SlideShare uma empresa Scribd logo

Ucs security part2

Transferir como PPTX, PDF
Krunal Shah
Krunal Shah

This document provides information on various topics related to UCS security including system policies, high availability, system events, SNMP, firmware, and TAC information. It discusses how high availability is achieved in UCS through clustering of fabric interconnects, replication of data between nodes, and use of chassis EEPROM. It also describes fault states, severity levels, and how to view system events and collect TAC support information.

TecnologiaNotícias e política
1 de 19
UCS Security www.silantia.com1  System Policies  High Availability  System Events  SNMP  Firmware  TAC Information
System Policies www.silantia.com2
Overview of High Availability www.silantia.com3
High Availability www.silantia.com4  Two fabric interconnects two IOM per chassis so two data paths. Per blade.  Clustering of FI requires same UCS manager version and same model of FI.  Clustering is done thru L1 and L2 port on Fabric interconnect. These ports are non-configurable.  L1-L2 ports 1000BaseTX using straight through Cat6 cable  Pre-configured to run LACP and CDP.  Links are 802.3ad bond managed by underlying OS.
High Availability www.silantia.com5  Cisco UCS manager controller:  Distributed application runs on both the primary and subordinate UCS manager instance  Each instance is represented by node ID  Separate process running on Cisco NX-OS  Defines running mode UCS manager processes  Cisco NX-OS:  Starts all Cisco UCS manager processes  Monitors and restart UCS manager processes.
High Availability www.silantia.com6  Local Storage:  NVRAM and flash stores static data  Read and written but local Cisco UCS manager instance  Replicated when both nodes are up  Chassis EEPROM  Serial EEPROM stores state data  Upto 3 chassis has its EEPROM written with state information in two partitions.  Read and written by both chassis management controller  Used to assist the Cisco UCS manager in determining state of the cluster.
Viewing and Changing Management HA www.silantia.com7  connect local-mgmt  dc101-A# sh cluster extended-state  Cluster Id: 0x898942147f8311e2-0x8af9547feeed8104  Start time: Sun May 26 18:36:30 2013  Last election time: Sun May 26 18:36:33 2013  A: UP, PRIMARY  B: UP, SUBORDINATE  A: memb state UP, lead state PRIMARY, mgmt services state: UP  B: memb state UP, lead state SUBORDINATE, mgmt services state: UP  heartbeat state PRIMARY_OK  INTERNAL NETWORK INTERFACES:  eth1, UP  eth2, UP  HA READY  Detailed state of the device selected for HA storage:  Chassis 1, serial: FOX1450H4JK, state: active  dc101-A#  cluster lead  cluster force L1 and L2 ports Serial EEPROM Chassis
High Availability (split brain issues) www.silantia.com8  Partition in space:  A partition in space occurs when the private network fails (no path from L1 to L1 and L2 to L2)  There is a risk of active-active management node.  Both nodes are demoted to subordinate and a quorun race begins.  The node that claims the most resources wins.  Partition in time:  A partition in time occurs when a node boots alone in the cluster.  Node compares its database version against the serial EEPROM and discovers that its version number is lower than current database version.  There is risk of applying an old configuration to UCS components.  This node will not become the active management node.
System Events www.silantia.com9
Fault severity www.silantia.com10 Severity Description Critical A service-affecting condition that requires immediate corrective action. This severity might indicate that the managed object is out of service and its capability must be restored. Major A service-affecting condition that requires urgent corrective action, This severity might indicate a severe degradation in the capability of managed object and that its full capability must be restored. Minor A non-service impacting fault condition that requires corrective action to prevent a mode serious fault from occurring,. Warning A potential service-affecting fault that currently has no significant effects in the system. Condition An informational message about a condition, possibly independently insignificant. Info A basic notification or informational message, possibly independently insignificant.
Fault states www.silantia.com11 State Description Active A fault was raised and it currently active Cleared A fault was raised but did not reoccur during the flapping interval. The condition that caused the fault has been resolved, and the fault has been cleared Flapping A fault was raised, cleared, and then raised again within a short time interval, known as flap interval. Soaking A fault raised and then cleared but since it was a flapping condition, the fault severity remains at its original active value, but this state indicates that condition that raised the fault has cleared.
System Events settings www.silantia.com12 Admin Tab- >Fault,events and audit log -> Settings
SNMP www.silantia.com13
SNMP www.silantia.com14  All SNMP versions are supported. V1,v2c and v3.  Username and password is configurable on device for SNMP version 3.  Source IP address of all SNMP transaction uses cluster IP address.  Admin Tab -> Communication management -> Communication services -> SNMP
Firmware www.silantia.com15
Firmware www.silantia.com16  UCSM, IOM and Fabric interconnect upgrade  Following steps are done under Equipment-> firmware management - > Update/Activate firmware.  Activate Cisco UCS Manager new image  Activate the I/O modules new image  Activate the subordinate fabric interconnect new image  Manually failover the primary fabric interconnect to the fabric interconnect that has already been upgraded.  This step is done thru command line using following command  UCS-A (local-mgmt) # cluster {force primary | lead {a | b}}  Verify that the data path has been restored.  Activate the primary fabric interconnect new image  Note: During fabric interconnect upgrade each blade will lose one path but other path is available so fabric failover from UCS and/or vmware nic teaming should work.  Upon activating IOM image, does not reboot the IOM, IOM reboots and upgrade when connected fabric interconnect reboots and upgraded.
Firmware www.silantia.com17  Host firmware packages.  Grouping of Adapter, BIOS, Board controller, Storage controller firmwares in to an entity which can be then used in service profile.  Management firmware packages.  Set of CIMC images for different kinds of blades.  When above applied to a service profile which is already associated it will trigger maintenance task. Depends on how it is scheduled this firmware updates will be applied.
TAC Information www.silantia.com18  Go to Admin Tab click on All and then “Collect TAC specific information”
TAC Information www.silantia.com19  cisco-ucspe# connect local-mgmt  cisco-ucspe(local-mgmt)# show tech-support  chassis Chassis  fex FEX (fabric-extender) Module  server Rack Server  ucsm UCSM  ucsm-mgmt UCSM Management(excludes fabric interconnect)  cisco-ucspe(local-mgmt)# show tech-support chassis 1 cimc 2  cisco-ucspe(local-mgmt)# show tech-support chassis 1 iom 1

