The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter includes the following sections:
Boot policy overrides the boot order in the BIOS setup menu, and determines the following:
Selection of the boot device
Location from which the server boots
Order in which boot devices are invoked
For example, you can choose to have associated servers boot from a local device, such as a local disk or CD-ROM (vMedia), or you can select a SAN boot or a LAN (PXE) boot.
You can either create a named boot policy that can be associated with one or more service profiles, or create a boot policy for a specific service profile. A boot policy must be included in a service profile, and that service profile must be associated with a server for it to take effect. If you do not include a boot policy in a service profile, the UCS domain applies the default boot policy.
Note | Changes to a boot policy will be propagated to all service profiles created with an updating service profile template that includes that boot policy. Reassociation of the service profile with the server to rewrite the boot order information in the BIOS is automatically triggered. |
Cisco UCS Central enables you to use standard or enhanced boot order for the global boot policies you create in Cisco UCS Central.
Standard boot order is supported for all Cisco UCS servers, and allows a limited selection of boot order choices. You can add a local device, such as a local disk, CD-ROM, or floppy, or you can add SAN, LAN, or iSCSI boot.
Enhanced boot order allows you greater control over the boot devices that you select for your boot policy. Enhanced boot order is supported for all Cisco UCS B-Series M3 and M4 Blade Servers and Cisco UCS C-Series M3 and M4 Rack Servers at release 2.2(1b) or greater.
The following boot order devices are supported for standard boot order, but can be used with both:
Local LUN/Local Disk—Enables standard boot from a local hard disk. Do not enter a primary or secondary LUN name. Those are reserved for enhanced boot order only.
CD/DVD ROM Boot—Enables standard boot from local CD/DVD ROM drive.
Floppy—Enables standard boot from local floppy drive.
LAN Boot—Enables standard boot from a specified vNIC.
SAN Boot—Enables standard boot from a specified vHBA.
iSCSI Boot—Enables standard boot from a specified iSCSI vNIC.
The following boot order devices are supported only for enhanced boot order:
Local LUN/Local Disk—Enables boot from local hard disk, or local LUN.
Local CD/DVD—Enables boot from local CD/DVD drive.
Local Floppy—Enables boot from local floppy drive.
SD Card—Enables boot from SD Card.
Internal USB—Enables boot from Internal USB.
External USB—Enables boot from External USB.
Embedded Local Disk—Enables booting from the embedded local disk on the Cisco UCS C240 M4SX and C240 M4L servers.
Note | You can add either the embedded local disk or the embedded local LUN to the boot order. Adding both is not supported. |
Embedded Local LUN—Enables boot from the embedded local LUN on the Cisco UCS C240 M4SX and C240 M4L servers.
Note | You can add either the embedded local disk or the embedded local LUN to the boot order. Adding both is not supported. |
Local JBOD—Enables boot from a local disk.
KVM Mapped CD/DVD—Enables boot from KVM mapped ISO images.
KVM Mapped Floppy—Enables boot from KVM mapped image files.
CIMC Mapped HDD—Enables boot from CIMC mapped vMedia drives.
CIMC MAPPED CD/DVD—Enables boot from CIMC mapped vMedia CDs and DVDs.
LAN Boot—Enables you to select a specific vNIC from which to boot.
SAN Boot—Enables you to select a specific vHBA from which to boot.
iSCSI Boot—Enables you to select a specific iSCSI vNIC from which to boot.
Remote Virtual Drive—Enables boot from a remote virtual drive.
Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. Cisco UCS uses UEFI to replace the BIOS firmware interfaces. This allows the BIOS to run in UEFI mode while still providing legacy support.
You can choose either legacy or UEFI boot mode when you create a boot policy. Legacy boot mode is supported for all Cisco UCS servers. UEFI boot mode is supported on Cisco UCS B-Series M3 and M4 Blade Servers and Cisco UCS C-Series M3 and M4 Rack Servers, and allows you to enable UEFI secure boot mode.
