UCS Deployment Guide – Service Profile Building Blocks – Part 3

3.1 First things first: What is a Service Profile

Every server that is provisioned in the Cisco Unified Computing System is specified by a service profile. A service profile is a software definition of a server and its LAN and SAN network connectivity, in other words, a service profile defines a single server and its storage and networking characteristics. Service profiles are stored in the Cisco UCS Series Fabric Interconnects through UCSM. When a service profile is deployed to a server, UCS Manager automatically configures the server, adapters, fabric extenders, and fabric interconnects to match the configuration specified in the service profile. This automation of device configuration reduces the number of manual steps required to configure servers, network interface cards (NICs), host bus adapters (HBAs), and LAN and SAN switches.

Nevertheless, the service profile leverages configuration policies that were created by the server, network, and storage administrators.

3.2 Create the sub-organization

In one UCS domain, you may have one or several chassis connected to it to be managed. Remember that one UCS domain is a basically a cluster of two connected FIs, that are managed by UCSM, to administer one or more chassis in your environment. From management perspective, these chassis are managed via one UCSM. From administrative perspective, many entities or tenants may exist in your environments. For example, you may want to separate the HR environment from the Finance one, the production environment from the DMZ one, and each administrator will be responsible or their own environment and  their related objects (Chassis, Servers, Resource Pools, Policies, Service Profiles, …etc)

For this, UCS uses the concept of Organizations. UCS Organizations or Sub-Organizations are administrative domains to which privileged users can assign physical and logical resources. These resources include policies, pools, and physical infrastructure. Users create organizations and assign resources to them to provide a logical separation between the resources of different groups and to restrict access to these resources.

UCSOrganizations

Let’s see how to create a UCS Organization.

Go to Servers tab > Expand Servers > Service Profiles > root >Sub-Organization > right click and Create Organization

UCS-CreateSubOrganization Give it a Name and a Description and click OK

UCS-CreateSubOrganization

In a multi-tenant environment, and once the Organization or  Sub-Organization created, we can use this logical object to create the corresponding resources and pools needed to build the related Service Profiles.

Note: The root organization is always the top level organization, and nothing is usually created on it.

We can see that our Sub-Organization is created now.

UCS-CreateSubOrganization
3.3 The Service Profile’s building block – Policies, Resource Pools,  and Templates

 

As mentioned, a service profile is a software definition of a server and its LAN and SAN network connectivity, It is a kind of configuration file that describe the logical characteristics or our piece of compute: the server. To create this so needed Service Profile so that a UCS server can be usable, some logical sub-componenents need to be created and configured before. These are Policies, Resource Pools, and Templates.

Policies are used to describe the common behavior and configuration of the server (Boot Policy, Local Disk RAID configuration, Boot Order Policy, …etc)

Resource Pools are used as logical resource ranges (UUIDs Pool, MACs Pool, WWNNs Pool, Managment IP Pool) that will be used by each Service Profile created in the organization. Hence, during the creation of a Service Profile, it will grab a Universally Unique ID, a MAC address, a WWNN/WWPN address, an Out-of-Band Mgmt IP from the available pools created to serve it.

Templates are all about the configuration of the vNICs (VLAN configuration, QoS, etc…) and vHBAs (storage configurations, VSAN, …etc) that will be assigned to the server.

Imagine a Service Profile as house and its Policies, Resource and Templates, as its foundation blocks (bricks, widows, doors, …etc).

And, because a picture is worth a thousand words

ServiceProfile

3.4 Policies

3.4.1 Power Configuration Settings and Chassis Discovery Policy

These two polices are know as global policies. They are not mandatory to build a Service Profile, but they are very important for any successful UCS deployment. Power Configuration Settings, or PSU policy, is a global policy that specifies the redundancy for power supplies in all chassis in the Cisco UCS instance, and Chassis Discovery Policy determines how the system reacts when you add a new chassis, as it determines the minimum threshold for the number of links between the chassis and the fabric interconnect and whether to group links from the IOM to the fabric interconnect in a fabric port channel.

