3.1 First things first: What is a Service Profile
Every server that is provisioned in the Cisco Unified Computing System is specified by a service profile. A service profile is a software definition of a server and its LAN and SAN network connectivity, in other words, a service profile defines a single server and its storage and networking characteristics. Service profiles are stored in the Cisco UCS Series Fabric Interconnects through UCSM. When a service profile is deployed to a server, UCS Manager automatically configures the server, adapters, fabric extenders, and fabric interconnects to match the configuration specified in the service profile. This automation of device configuration reduces the number of manual steps required to configure servers, network interface cards (NICs), host bus adapters (HBAs), and LAN and SAN switches.
Nevertheless, the service profile leverages configuration policies that were created by the server, network, and storage administrators.
3.2 Create the sub-organization
In one UCS domain, you may have one or several chassis connected to it to be managed. Remember that one UCS domain is a basically a cluster of two connected FIs, that are managed by UCSM, to administer one or more chassis in your environment. From management perspective, these chassis are managed via one UCSM. From administrative perspective, many entities or tenants may exist in your environments. For example, you may want to separate the HR environment from the Finance one, the production environment from the DMZ one, and each administrator will be responsible or their own environment and their related objects (Chassis, Servers, Resource Pools, Policies, Service Profiles, …etc)
For this, UCS uses the concept of Organizations. UCS Organizations or Sub-Organizations are administrative domains to which privileged users can assign physical and logical resources. These resources include policies, pools, and physical infrastructure. Users create organizations and assign resources to them to provide a logical separation between the resources of different groups and to restrict access to these resources.
Let’s see how to create a UCS Organization.
Go to Servers tab > Expand Servers > Service Profiles > root >Sub-Organization > right click and Create Organization
Give it a Name and a Description and click OK
In a multi-tenant environment, and once the Organization or Sub-Organization created, we can use this logical object to create the corresponding resources and pools needed to build the related Service Profiles.
Note: The root organization is always the top level organization, and nothing is usually created on it.
We can see that our Sub-Organization is created now.
3.3 The Service Profile’s building block – Policies, Resource Pools, and Templates
As mentioned, a service profile is a software definition of a server and its LAN and SAN network connectivity, It is a kind of configuration file that describe the logical characteristics or our piece of compute: the server. To create this so needed Service Profile so that a UCS server can be usable, some logical sub-componenents need to be created and configured before. These are Policies, Resource Pools, and Templates.
Policies are used to describe the common behavior and configuration of the server (Boot Policy, Local Disk RAID configuration, Boot Order Policy, …etc)
Resource Pools are used as logical resource ranges (UUIDs Pool, MACs Pool, WWNNs Pool, Managment IP Pool) that will be used by each Service Profile created in the organization. Hence, during the creation of a Service Profile, it will grab a Universally Unique ID, a MAC address, a WWNN/WWPN address, an Out-of-Band Mgmt IP from the available pools created to serve it.
Templates are all about the configuration of the vNICs (VLAN configuration, QoS, etc…) and vHBAs (storage configurations, VSAN, …etc) that will be assigned to the server.
Imagine a Service Profile as house and its Policies, Resource and Templates, as its foundation blocks (bricks, widows, doors, …etc).
And, because a picture is worth a thousand words
3.4.1 Power Configuration Settings and Chassis Discovery Policy
These two polices are know as global policies. They are not mandatory to build a Service Profile, but they are very important for any successful UCS deployment. Power Configuration Settings, or PSU policy, is a global policy that specifies the redundancy for power supplies in all chassis in the Cisco UCS instance, and Chassis Discovery Policy determines how the system reacts when you add a new chassis, as it determines the minimum threshold for the number of links between the chassis and the fabric interconnect and whether to group links from the IOM to the fabric interconnect in a fabric port channel.
In our deployment, we have configured the UCSM Chassis Discovery Policy to add any chassis connected to each FI with two links, with no Port Channel, and the Power Configuration Policy as N+1, which calculates the total number of power supplies to satisfy non-redundancy, plus one additional power supply for redundancy, are turned on and equally share the power load for the chassis. If any additional power supplies are installed, Cisco UCS Manager sets them to a “turned-off” state.
