The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter includes the following sections:
You can create and manage global policies in Cisco UCS Central and include them in service profiles or service profile templates for one or more Cisco UCS domains. The service profiles and service profile templates that include global policies can be either of the following:
Local service profiles or service profile templates that are created and managed by Cisco UCS Manager in one Cisco UCS domain. You can only associate local service profiles with servers in that domain. When you include a global policy in a local service profile, Cisco UCS Manager makes a local read-only copy of that policy.
Global service profiles or service profile templates that are created and managed by Cisco UCS Central. You can associate global service profiles with servers in one or more registered Cisco UCS domains.
You can only make changes to global policies in Cisco UCS Central. Those changes affect all service profiles and service profile templates that include the global policy. All global policies are read-only in Cisco UCS Manager.
You can configure all operational policies under a domain group using IPv6 addresses. These policies are located in the Operations Management tab of the Cisco UCS Central GUI.
This feature helps the Cisco UCS Manager to use an IPv6 address while importing these policies from Cisco UCS Central.
For each Cisco UCS domain that you register with Cisco UCS Central, you can choose which application will manage certain policies and configuration settings. This policy resolution does not have to be the same for every Cisco UCS domain that you register with the same Cisco UCS Central.
You have the following options for resolving these policies and configuration settings:
Local—The policy or configuration is determined and managed by Cisco UCS Manager.
Global—The policy or configuration is determined and managed by Cisco UCS Central.
The following table contains a list of the policies and configuration settings that you can choose to have managed by either Cisco UCS Manager or Cisco UCS Central:
When you register a Cisco UCS domain, you configure policies for local or global resolution. The behavior that occurs when the Cisco UCS domain is registered or when that registration or configuration changes, depends upon several factors, including whether a domain group has been assigned or not.
The following table describes the policy resolution behavior you can expect for each type of policy.
Policies and Configuration | Policy Source | Behavior in Cisco UCS Manager on Registration with Cisco UCS Central | Behavior in Cisco UCS Manager when Registration Changed | |||
---|---|---|---|---|---|---|
Cisco UCS Central | Cisco UCS Manager |
Domain Group Unassigned |
Domain Group Assigned |
Unassigned from Domain Group |
Deregistered from Cisco UCS Central |
|
Call Home |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SNMP configuration |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
HTTP |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Telnet |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
CIM XML |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Management interfaces monitoring policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Power allocation policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Power policy (also known as the PSU policy) |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SEL policy |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Authentication Domains |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
LDAP |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
LDAP provider groups and group maps |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
TACACS, including provider groups |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
RADIUS, including provider groups |
N/A Cisco UCS Manager only |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
SSH (Read-only) |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
DNS |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Time zone |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Web Sessions |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Fault |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Core Export |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Syslog |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Global Backup/Export Policy |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Default Authentication |
Domain group root |
Assigned domain group |
Local |
Local/Remote |
Retains last known policy state |
Converted to a local policy |
Console Authentication |
Domain group root |
Assigned domain group |
Local |
Can be local or remote |
Retains last known policy state |
Converted to a local policy |
Roles |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Locales - Org Locales |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Trust Points |
Domain group root |
Assigned domain group |
Local |
Local/Combine (Remote replacing Local) |
Deletes remote policies |
Converted to a local policy |
Firmware Download Policy |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
ID Soaking Policy |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
Locales - Domain Group Locales |
Domain group root |
N/A |
N/A |
N/A |
N/A |
N/A |
Infrastructure Firmware Packs |
N/A |
Assigned domain group |
Local |
Local/Remote (if Remote exists) |
Retains last known policy state |
Converted to a local policy |
Catalog |
N/A |
Assigned domain group |
Local |
Local/Remote (if Remote exists) |
Retains last known policy state |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
Maintenance Policy Schedule Host Firmware Packs |
N/A |
Assigned domain group |
See Consequences of Service Profile Changes on Policy Resolution |
See Consequences of Service Profile Changes on Policy Resolution |
Deletes remote policies |
Converted to a local policy |
For certain policies, the policy resolution behavior is also affected by whether or not one or more service profiles that include that policy have been updated.
The following table describes the policy resolution behavior you can expect for those policies.
Policy | Behavior in Cisco UCS Manager on Registration with Cisco UCS Central | Domain Group Assigned after Registration with Cisco UCS Central | |||
---|---|---|---|---|---|
Domain Group Unassigned / Domain Group Assigned |
|||||
Service Profile not Modified |
Service Profile Modified |
||||
Maintenance Policy
|
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
||
Schedule |
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
||
Host Firmware Packages |
Local |
Local, but any "default" policies are updated on domain group assignment |
Local/Remote (if resolved to "default" post registration) |
Boot policy overrides the boot order in the BIOS setup menu, and determines the following:
Selection of the boot device
Location from which the server boots
Order in which boot devices are invoked
For example, you can choose to have associated servers boot from a local device, such as a local disk or CD-ROM (VMedia), or you can select a SAN boot or a LAN (PXE) boot.
