Cisco UCS Central Deployment Guide, Release 1.0
Registering Cisco UCS Domains with Cisco UCS Central
Downloads: This chapterpdf (PDF - 1.24MB) The complete bookPDF (PDF - 2.2MB) | The complete bookePub (ePub - 152.0KB) | Feedback

Registering Cisco UCS Domains with Cisco UCS Central

Contents

Registering Cisco UCS Domains with Cisco UCS Central

This chapter includes the following sections:

Registration of Cisco UCS Domains

You can have Cisco UCS Central manage some or all of the Cisco UCS domains in your data center.

If you want to have Cisco UCS Central manage a Cisco UCS domain, you need to register that domain. When you register, you need to choose which types of policies and other configurations, such as backups and firmware, will be managed by Cisco UCS Central and which by Cisco UCS Manager. You can have Cisco UCS Central manage the same types of policies and configurations for all registered Cisco UCS domains or you can choose to have different settings for each registered Cisco UCS domain.

Before you register a Cisco UCS domain with Cisco UCS Central, do the following:

  • Configure an NTP server and the correct time zone in both Cisco UCS Manager and Cisco UCS Central to ensure that they are in sync. If the time and date in the Cisco UCS domain and Cisco UCS Central are out of sync, the registration might fail.
  • Obtain the hostname or IP address of Cisco UCS Central
  • Obtain the shared secret that you configured when you deployed Cisco UCS Central

Note


You cannot change or swap the IP addresses used by Cisco UCS Manager in a domain that is registered with Cisco UCS Central. If you need to change or swap that IP address, you must first unregister the domain from Cisco UCS Central. You can reregister the Cisco UCS domain after you have changed or swapped the IP address.


Policy Resolution between Cisco UCS Manager and Cisco UCS Central

For each Cisco UCS domain that you register with Cisco UCS Central, you can choose which application will manage certain policies and configuration settings. This policy resolution does not have to be the same for every Cisco UCS domain that you register with the same Cisco UCS Central.

You have the following options for resolving these policies and configuration settings:

  • Local—The policy or configuration is determined and managed by Cisco UCS Manager.
  • Global—The policy or configuration is determined and managed by Cisco UCS Central.

The following table contains a list of the policies and configuration settings that you can choose to have managed by either Cisco UCS Manager or Cisco UCS Central:

Name Description

Infrastructure & Catalog Firmware

Determines whether the Capability Catalog and infrastructure firmware policy are defined locally or come from Cisco UCS Central.

Time Zone Management

Determines whether the time zone and NTP server settings are defined locally or comes from Cisco UCS Central.

Communication Services

Determines whether HTTP, CIM XML, Telnet, SNMP, web session limits, and Management Interfaces Monitoring Policy settings are defined locally or in Cisco UCS Central.

Global Fault Policy

Determines whether the Global Fault Policy is defined locally or in Cisco UCS Central.

User Management

Determines whether authentication and native domains, LDAP, RADIUS, TACACS+, trusted points, locales, and user roles are defined locally or in Cisco UCS Central.

DNS Management

Determines whether DNS servers are defined locally or in Cisco UCS Central.

Backup & Export Policies

Determines whether the Full State Backup Policy and All Configuration Export Policy are defined locally or in Cisco UCS Central.

Monitoring

Determines whether Call Home, Syslog, and TFTP Core Exporter settings are defined locally or in Cisco UCS Central.

SEL Policy

Determines whether the SEL Policy is defined locally or in Cisco UCS Central.

Power Allocation Policy

Determines whether the Global Power Allocation Policy is defined locally or in Cisco UCS Central.

Power Policy

Determines whether the Power Policy is defined locally or in Cisco UCS Central.

Consequences of Policy Resolution Changes

When you register a Cisco UCS domain, you configure policies for local or global resolution. The behavior that occurs when the Cisco UCS domain is registered or when that registration or configuration changes, depends upon several factors, including whether a domain group has been assigned or not.

The following table describes the policy resolution behavior you can expect for each type of policy.