The following limitations apply to the UEFI boot mode:
UEFI boot mode is not supported on Cisco UCS B-Series M1 and M2 Blade Servers and Cisco UCS C-Series M1 and M2 Rack Servers.
UEFI boot mode is not supported with the following combinations:
You cannot mix UEFI and legacy boot mode on the same server.
Make sure an UEFI-aware operating system is installed in the device. The server will boot correctly in UEFI mode only if the boot devices configured in the boot policy have UEFI-aware OS installed. If a compatible OS is not present, the boot device is not displayed on the Boot Policies page.
In some corner cases, the UEFI boot may not succeed because the UEFI boot manager entry was not saved correctly in the BIOS NVRAM. You can use the UEFI shell to enter the UEFI boot manager entry manually. This situation could occur in the following situations:
If a blade server with UEFI boot mode enabled is disassociated from the service profile, and the blade is manually powered on using the Server page or the front panel.
If a blade server with UEFI boot mode enabled is disassociated from the service profile, and a direct VIC firmware upgrade is attempted.
If a blade or rack server with UEFI boot mode enabled is booted off SAN LUN, and the service profile is migrated.
Cisco UCS Central supports UEFI secure boot on Cisco UCS B-Series M3 and M4 Blade Servers and Cisco UCS C-Series M3 and Rack Servers. When UEFI secure boot is enabled, all executables, such as boot loaders and adapter drivers, are authenticated by the BIOS before they can be loaded. To be authenticated, the images must be signed by either the Cisco Certificate Authority (CA) or a Microsoft CA.
The following limitations apply to UEFI secure boot:UEFI boot mode must be enabled in the boot policy.
The Cisco UCS Manager software and the BIOS firmware must be at Release 2.2 or greater.
User-generated encryption keys are not supported.
UEFI secure boot can only be controlled by Cisco UCS Manager or Cisco UCS Central.
You cannot downgrade to an earlier version of Cisco UCS Manager if:
An associated server has a boot policy with UEFI boot mode enabled.
An associated server has a boot policy with UEFI secure boot enabled.
An associated server has a boot policy with enhanced boot order. For example, if an associated server has a boot policy which contains any of the following:
An associated server has a boot policy that includes both SAN and local LUN.
If you are creating a boot policy that boots the server from a SAN LUN and you require reliable SAN boot operations, you must first remove all local disks from servers associated with a service profile that includes the boot policy.
UCSC# connect policy-mgr UCSC(policy-mgr)# scope org / UCSC(policy-mgr) /org* # create boot-policy boot-policy-LAN purpose operational UCSC(policy-mgr) /org/boot-policy* # set descr "Boot policy that boots from the LAN." UCSC(policy-mgr) /org/boot-policy* # set reboot-on-update no UCSC(policy-mgr) /org/boot-policy* # set boot-mode uefi UCSC(policy-mgr) /org/boot-policy* # commit-buffer UCSC(policy-mgr) /org/boot-policy* # create boot-security UCSC(policy-mgr) /org/boot-policy* # set secure-boot yes UCSC(policy-mgr) /org/boot-policy* # commit-buffer UCSC(policy-mgr) /org/boot-policy #
Configure one or more of the following boot options for the boot policy and set their Boot Order:
LAN Boot—Boots from a centralized provisioning server. It is frequently used to install operating systems on a server from that server.
If you choose the LAN Boot option, continue to Configuring a LAN Boot for a Boot Policy.
SAN Boot—Boots from an operating system image on the SAN. You can specify a primary and a secondary SAN boot. If the primary boot fails, the server attempts to boot from the secondary.
We recommend that you use a SAN boot, because it offers the most service profile mobility within the system. If you boot from the SAN, when you move a service profile from one server to another, the new server boots from exactly the same operating system image. Therefore, the new server appears to be exactly the same server to the network.
If you choose the SAN Boot option, continue to Configuring a SAN Boot for a Boot Policy.