To configure these two policies, go to Equipment node > Policies tab > Policies tab > Global Policies sub-tab
3.4.1 Local Disk Policy
Local Disk Policy configures any optional SAS local drives that have been installed on a server through the onboard RAID controller of the local drive. Hence, it enables you to set a local disk mode (RAID0, RAID1, RAID5, …etc) for all servers that are associated with a Service Profile.
To create a RAID1 Disk Local Policy, go to Servers tab > expand Servers > Policies > expand the Organization where the policy needs to be created, in our case DMZ > Right click and Create Local Disk Configuration Policy
Give it a Name and choose a Mode. In my case, I’ll go ahead with RAID 1 Mirrored. Click OK once done.
3.4.5 Boot Order Policy
This policy overrides the boot order in the BIOS setup menu, and also determines the selection of the boot device, location from which the server boots, and the order in which boot devices are invoked. For any deployment. we want our servers to boot from CIMC Mounted CD/DVD. CIMC stands for Cisco Integrated Management Controller, and and it is Cisco implementation on IPMI Out-of-Band Management. It’s kinda similar to HP iLO, or IBM RSA, or Dell iDRAC.
We’ll proceed with one Boot Order Policy with a CIMC DVD as first boot device, and local disk as second boot device.
To create a RAID1 Disk Local Policy, go to Servers tab > expand Servers > Policies > expand the Organization where the policy needs to be created, in our case DMZ > Right click and Create Boot Policy
Give it a Name and choose a Boot Mode, then expand CIMC Mounted vMedia and click on Add CIMC Mounted CD/DVD.
Once done. we need to add a local disk as second boot device once the system is installed. Expand Add Local Disk, and click on Add Local LUN. No need to add any specific local LUN image path, just click OK
Our two boot devices (CIMC DVD and local disk) are now added. Click OK twice.
3.4.6 QoS Policies
Because Cisco UCS is a converged infrastructure, it operates by grouping and consolidating multiple traffic into a unified single hardware. Hence, all Ethernet and FC traffic are converged into a single media starting from the FEX to the FI. Consequently, and to avoid any traffic-contention situation where one type of traffic would consume all the available bandwidth at the expense of all other traffics, Quality of Service (QoS) needs to be configured.
In this deployment, we’ll create four traffic policies, one for FiberChannel (FC) traffic, one for Management and vMotion traffic, one for VMs data traffic, and one for iSCSI traffic. For each policy, we’ll have a priority as below:
Policy: DMZ-FC – Priority: Fc
Policy: DMZ-MGMT- Priority: Bronze
Policy: DMZ-DATA – Priority: Gold
Policy: DMZ-iSCSI- Priority: Platinum
These QoS polices will be assigned to vHBA templates (MZ-FC) and vNIC templates (DMZ-MGMT, DMZ-DATA, DMZ-iSCSI) later in this post.
To create a QoS Policy, go to LAN Tab > expand LAN > Policies > expand the Organization where the policy needs to be created, in our case DMZ > Right click and Create Qos Policy.
Give it a Name and choose a Priority, then click on OK.
Follow the same process to create the other policies. We’ll end up with the four policies below.
3.5 Resource Pools
Resource pools come in two different flavors – physical pools and virtual pools. Physical pools are hardware related (a Server Pool for example), while virtual pools contain information. Virtual Pool examples include UUID Pools, MAC Pools, WWNN pools, etc…
Virtual pools give the ability to create pools of MAC Addresses, WWNNs, and UUIDs that will be provisioned to blade servers via the Service Profiles that will be created and assigned to them later on.
Let’s see the virtual resource pools that will be created in this deployment, and their along with the values assigned to them
|UUID||DMZ-UUIDs||256||Unique Identifiers pool for servers|
|Management IP||DMZ-MgmtIP||16||Mgmt OoB IPs pool. Used for IPMI OoB connectivity|
|MAC-A||DMZ-MAC-A||256||MAC addr pool used by FI-A connectivity|
|MAC-B||DMZ-MAC-B||256||MAC addr pool used by FI-B connectivity|
|WWNN||DMZ-WWNNs||256||WWNNs value for servers’ storage connectity|
|WWPN||DMZ-WWPN-A||256||WWPNs value for servers’ storage connectity through FI-A|
|WWPN||DMZ-WWPN-B||256||WWPNs value for servers’ storage connectity through FI-B|
3.5.1 Universally Unique Identifier (UUID) Suffix Pools
The UUID is a 128-bit number (32 hex digits, 16 groups of 2 hex digits). It is supposed to uniquely identify a component worldwide. There are various UUID generation algorithms. You can also use a UUID suffix pool. The Cisco UCS Manager automatically generate.
