Configuring Cisco UCS Manager Accounts

This chapter contains the following sections:

Pods

A pod is a logical grouping of physical and virtual components, including one or more physical or virtual accounts, such as a Cisco UCS Manager account for computing, a network account, or a cloud account. Each pod is a module of network, compute, storage, and application components that work together to deliver services for your data center and users. The pod is a repeatable pattern, and its components maximize the modularity, scalability, and manageability of data centers.

When you create a pod, consider what you want it to represent. For example, you can create a pod to represent the following:

  • A single converged infrastructure stack, such as FlexPod, Vblock, or VSPEX

  • A grouping of resources assigned to a specific customer or tenant

  • The resources within a specific range of IP addresses

For systems that include Cisco UCS Central, we recommend that you create a pod for each Cisco UCS domain or domain group.

If needed, you can group pods into sites. However, a pod can only belong to one site.

You can view details of the pods and their components on the Converged tab in Cisco UCS Director. For information about how to create pods, see the Cisco UCS Director Administration Guide.

Adding a Pod

Procedure

Step 1

Choose Administration > Physical Accounts.

Step 2

On the Physical Accounts page, click Pods.

Step 3

Click Add.

Step 4

On the Add Pod screen, complete the following fields:

Name Description

Name field

A descriptive name for the pod.

Type drop-down list

Choose the type of pod that you want to add. This can be one of the following:

  • Flexpod

  • VersaStack

  • Generic

  • ExpressPod Medium

  • VSPEX

  • ExpressPod Small

  • Vblock

  • HyperFlex

  • Virtual SAN Pod

The nongeneric pod types accommodate only specific physical and virtual components. A generic pod does not require a specific pod license. You can add any type of physical or virtual component to a generic pod. For more information about bundled pod licenses (FlexPod, Vblock, and VSPEX), which include the necessary individual device licenses to run a pod, see the Cisco UCS Director Installation and Upgrade Guides.

Note

 

Only VersaStack and Generic pods are supported in the IBM accounts in Cisco UCS Director.

Site drop-down list

Choose the site where you want to add the pod. If your environment does not include sites, you can omit this step.

Description field

(Optional) A description of the pod.

Address field

The physical location of the pod. For example, this field could include the city or other internal identification used for the pod.

Hide Pod check box

Check to hide the pod if you do not want it to show in the Converged Check View. You can continue to add or delete accounts from the pod.

For example, you can use this check box to ensure that a pod that does not have any physical or virtual elements is not displayed in the Converged View.

Step 5

Click Add.

What to do next

Add one or more accounts to the pod.

Cisco UCS Manager Accounts

Each Cisco UCS Manager account represents a single Cisco UCS domain that you want to have managed by .

For an environment that does not include Cisco UCS Central, you create Cisco UCS Manager accounts in a pod. You can have more than one Cisco UCS Manager account for a pod.

For an environment that includes Cisco UCS Central, you must create a Cisco UCS Central account under multi-domain managers. All Cisco UCS domains that are registered with that Cisco UCS Central, and their related Cisco UCS Manager accounts are brought into when the Cisco UCS Central account is created. You can assign one or more of those Cisco UCS Manager accounts from the Cisco UCS Central account to a pod if needed. You can also register a Cisco UCS Manager account with a Cisco UCS Central account.

Adding a Cisco UCS Manager Account

Before you begin

Add the pod to which this Cisco UCS Manager account belongs.

Procedure

Step 1

Choose Administration > Physical Accounts.

Step 2

Click Physical Accounts.

Step 3

Click Add.

Step 4

On Add Account screen, do the following:

  1. From the Pod drop-down list, choose the pod to which this account belongs.

  2. From the Category Type drop-down list, choose Computing.

  3. From the Account Type drop-down list, choose UCSM.

  4. Click Submit.

Step 5

On the Add Account screen, complete the following fields:

Name Description

Authentication Type drop-down list

Choose the type of authentication to be used for this account. This can be one of the following:

  • Locally Authenticated—A locally authenticated user account is authenticated directly through the fabric interconnect and can be enabled or disabled by anyone with admin or AAA privileges.

  • Remotely Authenticated—A remotely authenticated user account is any user account that is authenticated through LDAP, RADIUS, or TACACS+.

Server Management drop-down list

Choose how you want to have the servers in this account managed. This can be one of the following:

  • All Servers—All servers are managed. This option is the default. If you choose this option, all servers are added in the Managed state.