Virtual Media Boot—Mimics the insertion of a physical CD into a server. It is typically used to manually install operating systems on a server.
If you choose the Virtual Media boot option, continue to Configuring a Virtual Media Boot for a Boot Policy.
Local Disk Boot—Boots from local storage.
If you choose the Local Disk Boot option, continue to Configuring a Local Disk Boot for a Boot Policy.
You can configure a boot policy to boot one or more servers from a centralized provisioning server on the LAN. A LAN (or PXE) boot is frequently used to install operating systems on a server from that LAN server.
You can add more than one type of boot device to a LAN boot policy. For example, you could add a local disk or virtual media boot as a secondary boot device.
Create a boot policy to contain the LAN boot configuration.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr |
Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope org org-name |
Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name . |
Step 3 | UCSC(policy-mgr) /org # scope boot-policy policy-name |
Enters organization boot policy mode for the specified boot policy. |
Step 4 | UCSC(policy-mgr) /org/boot-policy # create lan |
Creates a LAN boot for the boot policy and enters organization boot policy LAN mode. |
Step 5 | UCSC(policy-mgr) /org/boot-policy/lan # set order {1 | 2 | 3 | 4} |
Specifies the boot order for the LAN boot. |
Step 6 | UCSC(policy-mgr) /org/boot-policy/lan # create path {primary | secondary} |
Creates a primary or secondary LAN boot path and enters organization boot policy LAN path mode. |
Step 7 | UCSC(policy-mgr) /org/boot-policy/lan/path # set vnic vnic-name |
Specifies the vNIC to use for the LAN path to the boot image. |
Step 8 | UCSC(policy-mgr) /org/boot-policy/lan/path # commit-buffer |
Commits the transaction to the system configuration. |
UCSC# connect policy-mgr UCSC(policy-mgr)# scope org / UCSC(policy-mgr) /org* # scope boot-policy lab2-boot-policy UCSC(policy-mgr) /org/boot-policy* # create lan UCSC(policy-mgr) /org/boot-policy/lan* # set order 2 UCSC(policy-mgr) /org/boot-policy/lan* # create path primary UCSC(policy-mgr) /org/boot-policy/lan/path* # set vnic vNIC1 UCSC(policy-mgr) /org/boot-policy/lan/path* # exit UCSC(policy-mgr) /org/boot-policy/lan* # create path secondary UCSC(policy-mgr) /org/boot-policy/lan/path* # set vnic vNIC2 UCSC(policy-mgr) /org/boot-policy/lan/path* # commit-buffer UCSC(policy-mgr) /org/boot-policy/lan/path #
Include the boot policy in a service profile and/or template.
You can configure a boot policy to boot one or more servers from an operating system image on the SAN. The boot policy can include a primary and a secondary SAN boot. If the primary boot fails, the server attempts to boot from the secondary.
Cisco recommends using a SAN boot, because it offers the most service profile mobility within the system. If you boot from the SAN when you move a service profile from one server to another, the new server boots from the same operating system image. Therefore, the new server appears as the same server to the network.
To use a SAN boot, ensure that the following is configured:
The Cisco UCS domain must be able to communicate with the SAN storage device that hosts the operating system image.
A boot target LUN (Logical Unit Number) on the device where the operating system image is located.
Note | SAN boot is not supported on Gen-3 Emulex adapters on Cisco UCS blade and rack servers. |
Note | We recommend that the boot order in a boot policy include either a local disk or a SAN LUN, but not both, to avoid the possibility of the server booting from the wrong storage type. If you configure a local disk and a SAN LUN for the boot order storage type and the operating system or logical volume manager (LVM) is configured incorrectly, the server might boot from the local disk rather than the SAN LUN. For example, on a server with Red Hat Linux installed, where the LVM is configures with default LV names and the boot order is configured with a SAN LUN and a local disk, Linux reports that there are two LVs with the same name and boots from the LV with the lowest SCSI ID, which could be the local disk. |
This procedure continues directly from Creating a Boot Policy.
