White Paper

Cisco Unified Computing System Interfaces

This paper describes:

The Cisco UCS primary (native) interfaces and the numerous supported industry standard-based interfaces that you can use to interact with Cisco UCS The strengths and constraints of each interface The appropriate interface to use when integrating Cisco UCS into your data center The event notification tools and authentication services provided by Cisco UCS

Cisco UCS Integration Interfaces and Protocol Support

The Cisco UCS Manager is the single, consolidated management point of the Cisco Unified Computing System. The Cisco UCS Manager is embedded device-management software that controls, monitors, and configures all components of the Cisco UCS and unites them into as a single logical domain. Communication to the Cisco UCS Manager is done primarily through a management console GUI, a CLI (command-line interface), or an XML API. In a heterogeneous data center environment, administrators may have an existing set of system management tools to monitor devices of many different types from many different vendors. So in addition to its primary interfaces, the Cisco UCS Manager supports standard monitoring and event notification systems, providing data to standard enterprise-management tools through industry-standard APIs. The standard interfaces include SNMP, SMASH-CLP, and CIM-XML (these standard interfaces are read-only). Additionally, Cisco UCS has cut-through interfaces through which you can communicate directly to blade servers using specifications and methods such as IPMI, KVM (keyboard/video/mouse), and SOL (serial over LAN). This paper describes the Cisco UCS primary and all other interfaces that can interact with the Cisco UCS from an external system. This document also describes the interfaces in the context of the overall Cisco UCS system, discusses supported protocols and useful tools, and provides some common usage scenarios. Supported Cisco UCS interfaces and protocols include the following (see Figure 2 for a schematic representation of Cisco UCS interfaces):

Primary Cisco UCS interfaces (full feature)

UCS Manager GUI UCS CLI UCS Manager XML API

Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

Industry standard-based Cisco UCS interfaces (read-only)

SNMP (Simple Network Management Protocol) SMASH-CLP (Systems Management Architecture for Server Hardware, Command Line

Protocol)
CIM-XML (Common Information Model-XML) NX-OS (Nexus operating system)

Cut-through interfaces
IPMI (Intelligent Platform Management Interface) KVM (Keyboard, Video, Mouse) Serial over LAN (SOL)

Tools and services for Cisco UCS

Syslog CallHome/Smart CallHome

Cisco UCS remote authentication services

LDAP (Lightweight Directory Access Protocol) RADIUS (Remote Authentication Dial-In User Service) TACACS+ (Terminal Access Controller Access Control System)

Integrating Cisco UCS Technology into Your Data Center

Introducing a new system into a data center can be a resource intensive, time-consuming process. It may also require a review of the current management and monitoring strategies. New technologies like the Cisco Unified Computing System (Cisco UCS) simplify existing processes and increase efficiency, but it introduces some additional challenges, for example, cross-training different IT teams. Bringing a new Cisco UCS system into the data centers requires that experts from several areasserver, network, storage, software, and business service administrationbe involved. All computer systems and data center components must be managed and monitored, and there are different tools used to do this. Depending on the tool, its purpose, and relevant technology area, there are certain standards and interfaces applicable to its use. The different standard interfaces and protocols for managing servers, storage, and networks have evolved over time independent from each other, which is why there are multiple specific standards in a data center today. Cisco UCS supports most of the popular standards available in each technology area. It has been considered essential by Cisco UCS designers and architects to support the traditional standard interfaces used by the different monitoring and managing frameworks in the data center because no single standard interface was developed specifically for a unified computing environment. Thus the Cisco UCS provides the tools required to integrate a Cisco UCS system easily into your data center with the least impact on existing frameworks and processes.