  • Selected Servers—Only selected servers are managed. You can add and remove servers from the managed server list as needed. If you choose this option, all servers are added in the Unmanaged state.

Account Name field

A unique name that you assign to this account.

Server Address field

The IP address of Cisco UCS Manager. For a cluster configuration, this is the virtual IP address.

Use Credential Policy check box

Check this check box if you want to use a credential policy for this account rather than enter the information manually.

Credential Policy drop-down list

If you checked the Use Credential Policy check box, choose the credential policy that you want to use from this drop-down list.

This field is only displayed if you choose to use a credential policy.

User ID field

The username that this account will use to access Cisco UCS Manager. This username must be a valid account in Cisco UCS Manager.

This field is not displayed if you choose to use a credential policy.

Password field

The password associated with the username.

This field is not displayed if you choose to use a credential policy.

UCS Authentication Domain field

The authentication domain for the remotely authenticated account.

This field is not displayed if you are using a locally authenticated account or if you choose to use a credential policy.

Transport Type drop-down list

Choose the transport type that you want to use for this account. This can be one of the following:

  • http

  • https

This field is not displayed if you choose to use a credential policy.

Port field

The port used to access Cisco UCS Manager.

This field is not displayed if you choose to use a credential policy.

Description field

(Optional) A description of this account.

Contact Email field

The email address that you can use to contact the administrator or other person responsible for this account.

Location field

The location of this account.

Service Provider field

(Optional) The name of the service provider associated with this account, if any.

Step 6

Click Add.

tests the connection to Cisco UCS Manager. If that test is successful, it adds the Cisco UCS Manager account and discovers all infrastructure elements in Cisco UCS Manager that are associated with that account, including chassis, servers, fabric interconnects, service profiles, and pools. This discovery process and inventory collection cycle takes approximately five minutes to complete.

The polling interval configured on the Administration > System > System Tasks tab specifies the frequency of inventory collection.

Testing the Connection to a Physical Account

You can test the connection at any time after you add an account to a pod.

Procedure

Step 1

Choose Administration > Physical Accounts.

Step 2

On the Physical Accounts page, click Multi-Domain Managers.

Step 3

On the Multi-Domain Managers screen, click the row of the account for which you want to test the connection.

Step 4

Click Test Connection.

Step 5

When the connection test has completed, click Close.

What to do next

If the connection fails, verify the configuration of the account, including the username and password. If the username and password are correct, determine whether there is a network connectivity problem.

Verifying the Discovery of a Cisco UCS Manager Account

Procedure

Step 1

Choose Physical > Compute.

Step 2

On the Compute page, choose the pod.

Step 3

On Compute page, choose the pod that includes the Cisco UCS Manager account that you want to verify.

Note

 
The left column tree structure lists nodes for Sites, Unassigned Pods, and Multi-Domain Managers. When a Sites node is expanded, all the pods for that site node are displayed. When you expand an Unassigned Pods node, all the pods that are not assigned to any site are displayed. When you expand the Multi-Domain Managers list, all multi-domain manager account types that you added to Cisco UCS Director are displayed.

Step 4

Click Compute Accounts.

Step 5

Choose the row of the account that you want to verify.

Step 6

Click View Details.

Cisco UCS Director displays a set of tabs that contain information about the components of that account that it has discovered.

Viewing the Topology and Connectivity of Devices in a Cisco UCS Domain

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account for which you want to view the topology.

Step 3

Click Compute Accounts.

Step 4

Click the row of the account.

Step 5

Click View Connectivity.

The Topology View - UCS Device Connectivity dialog box is displayed with a view of the topology and connectivity of the devices in the Cisco UCS Domain.

Step 6

If desired, you can modify the following view options:

  • View Mode drop-down list—Adjusts the spacing and positioning of the devices. The mode determines which options are available for you to customize the topology view. You can choose between the following view modes:

    • Hierarchical

    • Concentric

    • Circular

    • Force Directed

  • Show Link Labels check box—Shows or hides labels on the links between devices. These labels might not display on some view modes.

  • Allow Item Spacing check box—Increases the distance between devices for the Hierarchical view mode.

  • Distance control—Adjusts the distance between devices for the Concentric view mode.

  • Radius control—Changes the radius of the circle and therefore adjusts the distance between devices for the Circular view mode.

  • Rigidity control—Adjusts the rigidity for the Force Directed view.