You can either create a named boot policy that can be associated with one or more service profiles, or create a boot policy for a specific service profile. A boot policy must be included in a service profile, and that service profile must be associated with a server for it to take effect. If you do not include a boot policy in a service profile, the UCS domain applies the default boot policy.
Note | Changes to a boot policy will be propagated to all service profiles created with an updating service profile template that includes that boot policy. Reassociation of the service profile with the server to rewrite the boot order information in the BIOS is automatically triggered. |
The BIOS policy automates the configuration of BIOS settings for a server or group of servers. You can create global BIOS policies available to all servers in the root organization, or you can create BIOS policies in sub-organizations that are only available to that hierarchy.
To use a BIOS policy, do the following:
Create the BIOS policy in Cisco UCS Central.
Assign the BIOS policy to one or more service profiles.
Associate the service profile with a server.
During service profile association, Cisco UCS Central modifies the BIOS settings on the server to match the configuration in the BIOS policy. If you do not create and assign a BIOS policy to a service profile, the server uses the default BIOS settings for that server platform.
Step 1 | In the Task
bar, type
Create
BIOS Policy and press Enter.
This launches the Create BIOS Policy dialog box. |
Step 2 | In
Basic, click
Organization and select the location in which you
want to create the BIOS policy.
|
Step 3 | In
Processor, complete the fields as necessary.
For more information, see Processor BIOS Settings. |
Step 4 | In
I/O, complete the fields as necessary.
For more information, see Intel Directed I/O BIOS Settings. |
Step 5 | In
RAS
Memory, complete the fields as necessary.
For more information, see RAS Memory BIOS Settings. |
Step 6 | In
USB, complete the fields as necessary.
For more information, see USB BIOS Settings. |
Step 7 | In
PCI, complete the fields as necessary.
For more information, see PCI BIOS Settings. |
Step 8 | In
Boot
Options, complete the fields as necessary.
For more information, see Boot Options BIOS Settings. |
Step 9 | In
Server
Manager, complete the fields as necessary.
For more information, see Server Manager. |
Step 10 | In
Console, complete the fields as necessary.
For more information, see Console. |
Step 11 | Click Create. |
Cisco UCS Central includes a set of default BIOS settings for each type of server supported by Cisco UCS. The default BIOS settings are available only in the root organization and are global. Only one set of default BIOS settings can exist for each server platform supported by Cisco UCS. You can modify the default BIOS settings, but you cannot create an additional set of default BIOS settings.
Each set of default BIOS settings are designed for a particular type of supported server and are applied to all servers of that specific type which do not have a BIOS policy included in their service profiles.
Unless a Cisco UCS implementation has specific needs that are not met by the server-specific settings, we recommend that you use the default BIOS settings that are designed for each type of server in the Cisco UCS domain.
Cisco UCS Central applies these server platform-specific BIOS settings as follows:
The service profile associated with a server does not include a BIOS policy.
The BIOS policy is configured with the platform-default option for a specific setting.
You can modify the default BIOS settings provided by Cisco UCS Central. However, any changes to the default BIOS settings apply to all servers of that particular type or platform. If you want to modify the BIOS settings for only certain servers, we recommend that you use a BIOS policy.
The following table lists the main server BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description |
---|---|
Reboot on BIOS Settings Change |
When the server is rebooted after you change one or more BIOS settings. Enabled—If you enable this setting, the server is rebooted according to the maintenance policy in the server's service profile. For example, if the maintenance policy requires user acknowledgment, the server is not rebooted and the BIOS changes are not applied until a user acknowledges the pending activity. Disabled—If you do not enable this setting, the BIOS changes are not applied until the next time the server is rebooted, whether as a result of another server configuration change or a manual reboot. |
Serial Port A |
Whether serial port A is enabled or disabled. This can be one of the following: |
Quiet Boot |
What the BIOS displays during Power On Self-Test (POST). This can be one of the following:
|
Post Error Pause |
What happens when the server encounters a critical error during POST. This can be one of the following:
|
Front Panel Lockout |
Whether the power and reset buttons on the front panel are ignored by the server. This can be one of the following:
|
Resume AC On Power Loss |
How the server behaves when power is restored after an unexpected power loss. This can be one of the following:
|
The following table lists the processor BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description | ||
---|---|---|---|
Turbo Boost |
Whether the processor uses Intel Turbo Boost Technology, which allows the processor to automatically increase its frequency if it is running below power, temperature, or voltage specifications. This can be one of the following: |
||
Enhanced Intel Speedstep |
Whether the processor uses Enhanced Intel SpeedStep Technology, which allows the system to dynamically adjust processor voltage and core frequency. This technology can result in decreased average power consumption and decreased average heat production. This can be one of the following:
We recommend that you contact your operating system vendor to make sure your operating system supports this feature. |
||
Hyper Threading |