Recomendados

Vpc notes
Vpc notesVpc notes
Vpc notesKrunal Shah
 
Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...crojasmo
 
vPC_Final
vPC_FinalvPC_Final
vPC_FinalPratik Bhide
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEnetworkershome
 
Otv notes
Otv notesOtv notes
Otv notesKrunal Shah
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEnetworkershome
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchAruba, a Hewlett Packard Enterprise company
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)KHNOG
 

Recomendados

Vpc notes
Vpc notesVpc notes
Vpc notesKrunal Shah
 
Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...crojasmo
 
vPC_Final
vPC_FinalvPC_Final
vPC_FinalPratik Bhide
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEnetworkershome
 
Otv notes
Otv notesOtv notes
Otv notesKrunal Shah
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEnetworkershome
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchAruba, a Hewlett Packard Enterprise company
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)KHNOG
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelesskratos2424
 
VXLAN
VXLANVXLAN
VXLANSAliyev1
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric pathASHISH SEHGAL
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010irbas
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service NodeDavid Lapsley
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1ronsito
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingMuhd Mu'izuddin
 
VTP
VTPVTP
VTPHaidar-Mohammed
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtpHector Camba Lainez
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.igede tirtanata
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwardingMohammed Umair
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
Configure vtp
Configure vtpConfigure vtp
Configure vtpJavier Jimenez
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN RoutingNetwax Lab
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchAruba, a Hewlett Packard Enterprise company
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtpMilton Bengui
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlanSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Varun Mahajan
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingOlivier Cervello
 

Mais conteúdo relacionado

Mais procurados

VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelesskratos2424
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010irbas
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service NodeDavid Lapsley
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1ronsito
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingMuhd Mu'izuddin
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.igede tirtanata
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwardingMohammed Umair
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN RoutingNetwax Lab
 

Mais procurados (20)

Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wireless
 
VXLAN
VXLANVXLAN
VXLAN
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
 
VTP
VTPVTP
VTP
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtp
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwarding
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
 
Configure vtp
Configure vtpConfigure vtp
Configure vtp
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN Routing
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlan
 

Semelhante a Ucs security part2

Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Varun Mahajan
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingOlivier Cervello
 
Cisco asa active,active failover configuration
Cisco asa active,active failover configurationCisco asa active,active failover configuration
Cisco asa active,active failover configurationIT Tech
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Pms System Training
Pms System TrainingPms System Training
Pms System Trainingvkmalik
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2Lori Head
 
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...EMERSON EDUARDO RODRIGUES
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commandsssusere31b5c
 
