The Cisco UCS primary (native) interfaces and the numerous supported industry standard-based interfaces that you can use to interact with Cisco UCS The strengths and constraints of each interface The appropriate interface to use when integrating Cisco UCS into your data center The event notification tools and authentication services provided by Cisco UCS
Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Protocol)
CIM-XML (Common Information Model-XML) NX-OS (Nexus operating system)
Cut-through interfaces
IPMI (Intelligent Platform Management Interface) KVM (Keyboard, Video, Mouse) Serial over LAN (SOL)
The following interfaces terminate on the Cisco UCS Manager: Industry standardbased (read-only) SNMP SMASH-CLP CIM-XML
Cisco UCS 6100 Fabric Interconnects in an HA Configuration (System A-active, System B-standby) A B
The cut-through interfaces bypass the UCS Manager and terminate on the CIMC in each blade server: KVM IPMI SOL Cisco UCS 5100 Blade Server Chassis with 8 Blade Servers
SNMP
Simple Network Management Protocol is a TCP/IP application layer protocol that facilitates the exchange of management information between network devices. It is used mostly in network management systems to monitor attached devices for conditions that may require administrative attention. SNMP exposes management data in the form of variables that describe the system configuration. You can query these variables with managing applications. On Cisco UCS, SNMP data is read-only through the fabric interconnects and is typically used for fault monitoring on all Cisco UCS components. If a fault occurs, Cisco UCS sends a trap describing the fault. For background information on SNMP, visit the following Cisco website: http://www.cisco.com/en/US/docs/internetworking/technology/handbook/SNMP.html
SMASH-CLP
Systems Management Architecture for Server Hardware Command Line Protocol is a standard method for remote out-of-band management of server hardware. SMASH-CLP enables administrators to use a consistent command line interface for servers independent of vendor, operating system, or hardware platform. In a Cisco UCS system, you can use this interface for monitoring and debugging. On Cisco UCS, SMASH-CLP data is read-only. SMASH-CLP standards are developed and maintained by the DMTF industry group. For more information, visit the DMTF website at: http://www.dmtf.org.
CIM-XML
The common information model (CIM) is an open standard that defines how managed elements in an IT environment are represented as a common set of objects and their relationships. CIM enables the consistent managing of servers independent of their vendor or provider. Common information model standards are developed and maintained by the DMTF industry group. CIM is composed of a schema and a specification. The schema provides the model descriptions; the specification defines the details for integration with other management models. CIM-XML is a WBEM protocol (another DMTF standard) that uses XML over HTTP to exchange CIM information. In a Cisco UCS system, you can use this interface for blade and chassis-related monitoring, debugging, and inventory collection by software frameworks that follow the CIM-XML standard. For information on CIM-XML specifications, go to the DMTF website at: http://www.dmtf.org.
NX-OS
NX-OS is the Cisco Nexus switch operating system. You can connect to the NX-OS shell through the UCS CLI. The NX-OS shell provides informational commands primarily for debugging. Actual configuration must always be done through the Cisco UCS Manager.
IPMI
The Intelligent Platform Management Interface defines interfaces and messaging for out-of-band server management. Using this interface, you bypass the Cisco UCS Manager and directly monitor and manage single server hardware information such as voltage, CPU statistics, and ambient temperature. This data is captured by sensors and made available at the CIMC. The IPMI interface is commonly used by data center management software to collect hardware-related information, as well as perform basic management operations like reboot and power on/off. In a Cisco UCS system, this functionality is a small subset of the capabilities provided natively by the Cisco UCS Manager through the XML API. For information on IPMI specifications, go to http://www.intel.com/design/servers/ipmi/index.htm.
KVM
Keyboard, video, mouse technology can control multiple computers from one keyboard, video monitor, and mouse. A KVM switch is useful where there are multiple computers, but no need for a each to have a dedicated keyboard, monitor, and mouse. A KVM switch is commonly used in data centers where multiple servers are placed in a single rack. KVM can be implemented so that administrative personnel can conveniently connect to any server in a data center. On a Cisco UCS system, KVM can be launched from the GUI or web-based interface and can be used remotely to interact with a single server to install an OS or troubleshoot OS-related issues. KVM also enables virtual media access to ISO images or to physical drives such as CD/DVD players on a client running KVM. KVM communicates with Cisco UCS over IP; no extra cabling is required. On Cisco UCS, you have full GUI access through KVM. With a KVM console launched from within the UCS GUI or web-based interface, a user is not required to know the external IP address. The Cisco UCS KVM console is a video-over-IP representation of the blade server video output. KVM is also provided as a standalone application, but it authenticates through the Cisco UCS Manager. Although Cisco UCS provides a powerful, single point-of-management, getting quick access remotely to a server through KVM is a very effective method.of troubleshooting an OS problem.