Cisco Unified Computing System Interfaces

July 14, 2010

About Cisco UCS Interfaces

Cisco UCS includes servers, storage, network virtualization technologies, and provides a powerful and flexible platform for software and business service applications. Cisco UCS features include stateless servers, unified fabric I/O virtualization, and policy driven management. Cisco UCS provides a full-feature management interface that was specifically designed for Cisco UCSan open, XML-based API. Cisco UCS has an embedded device managerthe Cisco UCS Managerthat controls all components, policies, and system behavior. All of the interfaces and protocols that interact with the Cisco UCS Manager interact with the different system endpoints (endpoints include adaptors, blades, chassis, fabric extenders, fabric interconnects, fans, and power supply units). All interfaces (except the cut-through interfaces) are translated into UCS XML APIs before being processed by the Cisco UCS Manager. The Cisco UCS Manager is the only Cisco UCS component that maintains states; all other components (including standard interfaces) are stateless. This allows Cisco UCS to provide many features and services that traditional computing systems cannot. Interfaces that communicate with the Cisco UCS Manager benefit from these features and services. This single, fault tolerant device manager is the only integration point require to manage all Cisco UCS system components. Each server in a Cisco UCS system has a Cisco Integrated Management Controller (CIMC) embedded on its baseboard. The CIMC can be accessed out-of-band by way of a unique external IP address. Cisco UCS cut-through interfaces, IPMI, SOL, KVM, and virtual media, communicate directly to a single blade server through the blades CIMC port. The Cisco UCS Manager supports cut-through communication and allows itself to be bypassed. Because of these multiple interfaces, Cisco UCS can easily fit into existing data center processes, infrastructure, and management, and can be monitored by common third-party tools that rely on existing standards.

XML API-Centric Design Helps Cisco UCS Data Center Integration

A major challenge with existing standard interfaces is that they were each developed for a specific reason, for example, to monitor network-connected devices, manage servers, or to manage storage. They were not written with regard to a Cisco UCS, which includes multiple data center components. Some vendors who cover multiple areas approach this challenge by extending the standard interface with more capabilities, which risks making their solution proprietary. Cisco UCS avoids this because its open XML API interface provides capabilities far beyond the standard interfaces. This interface follows existing XML document standards and was designed specifically for the Cisco Unified Computing System. Even though framework monitoring and management tools can use the existing standards to monitor (and to a degree manage) a Cisco UCS, in most cases it is best to use the XML API interface to fully exploit the capabilities of Cisco UCS computing system components.

Cisco Unified Computing System Interfaces July 14, 2010

Cisco UCS Manager Operation

The primary (native) and standard interfaces terminate on the Cisco UCS Manager and not the CIMC. The Cisco UCS Manager confirms each request and immediately sends confirmation back to the requestor. Each request is queued, interpreted, and checked against the requestor's privileges, and then executed in transactional fashion by the Cisco UCS Manager. This provides great performance, scalability, and predictability of the system behavior, and enables many of the new features that a Cisco UCS provides. All frameworks that interface to Cisco UCS (except the cut-through interfaces) do so through a single management IP address assigned to the whole Cisco UCS system. This is true even if the system is configured for high availability (HA), which includes two fabric interconnects. One instance is always running inside each fabric interconnect, but in an active-standby cluster fashion. For management and monitoring purposes, the system behaves identically in an HA or non-HA configuration. All interfaces supported by Cisco UCS provide out-of-band access. After an operating system is installed on a server and the server is running, you can configure OS services, such as SSH, SNMP, and RDP, and provide in-band access to the server.
Figure 1 Cisco UCS Interfaces

The following interfaces terminate on the Cisco UCS Manager: Industry standardbased (read-only) SNMP SMASH-CLP CIM-XML

Cisco UCS 6100 Fabric Interconnects in an HA Configuration (System A-active, System B-standby) A B

Primary CLI GUI XML API

The cut-through interfaces bypass the UCS Manager and terminate on the CIMC in each blade server: KVM IPMI SOL Cisco UCS 5100 Blade Server Chassis with 8 Blade Servers

Cisco Unified Computing System Interfaces

July 14, 2010

Cisco UCS Primary Interfaces

The primary (or native) methods of communicating to the Cisco UCS Manager are the UCS GUI, the command-line, and the UCS XML API. The advantage of communication through the Cisco UCS Manager is that it centrally manages all physical and logical Cisco UCS resources.