Policies and Configuration Policy Source Behavior in Cisco UCS Manager on Registration with Cisco UCS Central Behavior in Cisco UCS Manager when Registration Changed
Cisco UCS Central Cisco UCS Manager

Domain Group Unassigned

Domain Group Assigned

Unassigned from Domain Group

Deregistered from Cisco UCS Central

Call Home

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

SNMP configuration

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

HTTP

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Telnet

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

CIM XML

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Management interfaces monitoring policy

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Power allocation policy

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Power policy (also known as the PSU policy)

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

SEL policy

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Authentication Domains

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

LDAP

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

LDAP provider groups and group maps

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

TACACS, including provider groups

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

RADIUS, including provider groups

N/A

Cisco UCS Manager only

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

SSH (Read-only)

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

DNS

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Time zone

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Web Sessions

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Fault

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Core Export

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Syslog

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Global Backup/Export Policy

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Default Authentication

Domain group root

Assigned domain group

Local

Local/Remote

Retains last known policy state

Converted to a local policy

Console Authentication

Domain group root

Assigned domain group

Local

Can be local or remote

Retains last known policy state

Converted to a local policy

Roles

Domain group root

Assigned domain group

Local

Local/Combine (Remote replacing Local)

Deletes remote policies

Converted to a local policy

Locales - Org Locales

Domain group root

Assigned domain group

Local

Local/Combine (Remote replacing Local)

Deletes remote policies

Converted to a local policy

Trust Points

Domain group root

Assigned domain group

Local

Local/Combine (Remote replacing Local)

Deletes remote policies

Converted to a local policy

Firmware Download Policy

Domain group root

N/A

N/A

N/A

N/A

N/A

ID Soaking Policy

Domain group root

N/A

N/A

N/A

N/A

N/A

Locales - Domain Group Locales

Domain group root

N/A

N/A

N/A

N/A

N/A

Infrastructure Firmware Packs

N/A

Assigned domain group

Local

Local/Remote (if Remote exists)

Retains last known policy state

Converted to a local policy

Catalog

N/A

Assigned domain group

Local

Local/Remote (if Remote exists)

Retains last known policy state

Converted to a local policy

Maintenance Policy

Schedule

Host Firmware Packs

N/A

Assigned domain group

See Consequences of Service Profile Changes on Policy Resolution

See Consequences of Service Profile Changes on Policy Resolution

Deletes remote policies

Converted to a local policy

Maintenance Policy

Schedule

Host Firmware Packs

N/A

Assigned domain group

See Consequences of Service Profile Changes on Policy Resolution

See Consequences of Service Profile Changes on Policy Resolution

Deletes remote policies

Converted to a local policy

Maintenance Policy

Schedule

Host Firmware Packs

N/A

Assigned domain group

See Consequences of Service Profile Changes on Policy Resolution

See Consequences of Service Profile Changes on Policy Resolution

Deletes remote policies

Converted to a local policy

Consequences of Service Profile Changes on Policy Resolution

For certain policies, the policy resolution behavior is also affected by whether or not one or more service profiles that include that policy have been updated.

The following table describes the policy resolution behavior you can expect for those policies.

Policy Behavior in Cisco UCS Manager on Registration with Cisco UCS Central Domain Group Assigned after Registration with Cisco UCS Central

Domain Group Unassigned / Domain Group Assigned

Service Profile not Modified

Service Profile Modified

 

Maintenance Policy

Local

Local, but any "default" policies are updated on domain group assignment

Local/Remote (if resolved to "default" post registration)

Schedule

Local

Local, but any "default" policies are updated on domain group assignment

Local/Remote (if resolved to "default" post registration)

Host Firmware Packages

Local

Local, but any "default" policies are updated on domain group assignment

Local/Remote (if resolved to "default" post registration)

Cisco UCS Releases Supported for Registering a Cisco UCS Domain

The following table lists the Cisco UCS release for the Cisco UCS Manager and infrastructure in a Cisco UCS domain that you want to register with Cisco UCS Central. All patches for the maintenance release listed are supported.

Cisco UCS Central Cisco UCS Domain

Cisco UCS Central, Release 1.0(1)

Cisco UCS Manager, Release 2.1(1)

Registering a Cisco UCS Domain with Cisco UCS Central using the Cisco UCS Manager GUI


Note


You cannot change or swap the IP addresses used by Cisco UCS Manager in a domain that is registered with Cisco UCS Central. If you need to change or swap that IP address, you must first unregister the domain from Cisco UCS Central. You can reregister the Cisco UCS domain after you have changed or swapped the IP address.


Before You Begin

Configure an NTP server and the correct time zone in both Cisco UCS Manager and Cisco UCS Central to ensure that they are in sync. If the time and date in the Cisco UCS domain and Cisco UCS Central are out of sync, the registration might fail.

Procedure
    Step 1   In the Navigation pane, click the Admin tab.
    Step 2   On the Admin tab, expand All > Communication Management.
    Step 3   Click the UCS Central node.
    Step 4   In the Work pane, click the UCS Central tab.
    Step 5   In the Actions area, click Register With UCS Central.
    Step 6   In the Register with UCS Central dialog box, do the following:
    1. Complete the following fields:
      Name Description

      Hostname/IP Address field

      The hostname or IP address of the virtual machine where Cisco UCS Central is deployed.