Syslog
Syslog is an industry standard message logging program. Using syslog data, you can create scripts to separate software generated messages and store generated reports. Other programs can be used to analyze this information. Syslog also provides devices with a way to evaluate performance and to notify administrators of problems. Syslog data can be used for computer system management and security auditing as well a for generalized analysis and debugging. When using syslog for active monitoring, you must assess whether monitored items should trigger an action based on detecting a specific event. Syslog is an invaluable tool to help define rules and policies for Cisco UCS. For more information on syslog, syslog tools, and syslog usage examples, go to http://www.syslog.org.
CallHome/Smart CallHome
A Cisco email-based notification application for critical system policies. You can use this interface to page a network support engineer, email a Network Operations Center, or use Cisco Smart CallHome services to automatically generate a case with the Cisco Technical Assistance Center. CallHome provides email-based and web-based notification of critical system events. A range of message formats are available for compatibility with pager services or XML-based automated parsing applications.
Only one of these authentication methods can be used at a time. If a system is configured for one of these services, you must create a provider for that service to ensure communication with the Cisco UCS Manager. You can create user accounts in the Cisco UCS Manager or in the remote authentication server. User accounts created in the remote server must include the roles required for working in Cisco UCS Manager. You can view the temporary sessions for users who log in through remote authentication services in the UCS GUI.
LDAP
LDAP is an application protocol that can query and modify data using directory services running over TCP/IP. LDAP is used to look up encryption certificates, pointers to printers, and other network services. It can also provide single sign-on, where one user password is shared among many services. LDAP is appropriate for any kind of directory-like information, especially in situations where fast lookups and infrequent updates are typical.
RADIUS
RADIUS is a distributed client/server system that secures networks against unauthorized access. RADIUS uses a networking protocol that provides centralized authentication, authorization, and accounting services for computers connected to a network.
TACACS+
TACACS+ is a remote authentication protocol for communicating with an authentication server to determine if a user has authorization to access network resources.
Native CLI
Native XML
UCS GUI
SMASH-CLP
CIM-XML
CIMC
Endpoint Adapter
Endpoint Port
Endpoint NX-OS
10
Terminology
application gateways CIMC An application gateway is the hardware abstraction layer that acts as a translator between the DME and the endpoints. It propagates configuration changes to the endpoints, and reports system state information from the endpoints to the DME. Cisco Integrated Management Controller (formerly referred to as the baseboard management controller, or BMC). There are standard protocols that connect directly (cut-through) to a CIMC by way of a unique external IP address bypassing the Cisco UCS Manager. IPMI, KVM, and SOL interfaces terminate on the CIMC. There is one external IP address per blade server. cut-through interface The Cisco UCS cut-through interfaces provide direct access to a single server. Using a cut-through interface bypasses the Cisco UCS Manager DME. However, the Cisco UCS Manager always functions in discovery mode and detects any changes, such as a reboot, made through a cut-through interface. The central service that manages components of Cisco UCS. It consists of a transaction engine and an information repository (the management information tree). It is the only component in Cisco UCS that stores and maintains configuration data and states for Cisco UCS managed devices and elements. State information is represented in the form of managed objects. In an HA environment, data is replicated between the active DME and the standby DME. Distributed Management Task Force. A not-for-profit industry organization that develops, maintains, and promotes systems management interoperability standards for enterprise IT environments. For more information on DMTF standards, visit the DMTF website at: http://www.dmtf.org. in-band In-band management uses regular data channels (typically through Ethernet) to manage devices. An in-band management limitation is its vulnerability to problems from the devices being managed. To manage network servers and routers remotely, an administrator must have network access when problems occur, but the same problems that caused the network outage may prevent access to those devices. See out-of-band. Out-of-band management is the use of a dedicated channel for device maintenance. It enables a system administrator to monitor and manage servers and other network equipment remotely regardless of whether a device is powered on. Out-of-band management overcomes in-band limitations by using a management channel that is physically isolated from the data channel, so that there is console access to devices even if a primary network subsystem (hardware or software) fails. See in-band. Out-of-band management tasks may include the following:
DME
DMTF
out-of-band
Powering devices on and off Reconfiguring BIOS settings Restarting from a locally connected device Re-imaging from a boot image file located on the network or by using a PXE server
11
RDP WBEM
Remote Desktop Protocol is a Microsoft proprietary protocol that provides graphical interface capabilities between computers. Web-Based Enterprise Management is a standard developed by the DMTF organization that defines a specific implementation of CIM. This standard includes protocols for discovering and accessing conforming CIM implementations.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)
12