© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 UCS UCS Central Best Practices Jeff Silberman

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Server Chassis Domain Single Datacenter GlobalDatacenters UCS Manager

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Administrative power is HIGHLY concentrated  Slightest changes can have broadest consequences Everything is “Opt-In” and “Bottom-Up” -Registration is Bottom Up -Global Policy Resolution is not the default -UCS Central does not “take control”. Control is given Migrate to Global Policies over time, as comfort increases o Global resolution can revert back to Local Global Policy resolution promotes administrative scalability UCS Central : -Depends on UCS Manager -Is an extension of UCS Manager and the UCS Management Model -Is NOT a replacement for UCS Manager

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Global Policies and Global Service Profiles Cluster-mode High Availability Statistics with optional External Database Support Improved Graphics Display Solid Fit For: Global Inventory Visibility, Global Faults, Global Operational Policies (Backups, TZ, DNS, …) Global Service Profiles for Net-new Workload

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 UCS Central 1.0(1a) works with UCSM and above UCS Central 1.1(1a) works with UCSM and above (UCSM recommended) 4 vCPUs, 12GB Memory Licenses: L-UCS-CTR-INI= L-UCS-CTR-LIC= 5

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Admin-defined grouping Any domain can only be in one DG at a time Domains are in “Ungrouped Domain Group” by default Operational Policies resolve on DGs Domains can move between DG’s --- but it might be disruptive Domain Group Policy Qualifications allow for “auto- join” in to a DG Hierarchical Policy resolution allows local overrides 6 Domain Group EUROPE Domain Group US Domain Group ASIA-PACIFIC Domain Group ASIA-PACIFIC Sub Domain Group DALLAS Sub Domain Group LOS ANGELES Sub Domain Group NEW YORK UCS Central

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 UCS Central 1.1(1a) supports either Local or LDAP LDAP Attribute-based authentication requires a schema change UCS Role to LDAP Group support is currently missing UCS Central uses “root” DG for authentication. If using global authentication, then do not populate the “root” DG with UCS domains 7

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 8

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 9

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Use “G-” prefix for Global Objects Avoid using “global-default” or “default” 10

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Maintain the default local policy resolution. Gain comfort and understanding, prior to a broader adoption of global policies Use “Import” when possible 13 Best Practice

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Use the UCS Platform Emulator Use UCS Central with Global Objects for Net-New Workload deployments Leave existing workloads in Locally managed mode, until end of lifecycle Local Affinity exists for External IP Pools and Boot Policies 14 Best Practice

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Just Do It UCS Central Objects can’t be automatically re-created from UCS backups  Domain Groups don’t’ exist in UCSM  Operational Policies terminate on Domain Groups 15 Best Practice

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 o Global Objects visible from “drop-down” menus, or “pulled in” to UCSM when needed upon deployment of Global Service Profiles --- but are not pushed upon creation o Maintenance Policies For user acknowledgement locally within UCSM, create and use Maintenance Policies based on “user-ack”. For acknowledgement within UCS Central, chose “timer-automatic”, and select a Schedule that uses the “user-ack”option. o Host OS version coverage. Check release notes o External Statistics Database is not backed up automatically o UCSM may require a forced Time sync o Avoid Hypervisor Resource Contention with other VMs o Cluster HA Mode requires proper configuration of Shared Disk 16

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 UCS Central Admin policies are in “root” DG LDAP Authentication missing Group mappings Adopting Global IDs causes service interruption in UCSM and Global UUID Pools can’t be easily adopted for existing workload Domain Group Re-assignment based on DG Policy now requires “Re-evaluate Membership” Server Pool members are not masked by RBAC Fault Summary occasionally goes blank Host FW and Maintenance Policies now under “Orgs” instead of DG’s (some backward compatibility issues exist) VLANs can appear unreferenced Default FCoE VLAN is “1” (VHBAs won’t configure, since VLAN conflicts with “default”) VLANs and VSANs may persist locally, even if domain is de-registered Local backups will not have global references Moving objects from Local to Global mode (or back) is not supported SDK programmability is a work in progress 17

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 18 The UCS Community Space UCS Central Release Notes The UCS Central Best Practice Guide The UCS Platform Emulator

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Be Conservative Create a Test/Dev Sandbox, using PE’s to get comfortable o PE’s can even be populated from live UCSM configs UCS Central is the most important and ambitious product since UCS Manager itself With Great Power Comes Great Responsibility Please Be Careful

Thank you.