SlideShare ist ein Scribd-Unternehmen logo

UCS Security and High Availability Configuration Guide

Als PPTX, PDF herunterladen
Krunal Shah
Krunal Shah

This document provides information on various topics related to UCS security including system policies, high availability, system events, SNMP, firmware, and TAC information. It discusses how high availability is achieved in UCS through clustering of fabric interconnects, replication of data between nodes, and use of chassis EEPROM. It also describes fault states, severity levels, and how to view system events and collect TAC support information.

TechnologieNews & Politik
1 von 19
UCS Security www.silantia.com1  System Policies  High Availability  System Events  SNMP  Firmware  TAC Information
System Policies www.silantia.com2
Overview of High Availability www.silantia.com3
High Availability www.silantia.com4  Two fabric interconnects two IOM per chassis so two data paths. Per blade.  Clustering of FI requires same UCS manager version and same model of FI.  Clustering is done thru L1 and L2 port on Fabric interconnect. These ports are non-configurable.  L1-L2 ports 1000BaseTX using straight through Cat6 cable  Pre-configured to run LACP and CDP.  Links are 802.3ad bond managed by underlying OS.
High Availability www.silantia.com5  Cisco UCS manager controller:  Distributed application runs on both the primary and subordinate UCS manager instance  Each instance is represented by node ID  Separate process running on Cisco NX-OS  Defines running mode UCS manager processes  Cisco NX-OS:  Starts all Cisco UCS manager processes  Monitors and restart UCS manager processes.
High Availability www.silantia.com6  Local Storage:  NVRAM and flash stores static data  Read and written but local Cisco UCS manager instance  Replicated when both nodes are up  Chassis EEPROM  Serial EEPROM stores state data  Upto 3 chassis has its EEPROM written with state information in two partitions.  Read and written by both chassis management controller  Used to assist the Cisco UCS manager in determining state of the cluster.
Viewing and Changing Management HA www.silantia.com7  connect local-mgmt  dc101-A# sh cluster extended-state  Cluster Id: 0x898942147f8311e2-0x8af9547feeed8104  Start time: Sun May 26 18:36:30 2013  Last election time: Sun May 26 18:36:33 2013  A: UP, PRIMARY  B: UP, SUBORDINATE  A: memb state UP, lead state PRIMARY, mgmt services state: UP  B: memb state UP, lead state SUBORDINATE, mgmt services state: UP  heartbeat state PRIMARY_OK  INTERNAL NETWORK INTERFACES:  eth1, UP  eth2, UP  HA READY  Detailed state of the device selected for HA storage:  Chassis 1, serial: FOX1450H4JK, state: active  dc101-A#  cluster lead  cluster force L1 and L2 ports Serial EEPROM Chassis
High Availability (split brain issues) www.silantia.com8  Partition in space:  A partition in space occurs when the private network fails (no path from L1 to L1 and L2 to L2)  There is a risk of active-active management node.  Both nodes are demoted to subordinate and a quorun race begins.  The node that claims the most resources wins.  Partition in time:  A partition in time occurs when a node boots alone in the cluster.  Node compares its database version against the serial EEPROM and discovers that its version number is lower than current database version.  There is risk of applying an old configuration to UCS components.  This node will not become the active management node.
System Events www.silantia.com9
Fault severity www.silantia.com10 Severity Description Critical A service-affecting condition that requires immediate corrective action. This severity might indicate that the managed object is out of service and its capability must be restored. Major A service-affecting condition that requires urgent corrective action, This severity might indicate a severe degradation in the capability of managed object and that its full capability must be restored. Minor A non-service impacting fault condition that requires corrective action to prevent a mode serious fault from occurring,. Warning A potential service-affecting fault that currently has no significant effects in the system. Condition An informational message about a condition, possibly independently insignificant. Info A basic notification or informational message, possibly independently insignificant.
Fault states www.silantia.com11 State Description Active A fault was raised and it currently active Cleared A fault was raised but did not reoccur during the flapping interval. The condition that caused the fault has been resolved, and the fault has been cleared Flapping A fault was raised, cleared, and then raised again within a short time interval, known as flap interval. Soaking A fault raised and then cleared but since it was a flapping condition, the fault severity remains at its original active value, but this state indicates that condition that raised the fault has cleared.
System Events settings www.silantia.com12 Admin Tab- >Fault,events and audit log -> Settings
SNMP www.silantia.com13
SNMP www.silantia.com14  All SNMP versions are supported. V1,v2c and v3.  Username and password is configurable on device for SNMP version 3.  Source IP address of all SNMP transaction uses cluster IP address.  Admin Tab -> Communication management -> Communication services -> SNMP
Firmware www.silantia.com15
Firmware www.silantia.com16  UCSM, IOM and Fabric interconnect upgrade  Following steps are done under Equipment-> firmware management - > Update/Activate firmware.  Activate Cisco UCS Manager new image  Activate the I/O modules new image  Activate the subordinate fabric interconnect new image  Manually failover the primary fabric interconnect to the fabric interconnect that has already been upgraded.  This step is done thru command line using following command  UCS-A (local-mgmt) # cluster {force primary | lead {a | b}}  Verify that the data path has been restored.  Activate the primary fabric interconnect new image  Note: During fabric interconnect upgrade each blade will lose one path but other path is available so fabric failover from UCS and/or vmware nic teaming should work.  Upon activating IOM image, does not reboot the IOM, IOM reboots and upgrade when connected fabric interconnect reboots and upgraded.
Firmware www.silantia.com17  Host firmware packages.  Grouping of Adapter, BIOS, Board controller, Storage controller firmwares in to an entity which can be then used in service profile.  Management firmware packages.  Set of CIMC images for different kinds of blades.  When above applied to a service profile which is already associated it will trigger maintenance task. Depends on how it is scheduled this firmware updates will be applied.
TAC Information www.silantia.com18  Go to Admin Tab click on All and then “Collect TAC specific information”
TAC Information www.silantia.com19  cisco-ucspe# connect local-mgmt  cisco-ucspe(local-mgmt)# show tech-support  chassis Chassis  fex FEX (fabric-extender) Module  server Rack Server  ucsm UCSM  ucsm-mgmt UCSM Management(excludes fabric interconnect)  cisco-ucspe(local-mgmt)# show tech-support chassis 1 cimc 2  cisco-ucspe(local-mgmt)# show tech-support chassis 1 iom 1