In our deployment, we have configured the UCSM Chassis Discovery Policy to add any chassis connected to each FI with two links, with no Port Channel, and the Power Configuration Policy as N+1, which calculates the total number of power supplies to satisfy non-redundancy, plus one additional power supply for redundancy, are turned on and equally share the power load for the chassis. If any additional power supplies are installed, Cisco UCS Manager sets them to a “turned-off” state.

To configure these two policies, go to Equipment node > Policies tab > Policies tab > Global Policies sub-tab

UCS-Power&CDP-Policies

 

3.4.1 Local Disk Policy

Local Disk Policy configures any optional SAS local drives that have been installed on a server through the onboard RAID controller of the local drive. Hence, it enables you to set a local disk mode (RAID0, RAID1, RAID5, …etc) for all servers that are associated with a Service Profile.

To create a RAID1 Disk Local Policy, go to Servers tab > expand Servers  > Policies > expand the Organization where the policy needs to be created, in our case DMZ > Right click and Create Local Disk Configuration Policy

UCS-LocalDiskPolicy Give it a Name and choose a Mode. In my case, I’ll go ahead with RAID 1 Mirrored. Click OK once done.UCS-LocalDiskPolicy UCS-LocalDiskPolicy UCS-LocalDiskPolicy

3.4.5 Boot Order Policy

This policy overrides the boot order in the BIOS setup menu, and also determines the selection of the boot device, location from which the server boots, and the order in which boot devices are invoked. For any deployment. we want our servers to boot from CIMC Mounted CD/DVD. CIMC stands for Cisco Integrated Management Controller, and and it is Cisco implementation on IPMI Out-of-Band Management. It’s kinda similar to HP iLO, or IBM RSA, or Dell iDRAC.

We’ll proceed with one Boot Order Policy with a CIMC DVD as first boot device, and local disk as second boot device.

To create a RAID1 Disk Local Policy, go to Servers tab > expand Servers > Policies > expand the Organization where the policy needs to be created, in our case DMZ > Right click and Create Boot Policy

UCS-BootPolicy

Give it a Name and choose a Boot Mode, then expand CIMC Mounted vMedia and click on Add CIMC Mounted CD/DVD.

UCS-BootPolicy

Once done. we need to add a local disk as second boot device once the system is installed. Expand Add Local Disk, and click on Add Local LUN. No need to add any specific local LUN image path, just click OK

2016-11-01-15_18_18-dr-ucs1-dmz01-unified-computing-system

Our two boot devices (CIMC DVD and local disk) are now added. Click OK twice.

UCS-BootPolicy

UCS-BootPolicy
3.4.6 QoS Policies

Because Cisco UCS is a converged infrastructure, it operates by grouping and consolidating multiple traffic into a unified single hardware. Hence, all Ethernet and FC traffic are converged into a single media starting from the FEX to the FI. Consequently, and to avoid any traffic-contention situation where one type of traffic would consume all the available bandwidth at the expense of all other traffics,  Quality of Service (QoS) needs to be configured.

In this deployment, we’ll create four traffic policies, one for FiberChannel (FC) traffic, one for Management and vMotion traffic, one for VMs data traffic, and one for iSCSI traffic. For each policy, we’ll have a priority as below:

Policy: DMZ-FC – Priority: Fc

Policy: DMZ-MGMT- Priority: Bronze

Policy: DMZ-DATA – Priority: Gold

Policy: DMZ-iSCSI- Priority: Platinum

These QoS polices will be assigned to vHBA templates (MZ-FC) and vNIC templates (DMZ-MGMT, DMZ-DATA, DMZ-iSCSI) later in this post.

To create a QoS Policy, go to LAN Tab > expand LAN > Policies >  expand the Organization where the policy needs to be created, in our case DMZ > Right click and Create Qos Policy.

UCS-QoSPoliciesGive it a Name and choose a Priority, then click on OK.

UCS-QoSPolicies UCS-QoSPolicies UCS-QoSPolicies Follow the same process to create the other policies. We’ll end up with the four policies below.