Whether the processor uses Intel Hyper-Threading Technology, which allows multithreaded software applications to execute threads in parallel within each processor. This can be one of the following:
We recommend that you contact your operating system vendor to make sure the operating system supports this feature. |
||
Core Multi Processing |
Sets the state of logical processor cores per CPU in a package. If you disable this setting, Intel Hyper Threading technology is also disabled. This can be one of the following:
We recommend that you contact your operating system vendor to make sure your operating system supports this feature. |
||
Execute Disabled Bit |
Classifies memory areas on the server to specify where the application code can execute. As a result of this classification, the processor disables code execution if a malicious worm attempts to insert code in the buffer. This setting helps to prevent damage, worm propagation, and certain classes of malicious buffer overflow attacks. This can be one of the following:
We recommend that you contact your operating system vendor to make sure your operating system supports this feature. |
||
Virtualization Technology (VT) |
Whether the processor uses Intel Virtualization Technology, which allows a platform to run multiple operating systems and applications in independent partitions. This can be one of the following:
|
||
Direct Cache Access |
Allows processors to increase I/O performance by placing data from I/O devices directly into the processor cache. This setting helps to reduce cache misses. This can be one of the following: |
||
Processor C State |
Whether the system can enter a power savings mode during idle periods. This can be one of the following:
We recommend that you contact your operating system vendor to make sure your operating system supports this feature. |
||
Processor C1E |
Allows the processor to transition to its minimum frequency upon entering C1. This setting does not take effect until after you have rebooted the server. This can be one of the following:
|
||
Processor C3 Report |
Whether the processor sends the C3 report to the operating system. This can be one of the following:
On the Cisco UCS B440 Server, the BIOS Setup menu uses enabled and disabled for these options. If you specify acpi-c2 or acpi-c2, the server sets the BIOS value for that option to enabled. |
||
Processor C6 Report |
Whether the processor sends the C6 report to the operating system. This can be one of the following: |
||
Processor C7 Report |
Whether the processor sends the C7 report to the operating system. This can be one of the following: |
||
CPU Performance |
Sets the CPU performance profile for the server. This can be one of the following:
|
||
Max Variable MTRR Setting |
Allows you to select the number of mean time to repair (MTRR) variables. This can be one of the following: |
The following table lists the Intel Directed I/O BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description | ||
---|---|---|---|
VIrtualization Technology ( VT )for Directed IO |
Whether the processor uses Intel Virtualization Technology for Directed I/O (VT-d). You can select one of the following options:
|
||
Interrupt Remap |
Whether the processor supports Intel VT-d Interrupt Remapping. You can select one of the following options: |
||
Coherency Support |
Whether the processor supports Intel VT-d Coherency. You can select one of the following options: |
||
Address Translation Services (ATS) Support |
Whether the processor supports Intel VT-d Address Translation Services (ATS). You can select one of the following options: |
||
Pass Through DMA Support |
Whether the processor supports Intel VT-d Pass-through DMA. You can select one of the following options: |
The following table lists the RAS memory BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description |
---|---|
NUMA |
Whether the BIOS supports NUMA. This can be one of the following:
|
LV DDR Mode |
Whether the system prioritizes low voltage or high frequency memory operations. This can be one of the following:
|
DRAM Refresh Rate |
The refresh interval rate for internal memory. This can be one of the following: |
Memory RAS Config |
How the memory reliability, availability, and serviceability (RAS) is configured for the server. This can be one of the following:
|
The following table lists the USB BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description |
---|---|
Make Device Non Bootable |
Whether the server can boot from a USB device. This can be one of the following: |
USB Front Panel Access Lock |
USB front panel lock is configured to enable or disable the front panel access to USB ports. This can be one of the following: |
Legacy USB Support |
Whether the system supports legacy USB devices. This can be one of the following: |
USB Idle Power Optimizing Setting |
Whether the USB System Idle Power Optimizing setting is used to reduce USB EHCI idle power consumption. Depending upon the value you choose, this setting can have an impact on performance. This can be one of the following:
|
The following table lists the PCI BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description |
---|---|
Max Memory Below 4G |
Whether the BIOS maximizes memory usage below 4GB for an operating system without PAE support, depending on the system configuration. This can be one of the following:
|
Memory Mapped IO Above 4Gb Configuration |
Whether to enable or disable memory mapped I/O of 64-bit PCI devices to 4GB or greater address space. Legacy option ROMs are not able to access addresses above 4GB. PCI devices that are 64-bit compliant but use a legacy option ROM may not function correctly with this setting enabled. This can be one of the following: |
The following tables list the PCI configuration BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description | ||||
---|---|---|---|---|---|
Max Memory Below 4G |
Whether the BIOS maximizes memory usage below 4GB for an operating system without PAE support, depending on the system configuration. This can be one of the following:
|
||||