Create a boot policy to contain the SAN boot configuration.
Note | If you are creating a boot policy that boots the server from a SAN LUN and you require reliable SAN boot operations, we recommend that you first remove all local disks from servers associated with a service profile that includes the boot policy. |
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr |
Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope org org-name |
Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name . |
Step 3 | UCSC(policy-mgr) /org # scope boot-policy policy-name |
Enters organization boot policy mode for the specified boot policy. |
Step 4 | UCSC(policy-mgr) /org/boot-policy # create san |
Creates a SAN boot for the boot policy and enters organization boot policy san mode. |
Step 5 | UCSC(policy-mgr) /org/boot-policy/san # set order order_num |
Sets the boot order for the SAN boot. Enter a number between 1 and 16. |
Step 6 | UCSC(policy-mgr) /org/boot-policy/san # create san-image {primary | secondary} |
Creates a SAN image location, and if the san-image option is specified, enters organization boot policy SAN image mode. The use of the terms primary or secondary boot devices does not imply a boot order. The effective order of boot devices within the same device class is determined by PCIe bus scan order. |
Step 7 | UCSC(policy-mgr) /org/boot-policy/san/san-image # set vhba vhba-name |
Specifies the vHBA to be used for the SAN boot. |
Step 8 | UCSC(policy-mgr) /org/boot-policy/san/san-image # create path {primary | secondary} |
Creates a primary or secondary SAN boot path and enters organization boot policy SAN path mode. The use of the terms primary or secondary boot devices does not imply a boot order. The effective order of boot devices within the same device class is determined by PCIe bus scan order. |
Step 9 | UCSC(policy-mgr) /org/boot-policy/san/san-image/path # set {lun lun-id | wwn wwn-num} |
Specifies the LUN or WWN to be used for the SAN path to the boot image. |
Step 10 | UCSC(policy-mgr) /org/boot-policy/san/san-image/path # commit-buffer |
Commits the transaction to the system configuration. |
UCSC# connect policy-mgr UCSC(policy-mgr)# scope org / UCSC(policy-mgr) /org* # scope boot-policy lab1-boot-policy UCSC(policy-mgr) /org/boot-policy* # create san UCSC(policy-mgr) /org/boot-policy/san* # set order 1 UCSC(policy-mgr) /org/boot-policy/san* # create san-image primary UCSC(policy-mgr) /org/boot-policy/san* # set vhba vHBA2 UCSC(policy-mgr) /org/boot-policy/san/san-image* # create path primary UCSC(policy-mgr) /org/boot-policy/san/san-image/path* # set lun 967295200 UCSC(policy-mgr) /org/boot-policy/san/san-image/path* # commit-buffer UCSC(policy-mgr) /org/boot-policy/san/san-image/path #
Include the boot policy in a service profile and/or template.
iSCSI boot enables a server to boot its operating system from an iSCSI target machine located remotely over a network.
iSCSI boot is supported on the following Cisco UCS hardware:
Cisco UCS blade servers that have the Cisco UCS M51KR-B Broadcom BCM57711 network adapter and use the default MAC address provided by Broadcom.
Cisco UCS M81KR Virtual Interface Card
Cisco UCS VIC-1240 Virtual Interface Card
Cisco UCS VIC-1280 Virtual Interface Card
Cisco UCS rack servers that have the Cisco UCS M61KR-B Broadcom BCM57712 network adapter.
Cisco UCS P81E Virtual Interface Card
Cisco UCS VIC 1225 Virtual Interface Cardon Cisco UCS rack servers
There are prerequisites that must be met before you configure iSCSI boot. For a list of these prerequisites, see Configuring an iSCSI Boot for a Boot Policy.
For a high-level procedure for implementing iSCSI boot, see the UCS Manager GUI Configuration Guide.