UCS-QoSPolicies

 

 

 

3.5 Resource Pools

Resource pools come in two different flavors – physical pools and virtual pools. Physical pools are hardware related (a Server Pool for example), while virtual pools contain information. Virtual Pool examples include UUID Pools, MAC Pools, WWNN pools, etc…

Virtual pools give the ability to create pools of MAC Addresses, WWNNs, and UUIDs that will be provisioned to blade servers via the Service Profiles that will be created and assigned to them later on.

Let’s see the virtual resource pools that will be created in this deployment, and their along with the values assigned to them

Pool Name Size Note
UUID DMZ-UUIDs 256 Unique Identifiers pool for servers
Management IP DMZ-MgmtIP 16 Mgmt OoB IPs pool. Used for IPMI OoB connectivity
MAC-A DMZ-MAC-A 256 MAC addr pool used by FI-A connectivity
MAC-B DMZ-MAC-B 256 MAC addr pool used by FI-B connectivity
WWNN DMZ-WWNNs 256 WWNNs value for servers’ storage connectity
WWPN DMZ-WWPN-A 256 WWPNs value for servers’ storage connectity through FI-A
WWPN DMZ-WWPN-B 256 WWPNs value for servers’ storage connectity through FI-B

3.5.1 Universally Unique Identifier (UUID) Suffix Pools

The UUID is a 128-bit number (32 hex digits, 16 groups of 2 hex digits). It is supposed to uniquely identify a component worldwide. There are various UUID generation algorithms. You can also use a UUID suffix pool. The Cisco UCS Manager automatically generate.

To create a UUID pool, go to Server Tab > expand Pools> Policies > expand the Organization where the policy needs to be created, in our case DMZ > Right click and Create UUID Suffix Pool.

UCS-UUID-Pools Give it a Name and a Description, and choose a Prefix type and an Assignment Order

UCS-UUID-Pools Click on the Add button to add the pool

UCS-UUID-Pools It’s a good idea to start your prefix with a value that you know will not overlap with other possible future UUID. In my pool, I’ve put D (from DMZ) in the 6th caracter. The UUID pool will contain 256 values.

UCS-UUID-Pools Click on OK then Finish

UCS-UUID-Pools UCS-UUID-Pools

3.5.2 Management IP Addresse Pools

Each server in a Cisco UCS domain must have a management IP address assigned to its Cisco Integrated Management Controller (CIMC) or to the service profile associated with the server. Cisco UCS Manager uses this IP address for external access that terminates in the CIMC.

To create a Management IP Addresses pool, go to LAN Tab > expand Pools > expand the Organization where the policy needs to be created, in our case DMZ > IP Pools > Right click and Create IP Pool.

UCS-MGMT-IPs UCS-MGMT-IPs Give it a Name and a Description

UCS-MGMT-IPsClick on the Add button to add the pool

UCS-MGMT-IPsSpecify the range starting value, a subnet, the DNS addresses, a default gateway, and the size of the IP pool. For security reasons, I always put a size that equals the number of servers I have in the current environment. If further servers would be added later, another range may be added accordingly.

UCS-MGMT-IPs Click on Next

UCS-MGMT-IPs You might or not skip the IPv6 configuration. It depends whether you have an IPv6 infrastructure or not.

UCS-MGMT-IPs UCS-MGMT-IPs

3.5.3 MAC Address Pools

MAC pools are a range of MAC addresses created by the UCS/Network administrator in order to be used by Service Profiles. Once a MAC is associated to a Service Profile, it stays with that profile until it is deleted. Any blade that gets associated to the Service Profile receives that MAC address to be used at runtime.

As each UCS server will have at least two NIC cards, represented as vNIC in UCS Manager (UCSM), two ranges will have to be created, one for the Server to FEX-A to FI-A connectivity, and the other one for the Server to FEX-B to FI-B connectivity.

To create a MAC pool , go to LAN Tab > expand Pools > expand the Organization where the policy needs to be created, in our case DMZ > MAC Pools > Right click and Create MAC Pool.

