Cisco UCS Central. |
Step 14 | UCS-A/system/control-ep # commit-buffer | Commits the transaction to the system configuration. |
The following example configures policy resolution for a Cisco UCS Domain that is registered with Cisco UCS Central and commits the transaction:
UCS-A# scope system UCS-A /system # scope control-ep policy UCS-A /system/control-ep* # set backup-policy-ctrl source global UCS-A /system/control-ep* # set communication-policy-ctrl source local UCS-A /system/control-ep* # set datetime-policy-ctrl source global UCS-A /system/control-ep* # set dns-policy-ctrl source global UCS-A /system/control-ep* # set fault-policy-ctrl source global UCS-A /system/control-ep* # set infra-pack-ctrl source global UCS-A /system/control-ep* # set mep-policy-ctrl source global UCS-A /system/control-ep* # set monitoring-policy-ctrl source global UCS-A /system/control-ep* # set powermgmt-policy-ctrl source global UCS-A /system/control-ep* # set psu-policy-ctrl source local UCS-A /system/control-ep* # set security-policy-ctrl source global UCS-A /system/control-ep* # commit-buffer UCS-A /system/control-ep #
When you unregister a Cisco UCS domain from Cisco UCS Central, Cisco UCS Manager no longer receives updates to global policies.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCS-A# scope system | Enters system mode. |
Step 2 | UCS-A/system # delete control-ep policy | Deletes the policy and unregisters the Cisco UCS Domain from Cisco UCS Central. |
Step 3 | UCS-A/system # commit-buffer | Commits the transaction to the system configuration. |
The following example unregisters a Cisco UCS Domain from Cisco UCS Central and commits the transaction:
UCS-A# scope system UCS-A /system # delete control-ep policy UCS-A /system* # commit-buffer UCS-A /system #