Memory Mapped IO Above 4Gb Configuration |
Whether to enable or disable memory mapped I/O of 64-bit PCI devices to 4GB or greater address space. Legacy option ROMs are not able to access addresses above 4GB. PCI devices that are 64-bit compliant but use a legacy option ROM may not function correctly with this setting enabled. This can be one of the following: |
||||
VGA Priority |
Allows you to set the priority for VGA graphics devices if multiple VGA devices are found in the system. This can be one of the following:
|
||||
PCIe OptionROMs |
Whether Option ROM is available on all expansion ports. This can be one of the following:
|
||||
PCIe Mezz OptionRom |
Whether all mezzanine PCIe ports are enabled or disabled. This can be one of the following: |
||||
PCIe 10G LOM 2 Link |
Whether Option ROM is available on the 10G LOM port. This can be one of the following: |
||||
ASPM Support |
Allows you to set the level of ASPM (Active Power State Management) support in the BIOS. This can be one of the following: |
Name | Description |
---|---|
Slot n Link Speed |
This option allows you to restrict the maximum speed of an adapter card installed in PCIe slot n. This can be one of the following:
|
Name | Description |
---|---|
Slot n OptionROM |
Whether Option ROM is available on the specified port. This can be one of the following:
|
Slot SAS |
Whether is available on the specified port. This can be one of the following:
|
Slot HBA |
Whether is available on the specified port. This can be one of the following:
|
Slot MLOM |
Whether Option ROM is available on the PCIe slot connected to the MLOM available on the specified port. This can be one of the following:
|
Slot N1 |
Whether is available on the specified port. This can be one of the following:
|
Slot N2 |
Whether is available on the specified port. This can be one of the following:
|
The following table lists the boot options BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description |
---|---|
Boot Option Retry |
Whether the BIOS retries NON-EFI based boot options without waiting for user input. This can be one of the following: |
Onboard SCU Storage Support |
Whether the onboard software RAID controller is available to the server. This can be one of the following: |
Intel Entry SAS RAID |
Whether the Intel SAS Entry RAID Module is enabled. This can be one of the following: |
Intel Entry SAS RAID Module |
How the Intel SAS Entry RAID Module is configured. This can be one of the following: |
The following tables list the server management BIOS settings that you can configure through a BIOS policy or the default BIOS settings:
Name | Description |
---|---|
Assert NMI on SERR |
Whether the BIOS generates a non-maskable interrupt (NMI) and logs an error when a system error (SERR) occurs. This can be one of the following:
|
Assert NMI on PERR |
Whether the BIOS generates a non-maskable interrupt (NMI) and logs an error when a processor bus parity error (PERR) occurs. This can be one of the following:
|
OS Boot Watchdog Timer |
Whether the BIOS programs the watchdog timer with a predefined timeout value. If the operating system does not complete booting before the timer expires, the CIMC resets the system and an error is logged. This can be one of the following:
This feature requires either operating system support or Intel Management software. |
OS Boot Watchdog Timer Timeout |
What timeout value the BIOS uses to configure the watchdog timer. This can be one of the following:
This option is only available if you enable the OS Boot Watchdog Timer. |
Name | Description | ||
---|---|---|---|
Legacy OS Redirect |
Whether redirection from a legacy operating system, such as DOS, is enabled on the serial port. This can be one of the following:
|
||
Console Redirection |
Allows a serial port to be used for console redirection during POST and BIOS booting. After the BIOS has booted and the operating system is responsible for the server, console redirection is irrelevant and has no effect. This can be one of the following:
|
||
BAUD Rate |
What BAUD rate is used for the serial port transmission speed. If you disable Console Redirection, this option is not available. This can be one of the following:
|
||
Terminal Type |
What type of character formatting is used for console redirection. This can be one of the following:
|
||
Flow Control |
Whether a handshake protocol is used for flow control. Request to Send / Clear to Send (RTS/CTS) helps to reduce frame collisions that can be introduced by a hidden terminal problem. This can be one of the following:
|
Ethernet adapter policies govern the host-side behavior of the adapter, including how the adapter handles traffic. For example, you can use these policies to change default settings for the following:
Queues
Interrupt handling
Performance enhancement
RSS hash
Failover in an cluster configuration with two fabric interconnects
By default, Cisco UCS provides a set of Ethernet adapter policies. These policies include the recommended settings for each supported server operating system. Operating systems are sensitive to the settings in these policies. Storage vendors typically require non-default adapter settings. You can find the details of these required settings on the support list provided by those vendors.
Note | We recommend that you use the values in these policies for the applicable operating system. Do not modify any of the values in the default policies unless directed to do so by Cisco Technical Support. |
If you are creating an Ethernet adapter policy (instead of using the default Windows adapter policy) for a Windows operating system, you must use the following formulas to calculate values that work with Windows:
Completion Queues = Transmit Queues + Receive QueuesInterrupt Count = (Completion Queues + 2) rounded up to nearest power of 2
For example, if Transmit Queues = 1 and Receive Queues = 8 then:
Completion Queues = 1 + 8 = 9
Interrupt Count = (9 + 2) rounded up to the nearest power of 2 = 16
Step 1 | In the Task bar, type
Create Ethernet Adapter Policy and press
Enter.