Empfohlen

Vpc notes
Vpc notesVpc notes
Vpc notesKrunal Shah
 
Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...crojasmo
 
vPC_Final
vPC_FinalvPC_Final
vPC_FinalPratik Bhide
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEnetworkershome
 
Otv notes
Otv notesOtv notes
Otv notesKrunal Shah
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEnetworkershome
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchAruba, a Hewlett Packard Enterprise company
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)KHNOG
 

Empfohlen

Vpc notes
Vpc notesVpc notes
Vpc notesKrunal Shah
 
Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...crojasmo
 
vPC_Final
vPC_FinalvPC_Final
vPC_FinalPratik Bhide
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEnetworkershome
 
Otv notes
Otv notesOtv notes
Otv notesKrunal Shah
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEnetworkershome
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchAruba, a Hewlett Packard Enterprise company
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)KHNOG
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelesskratos2424
 
VXLAN
VXLANVXLAN
VXLANSAliyev1
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric pathASHISH SEHGAL
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010irbas
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service NodeDavid Lapsley
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1ronsito
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingMuhd Mu'izuddin
 
VTP
VTPVTP
VTPHaidar-Mohammed
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtpHector Camba Lainez
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.igede tirtanata
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwardingMohammed Umair
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
Configure vtp
Configure vtpConfigure vtp
Configure vtpJavier Jimenez
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN RoutingNetwax Lab
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchAruba, a Hewlett Packard Enterprise company
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtpMilton Bengui
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlanSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Varun Mahajan
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingOlivier Cervello
 

Weitere ähnliche Inhalte

Was ist angesagt?

VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelesskratos2424
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010irbas
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service NodeDavid Lapsley
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1ronsito
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingMuhd Mu'izuddin
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.igede tirtanata
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwardingMohammed Umair
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN RoutingNetwax Lab
 

Was ist angesagt? (20)

Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wireless
 
VXLAN
VXLANVXLAN
VXLAN
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
 
VTP
VTPVTP
VTP
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtp
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwarding
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
 
Configure vtp
Configure vtpConfigure vtp
Configure vtp
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN Routing
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlan
 

Ähnlich wie UCS Security and High Availability Configuration Guide

Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Varun Mahajan
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingOlivier Cervello
 
Cisco asa active,active failover configuration
Cisco asa active,active failover configurationCisco asa active,active failover configuration
Cisco asa active,active failover configurationIT Tech
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Pms System Training
Pms System TrainingPms System Training
Pms System Trainingvkmalik
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2Lori Head
 