To create a UUID pool, go to Server Tab > expand Pools> Policies > expand the Organization where the policy needs to be created, in our case DMZ > Right click and Create UUID Suffix Pool.
Give it a Name and a Description, and choose a Prefix type and an Assignment Order
Click on the Add button to add the pool
It’s a good idea to start your prefix with a value that you know will not overlap with other possible future UUID. In my pool, I’ve put D (from DMZ) in the 6th caracter. The UUID pool will contain 256 values.
Click on OK then Finish
3.5.2 Management IP Addresse Pools
Each server in a Cisco UCS domain must have a management IP address assigned to its Cisco Integrated Management Controller (CIMC) or to the service profile associated with the server. Cisco UCS Manager uses this IP address for external access that terminates in the CIMC.
To create a Management IP Addresses pool, go to LAN Tab > expand Pools > expand the Organization where the policy needs to be created, in our case DMZ > IP Pools > Right click and Create IP Pool.
Give it a Name and a Description
Click on the Add button to add the pool
Specify the range starting value, a subnet, the DNS addresses, a default gateway, and the size of the IP pool. For security reasons, I always put a size that equals the number of servers I have in the current environment. If further servers would be added later, another range may be added accordingly.
Click on Next
You might or not skip the IPv6 configuration. It depends whether you have an IPv6 infrastructure or not.
3.5.3 MAC Address Pools
MAC pools are a range of MAC addresses created by the UCS/Network administrator in order to be used by Service Profiles. Once a MAC is associated to a Service Profile, it stays with that profile until it is deleted. Any blade that gets associated to the Service Profile receives that MAC address to be used at runtime.
As each UCS server will have at least two NIC cards, represented as vNIC in UCS Manager (UCSM), two ranges will have to be created, one for the Server to FEX-A to FI-A connectivity, and the other one for the Server to FEX-B to FI-B connectivity.
To create a MAC pool , go to LAN Tab > expand Pools > expand the Organization where the policy needs to be created, in our case DMZ > MAC Pools > Right click and Create MAC Pool.
Give it a Name and a Description, and choose an an Assignment Order, then click on Next Click Add to add a new MAC addresses range
Specify the prefix from your range after the 00:25:B5 valuer, we’ll use in this deployment a range of 256 values with a prefix starting with DA, as shown below
Click Finish to create the pool
As mentionned before, once the first range is created, a second range for the second vNIC connectivity needs to be created. The screenshot below shows both MAC address ranges created.
3.5.4 WWNN and WWPN Pools
WWNN and WWPN pools are a list of the WWN SAN addresses created by the UCS/Storage administrator in order to be used by Service Profiles. Once a WWN/WWPN is associated to a Service Profile, it stays with that profile until it is deleted. Any blade that gets associated to the Service Profile receives that WWNN/WWPN address to be used at runtime.
To create a WWNN pool , go to SANTab > expand Pools > expand the Organization where the policy needs to be created, in our case DMZ > WWNN Pools > Right click and Create WWNN Pool.
Click on Add to add the WWNN pool
Put the size of your WWNN block, in my case 256 values will be enough. In case you have several UCS domains in your environment, make sure to customize the From value to ensure the uniqueness of the WWNNs blocks in each UCSM manager in your infrastructure. In my case, I have put DA in the 6th octet, and the size is 256. Hence, the WWNN wil have a prefix of 0:00:00:25:B5:DA:XX:XX
Once you are sure about the inserted values. Click on OK
Review the From and To values, then click on Finish to confirm the WWNN pool creation.
Once WWNN pool is done. We’ll need to create two WWPN pools, one for each vHBA connected to each FEX.