This launches the Create Ethernet Adapter Policy dialog box. |
Step 2 | In Basic, from the Organization drop-down list, select the location in which you want to create the ethernet adapter policy. |
Step 3 | Enter the Name and optional Description. |
Step 4 | In
Resources, complete the following:
|
Step 5 | In Settings, complete the following: |
Step 6 | Click Create. |
The IPMI access profile policy allows you to determine whether the IPMI commands can be sent directly to the server, using the IP address. For example, you can send commands to retrieve sensor data from the Cisco IMC. This policy defines the IPMI access, including a username and password that can be authenticated locally on the server, and whether the access is read-only or read-write.
You must include this policy in a service profile and that service profile must be associated with a server for it to take effect.
IPMI access profiles require IPMI users. You can create IPMI users at the same time you create the IPMI access profile, or you can add them to an existing IPMI access profile.
To modify the parameters of an IPMI access profile policy, select the policy from the All policies page, and click the Edit icon.
Step 1 | In the Task bar, type
Create IPMI Access Profile Policy and press
Enter.
This launches the Create IPMI Access Profile Policy dialog box. |
Step 2 | In Basic, click Organization and select the location in which you want to create the policy. |
Step 3 | Enter a
Name and optional
Description.
The policy name is case sensitive. |
Step 4 | (Optional)In IPMI Users, select an IPMI user name, enter a password, and confirm the password. |
Step 5 | Select whether to allow read only or admin Serial over LAN Access. |
Step 6 | Click Create. |
Include the IPMI profile in a service profile or a service profile template.
The serial over LAN policy (SOL) configures a serial over LAN connection for all servers associated with service profiles that use the policy. By default, the serial over LAN connection is disabled.
If you implement a serial over LAN policy, we recommend that you also create an IPMI profile.
You must include this policy in a service profile and that service profile must be associated with a server for it to take effect.
Step 1 | In the Task bar,
type
Create
Serial Over LAN (SOL) Policy and press Enter.
This launches the Create Serial Over LAN (SOL) Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the Name and optional Description for the policy. |
Step 4 | Select a value for a Baud Rate. |
Step 5 | Click Enable to allow the serial over LAN connection. |
Step 6 | Click Create. |
Step 1 | On the
show
search tables bar, click
Policies.
You can view the polices at an organization or sub-organization level from the Show Org Navigation bar by expanding the root node until you reach the applicable organization name. Click Go to All Policies Table from the root organization page. This launches the All Policies page. |
Step 2 | Search the
policy that you want to delete.
You can search for the policy in one of the following ways: |
Step 3 | In the
Org column, click the policy.
This launches the selected SOL policy page. |
Step 4 | On the
SOL
policy page, click the
Delete icon.
A dialog box prompting you to confirm the deletion of the policy appears. |
Step 5 | Click Delete. |
The dynamic vNIC connection policy determines how the connectivity between VMs and dynamic vNICs is configured. This policy is required for Cisco UCS domains that include servers with VIC adapters on which you have installed VMs and configured dynamic vNICs.
Each dynamic vNIC connection policy includes an Ethernet adapter policy and designates the number of vNICs that can be configured for any server associated with a service profile that includes the policy.
Note | Server Migration:
|
Step 1 | In the Task bar, type
Create Dynamic vNIC Connection Policy and
press Enter.
This launches the Create Dynamic vNIC Connection Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the dynamic vNIC connection policy. |
Step 3 | Enter a
Name and optional
Description.
The policy name is case sensitive. |
Step 4 | Enter the number of dynamic vNICS that you want to create. |
Step 5 | Select the protection mode that you want to use. |
Step 6 | Select the adapter profile to be associated with this policy.
The profile must already exist to be included in the Ethernet Adapter drop-down list. |
Step 7 | Click Create. |
Fibre channel adapter policies govern the host-side behavior of the adapter, including how the adapter handles traffic. For example, you can use these policies to change default settings for the following:
Queues
Interrupt handling
Performance enhancement
RSS hash
Failover in an cluster configuration with two fabric interconnects
Note | For Fibre Channel adapter policies, the values displayed by Cisco UCS Central may not match those displayed by applications such as QLogic SANsurfer. For example, the following values may result in possible mismatch between SANsurfer and Cisco UCS Central:
|
By default, Cisco UCS provides a set of Fibre channel adapter policies. These policies include the recommended settings for each supported server operating system. Operating systems are sensitive to the settings in these policies. Storage vendors typically require non-default adapter settings. You can find the details of these required settings on the support list provided by those vendors.
Note | We recommend that you use the values in these policies for the applicable operating system. Do not modify any of the values in the default policies unless directed to do so by Cisco Technical Support. |
Step 1 | In the Task bar, type
Create Fibre Channel Adapter Policy and press
Enter.