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...EMERSON EDUARDO RODRIGUES
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commandsssusere31b5c
 
BKK16-208 EAS
BKK16-208 EASBKK16-208 EAS
BKK16-208 EASLinaro
 
data-link layer protocols
data-link layer protocols data-link layer protocols
data-link layer protocols BE Smârt
 
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsHA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsKashif Latif
 
Analysis optimization and monitoring system
Analysis optimization and monitoring system Analysis optimization and monitoring system
Analysis optimization and monitoring system slmnsvn
 
Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9encikkidal
 
Q2.12: Power Management Across OSs
Q2.12: Power Management Across OSsQ2.12: Power Management Across OSs
Q2.12: Power Management Across OSsLinaro
 
OSX Complex Application Challenge Architecture
OSX Complex Application Challenge ArchitectureOSX Complex Application Challenge Architecture
OSX Complex Application Challenge ArchitectureCocoaHeads France
 
Pandora FMS: Hyper V Plugin
Pandora FMS: Hyper V PluginPandora FMS: Hyper V Plugin
Pandora FMS: Hyper V PluginPandora FMS
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501robertguerra
 

Ähnlich wie UCS Security and High Availability Configuration Guide (20)

Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-scheduling
 
Cisco asa active,active failover configuration
Cisco asa active,active failover configurationCisco asa active,active failover configuration
Cisco asa active,active failover configuration
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
Pms System Training
Pms System TrainingPms System Training
Pms System Training
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
 
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
 
lecciones ccna3
lecciones ccna3lecciones ccna3
lecciones ccna3
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
 
BKK16-208 EAS
BKK16-208 EASBKK16-208 EAS
BKK16-208 EAS
 
Fault tolerance
Fault toleranceFault tolerance
Fault tolerance
 
data-link layer protocols
data-link layer protocols data-link layer protocols
data-link layer protocols
 
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsHA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy Groups
 
Analysis optimization and monitoring system
Analysis optimization and monitoring system Analysis optimization and monitoring system
Analysis optimization and monitoring system
 
Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9
 
Q2.12: Power Management Across OSs
Q2.12: Power Management Across OSsQ2.12: Power Management Across OSs
Q2.12: Power Management Across OSs
 
OSX Complex Application Challenge Architecture
OSX Complex Application Challenge ArchitectureOSX Complex Application Challenge Architecture
OSX Complex Application Challenge Architecture
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
Pandora FMS: Hyper V Plugin
Pandora FMS: Hyper V PluginPandora FMS: Hyper V Plugin
Pandora FMS: Hyper V Plugin
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
 

Mehr von Krunal Shah

Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-psKrunal Shah
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part iiKrunal Shah
 
Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Krunal Shah
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center supportKrunal Shah
 

Mehr von Krunal Shah (7)

Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-ps
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part ii
 
Nexus 1000v
Nexus 1000vNexus 1000v
Nexus 1000v
 
Ha nsf notes
Ha nsf notesHa nsf notes
Ha nsf notes
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
 
Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 

Kürzlich hochgeladen

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

UCS Security and High Availability Configuration Guide

  • 1. UCS Security www.silantia.com1  System Policies  High Availability  System Events  SNMP  Firmware  TAC Information
  • 3. Overview of High Availability www.silantia.com3
  • 4. High Availability www.silantia.com4  Two fabric interconnects two IOM per chassis so two data paths. Per blade.  Clustering of FI requires same UCS manager version and same model of FI.  Clustering is done thru L1 and L2 port on Fabric interconnect. These ports are non-configurable.  L1-L2 ports 1000BaseTX using straight through Cat6 cable  Pre-configured to run LACP and CDP.  Links are 802.3ad bond managed by underlying OS.
  • 5. High Availability www.silantia.com5  Cisco UCS manager controller:  Distributed application runs on both the primary and subordinate UCS manager instance  Each instance is represented by node ID  Separate process running on Cisco NX-OS  Defines running mode UCS manager processes  Cisco NX-OS:  Starts all Cisco UCS manager processes  Monitors and restart UCS manager processes.
  • 6. High Availability www.silantia.com6  Local Storage:  NVRAM and flash stores static data  Read and written but local Cisco UCS manager instance  Replicated when both nodes are up  Chassis EEPROM  Serial EEPROM stores state data  Upto 3 chassis has its EEPROM written with state information in two partitions.  Read and written by both chassis management controller  Used to assist the Cisco UCS manager in determining state of the cluster.
  • 7. Viewing and Changing Management HA www.silantia.com7  connect local-mgmt  dc101-A# sh cluster extended-state  Cluster Id: 0x898942147f8311e2-0x8af9547feeed8104  Start time: Sun May 26 18:36:30 2013  Last election time: Sun May 26 18:36:33 2013  A: UP, PRIMARY  B: UP, SUBORDINATE  A: memb state UP, lead state PRIMARY, mgmt services state: UP  B: memb state UP, lead state SUBORDINATE, mgmt services state: UP  heartbeat state PRIMARY_OK  INTERNAL NETWORK INTERFACES:  eth1, UP  eth2, UP  HA READY  Detailed state of the device selected for HA storage:  Chassis 1, serial: FOX1450H4JK, state: active  dc101-A#  cluster lead  cluster force L1 and L2 ports Serial EEPROM Chassis
  • 8. High Availability (split brain issues) www.silantia.com8  Partition in space:  A partition in space occurs when the private network fails (no path from L1 to L1 and L2 to L2)  There is a risk of active-active management node.  Both nodes are demoted to subordinate and a quorun race begins.  The node that claims the most resources wins.  Partition in time:  A partition in time occurs when a node boots alone in the cluster.  Node compares its database version against the serial EEPROM and discovers that its version number is lower than current database version.  There is risk of applying an old configuration to UCS components.  This node will not become the active management node.
  • 10. Fault severity www.silantia.com10 Severity Description Critical A service-affecting condition that requires immediate corrective action. This severity might indicate that the managed object is out of service and its capability must be restored. Major A service-affecting condition that requires urgent corrective action, This severity might indicate a severe degradation in the capability of managed object and that its full capability must be restored. Minor A non-service impacting fault condition that requires corrective action to prevent a mode serious fault from occurring,. Warning A potential service-affecting fault that currently has no significant effects in the system. Condition An informational message about a condition, possibly independently insignificant. Info A basic notification or informational message, possibly independently insignificant.
  • 11. Fault states www.silantia.com11 State Description Active A fault was raised and it currently active Cleared A fault was raised but did not reoccur during the flapping interval. The condition that caused the fault has been resolved, and the fault has been cleared Flapping A fault was raised, cleared, and then raised again within a short time interval, known as flap interval. Soaking A fault raised and then cleared but since it was a flapping condition, the fault severity remains at its original active value, but this state indicates that condition that raised the fault has cleared.
  • 12. System Events settings www.silantia.com12 Admin Tab- >Fault,events and audit log -> Settings
  • 14. SNMP www.silantia.com14  All SNMP versions are supported. V1,v2c and v3.  Username and password is configurable on device for SNMP version 3.  Source IP address of all SNMP transaction uses cluster IP address.  Admin Tab -> Communication management -> Communication services -> SNMP
  • 16. Firmware www.silantia.com16  UCSM, IOM and Fabric interconnect upgrade  Following steps are done under Equipment-> firmware management - > Update/Activate firmware.  Activate Cisco UCS Manager new image  Activate the I/O modules new image  Activate the subordinate fabric interconnect new image  Manually failover the primary fabric interconnect to the fabric interconnect that has already been upgraded.  This step is done thru command line using following command  UCS-A (local-mgmt) # cluster {force primary | lead {a | b}}  Verify that the data path has been restored.  Activate the primary fabric interconnect new image  Note: During fabric interconnect upgrade each blade will lose one path but other path is available so fabric failover from UCS and/or vmware nic teaming should work.  Upon activating IOM image, does not reboot the IOM, IOM reboots and upgrade when connected fabric interconnect reboots and upgraded.
  • 17. Firmware www.silantia.com17  Host firmware packages.  Grouping of Adapter, BIOS, Board controller, Storage controller firmwares in to an entity which can be then used in service profile.  Management firmware packages.  Set of CIMC images for different kinds of blades.  When above applied to a service profile which is already associated it will trigger maintenance task. Depends on how it is scheduled this firmware updates will be applied.
  • 18. TAC Information www.silantia.com18  Go to Admin Tab click on All and then “Collect TAC specific information”
  • 19. TAC Information www.silantia.com19  cisco-ucspe# connect local-mgmt  cisco-ucspe(local-mgmt)# show tech-support  chassis Chassis  fex FEX (fabric-extender) Module  server Rack Server  ucsm UCSM  ucsm-mgmt UCSM Management(excludes fabric interconnect)  cisco-ucspe(local-mgmt)# show tech-support chassis 1 cimc 2  cisco-ucspe(local-mgmt)# show tech-support chassis 1 iom 1