UCS-MAC-PoolsGive it a Name and a Description, and choose an an Assignment Order, then click on NextUCS-MAC-Pools Click Add to add a new MAC addresses range

UCS-MAC-Pools Specify the prefix from your range after the 00:25:B5 valuer, we’ll use in this deployment a range of 256 values with a prefix starting with DA, as shown below

UCS-MAC-Pools Click Finish to create the pool

UCS-MAC-Pools

UCS-MAC-PoolsAs mentionned before, once the first range is created, a second range for the second vNIC connectivity needs to be created. The screenshot below shows both MAC address ranges created.

UCS-MAC-Pools

3.5.4 WWNN and WWPN Pools

WWNN and WWPN pools are a list of the WWN SAN addresses created by the UCS/Storage administrator in order to be used by Service Profiles. Once a WWN/WWPN is associated to a Service Profile, it stays with that profile until it is deleted. Any blade that gets associated to the Service Profile receives that WWNN/WWPN address to be used at runtime.

3.5.4.1 WWNN

To create a WWNN pool , go to SANTab > expand Pools > expand the Organization where the policy needs to be created, in our case DMZ > WWNN Pools > Right click and Create WWNN Pool.

 

UCS-WWNN-Pools

Click on Add to add the WWNN pool

UCS-WWNN-Pools

 

Put the size of your WWNN block, in my case 256 values will be enough. In case you have several UCS domains in your environment, make sure to customize the From value to ensure the uniqueness of the WWNNs blocks in each UCSM manager in your infrastructure. In my case, I have put DA in the 6th octet, and the size is 256. Hence, the WWNN wil have a prefix of 0:00:00:25:B5:DA:XX:XX

UCS-WWNN-Pools

Once you are sure about the inserted values. Click on OK

UCS-WWNN-Pools

Review the From and To values, then click on Finish to confirm the WWNN pool creation.

3.5.4.2 WWPN

Once WWNN pool is done. We’ll need to create two WWPN pools, one for each vHBA connected to each FEX.

I will not go through the process to create WWPN pools, because it is the same as creating WWNN pools, except that you’ll right click on WWPN Pools instead, as shown below

UCS-WWPN-Pools

The details of both WWPN pools that I have created in my deployment are show below

Name
Size Prefix Note
DMZ-WWPN-A 256 20:00:00:25:B5:DA:A0:XX For FEX-A connectivity
DMZ-WWPN-B 256 20:00:00:25:B5:DA:B0:XX For FEX-B connectivity

 

UCS-WWPN-Pools

 

 

3.5.5 VLANs, vNIC and vHBA Templates

vNIC templates are used to define how a vNIC on a server connects to the LAN. You can view all existing vNIC templates on the Templates page. Creating vNIC template pairs enables you to group vNICs that belong to a specific server. For example, you can create a vNIC template and specify it as the primary template for a group of vNICs. By doing so, the vNICs will inherit all the configuration which was already done in the vNIC template, which are: Network Control Policy, QoS Policy, Template Type, Connection Policies, VLANs, MTUs,…

vHBA templates are policies used to define how a vHBA on a server connects to the SAN. They are also referred to as a vHBA SAN connectivity templates.

You need to include both templates in a service profile for it to take effect.

It is woth noting that for creating a vNIC template, we need to create initially the VLANs needed in our organization, as these will be included in the vNIC template itself.

3.5.5.1 UCS VLANs

In the Cisco UCS, a named VLAN creates a connection to a specific external LAN. The VLAN isolates traffic to that external LAN, which includes any broadcast traffic. Therefore, and for a fully productive environment, a discussion needs to be done with the Network team to agree about all the existing and future needed VLANs that you’ll have on your environment, and these ones need to be created in UCSM.

To create a VLAN in UCSM, go to LAN Tab > expand LAN > Right click on VLAN and Create VLAN

UCS-NetworkConfig

Give a VLAN Name and VLAN ID. Note that you may also provide a VLAN Prefix and give a range of VLAN IDs that need to be created. In the screenshot below, I have put a prefix of DMZ-VLAN- and a range from 21 to 24.