This launches the Create Fibre Channel Adapter Policy dialog box. |
Step 2 | In Basic, click Organization and select the location in which you want to create this policy. |
Step 3 | Enter a
Name and optional
Description
The policy name is case sensitive. |
Step 4 | In Resources, complete the fields as necessary. |
Step 5 | In Settings, complete the fields as necessary. |
Step 6 | Click Create. |
The host firmware package policy enables you to specify a set of firmware versions that make up the host firmware package (also known as the host firmware pack).
Step 1 | In the Task
bar, type
Create
Host Firmware Package Policy and press Enter.
This launches the Create Host Firmware Package Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter a
Name and optional
Description.
The policy name is case sensitive. |
Step 4 | Select the Blade Version, Rack Version, and/or Modular Version, as required for your environment. |
Step 5 | Click Create. |
The host interface placement policy enables you to determine the user-specified virtual network interface connection (vCon) placement for vNICs and vHBAs.
To create a host interface placement policy, see Creating or Editing a Host Interface Placement Policy. Details for existing policies are displayed on the Host Interface Placement Policy page.
Step 1 | In the Task
bar, type
Create
Host Interface Placement Policy and press Enter.
This launches the Create Host Interface Placement Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter a
Name and optional
Description.
The policy name is case sensitive. |
Step 4 | Select the
Virtual
Slot Mapping Scheme.
This can be one of the following: |
Step 5 | Select the
Virtual
Slot Selection Preference for each virtual slot.
This can be one of the following:
|
Step 6 | Click Create. |
Step 1 | In the Task
bar, type
Create
iSCSI Adapter Policy and press Enter.
This launches the Create iSCSI Adapter Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | Enter values for the Connection Timeout, LUN Busy Retry Count, and DHCP Timeout. |
Step 5 | Choose whether to enable TCP Timestamp, HBA Mode, and Boot To Target. |
Step 6 | Click Create. |
Step 1 | In the Task
bar, type
Create
iSCSI Authentication Profile and press Enter.
This launches the Create iSCSI Authentication Profile dialog box. |
Step 2 | In Basic, click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | Enter the User ID. |
Step 5 | Type and confirm the password. |
Step 6 | Click Create. |
LAN connectivity policies determine the connections and the network communication resources between the server and the LAN on the network. These policies use pools to assign MAC addresses to servers and to identify the vNICs that the servers use to communicate with the network.
Note | These policies are included in service profiles and service profile templates, and can be used to configure multiple servers. So, using static IDs in connectivity policies is not recommended. |
Step 1 | In the Task
bar, type
Create
LAN Connectivity Policy and press Enter.
This launches the Create LAN Connectivity Policy dialog box. | ||
Step 2 | In Basic, click Organization and select the location in which you want to create the policy. | ||
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. | ||
Step 4 | In vNICs, enter the vNIC and enter the appropriate properties values. | ||
Step 5 | In
iSCSI
vNICs, enter the
iSCSI
vNIC and enter the appropriate properties values.
| ||
Step 6 | Click Create. |
This policy configures any optional SAS local drives that have been installed on a server through the onboard RAID controller of the local drive. This policy enables you to set a local disk mode for all servers that are associated with a service profile that includes the local disk configuration policy.
The local disk modes include the following:
Step 1 | In the Task
bar, type
Create
Local Disk Policy and press Enter.
This launches the Create Local Disk Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | In Mode, select the configuration mode for the local disks. |
Step 5 | Choose whether to enable or disable Configuration Protection, FlexFlash, and FlexFlash RAID Reporting. |
Step 6 | Click Create. |
When you make any change to a service profile that is associated with servers in the registered domains, the change may require a server reboot. The maintenance policy determines how Cisco UCS Central reacts to the reboot request.
You can create a maintenance policy and specify the reboot requirements to make sure the server is not automatically rebooted with any changes to the service profiles. You can specify one of the following options for a maintenance policy:
Immediately: Whenever you make a change to the service profile, apply the changes immediately.
User Acknowledgment: Apply the changes after a user with administrative privileges acknowledges the changes in the system.
Schedule: Apply the changes based on the day and time you specify in the schedule.
When you create the maintenance policy if you specify a schedule, the schedule deploys the changes in the first available maintenance window.
Note | A maintenance policy only prevents an immediate server reboot when a configuration change is made to an associated service profile. However, a maintenance policy does not prevent the following actions from taking place right away:
|
Step 1 | In the Task bar, type
Create Maintenance Policy and press Enter.
This launches the Create Maintenance Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | Select when to apply the changes that require a reboot.
This can be one of the following:
|
Step 5 | Click Create. |
Note | Simple schedules, whether recurring or a one time occurrence, do not have the option to require user acknowledgment. If you want to require user acknowledgment, you must choose an advanced schedule. |
Step 1 | In the Task bar,
type
Create
Schedule and press Enter.
