VN-Link Configuration - Configuring VN-Link Components and Connectivity [Cisco UCS Manager]

Contents
Configuring VN-Link Components and Connectivity
Components of VN-Link in Hardware
Configuring a VMware ESX Host for VN-Link
Configuring a VMware vCenter Instance for VN-Link
Configuring a Certificate for VN-Link in Hardware
Certificate for VN-Link in Hardware
Copying a Certificate to the Fabric Interconnect
Creating a Certificate for VN-Link in Hardware
Deleting a Certificate for VN-Link in Hardware
Connecting Cisco UCS Manager to VMware vCenter Using the Extension Key
(Optional) Modifying the vCenter Extension Key
Exporting a vCenter Extension File from Cisco UCS Manager
Registering a vCenter Extension File in VMware vCenter
Configuring VN-Link Components and Connectivity

This chapter includes the following sections:

Components of VN-Link in Hardware
Configuring a VMware ESX Host for VN-Link
Configuring a VMware vCenter Instance for VN-Link
Configuring a Certificate for VN-Link in Hardware
Connecting Cisco UCS Manager to VMware vCenter Using the Extension Key

Components of VN-Link in Hardware

The following three main components must be connected for VN-Link in hardware to work:

VMware ESX Host

A server with the VMware ESX installed. It contains a datastore and the virtual machines.

The ESX host must have a Cisco M81KR VIC installed, and it must have uplink data connectivity to the network for communication with VMware vCenter.

VMware vCenter

Windows-based software used to manage one or more ESX hosts.

VMware vCenter must have connectivity to the UCS management port for management plane integration, and uplink data connectivity to the network for communication with the ESX Host. A vCenter extension key provided by Cisco UCS Manager must be registered with VMware vCenter before the Cisco UCS instance can be acknowledged.

Cisco UCS Manager

The Cisco UCS management software that integrates with VMware vCenter to handle some of the network-based management tasks.

Cisco UCS Manager must have management port connectivity to VMware vCenter for management plane integration. It also provides a vCenter extension key that represents the Cisco UCS identity. The extension key must be registered with VMware vCenter before the Cisco UCS instance can be acknowledged.

The following figure shows the three main components of VN-Link in hardware and the methods by which they are connected:

Figure 1. Component Connectivity for VN-Link in Hardware

Configuring a VMware ESX Host for VN-Link

Before You Begin
Ensure that Virtualization Technology is enabled in BIOS of the UCS server if you intend to run 64-bit VMs on the ESX host. An ESX host will not run 64-bit VMs unless Virtualization Technology is enabled.

Procedure
Step 1   If not already present, install a Cisco M81KR VIC in the server you intend to use as the VMware ESX host. For more information about installing a Cisco M81KR VIC, see the Cisco UCS 5108 Server Chassis Hardware Installation Guide.

Step 2   Configure and associate a service profile to the server. The service profile configuration must include the following:

A Dynamic vNIC Connection policy that determines how the VN-link connectivity between VMs and dynamic vNICs is configured.

Two static vNICs for each adapter on the ESX host. For ESX hosts with multiple adapters, your service profile must use either vCons or have an associated vNIC/vHBA placement profile that ensures the static vNICs are assigned to the appropriate adapters.

For more information, see the following chapter: Configuring Service Profiles.

Step 3   Install VMware ESX 4.0 or later on the blade server. No additional drivers are required during the installation.

Configuring a VMware vCenter Instance for VN-Link

Procedure
Step 1   Configure a Window-based machine to use a static IP address. Take note of the IP address. You will use it to connect to vCenter Server.
The Windows-based machine must have network connectivity to the the Cisco UCS management port and to the uplink Ethernet port(s) being used by the ESX host. The management port connectivity is used for management plane integration between VMware vCenter and Cisco UCS Manager; the uplink Ethernet port connectivity is used for communication between VMware vCenter and the ESX host.

Step 2   Install VMware vCenter (vCenter Server and vSphere Client 4.0 or later) on the Windows-based machine.

Step 3   Launch vSphere Client.

Step 4   On the vSphere Client launch page, enter the following information to connect to vCenter Server:
Static IP address of the Windows-based machine.

Username and password specified while installing vCenter Server. If, during the vCenter Server installation, you chose to use the Windows login credentials, you can check the Use Windows session credentials check box.

Step 5   If a Security Warning dialog box appears, click Ignore.

What to Do Next

Do one of the following:

(Optional) If you plan to use a custom certificate for VN-Link in hardware, configure the certificate for VN-Link in hardware.

Connect Cisco UCS Manager to VMware vCenter using the extension key.

Configuring a Certificate for VN-Link in Hardware
Certificate for VN-Link in Hardware

Cisco UCS Manager generates a default, self-signed SSL certificate to support communication with vCenter. You can also create your own custom certificate to communicate with multiple vCenter instances. When you create a custom certificate, Cisco UCS Manager recreates the extension files to include the new certificate. If you subsequently delete the custom certificate, Cisco UCS Manager recreates the extension files to include the default, self-signed SSL certificate.

To create a custom certificate, you must obtain and copy an external certificate into Cisco UCS, and then create a certificate for VN-Link in hardware that uses the certificate you copied into Cisco UCS.
Copying a Certificate to the Fabric Interconnect
Before You BeginObtain a certificate.
Procedure
Command or Action Purpose
Step 1 UCS-A# connect local-mgmt
Enters local management mode.