  • Force Distance control—Adjusts the distance between devices for the Force Directed view.

Step 7

Click Close to return to the Compute Accounts tab.

Exporting the Configuration of a Cisco UCS Manager Account

Cisco UCS Director exports a file named Ucs-Timestamp-configuration.zip to the location configured for downloads in your browser.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account for which you want to export the configuration.

Step 3

Click Compute Accounts.

Step 4

Click the row of the account.

Step 5

From the More Actions drop-down menu, choose Export Configuration.

Step 6

On the Export UCS Configuration screen, click Submit.

Step 7

When the configuration export is complete, click Close.

Importing the Configuration of a Cisco UCS Manager Account

You can import a configuration that has been exported from a Cisco UCS Manager account in Cisco UCS Director or from Cisco UCS Manager.


Note

When you import a configuration into a Cisco UCS Manager account, you overwrite any existing configuration in that account.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account for which you want to export the configuration.

Step 3

Click Compute Accounts.

Step 4

Click the row of the account.

Step 5

Click Import Configuration.

Step 6

On the Upload Configuration screen, do the following:

  1. Click Select a File and navigate to the configuration file that you want to import.

  2. When the file upload is complete, click Ok.

  3. Click Next.

Step 7

On the Select Configuration screen, check one of the following check boxes:

Option Description

Import All Configuration

Imports all configuration settings in the file.

Customize Import

Imports only the configuration settings that you choose.

Step 8

Click Submit.

Step 9

When the configuration import is complete, click Close.

Selective Server Management

When you add a Cisco UCS Manager account to a pod, you can choose how you want Cisco UCS Director to manage the servers for that account. You can choose one of the following:

All Servers

All servers are managed by Cisco UCS Director. This option is the default.

Selected Servers

Only selected servers are managed by Cisco UCS Director. You can add and remove servers from the managed server list as needed.


Note

Server license usage includes servers in Managed, Transition, and Decommissioned states. It does not include unmanaged servers.

Guidelines and Limitations for Selective Server Management

When you configure selective server management be aware of the following guidelines and limitations.

Changes to the Server Management Option

If you change the server management setting for an existing Cisco UCS Manager account from All Servers to Selected Servers, Cisco UCS Director moves all servers to the Unmanaged state. Initially, the servers are moved to a Transition state and removed from the servers report. Unless you select one or more servers and manually move them to the Managed state, all servers remain in that Transition state for 48 hours before Cisco UCS Director completes the move to the Unmanaged state. While a server is in Transition state, it is counted in your license usage.

If you change the server management setting for an existing Cisco UCS Manager account from Selected Servers to All Servers, Cisco UCS Director moves all servers to the Managed state.

Server Pools

Cisco UCS Director displays only the managed servers in a server pool, but the size of the pool includes all servers. For example, if a server pool contains two servers and only one server is managed by Cisco UCS Director, all server pool reports and actions on that pool display only one (managed) server. However, the pool size is displayed as two.

Service Profiles

Cisco UCS Director does not display service profiles that are associated with unmanaged servers. Service profiles are displayed only when the server is managed by Cisco UCS Director.

If you use Cisco UCS Manager to associate a service profile with a server pool that has servers that are not managed by Cisco UCS Director, you cannot perform any further tasks on that service profile or server in Cisco UCS Director. To manage that server or service profile, you must add a Manage Server task to the appropriate orchestration workflows.

Selecting a Server for Management

Before you begin

Configure the selective server management setting for the Cisco UCS Manager account as Selected Servers to be able to choose which servers you want Cisco UCS Director to manage.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Click UCS Discovered Servers.

This screen displays all servers in the Cisco UCS domain discovered Cisco UCS Manager.

Step 4

Click Manage Servers.

Step 5

On the Manage Servers screen, do the following:

  1. Check the check boxes for those servers you want to have managed.

  2. Click Submit.

Cisco UCS Director moves the selected servers to the Managed state.

Unmanaging a Server

If you have configured the server management option in a Cisco UCS Manager account for Selected Servers, you can unmanage servers that you no longer want to manage through Cisco UCS Director.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Click UCS Discovered Servers.

This screen displays all servers in the Cisco UCS domain discovered by Cisco UCS Manager.

Step 4

Click Unmanage Servers.