      Note   

      If you use a hostname rather than an IP address, you must configure a DNS server. If the Cisco UCS domain is not registered with Cisco UCS Central or DNS management is set to local, configure a DNS server in Cisco UCS Manager. If the Cisco UCS domain is registered with Cisco UCS Central and DNS management is set to global, configure a DNS server in Cisco UCS Central.

      Shared Secret field

      The shared secret (or password) that was configured when Cisco UCS Central was deployed.

    2. In the Policy Resolution Control area, click one of the following radio buttons for each of the fields:
      • Local—The policy or configuration is determined and managed by Cisco UCS Manager.
      • Global—The policy or configuration is determined and managed by Cisco UCS Central.
    3. Click OK.

    Modifying Policy Resolutions between Cisco UCS Manager and Cisco UCS Central using the Cisco UCS Manager GUI

    Procedure
      Step 1   In the Navigation pane, click the Admin tab.
      Step 2   On the Admin tab, expand All > Communication Management.
      Step 3   Click the UCS Central node.
      Step 4   In the Work pane, click the UCS Central tab.
      Step 5   In the Policy Resolution Control area, click one of the following radio buttons for each of the fields:
      • Local—The policy or configuration is determined and managed by Cisco UCS Manager.
      • Global—The policy or configuration is determined and managed by Cisco UCS Central.
      Step 6   Click Save Changes.

      Unregistering a Cisco UCS Domain from Cisco UCS Central using the Cisco UCS Manager GUI

      When you unregister a Cisco UCS domain from Cisco UCS Central, Cisco UCS Manager no longer receives updates to global policies.

      Procedure
        Step 1   In the Navigation pane, click the Admin tab.
        Step 2   On the Admin tab, expand All > Communication Management.
        Step 3   Click the UCS Central node.
        Step 4   In the Work pane, click the UCS Central tab.
        Step 5   In the Actions area, click Unregister From UCS Central.
        Step 6   If the Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.
        Step 7   Click OK.

        Registering a Cisco UCS Domain with Cisco UCS Central using the Cisco UCS Manager CLI


        Note


        You cannot change or swap the IP addresses used by Cisco UCS Manager in a domain that is registered with Cisco UCS Central. If you need to change or swap that IP address, you must first unregister the domain from Cisco UCS Central. You can reregister the Cisco UCS domain after you have changed or swapped the IP address.


        Before You Begin

        Configure an NTP server and the correct time zone in both Cisco UCS Manager and Cisco UCS Central to ensure that they are in sync. If the time and date in the Cisco UCS domain and Cisco UCS Central are out of sync, the registration might fail.

        Procedure
            Command or Action Purpose
          Step 1 UCS-A# scope system 

          Enters system mode.

           
          Step 2 UCS-A/system # create control-ep policy ucs-central  

          Creates the policy required to register the Cisco UCS Domain with Cisco UCS Central.

          ucs-central can be the hostname or IP address of the virtual machine where Cisco UCS Central is deployed.

          Note   

          If you use a hostname rather than an IP address, you must configure a DNS server. If the Cisco UCS domain is not registered with Cisco UCS Central or DNS management is set to local, configure a DNS server in Cisco UCS Manager. If the Cisco UCS domain is registered with Cisco UCS Central and DNS management is set to global, configure a DNS server in Cisco UCS Central.

           
          Step 3 Shared Secret for Registration: shared-secret  

          Enter the shared secret (or password) that was configured when Cisco UCS Central was deployed.

           
          Step 4 UCS-A/system/control-ep # commit-buffer 

          Commits the transaction to the system configuration.

           

          The following example registers a Cisco UCS Domain with a Cisco UCS Central system at IP address 209.165.200.233, and commits the transaction:

          UCS-A# scope system
          UCS-A /system # create control-ep policy 209.165.200.233
          Shared Secret for Registration: S3cretW0rd!
          UCS-A /system/control-ep* # commit-buffer
          UCS-A /system/control-ep #
          What to Do Next

          Configure policy resolution between Cisco UCS Manager and Cisco UCS Central.

          Configuring Policy Resolution between Cisco UCS Manager and Cisco UCS Central using the Cisco UCS Manager CLI

          Before You Begin

          You must register the Cisco UCS Domain with Cisco UCS Central before you can configure policy resolution.