I will not go through the process to create WWPN pools, because it is the same as creating WWNN pools, except that you’ll right click on WWPN Pools instead, as shown below
The details of both WWPN pools that I have created in my deployment are show below
|DMZ-WWPN-A||256||20:00:00:25:B5:DA:A0:XX||For FEX-A connectivity|
|DMZ-WWPN-B||256||20:00:00:25:B5:DA:B0:XX||For FEX-B connectivity|
3.5.5 VLANs, vNIC and vHBA Templates
vNIC templates are used to define how a vNIC on a server connects to the LAN. You can view all existing vNIC templates on the Templates page. Creating vNIC template pairs enables you to group vNICs that belong to a specific server. For example, you can create a vNIC template and specify it as the primary template for a group of vNICs. By doing so, the vNICs will inherit all the configuration which was already done in the vNIC template, which are: Network Control Policy, QoS Policy, Template Type, Connection Policies, VLANs, MTUs,…
vHBA templates are policies used to define how a vHBA on a server connects to the SAN. They are also referred to as a vHBA SAN connectivity templates.
You need to include both templates in a service profile for it to take effect.
It is woth noting that for creating a vNIC template, we need to create initially the VLANs needed in our organization, as these will be included in the vNIC template itself.
184.108.40.206 UCS VLANs
In the Cisco UCS, a named VLAN creates a connection to a specific external LAN. The VLAN isolates traffic to that external LAN, which includes any broadcast traffic. Therefore, and for a fully productive environment, a discussion needs to be done with the Network team to agree about all the existing and future needed VLANs that you’ll have on your environment, and these ones need to be created in UCSM.
To create a VLAN in UCSM, go to LAN Tab > expand LAN > Right click on VLAN and Create VLAN
Give a VLAN Name and VLAN ID. Note that you may also provide a VLAN Prefix and give a range of VLAN IDs that need to be created. In the screenshot below, I have put a prefix of DMZ-VLAN- and a range from 21 to 24.
This will create DMZ-VLAN-21 to DMZ-VLAN-24.
I have also chosen my VLANs to be global, which means that they will be created on both FIs.
VLANs from DMZ-VLAN-21 to DMZ-VLAN-24 created
Once done, you need to grant the permission to your organization to be able to access and see the create VLANs. This is a very important point, as failing to do so will not display that list of VLANs when you are assigning the corresponding VLANs to the vNIC templates while creating the Service Template.
To grant your organization to be able to use the newly created VLANs, go to the VLAN properties > Org Permissions tab > Click Add and Choose the appropriate organization, which in my case is DMZ
220.127.116.11 vNIC Templates
In my deployment, I will create 6 vNIC templates, named vNIC00 to vNIC06, and having the following configuration
|vNIC00||A||Updating Template||DMZ-MAC-A||DMZ-MGMT||Management traffic|
|vNIC01||B||Updating Template||DMZ-MAC-B||DMZ-MGMT||Management traffic|
|vNIC02||A||Updating Template||DMZ-MAC-A||DMZ-MGMT||vMotion traffic|
|vNIC03||B||Updating Template||DMZ-MAC-B||DMZ-MGMT||vMotion traffic|
|vNIC04||A||Updating Template||DMZ-MAC-A||DMZ-DATA||Data traffic|
|vNIC05||B||Updating Template||DMZ-MAC-B||DMZ-DATA||Data traffic|
To create a vNIC Template, go to
Provide a vNIC Template Name, choose the Fabric Interconnect ID, and select the Template Type, and finally assign the VLANs that were already created in your environment. Choose the VLAN (Mgmt, vMotion, Data VLANs, iSCSI) to its corresponding vNIC Template.
Provide the MAC pool from which the vNIC will leverage its MAC value, select a QoS Policy and eventually a Network Control Policy
Once our vNICs templates created, they will appear in UCSM
18.104.22.168 vHBA Templates
In my deployment, I will create two vHBA templates, named vHBA00 and vHBA01, both are in the same default VSAN, and having the following configuration
To create a vHBA Template, go to SAN tab > expand SAN > Policies > Expand the node for the organization where you want to create the policy, in our case DMZ > Right-click the vHBA Templates and Create vHBA Template.
Provide a Name, the Fabric Interconnect ID, the Template Type, the WWPN Pool, and the QoS Policy. Then, check your input and click on OK to create the vHBA template
Once our both vHBA templates created, they will be shown in UCSM
In this post, we have defined what was a Service Profile and have gone through the creation and configuration of the components needed to create it. Therefore, we have created Policies, Resource Pools, and Templates and also configured the needed VLANs in our UCS environment.
In the next post will be final one of these post series, where we will be able to create the Service Profiles and assign them to our servers. Everything has been prepared and the Service Profile creation part will be a piece of cake. See you in the next post then!