Step 5

In the Unmanage Servers dialog box, do the following:

  1. Uncheck the check boxes for those servers you no longer want to have managed.

  2. Click Submit.

Cisco UCS Director moves the selected servers to the Transition state and removes them from the servers report. The servers remain in that Transition state for 48 hours before Cisco UCS Director completes the move to the Unmanaged state. While a server is in Transition state, it is counted in your license usage.

Registration of a Cisco UCS Manager Account with Cisco UCS Central

When you add a Cisco UCS Central account, Cisco UCS Director can use that account to manage all registered Cisco UCS domains. You can also use Cisco UCS Director to register a Cisco UCS Manager account with a Cisco UCS Central account.

You can also choose whether you want to create and manage policies, service profiles, and service profile templates through the Cisco UCS Central account or the Cisco UCS Manager account by designating them as one of the following:

  • Local—The policy, service profile, or service profile template is created and managed through a Cisco UCS Manager account.

  • Global—The policy, service profile, or service profile template is created and managed through a Cisco UCS Central account.

Prerequisites for Cisco UCS Central

Before you register a Cisco UCS Manager account with a Cisco UCS Central account, do the following:

  • Configure an NTP server and the correct time zone in Cisco UCS Director, Cisco UCS Manager, and Cisco UCS Central to ensure that they are in sync. If the time and date in one or more of them are out of sync, the registration with Cisco UCS Central may fail.

  • Obtain the hostname or IP address of a Cisco UCS Central account in Cisco UCS Director.

  • Obtain the shared secret that you configured when you deployed Cisco UCS Central.

Registering a Cisco UCS Manager Account with Cisco UCS Central

Before you begin

  • Add at least one Cisco UCS Central account.

  • Complete the prerequisites for Cisco UCS Central.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Click Summary.

Step 4

Click Register with UCS Central.

Step 5

On the Register with UCS Central screen, do the following:

  1. In the UCS Central Hostname/IP Address field, enter the hostname or IP address of the Cisco UCS Central account.

    Note

     

    If you use a hostname rather than an IP address, configure a DNS server. If the Cisco UCS domain is not registered with Cisco UCS Central or DNS management is set to local, configure a DNS server in Cisco UCS Manager. If the Cisco UCS domain is registered with Cisco UCS Central and DNS management is set to global, configure a DNS server in Cisco UCS Central.

  2. In the Shared Secret field, enter the shared secret (or password) for the Cisco UCS Central account.

  3. Click Submit.

Unregistering a Cisco UCS Manager Account from Cisco UCS Central

When you unregister a Cisco UCS Manager account from Cisco UCS Central, the Cisco UCS Manager account no longer receives updates to global policies.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Click Summary.

Step 4

Click the drop-down menu button and choose Unregister from UCS Central.

Step 5

In the Unregister from UCS Central dialog box, click Submit.

Making a Policy, Service Profile, or Service Profile Template Global

Configure a policy, service profile, or service profile template as global through the Cisco UCS Manager account.

Before you begin

Register the Cisco UCS Manager account with the Cisco UCS Central account.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Navigate to where the policy is located.

  • For a service profile, click Service Profiles.

  • For a service profile template or a policy such as a vHBA template, click Organizations, click View Details, and then click the organization that includes the template or policy.

Step 4

Click the row for the policy, service profile, or service profile template that you want to make global.

Step 5

From the More Actions drop-down menu, choose Use Global.

For some service profiles or policies, click the drop-down menu button and choose Use Global from the menu.

Step 6

On the Use Global screen, click Submit.

Making a Policy, Service Profile, or Service Profile Template Local

Configure a policy, service profile, or service profile template as local through the Cisco UCS Manager account.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Click Service profile, or Organization.

  • For a service profile, click Service Profiles.

  • For a service profile template or a policy such as a vHBA template, click the Organizations tab, click View Details, and then click the organization that includes the template or policy.

Step 4

Click the row in the table for the policy, service profile, or service profile template that you want to make local.

Step 5

From the More Actions drop-down menu, choose Use Local.

For some service profiles or policies, click the drop-down menu button and choose Use Local from the menu.

Step 6

In the Use Local dialog box, click Submit.

Organizations

Organizations in a Multitenancy Environment

Multi-tenancy allows you to divide the large physical infrastructure of an Cisco UCS domain into logical entities known as organizations. As a result, you can achieve a logical isolation between organizations without providing a dedicated physical infrastructure for each organization.