Step 2 UCS-A(local-mgmt)# copy from-filesystem: from-path filename to-filesystem: to-path filename
Copies the certificate from its source location to its destination location. For the from-filesystem: argument, use one of the following syntax:

ftp:// server-ip-addr

scp:// username@server-ip-addr

sftp:// username@server-ip-addr

tftp:// server-ip-addr : port-num

For the to-filesystem: argument, use one of the following syntax:

Volatile:

Workspace:
The following example uses FTP to copy a certificate (certificate.txt) to the temp folder in the workspace:
UCS-A # connect local-mgmt
Cisco UCS 6100 Series Fabric Interconnect

TAC support: http://www.cisco.com/tac

Copyright (c) 2009, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software may be covered under the GNU Public
License or the GNU Lesser General Public License. A copy of 
each such license is available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html

UCS-A(local-mgmt)# copy ftp://192.168.10.10/certs/certificate.txt workspace:/temp/certificate.txt
UCS-A(local-mgmt)# 
What to Do Next

Create a certificate for VN-Link in hardware.
Creating a Certificate for VN-Link in Hardware

Before You BeginCopy a certificate to the fabric interconnect.
Procedure
Step 1   In the Navigation pane, click the VM tab.

Step 2   On the VM tab, expand the All node.

Step 3   On the VM tab, click VMWare.

Step 4   In the Work pane, click the Certificates tab.

Step 5   On the icon bar to the right of the table, click +.
If the + icon is disabled, click an entry in the table to enable it.

Step 6   In the Create Key Ring dialog box, complete the following fields:
Name Description

Name field

The name of the key ring.

Enter up to 510 characters.

Protocol field

This can be:

workspace

volatile

Certificate File field

The name of the certificate file associated with this key ring.

Path field

The path to the certificate file on the server.

Step 7   Click OK.

Deleting a Certificate for VN-Link in Hardware

Procedure
Step 1   In the Navigation pane, click the VM tab.

Step 2   On the VM tab, expand the All node.

Step 3   On the VM tab, click VMWare.

Step 4   In the Work pane, click the Certificates tab.

Step 5   In the Key Rings table, click the certificate you want to delete.

Step 6   Right-click the certificate you want to delete and select Delete.

Step 7   If Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.

Connecting Cisco UCS Manager to VMware vCenter Using the Extension Key
(Optional) Modifying the vCenter Extension Key

You can modify the vCenter extension key for the following reasons:

To provide better system identification, you can name the vCenter extension key something more meaningful than the default ID string.

If two Cisco UCS instances want to connect to the same VMware vCenter instance, they must use the same extension key and certificate.

Procedure
Step 1   In the Navigation pane, click the VM tab.

Step 2   On the VM tab, expand the All node.

Step 3   On the VM tab, click VMWare.

Step 4   In the Work pane, click the General tab.

Step 5   In the Actions area, click Modify Extension Key.

Step 6   In the Modify Extension Key dialog box, do the following:
In the Key field, modify the key as needed.
A vCenter extension key can have a maximum length of 33 characters. These characters can be letters, numbers, or hyphens. No other characters or spaces are permitted in the extension key.

Click OK.

What to Do Next

Export the vCenter extension file or files from Cisco UCS Manager.

Exporting a vCenter Extension File from Cisco UCS Manager

Depending on the version of VMware vCenter you are using, you can either generate one extension file or a set of nine extension files.

Procedure
Step 1   In the Navigation pane, click the VM tab.

Step 2   On the VM tab, expand the All node.

Step 3   On the VM tab, click VMWare.

Step 4   In the Work pane, click the General tab.

Step 5   In the Actions area, click one of the following links:

Option Description

Export vCenter Extension

For vCenter version 4.0 update 1 and later.

Export Multiple vCenter Extensions

For vCenter version 4.0.

Step 6   In the Export vCenter Extension dialog box, do the following:
In the Save Location field, enter the path to the directory where you want to save the extension file or files.
If you do not know the path, click the ... button and browse to the location.

Click OK.

Cisco UCS Manager generates the extension file(s) and saves them to the specified location.

What to Do Next

Register the vCenter extension file or files in VMware vCenter.

Registering a vCenter Extension File in VMware vCenter

In VMware vCenter, the vCenter extension files are called plug-ins.

Before You Begin
Export the vCenter extension file(s) from Cisco UCS Manager. Ensure that the exported vCenter extension files are saved to a location that can be reached by VMware vCenter.

Procedure
Step 1   In VMware vCenter, choose Plug-ins > Manage Plug-ins.

Step 2   Right-click any empty space below the Available Plug-ins section of the Plug-in Manager dialog box and click New Plug-in.

Step 3   Click Browse and navigate to the location where the vCenter extension file(s) are saved.

Step 4   Choose a vCenter extension file and click Open.

Step 5   Click Register Plug-in.

Step 6   If the Security Warning dialog box appears, click Ignore.

Step 7   Click OK.
The vCenter extension file registers as an available VMware vCenter plug-in. You do not need to install the plug-in, leave it in the available state. If you are registering multiple vCenter extension files, repeat this procedure until all files are registered.