This launches the Create Schedule dialog box. |
Step 2 | In Basic, enter a Name and optional Description. |
Step 3 | Choose whether
the schedule should be
Recurring,
One
Time, or
Advanced.
If Advanced, choose whether to require user acknowledgment. |
Step 4 | In
Schedule, complete the following:
|
Step 5 | Click Create. |
This policy configures the network control settings for the Cisco UCS domain, including the following:
Whether the Cisco Discovery Protocol (CDP) is enabled or disabled
How the virtual interface ( VIF) behaves if no uplink port is available in end-host mode
The action that Cisco UCS Central takes on the remote Ethernet interface, vEthernet interface , or vFibre Channel interface when the associated border port fails
Whether the server can use different MAC addresses when sending packets to the fabric interconnect
Whether MAC registration occurs on a per-VNIC basis or for all VLANs
By default, the Action on Uplink Fail property in the network control policy is configured with a value of link-down. For adapters such as the Cisco UCS M81KR Virtual Interface Card, this default behavior directs Cisco UCS Central to bring the vEthernet or vFibre Channel interface down if the associated border port fails. For Cisco UCS systems using a non-VM-FEX capable converged network adapter that supports both Ethernet and FCoE traffic, such as Cisco UCS CNA M72KR-Q and the Cisco UCS CNA M72KR-E, this default behavior directs Cisco UCS Central to bring the remote Ethernet interface down if the associated border port fails. In this scenario, any vFibre Channel interfaces that are bound to the remote Ethernet interface are brought down as well.
Note | if your implementation includes those types of non-VM-FEX capable converged network adapters mentioned in this section and the adapter is expected to handle both Ethernet and FCoE traffic, we recommend that you configure the Action on Uplink Fail property with a value of warning. Note that this configuration might result in an Ethernet teaming driver not being able to detect a link failure when the border port goes down. |
MAC addresses are installed only on the native VLAN by default, which maximizes the VLAN port count in most implementations.
Note | If a trunking driver is being run on the host and the interface is in promiscuous mode, we recommend that you set the Mac Registration Mode to All VLANs. |
Step 1 | In the Task bar, type
Create Network Control Policy and press Enter.
This launches the Create Network Control Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | Choose whether to enable Cisco Discovery Protocol (CDP). |
Step 5 | Select values for Action on Uplink Failure, MAC Address Registration, and MAC Address Forging. |
Step 6 | Click Create. |
You can create a power control policy in Cisco UCS Central and include it in the service profile to enable the system to manage the power allocation control for the blade servers in the registered Cisco UCS domains.
Cisco UCS uses the priority set in the power control policy, along with the blade type and configuration, to calculate the initial power allocation for each blade within a chassis.
During normal operation, the active blades within a chassis can borrow power from idle blades within the same chassis. If all blades are active and reach the power cap, service profiles with higher priority power control policies take precedence over service profiles with lower priority power control policies. Priority is ranked on a scale of 1-10, where 1 indicates the highest priority and 10 indicates lowest priority. The default priority is 5.
For mission-critical application a special priority called no-cap is also available. Setting the priority to no-cap prevents Cisco UCS from leveraging unused power from a particular server. With this setting, the server is allocated the maximum amount of power possible for that type of server.
Step 1 | In the Task bar, type
Create Power Control Policy and press Enter.
This launches the Create Power Control Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | Choose whether to enable Power Capping. |
Step 5 | If
Enabled, use the slider to select the
Power Group Priority.
Priority is ranked on a scale of 1-10, where 1 indicates the highest priority and 10 indicates lowest priority. The default priority is 5. |
Step 6 | Click Create. |
A quality of service (QoS) policy assigns a system class to the outgoing traffic for a vNIC or vHBA. This system class determines the quality of service for that traffic. For certain adapters, you can also specify additional controls on the outgoing traffic, such as burst and rate.
You must include a QoS policy in a vNIC policy or vHBA policy and then include that policy in a service profile to configure the vNIC or vHBA.
Step 1 | In the Task bar, type
Create Quality of Service (QOS) Policy and
press Enter.
This launches the Create Quality of Service (QOS) Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | Select an Egress Priority. |
Step 5 | Choose whether to enable Host Control Class of Service (CoS). |
Step 6 | Enter an Egress Burst Size, and select the egress average traffic rate. |
Step 7 | Click Create. |
SAN connectivity policies determine the connections and the network communication resources between the server and the SAN on the network. These policies use pools to assign WWNs, and WWPNs to servers and to identify the vHBAs that the servers use to communicate with the network.
Note | These policies are included in service profiles and service profile templates, and can be used to configure multiple servers. So, using static IDs in connectivity policies is not recommended. |
Step 1 | In the Task
bar, type
Create
SAN Connectivity Policy and press Enter.
This launches the Create SAN Connectivity Policy dialog box. |
Step 2 | In Basic, click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | In
Identifiers, choose the WWNN pool.