You can add up to two iSCSI vNICs per boot policy. One vNIC acts as the primary iSCSI boot source, and the other acts as the secondary iSCSI boot source.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr |
Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope org org-name |
Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name . |
Step 3 | UCSC(policy-mgr) /org # scope boot-policy policy-name |
Enters organization boot policy mode for the specified boot policy. |
Step 4 | UCSC(policy-mgr) /org/boot-policy # create iscsi |
Adds an iSCSI boot to the boot policy and enters iSCSI mode. |
Step 5 | UCSC(policy-mgr) /org/boot-policy/iscsi # create path {primary | secondary} |
Specifies the primary and secondary paths that Cisco UCS Central uses to reach the iSCSI target. With iSCSI boot, you set up two paths. Cisco UCS Central uses the primary path first, and if that fails, then it uses the secondary path. |
Step 6 | UCSC(policy-mgr) /org/boot-policy/iscsi/path # set iscsivnicname vnic-name |
Specifies the vNIC to use for the iSCSI path to the boot image. |
Step 7 | UCSC(policy-mgr) /org/boot-policy/iscsi/path # exit |
Exits iSCSI path mode. |
Step 8 | UCSC(policy-mgr) /org/boot-policy/iscsi # set order ordernum |
Specifies the order for the iSCSI boot in the boot order. |
Step 9 | UCSC(policy-mgr) /org/boot-policy/iscsi # commit-buffer |
Commits the transaction to the system configuration. |
UCSC# connect policy-mgr UCSC(policy-mgr)# scope org / UCSC(policy-mgr) /org* # scope boot-policy lab2-boot-policy UCSC(policy-mgr) /org/boot-policy # create iscsi UCSC(policy-mgr) /org/boot-policy/iscsi* # create path primary UCSC(policy-mgr) /org/boot-policy/iscsi/path* # set vnic vNIC1 UCSC(policy-mgr) /org/boot-policy/iscsi/path* # exit UCSC(policy-mgr) /org/boot-policy/iscsi* # set order 2 UCSC(policy-mgr) /org/boot-policy/iscsi* # create path secondary UCSC(policy-mgr) /org/boot-policy/iscsi/path* # set vnic vNIC2 UCSC(policy-mgr) /org/boot-policy/iscsi/path* # commit-buffer UCSC(policy-mgr) /org/boot-policy/iscsi/path #
Include the boot policy in a service profile and/or template.
If a server has a local drive, you can configure a boot policy to boot the server from the top-level local disk device or from any of the following second-level devices:
local-any—Enables boot from any local device. This is the top-level local disk device. Use for Cisco UCS M1 and M2 blade and rack servers using standard boot order.
local-lun—Enables boot from local disk or local LUN.
local-jbod—Enables boot from a bootable JBOD.
sd-card—Enables boot from SD card.
usb-intern—Enables boot for internal USB.
usb-extern—Enables boot from external USB.
embedded-local-lun—Enables boot from the embedded local LUN on the Cisco UCS 240 M4 server.
embedded-local-disk—Enables boot from the embedded local disk on the Cisco UCS C240 M4SX and the M4L servers.
Note | For Cisco UCS blade and rack servers using enhanced boot order, you can select both top-level and second-level boot devices. For Cisco UCS blade and rack servers using standard boot order, you can only select a top-level device using local-any. |
This procedure continues directly from Creating a Boot Policy.
Create a boot policy to contain the local disk boot configuration.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | UCSC# connect policy-mgr |
Enters policy manager mode. | ||
Step 2 | UCSC(policy-mgr)# scope org org-name |
Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name . | ||
Step 3 | UCSC(policy-mgr) /org # scope boot-policy policy-name |
Enters organization boot policy mode for the specified boot policy. | ||
Step 4 | UCSC(policy-mgr) /org/boot-policy # create storage |
Creates a storage boot for the boot policy and enters boot policy storage mode.
| ||
Step 5 | UCSC(policy-mgr) /org/boot-policy/storage # set order order_num |
Sets the boot order for the local disk boot. Enter a number between 1 and 16.