BKK16-208 EAS
BKK16-208 EASBKK16-208 EAS
BKK16-208 EASLinaro
 
data-link layer protocols
data-link layer protocols data-link layer protocols
data-link layer protocols BE Smârt
 
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsHA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsKashif Latif
 
Analysis optimization and monitoring system
Analysis optimization and monitoring system Analysis optimization and monitoring system
Analysis optimization and monitoring system slmnsvn
 
Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9encikkidal
 
Q2.12: Power Management Across OSs
Q2.12: Power Management Across OSsQ2.12: Power Management Across OSs
Q2.12: Power Management Across OSsLinaro
 
OSX Complex Application Challenge Architecture
OSX Complex Application Challenge ArchitectureOSX Complex Application Challenge Architecture
OSX Complex Application Challenge ArchitectureCocoaHeads France
 
Pandora FMS: Hyper V Plugin
Pandora FMS: Hyper V PluginPandora FMS: Hyper V Plugin
Pandora FMS: Hyper V PluginPandora FMS
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501robertguerra
 

Semelhante a Ucs security part2 (20)

Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-scheduling
 
Cisco asa active,active failover configuration
Cisco asa active,active failover configurationCisco asa active,active failover configuration
Cisco asa active,active failover configuration
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
Pms System Training
Pms System TrainingPms System Training
Pms System Training
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
 
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
 
lecciones ccna3
lecciones ccna3lecciones ccna3
lecciones ccna3
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
 
BKK16-208 EAS
BKK16-208 EASBKK16-208 EAS
BKK16-208 EAS
 
Fault tolerance
Fault toleranceFault tolerance
Fault tolerance
 
data-link layer protocols
data-link layer protocols data-link layer protocols
data-link layer protocols
 
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsHA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy Groups
 
Analysis optimization and monitoring system
Analysis optimization and monitoring system Analysis optimization and monitoring system
Analysis optimization and monitoring system
 
Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9
 
Q2.12: Power Management Across OSs
Q2.12: Power Management Across OSsQ2.12: Power Management Across OSs
Q2.12: Power Management Across OSs
 
OSX Complex Application Challenge Architecture
OSX Complex Application Challenge ArchitectureOSX Complex Application Challenge Architecture
OSX Complex Application Challenge Architecture
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
Pandora FMS: Hyper V Plugin
Pandora FMS: Hyper V PluginPandora FMS: Hyper V Plugin
Pandora FMS: Hyper V Plugin
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
 

Mais de Krunal Shah

Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-psKrunal Shah
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part iiKrunal Shah
 
Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Krunal Shah
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center supportKrunal Shah
 

Mais de Krunal Shah (7)

Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-ps
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part ii
 
Nexus 1000v
Nexus 1000vNexus 1000v
Nexus 1000v
 
Ha nsf notes
Ha nsf notesHa nsf notes
Ha nsf notes
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
 
Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 

Último

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Último (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Ucs security part2