This will create DMZ-VLAN-21 to DMZ-VLAN-24.

I have also chosen my VLANs to be global, which means that they will be created on both FIs.

UCS-NetworkConfig UCS-NetworkConfig

VLANs from DMZ-VLAN-21 to DMZ-VLAN-24 created

UCS-NetworkConfig

Once done, you need to grant the permission to your organization to be able to access and see the create VLANs. This is a very important point, as failing to do so will not display that list of VLANs when you are assigning the corresponding VLANs to the vNIC templates while creating the Service Template.

To grant your organization to be able to use the newly created VLANs, go to the VLAN properties > Org Permissions tab > Click Add and Choose the appropriate organization, which in my case is DMZ

UCS-NetworkConfig  UCS-NetworkConfig UCS-NetworkConfig UCS-NetworkConfig

3.5.5.2 vNIC Templates

In my deployment, I will create 6 vNIC templates, named vNIC00 to vNIC06, and having the following configuration

Template Name
Fabric
Template Type
MAC Pool
QoS Policy
Use
vNIC00 A Updating Template  DMZ-MAC-A  DMZ-MGMT Management traffic
vNIC01 B Updating Template  DMZ-MAC-B  DMZ-MGMT Management traffic
vNIC02 A Updating Template DMZ-MAC-A DMZ-MGMT vMotion traffic
vNIC03 B Updating Template DMZ-MAC-B DMZ-MGMT vMotion traffic
vNIC04 A Updating Template DMZ-MAC-A DMZ-DATA Data traffic
vNIC05 B Updating Template DMZ-MAC-B DMZ-DATA Data traffic

To create a vNIC Template, go to

UCS-vNICTemplates

Provide a vNIC Template Name, choose the Fabric Interconnect ID, and select the Template Type, and finally assign the VLANs that were already created in your environment. Choose the VLAN (Mgmt, vMotion, Data VLANs, iSCSI) to its corresponding vNIC Template.

UCS-vNICTemplates UCS-vNICTemplates

Provide the MAC pool from which the vNIC will leverage its MAC value, select a QoS Policy and eventually a Network Control Policy

UCS-vNICTemplates UCS-vNICTemplates UCS-vNICTemplates

Once our vNICs templates created, they will appear in UCSM

UCS-vNICTemplates

UCS-vNICTemplates

3.5.5.3 vHBA Templates

In my deployment, I will create two vHBA templates, named vHBA00 and vHBA01, both are in the same default VSAN, and having the following configuration

Template Name
Fabric
Template Type
WWPN Pool
QoS Policy
vHBA00 A Updating Template  DMZ-WWPN-A  DMZ-FC-Policy
vHBA01 B Updating Template  DMZ-WWPN-A  DMZ-FC-Policy

To create a vHBA Template, go to SAN tab > expand SAN > Policies > Expand the node for the organization where you want to create the policy, in our case DMZ > Right-click the vHBA Templates and Create vHBA Template.

UCS-vHBATemplates

Provide a Name, the Fabric Interconnect ID, the Template Type, the WWPN Pool, and the QoS Policy. Then, check your input and click on OK to create the vHBA template

UCS-vHBATemplates

Once our both vHBA templates created, they will be shown in UCSM

UCS-vHBATemplates

3.6 Summary

In this post, we have defined what was a Service Profile and have gone through the creation and configuration of the components needed to create it. Therefore, we have created Policies, Resource Pools, and Templates and also configured the needed VLANs in our UCS environment.

In the next post will be final one of these post series, where we will be able to create the Service Profiles and assign them to our servers. Everything has been prepared and the Service Profile creation part will be a piece of cake. See you in the next post then!

 

Find this post interesting. Share it!

1 Comment

  1. Pingback: Cisco UCS Deployment Guide – vAdmin-Land

Leave a Comment

Your email address will not be published. Required fields are marked *