For more information, see Creating and Editing a WWN Pool. |
Step 5 | In vHBAs, create one or more vHBAs and select the properties. You can manually create the vHBA or use a vHBA template. |
Step 6 | Click Create. |
From Cisco UCS Central you can create scrub policy to determine what happens to local data and to the BIOS settings on a server during the discovery process, when the server is reacknowledged, or when the server is disassociated from a service profile.
Note | Local disk scrub policies only apply to hard drives that are managed by Cisco UCS Manager and do not apply to other devices such as USB drives. |
Depending upon how you configure a scrub policy, the following can occur at those times:
One of the following occurs to the data on any local drives on disassociation:
One of the following occurs to the BIOS settings when a service profile containing the scrub policy is disassociated from a server:
FlexFlash Scrub enables you to pair new or degraded SD cards, resolve FlexFlash metadata configuration failures, and migrate older SD cards with 4 partitions to single partition SD cards. One of the following occurs to the SD card when a service profile containing the scrub policy is disassociated from a server, or when the server is reacknowledged:
If enabled, the HV partition on the SD card is formatted using the PNUOS formatting utility. If two SD cards are present, the cards are RAID-1 paired, and the HV partitions in both cards are marked as valid. The card in slot 1 is marked as primary, and the card in slot 2 is marked as secondary.
If disabled, preserves the existing SD card settings.
Note |
|
Step 1 | In the Task
bar, type
Create
Scrub Policy and press Enter.
This launches the Create Scurb Policy dialog box. |
Step 2 | In Basic, click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | Choose the scrub policies that you want to enable. |
Step 5 | Click Create. |
A vMedia policy is used to configure the mapping information for remote vMedia devices. Two vMedia devices and mappings for CD and HDD are allowed in a vMedia policy. You can configure one ISO and one IMG at a time. ISO configurations map to a CD drive. IMG configurations map to a HDD device.
Note | If you want to map a device to a remote folder, you must create an IMG and map it as a HDD device. |
From Cisco UCS Central you can provision vMedia devices ISO images for remote UCS servers. Using Scriptable vMedia, you can programmatically mount IMG and ISO images on a remote server. CIMC mounted vMedia provides communications between other mounted media inside your datacenter with no additional requirements for media connection. Scriptable vMedia allows you to control virtual media devices without using a browser to manually map each Cisco UCS server individually.
Scriptable vMedia supports multiple share types including NFS, CIFS, HTTP, and HTTPS shares. Scriptable vMedia is enabled through BIOS configuration and configured through a Web GUI and CLI interface. You can do the following in the registered Cisco UCS domains using scriptable vMedia:
Boot from a specific vMedia device
Copy files from a mounted share to local disk
Install and update OS drivers
Note | Support for Scriptable vMedia is applicable for CIMC mapped devices only. Existing-KVM based vMedia devices are not supported. |
You can create a vMedia policy and associate the policy with a service profile.
Step 1 | In the Task bar,
type
Create
vMedia Policy and press Enter.
This launches the Create vMedia Policy dialog box. |
Step 2 | In
Basic, click
Organization and select the location in which you
want to create this vMedia Policy.
|
Step 3 | (Optional)Click
HDD, and do the following:
|
Step 4 | (Optional)Click
CDD and do the following:
|
Step 5 | Click Create. |
Associate the vMedia policy with a service profile.
Cisco UCS Central supports global call home policies for notifying all email recipients defined in call home profiles to specific Cisco UCS Manager events. (There is no call home support for Cisco UCS Central in this release.) Profiles define lists of email recipients that receive alert notifications (to a maximum defined message size in full text, short text, or XML format) and alert criteria for triggering notifications.
Alert notifications are sent with predefined content based on alert levels (including major, minor, normal, notification and warning) and selected alert groups identifying events that trigger notification (such as diagnostic, environmental, inventory, license and other predefined events). Individual email recipients may be individually added to existing profiles. Registered Cisco UCS domains choosing to define security policies globally within that client's policy resolution control will defer all call home policies to its registration with Cisco UCS Central.
A call home policy is created from a domain group under the domain group root. Call home policies under the Domain Groups root were already created by the system and ready to configure.
1. Navigate to the Domain Group page.
2. Click the Settings icon and select Call Home Settings.
3. In Basic, click Enabled to enable the Call Home feature, and complete the necessary information.
4. In Profiles, click Add to create a new profile, or edit an existing profile.
5. In Alerts, click Add or Delete to manage the events that trigger alerts to be sent.
6. Click Save.
Step 1 | Navigate to the Domain Group page. |
Step 2 | Click the Settings icon and select Call Home Settings. |
Step 3 | In Basic, click Enabled to enable the Call Home feature, and complete the necessary information. |
Step 4 | In Profiles, click Add to create a new profile, or edit an existing profile. |
Step 5 | In Alerts, click Add or Delete to manage the events that trigger alerts to be sent. |
Step 6 | Click Save. |