UCS Manager GUI

The UCS graphical user interface is the main access mechanism to the Cisco UCS Manager. The GUI is JAVA based and can be started and run from a web browser. This GUI provides a full-feature human interface for configuring and monitoring Cisco UCS.

UCS Manager CLI

The command-line interface provides full capabilities to access, configure, and monitor the Cisco UCS system. You access the CLI from the console port or through a remote Telnet or SSH session. Changes made through the command line are immediately reflected in the GUI, which also provides complete monitoring and configuration capabilities.

UCS XML API

The UCS Manager XML API is a programmatic way to interact with a Cisco UCS system. The XML API is the most powerful interface with which to communicate or integrate with Cisco UCS. This is a full-feature interface based on XML standards.There is an extensive set of APIs, all of which are exposed and supported; there are no hidden or internal APIs. The UCS GUI and CLI use this XML-based API to interact with the Cisco UCS Manager, as do all of the standard interfaces. Because XML is the native language of the Cisco UCS Manager, there are no restrictions on what partners and developers can do through this interface.

Cisco UCS Industry Standard-based Interfaces

The following industry standard-based interfaces, like the primary interfaces, have system-wide access to Cisco UCS.

SNMP
Simple Network Management Protocol is a TCP/IP application layer protocol that facilitates the exchange of management information between network devices. It is used mostly in network management systems to monitor attached devices for conditions that may require administrative attention. SNMP exposes management data in the form of variables that describe the system configuration. You can query these variables with managing applications. On Cisco UCS, SNMP data is read-only through the fabric interconnects and is typically used for fault monitoring on all Cisco UCS components. If a fault occurs, Cisco UCS sends a trap describing the fault. For background information on SNMP, visit the following Cisco website: http://www.cisco.com/en/US/docs/internetworking/technology/handbook/SNMP.html

Cisco Unified Computing System Interfaces July 14, 2010

SMASH-CLP
Systems Management Architecture for Server Hardware Command Line Protocol is a standard method for remote out-of-band management of server hardware. SMASH-CLP enables administrators to use a consistent command line interface for servers independent of vendor, operating system, or hardware platform. In a Cisco UCS system, you can use this interface for monitoring and debugging. On Cisco UCS, SMASH-CLP data is read-only. SMASH-CLP standards are developed and maintained by the DMTF industry group. For more information, visit the DMTF website at: http://www.dmtf.org.

CIM-XML
The common information model (CIM) is an open standard that defines how managed elements in an IT environment are represented as a common set of objects and their relationships. CIM enables the consistent managing of servers independent of their vendor or provider. Common information model standards are developed and maintained by the DMTF industry group. CIM is composed of a schema and a specification. The schema provides the model descriptions; the specification defines the details for integration with other management models. CIM-XML is a WBEM protocol (another DMTF standard) that uses XML over HTTP to exchange CIM information. In a Cisco UCS system, you can use this interface for blade and chassis-related monitoring, debugging, and inventory collection by software frameworks that follow the CIM-XML standard. For information on CIM-XML specifications, go to the DMTF website at: http://www.dmtf.org.

NX-OS
NX-OS is the Cisco Nexus switch operating system. You can connect to the NX-OS shell through the UCS CLI. The NX-OS shell provides informational commands primarily for debugging. Actual configuration must always be done through the Cisco UCS Manager.

Cisco Unified Computing System Interfaces

July 14, 2010

Cisco UCS Cut-through Management Interfaces to Individual Servers

Cut-through is when you use one of the industry standard protocols (IPMI, KVM, or SOL) to bypass the Cisco UCS Manager and connect directly to a Cisco Integrated Management Controller (CIMC). The connection is made by way of a unique external IP address. Compared to the Cisco UCS primary interfaces, cut-through interfaces have a major disadvantage in that they cannot centrally manage a Cisco UCS, which may contain hundreds of servers.