          Procedure
              Command or Action Purpose
            Step 1 UCS-A# scope system 

            Enters system mode.

             
            Step 2 UCS-A/system # scope control-ep policy  

            Enters control-ep policy mode.

             
            Step 3 UCS-A/system/control-ep # set backup-policy-ctrl source {local | global} 

            Determines whether the Full State Backup Policy and All Configuration Export Policy are defined locally or in Cisco UCS Central.

             
            Step 4 UCS-A/system/control-ep # set communication-policy-ctrl source {local | global} 

            Determines whether HTTP, CIM XML, Telnet, SNMP, web session limits, and Management Interfaces Monitoring Policy settings are defined locally or in Cisco UCS Central.

             
            Step 5 UCS-A/system/control-ep # set datetime-policy-ctrl source {local | global} 

            Determines whether the time zone and NTP server settings are defined locally or comes from Cisco UCS Central.

             
            Step 6 UCS-A/system/control-ep # set dns-policy-ctrl source {local | global} 

            Determines whether DNS servers are defined locally or in Cisco UCS Central.

             
            Step 7 UCS-A/system/control-ep # set fault-policy-ctrl source {local | global} 

            Determines whether the Global Fault Policy is defined locally or in Cisco UCS Central.

             
            Step 8 UCS-A/system/control-ep # set infra-pack-ctrl source {local | global} 

            Determines whether the Capability Catalog and infrastructure firmware policy are defined locally or come from Cisco UCS Central.

             
            Step 9 UCS-A/system/control-ep # set mep-policy-ctrl source {local | global} 

            Determines whether the SEL Policy is defined locally or in Cisco UCS Central.

             
            Step 10 UCS-A/system/control-ep # set monitoring-policy-ctrl source {local | global} 

            Determines whether Call Home, Syslog, and TFTP Core Exporter settings are defined locally or in Cisco UCS Central.

             
            Step 11 UCS-A/system/control-ep # set powermgmt-policy-ctrl source {local | global} 

            Determines whether the Global Power Allocation Policy is defined locally or in Cisco UCS Central.

             
            Step 12 UCS-A/system/control-ep # set psu-policy-ctrl source {local | global} 

            Determines whether the Power Policy is defined locally or in Cisco UCS Central.

             
            Step 13 UCS-A/system/control-ep # set security-policy-ctrl source {local | global} 

            Determines whether authentication and native domains, LDAP, RADIUS, TACACS+, trusted points, locales, and user roles are defined locally or in Cisco UCS Central.

             
            Step 14 UCS-A/system/control-ep # commit-buffer 

            Commits the transaction to the system configuration.

             

            The following example configures policy resolution for a Cisco UCS Domain that is registered with Cisco UCS Central and commits the transaction:

            UCS-A# scope system
            UCS-A /system # scope control-ep policy
            UCS-A /system/control-ep* # set backup-policy-ctrl source global
            UCS-A /system/control-ep* # set communication-policy-ctrl source local
            UCS-A /system/control-ep* # set datetime-policy-ctrl source global
            UCS-A /system/control-ep* # set dns-policy-ctrl source global
            UCS-A /system/control-ep* # set fault-policy-ctrl source global
            UCS-A /system/control-ep* # set infra-pack-ctrl source global
            UCS-A /system/control-ep* # set mep-policy-ctrl source global
            UCS-A /system/control-ep* # set monitoring-policy-ctrl source global
            UCS-A /system/control-ep* # set powermgmt-policy-ctrl source global
            UCS-A /system/control-ep* # set psu-policy-ctrl source local
            UCS-A /system/control-ep* # set security-policy-ctrl source global
            UCS-A /system/control-ep* # commit-buffer
            UCS-A /system/control-ep #

            Unregistering a Cisco UCS Domain from Cisco UCS Central using the Cisco UCS Manager CLI

            When you unregister a Cisco UCS domain from Cisco UCS Central, Cisco UCS Manager no longer receives updates to global policies.

            Procedure
                Command or Action Purpose
              Step 1 UCS-A# scope system 

              Enters system mode.

               
              Step 2 UCS-A/system # delete control-ep policy  

              Deletes the policy and unregisters the Cisco UCS Domain from Cisco UCS Central.

               
              Step 3 UCS-A/system # commit-buffer 

              Commits the transaction to the system configuration.

               

              The following example unregisters a Cisco UCS Domain from Cisco UCS Central and commits the transaction:

              UCS-A# scope system
              UCS-A /system # delete control-ep policy
              UCS-A /system* # commit-buffer
              UCS-A /system #