You can assign unique resources to each tenant through the related organization in the multi-tenant environment. These resources can include different policies, pools, and quality of service definitions. You can also implement locales to assign or restrict user privileges and roles by organization, if you do not want all users to have access to all organizations.

If you set up a multi-tenant environment, all organizations are hierarchical. The top-level organization is always root. The policies and pools that you create in root are system-wide and are available to all organizations in the system. However, any policies and pools created in other organizations are only available to organizations that are above it in the same hierarchy. For example, if a system has organizations named Finance and HR that are not in the same hierarchy, Finance cannot use any policies in the HR organization, and HR cannot access any policies in the Finance organization. However, both Finance and HR can use policies and pools in the root organization.

If you create organizations in a multi-tenant environment, you can also set up one or more of the following for each organization or for a sub-organization in the same hierarchy:

  • Resource pools

  • Policies

  • Service profiles

  • Service profile templates

The root organization is always the top level organization.

Creating an Organization

You can create a top-level organization which is the root. The policies and pools created in this root are system-wide and are available to all organizations in the system.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Click Organizations.

Step 4

Click Add.

Step 5

On the Add Organization screen, complete the following fields:

  1. In the Name field, enter a name for the organization.

  2. In the Description field, enter a description for the organization.

    The UCS Account Name field is pre-populated with the name of the Cisco UCS Manager account that you are adding the Organization for.

  3. From the Parent Organization drop-down list, choose the organization under which this organization will reside.

Step 6

Click Submit.

Locales

Each locale defines one or more organizations to which a user is allowed access, and access would be limited to the organizations specified in the locale. One exception to this rule is a locale without any organizations, which gives unrestricted access to system resources in all organizations.

A Cisco UCS domain can contain up to 48 locales. Any locales configured after the first 48 are accepted, but will be inactive with faults raised.

You can hierarchically manage organizations. A user that is assigned at a top-level organization has automatic access to all organizations under it. For example, an Engineering organization can contain a Software Engineering organization and a Hardware Engineering organization. A locale containing only the Software Engineering organization has access to system resources only within that organization. A locale that contains the Engineering organization has access to the resources for both the Software Engineering and Hardware Engineering organizations.

Creating a Locale

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Click Locales.

Step 4

Click Add.

Step 5

On the Add Locale screen, complete the following fields:

  1. In the Name field, enter a name for the Locale.

  2. In the Description field, enter a description for the Locale.

    The UCS Account Name field is pre-populated with the name of the Cisco UCS Manager account you are working on.

  3. In the Organizations field, select the chek box for the organizations that you want to add to the locale.

Step 6

Click Submit.

Time Zones

Cisco UCS requires a domain-specific time zone setting and an NTP server to ensure the correct time displays in . If you do not configure time zones, the time might not display correctly.

In addition, if your environment includes Cisco UCS Central, you must configure an NTP server and the correct time zone in Cisco UCS Manager and Cisco UCS Central to ensure that they are in sync. If the time and date in the Cisco UCS domain and Cisco UCS Central are out of sync, the registration might fail.

Adding a Time Zone

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Click Time Zone.

Step 4

Click Add.

Step 5

On the Add Time Zone screen, do the following:

  1. In the NTP Server Name field, enter the IP address or hostname of the NTP server for this time zone.

  2. Click Submit.

Cloning a Policy

You can clone some policies and create a copy with the same settings as the original policy.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Navigate to where the policy is located.

For example, if you want to clone a boot policy, click Organizations, click the organization in which you want to clone a policy, and then click View Details.

Step 4

Click the tab for the type of policy that you want to clone.

For example, if you want to clone a boot policy, click Boot Policies.

Step 5

Choose the policy that you want to clone and from More Actions drop-down menu, choose Clone.

Step 6

Change the name of the policy and, if desired, the values of the other fields.

Step 7

Click Submit.

Deleting a Pool, Policy, or Other Object

The method you use to delete a pool, policy, or other object, such as a VLAN, is the same for all objects.


Note

Before you delete an object, ensure that it is not used or referenced by another object in the system. For example, before you delete a network policy, ensure that a service profile does not reference that policy.

Procedure

Step 1

Choose Physical > Compute.

Step 2

On Compute page, choose the pod that includes the Cisco UCS Manager account.

Step 3

Navigate to where the object is located.

For example, if you want to delete a VLAN, click VLANs.

Step 4

Choose the object that you want to delete.

Step 5

From More Actions drop-down menu, choose Delete.

Step 6

Click Delete.