IPMI
The Intelligent Platform Management Interface defines interfaces and messaging for out-of-band server management. Using this interface, you bypass the Cisco UCS Manager and directly monitor and manage single server hardware information such as voltage, CPU statistics, and ambient temperature. This data is captured by sensors and made available at the CIMC. The IPMI interface is commonly used by data center management software to collect hardware-related information, as well as perform basic management operations like reboot and power on/off. In a Cisco UCS system, this functionality is a small subset of the capabilities provided natively by the Cisco UCS Manager through the XML API. For information on IPMI specifications, go to http://www.intel.com/design/servers/ipmi/index.htm.

KVM
Keyboard, video, mouse technology can control multiple computers from one keyboard, video monitor, and mouse. A KVM switch is useful where there are multiple computers, but no need for a each to have a dedicated keyboard, monitor, and mouse. A KVM switch is commonly used in data centers where multiple servers are placed in a single rack. KVM can be implemented so that administrative personnel can conveniently connect to any server in a data center. On a Cisco UCS system, KVM can be launched from the GUI or web-based interface and can be used remotely to interact with a single server to install an OS or troubleshoot OS-related issues. KVM also enables virtual media access to ISO images or to physical drives such as CD/DVD players on a client running KVM. KVM communicates with Cisco UCS over IP; no extra cabling is required. On Cisco UCS, you have full GUI access through KVM. With a KVM console launched from within the UCS GUI or web-based interface, a user is not required to know the external IP address. The Cisco UCS KVM console is a video-over-IP representation of the blade server video output. KVM is also provided as a standalone application, but it authenticates through the Cisco UCS Manager. Although Cisco UCS provides a powerful, single point-of-management, getting quick access remotely to a server through KVM is a very effective method.of troubleshooting an OS problem.

Serial over LAN (SOL)

Serial Over LAN is a mechanism that directs the input and output of a system serial port to a network. This enables an administrator to remotely connect to and control a single server through a console with full keyboard and video (text) access. This requires the operating system to be configured correctly and that there is an event listening device configured on the console port.

Cisco Unified Computing System Interfaces July 14, 2010

Tools and Services for Cisco UCS

The Cisco UCS Manager supports standard event monitoring protocols, as well as the Cisco email-based event notification application, CallHome.

Syslog
Syslog is an industry standard message logging program. Using syslog data, you can create scripts to separate software generated messages and store generated reports. Other programs can be used to analyze this information. Syslog also provides devices with a way to evaluate performance and to notify administrators of problems. Syslog data can be used for computer system management and security auditing as well a for generalized analysis and debugging. When using syslog for active monitoring, you must assess whether monitored items should trigger an action based on detecting a specific event. Syslog is an invaluable tool to help define rules and policies for Cisco UCS. For more information on syslog, syslog tools, and syslog usage examples, go to http://www.syslog.org.

CallHome/Smart CallHome
A Cisco email-based notification application for critical system policies. You can use this interface to page a network support engineer, email a Network Operations Center, or use Cisco Smart CallHome services to automatically generate a case with the Cisco Technical Assistance Center. CallHome provides email-based and web-based notification of critical system events. A range of message formats are available for compatibility with pager services or XML-based automated parsing applications.

Cisco Unified Computing System Interfaces

July 14, 2010

Cisco UCS Remote Authentication Services

Cisco UCS supports remote authentication of user logins through one of the following protocols:

LDAP RADIUS TACACS+

Only one of these authentication methods can be used at a time. If a system is configured for one of these services, you must create a provider for that service to ensure communication with the Cisco UCS Manager. You can create user accounts in the Cisco UCS Manager or in the remote authentication server. User accounts created in the remote server must include the roles required for working in Cisco UCS Manager. You can view the temporary sessions for users who log in through remote authentication services in the UCS GUI.

LDAP
LDAP is an application protocol that can query and modify data using directory services running over TCP/IP. LDAP is used to look up encryption certificates, pointers to printers, and other network services. It can also provide single sign-on, where one user password is shared among many services. LDAP is appropriate for any kind of directory-like information, especially in situations where fast lookups and infrequent updates are typical.

RADIUS
RADIUS is a distributed client/server system that secures networks against unauthorized access. RADIUS uses a networking protocol that provides centralized authentication, authorization, and accounting services for computers connected to a network.