  • 1. UCS Security www.silantia.com1  System Policies  High Availability  System Events  SNMP  Firmware  TAC Information
  • 3. Overview of High Availability www.silantia.com3
  • 4. High Availability www.silantia.com4  Two fabric interconnects two IOM per chassis so two data paths. Per blade.  Clustering of FI requires same UCS manager version and same model of FI.  Clustering is done thru L1 and L2 port on Fabric interconnect. These ports are non-configurable.  L1-L2 ports 1000BaseTX using straight through Cat6 cable  Pre-configured to run LACP and CDP.  Links are 802.3ad bond managed by underlying OS.
  • 5. High Availability www.silantia.com5  Cisco UCS manager controller:  Distributed application runs on both the primary and subordinate UCS manager instance  Each instance is represented by node ID  Separate process running on Cisco NX-OS  Defines running mode UCS manager processes  Cisco NX-OS:  Starts all Cisco UCS manager processes  Monitors and restart UCS manager processes.
  • 6. High Availability www.silantia.com6  Local Storage:  NVRAM and flash stores static data  Read and written but local Cisco UCS manager instance  Replicated when both nodes are up  Chassis EEPROM  Serial EEPROM stores state data  Upto 3 chassis has its EEPROM written with state information in two partitions.  Read and written by both chassis management controller  Used to assist the Cisco UCS manager in determining state of the cluster.
  • 7. Viewing and Changing Management HA www.silantia.com7  connect local-mgmt  dc101-A# sh cluster extended-state  Cluster Id: 0x898942147f8311e2-0x8af9547feeed8104  Start time: Sun May 26 18:36:30 2013  Last election time: Sun May 26 18:36:33 2013  A: UP, PRIMARY  B: UP, SUBORDINATE  A: memb state UP, lead state PRIMARY, mgmt services state: UP  B: memb state UP, lead state SUBORDINATE, mgmt services state: UP  heartbeat state PRIMARY_OK  INTERNAL NETWORK INTERFACES:  eth1, UP  eth2, UP  HA READY  Detailed state of the device selected for HA storage:  Chassis 1, serial: FOX1450H4JK, state: active  dc101-A#  cluster lead  cluster force L1 and L2 ports Serial EEPROM Chassis
  • 8. High Availability (split brain issues) www.silantia.com8  Partition in space:  A partition in space occurs when the private network fails (no path from L1 to L1 and L2 to L2)  There is a risk of active-active management node.  Both nodes are demoted to subordinate and a quorun race begins.  The node that claims the most resources wins.  Partition in time:  A partition in time occurs when a node boots alone in the cluster.  Node compares its database version against the serial EEPROM and discovers that its version number is lower than current database version.  There is risk of applying an old configuration to UCS components.  This node will not become the active management node.
  • 10. Fault severity www.silantia.com10 Severity Description Critical A service-affecting condition that requires immediate corrective action. This severity might indicate that the managed object is out of service and its capability must be restored. Major A service-affecting condition that requires urgent corrective action, This severity might indicate a severe degradation in the capability of managed object and that its full capability must be restored. Minor A non-service impacting fault condition that requires corrective action to prevent a mode serious fault from occurring,. Warning A potential service-affecting fault that currently has no significant effects in the system. Condition An informational message about a condition, possibly independently insignificant. Info A basic notification or informational message, possibly independently insignificant.
  • 11. Fault states www.silantia.com11 State Description Active A fault was raised and it currently active Cleared A fault was raised but did not reoccur during the flapping interval. The condition that caused the fault has been resolved, and the fault has been cleared Flapping A fault was raised, cleared, and then raised again within a short time interval, known as flap interval. Soaking A fault raised and then cleared but since it was a flapping condition, the fault severity remains at its original active value, but this state indicates that condition that raised the fault has cleared.
  • 12. System Events settings www.silantia.com12 Admin Tab- >Fault,events and audit log -> Settings
  • 14. SNMP www.silantia.com14  All SNMP versions are supported. V1,v2c and v3.  Username and password is configurable on device for SNMP version 3.  Source IP address of all SNMP transaction uses cluster IP address.  Admin Tab -> Communication management -> Communication services -> SNMP
  • 16. Firmware www.silantia.com16  UCSM, IOM and Fabric interconnect upgrade  Following steps are done under Equipment-> firmware management - > Update/Activate firmware.  Activate Cisco UCS Manager new image  Activate the I/O modules new image  Activate the subordinate fabric interconnect new image  Manually failover the primary fabric interconnect to the fabric interconnect that has already been upgraded.  This step is done thru command line using following command  UCS-A (local-mgmt) # cluster {force primary | lead {a | b}}  Verify that the data path has been restored.  Activate the primary fabric interconnect new image  Note: During fabric interconnect upgrade each blade will lose one path but other path is available so fabric failover from UCS and/or vmware nic teaming should work.  Upon activating IOM image, does not reboot the IOM, IOM reboots and upgrade when connected fabric interconnect reboots and upgraded.
  • 17. Firmware www.silantia.com17  Host firmware packages.  Grouping of Adapter, BIOS, Board controller, Storage controller firmwares in to an entity which can be then used in service profile.  Management firmware packages.  Set of CIMC images for different kinds of blades.  When above applied to a service profile which is already associated it will trigger maintenance task. Depends on how it is scheduled this firmware updates will be applied.
  • 18. TAC Information www.silantia.com18  Go to Admin Tab click on All and then “Collect TAC specific information”
  • 19. TAC Information www.silantia.com19  cisco-ucspe# connect local-mgmt  cisco-ucspe(local-mgmt)# show tech-support  chassis Chassis  fex FEX (fabric-extender) Module  server Rack Server  ucsm UCSM  ucsm-mgmt UCSM Management(excludes fabric interconnect)  cisco-ucspe(local-mgmt)# show tech-support chassis 1 cimc 2  cisco-ucspe(local-mgmt)# show tech-support chassis 1 iom 1