| ||
Step 6 | UCSC(policy-mgr) /org/boot-policy/storage # create local |
Creates a local disk location and enters organization boot policy local storage mode. | ||
Step 7 | UCSC(policy-mgr) /org/boot-policy/storage/local # create {embedded-local-jbod | embedded-local-lun | local-any | local-jbod | local-lun | sd-card | usb-extern | usb-intern} |
Specifies the type of local storage. For more information, see Local Disk Boot.
| ||
Step 8 | UCSC(policy-mgr) /org/boot-policy/storage/local # commit-buffer |
Commits the transaction to the system configuration. |
UCSC# connect policy-mgr UCSC(policy-mgr)# scope org / UCSC(policy-mgr) /org* # scope boot-policy lab1-boot-policy UCSC(policy-mgr) /org/boot-policy* # create storage UCSC(policy-mgr) /org/boot-policy/storage* # create local UCSC(policy-mgr) /org/boot-policy/storage/local* # create local-jbod UCSC(policy-mgr) /org/boot-policy/storage/local/local-jbod* # set order 1 UCSC(policy-mgr) /org/boot-policy/storage/local/local-jbod* # up UCSC(policy-mgr) /org/boot-policy/storage/local* # create sd-card UCSC(policy-mgr) /org/boot-policy/storage/local/sd-card* # set order 2 UCSC(policy-mgr) /org/boot-policy/storage/local/sd-card* # commit-buffer UCSC(policy-mgr) /org/boot-policy/storage/local/sd-card #
Include the boot policy in a service profile and/or template.
You can configure a boot policy to boot one or more servers from a virtual media device that is accessible from the server. A virtual media device mimics the insertion of a physical CD/DVD disk (read-only) or floppy disk (read-write) into a server. This type of server boot is typically used to manually install operating systems on a server.
Note | Virtual Media requires the USB to be enabled. If you modify the BIOS settings that affect the USB functionality, you also affect the Virtual Media. Therefore, we recommend that you leave the following USB BIOS defaults for best performance: |
Create a boot policy to contain the virtual media boot configuration.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr |
Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope org org-name |
Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name . |
Step 3 | UCSC(policy-mgr) /org # scope boot-policy policy-name |
Enters organization boot policy mode for the specified boot policy. |
Step 4 | UCSC(policy-mgr) /org/boot-policy # create virtual-media {read-only | read-write} |
Creates a virtual media boot for the boot policy, specifies whether the virtual media is has read-only or read-write privileges, and enters organization boot policy virtual media mode. |
Step 5 | UCSC(policy-mgr) /org/boot-policy/virtual-media # set order {1 | 2 | 3 | 4} |
Sets the boot order for the virtual-media boot. |
Step 6 | UCSC(policy-mgr) /org/boot-policy/virtual-media # commit-buffer |
Commits the transaction to the system configuration. |
UCSC# connect policy-mgr UCSC(policy-mgr)# scope org / UCSC(policy-mgr) /org* # scope boot-policy lab3-boot-policy UCSC(policy-mgr) /org/boot-policy* # create virtual-media read-only UCSC(policy-mgr) /org/boot-policy/virtual-media* # set order 3 UCSC(policy-mgr) /org/boot-policy/virtual-media* # commit-buffer
Include the boot policy in a service profile and/or template.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr |
Enters policy manager mode. |
Step 2 | UCSC(policy-mgr) # scope org org-name |
Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name. |
Step 3 | UCSC(policy-mgr) /org # delete boot-policy policy-name |
Deletes the specified boot policy. |
Step 4 | UCSC(policy-mgr) /org # commit-buffer |
Commits the transaction to the system configuration. |
The following example shows how to delete a boot policy:
UCSC# connect policy-mgr UCSC(policy-mgr)# scope org / UCSC(policy-mgr) /org # delete boot-policy boot-policy-LAN UCSC(policy-mgr) /org* # commit-buffer UCSC(policy-mgr) /org #