TACACS+
TACACS+ is a remote authentication protocol for communicating with an authentication server to determine if a user has authorization to access network resources.

Cisco Unified Computing System Interfaces July 14, 2010

Cisco UCS Interface-to-Endpoint Flow

Figure 2 is a simplified diagram of Cisco UCS interfaces and how they communicate. All flows are vertical except the cut-through interfaces to and from CIMC. The GUI is executed remotely on a client and uses native XML API to communicate with the Cisco UCS Manager. All interfaces except the cut-through interfaces are converted to native XML APIs and sent to the data management engine (DME). The DME is the central service that manages Cisco UCS components and evaluates and executes all received requests. The cut-through interfaces enforce local security at the device level according to their standard. The Cisco UCS Manager monitors the behavior of every server system and adapts to any event (such as a reboot command) sent directly to CIMC.
Figure 2 Simplified View of Cisco UCS Interfaces and Their Internal Relationships

IPMI SOL KVM

Native CLI

Native XML

UCS GUI

SMASH-CLP

CIM-XML

CIM Object Manager

Common Information Model Map

UCS Model Object XML API

Transaction Control & Other Services

Data Management Engine

Management Information Tree (internal database)

Application Gateways (Endpoint Control Layer)

CIMC

Endpoint Blade /Chassis

Endpoint Adapter

Endpoint Port

Endpoint NX-OS

Cisco Unified Computing System Interfaces

10

July 14, 2010

Terminology
application gateways CIMC An application gateway is the hardware abstraction layer that acts as a translator between the DME and the endpoints. It propagates configuration changes to the endpoints, and reports system state information from the endpoints to the DME. Cisco Integrated Management Controller (formerly referred to as the baseboard management controller, or BMC). There are standard protocols that connect directly (cut-through) to a CIMC by way of a unique external IP address bypassing the Cisco UCS Manager. IPMI, KVM, and SOL interfaces terminate on the CIMC. There is one external IP address per blade server. cut-through interface The Cisco UCS cut-through interfaces provide direct access to a single server. Using a cut-through interface bypasses the Cisco UCS Manager DME. However, the Cisco UCS Manager always functions in discovery mode and detects any changes, such as a reboot, made through a cut-through interface. The central service that manages components of Cisco UCS. It consists of a transaction engine and an information repository (the management information tree). It is the only component in Cisco UCS that stores and maintains configuration data and states for Cisco UCS managed devices and elements. State information is represented in the form of managed objects. In an HA environment, data is replicated between the active DME and the standby DME. Distributed Management Task Force. A not-for-profit industry organization that develops, maintains, and promotes systems management interoperability standards for enterprise IT environments. For more information on DMTF standards, visit the DMTF website at: http://www.dmtf.org. in-band In-band management uses regular data channels (typically through Ethernet) to manage devices. An in-band management limitation is its vulnerability to problems from the devices being managed. To manage network servers and routers remotely, an administrator must have network access when problems occur, but the same problems that caused the network outage may prevent access to those devices. See out-of-band. Out-of-band management is the use of a dedicated channel for device maintenance. It enables a system administrator to monitor and manage servers and other network equipment remotely regardless of whether a device is powered on. Out-of-band management overcomes in-band limitations by using a management channel that is physically isolated from the data channel, so that there is console access to devices even if a primary network subsystem (hardware or software) fails. See in-band. Out-of-band management tasks may include the following:

DME

DMTF

out-of-band

Powering devices on and off Reconfiguring BIOS settings Restarting from a locally connected device Re-imaging from a boot image file located on the network or by using a PXE server

Cisco Unified Computing System Interfaces July 14, 2010

11

RDP WBEM

Remote Desktop Protocol is a Microsoft proprietary protocol that provides graphical interface capabilities between computers. Web-Based Enterprise Management is a standard developed by the DMTF organization that defines a specific implementation of CIM. This standard includes protocols for discovering and accessing conforming CIM implementations.

CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)

Cisco Unified Computing System Interfaces

12

July 14, 2010