SlideShare a Scribd company logo

Ucs security part2

Download as PPTX, PDF
Krunal Shah
Krunal Shah

This document provides information on various topics related to UCS security including system policies, high availability, system events, SNMP, firmware, and TAC information. It discusses how high availability is achieved in UCS through clustering of fabric interconnects, replication of data between nodes, and use of chassis EEPROM. It also describes fault states, severity levels, and how to view system events and collect TAC support information.

1 of 19
Downloaded 16 times
UCS Security www.silantia.com1  System Policies  High Availability  System Events  SNMP  Firmware  TAC Information
System Policies www.silantia.com2
Overview of High Availability www.silantia.com3
High Availability www.silantia.com4  Two fabric interconnects two IOM per chassis so two data paths. Per blade.  Clustering of FI requires same UCS manager version and same model of FI.  Clustering is done thru L1 and L2 port on Fabric interconnect. These ports are non-configurable.  L1-L2 ports 1000BaseTX using straight through Cat6 cable  Pre-configured to run LACP and CDP.  Links are 802.3ad bond managed by underlying OS.
High Availability www.silantia.com5  Cisco UCS manager controller:  Distributed application runs on both the primary and subordinate UCS manager instance  Each instance is represented by node ID  Separate process running on Cisco NX-OS  Defines running mode UCS manager processes  Cisco NX-OS:  Starts all Cisco UCS manager processes  Monitors and restart UCS manager processes.
High Availability www.silantia.com6  Local Storage:  NVRAM and flash stores static data  Read and written but local Cisco UCS manager instance  Replicated when both nodes are up  Chassis EEPROM  Serial EEPROM stores state data  Upto 3 chassis has its EEPROM written with state information in two partitions.  Read and written by both chassis management controller  Used to assist the Cisco UCS manager in determining state of the cluster.
Viewing and Changing Management HA www.silantia.com7  connect local-mgmt  dc101-A# sh cluster extended-state  Cluster Id: 0x898942147f8311e2-0x8af9547feeed8104  Start time: Sun May 26 18:36:30 2013  Last election time: Sun May 26 18:36:33 2013  A: UP, PRIMARY  B: UP, SUBORDINATE  A: memb state UP, lead state PRIMARY, mgmt services state: UP  B: memb state UP, lead state SUBORDINATE, mgmt services state: UP  heartbeat state PRIMARY_OK  INTERNAL NETWORK INTERFACES:  eth1, UP  eth2, UP  HA READY  Detailed state of the device selected for HA storage:  Chassis 1, serial: FOX1450H4JK, state: active  dc101-A#  cluster lead  cluster force L1 and L2 ports Serial EEPROM Chassis
High Availability (split brain issues) www.silantia.com8  Partition in space:  A partition in space occurs when the private network fails (no path from L1 to L1 and L2 to L2)  There is a risk of active-active management node.  Both nodes are demoted to subordinate and a quorun race begins.  The node that claims the most resources wins.  Partition in time:  A partition in time occurs when a node boots alone in the cluster.  Node compares its database version against the serial EEPROM and discovers that its version number is lower than current database version.  There is risk of applying an old configuration to UCS components.  This node will not become the active management node.
System Events www.silantia.com9
Fault severity www.silantia.com10 Severity Description Critical A service-affecting condition that requires immediate corrective action. This severity might indicate that the managed object is out of service and its capability must be restored. Major A service-affecting condition that requires urgent corrective action, This severity might indicate a severe degradation in the capability of managed object and that its full capability must be restored. Minor A non-service impacting fault condition that requires corrective action to prevent a mode serious fault from occurring,. Warning A potential service-affecting fault that currently has no significant effects in the system. Condition An informational message about a condition, possibly independently insignificant. Info A basic notification or informational message, possibly independently insignificant.
Fault states www.silantia.com11 State Description Active A fault was raised and it currently active Cleared A fault was raised but did not reoccur during the flapping interval. The condition that caused the fault has been resolved, and the fault has been cleared Flapping A fault was raised, cleared, and then raised again within a short time interval, known as flap interval. Soaking A fault raised and then cleared but since it was a flapping condition, the fault severity remains at its original active value, but this state indicates that condition that raised the fault has cleared.
System Events settings www.silantia.com12 Admin Tab- >Fault,events and audit log -> Settings
SNMP www.silantia.com13
SNMP www.silantia.com14  All SNMP versions are supported. V1,v2c and v3.  Username and password is configurable on device for SNMP version 3.  Source IP address of all SNMP transaction uses cluster IP address.  Admin Tab -> Communication management -> Communication services -> SNMP
Firmware www.silantia.com15
Firmware www.silantia.com16  UCSM, IOM and Fabric interconnect upgrade  Following steps are done under Equipment-> firmware management - > Update/Activate firmware.  Activate Cisco UCS Manager new image  Activate the I/O modules new image  Activate the subordinate fabric interconnect new image  Manually failover the primary fabric interconnect to the fabric interconnect that has already been upgraded.  This step is done thru command line using following command  UCS-A (local-mgmt) # cluster {force primary | lead {a | b}}  Verify that the data path has been restored.  Activate the primary fabric interconnect new image  Note: During fabric interconnect upgrade each blade will lose one path but other path is available so fabric failover from UCS and/or vmware nic teaming should work.  Upon activating IOM image, does not reboot the IOM, IOM reboots and upgrade when connected fabric interconnect reboots and upgraded.
Firmware www.silantia.com17  Host firmware packages.  Grouping of Adapter, BIOS, Board controller, Storage controller firmwares in to an entity which can be then used in service profile.  Management firmware packages.  Set of CIMC images for different kinds of blades.  When above applied to a service profile which is already associated it will trigger maintenance task. Depends on how it is scheduled this firmware updates will be applied.
TAC Information www.silantia.com18  Go to Admin Tab click on All and then “Collect TAC specific information”
TAC Information www.silantia.com19  cisco-ucspe# connect local-mgmt  cisco-ucspe(local-mgmt)# show tech-support  chassis Chassis  fex FEX (fabric-extender) Module  server Rack Server  ucsm UCSM  ucsm-mgmt UCSM Management(excludes fabric interconnect)  cisco-ucspe(local-mgmt)# show tech-support chassis 1 cimc 2  cisco-ucspe(local-mgmt)# show tech-support chassis 1 iom 1
Ad

Recommended

Vpc notes
Vpc notesVpc notes
Vpc notes
Krunal Shah
 
Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...
crojasmo
 
vPC_Final
vPC_FinalvPC_Final
vPC_Final
Pratik Bhide
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOME
networkershome
 
Otv notes
Otv notesOtv notes
Otv notes
Krunal Shah
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOME
networkershome
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
Aruba, a Hewlett Packard Enterprise company
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)
KHNOG
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
APNIC
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebula Project
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wireless
kratos2424
 
VXLAN
VXLANVXLAN
VXLAN
SAliyev1
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
ASHISH SEHGAL
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
irbas
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
David Lapsley
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
ronsito
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
Muhd Mu'izuddin
 
VTP
VTPVTP
VTP
Haidar-Mohammed
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtp
Hector Camba Lainez
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
igede tirtanata
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwarding
Mohammed Umair
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
Cumulus Networks
 
Configure vtp
Configure vtpConfigure vtp
Configure vtp
Javier Jimenez
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN Routing
Netwax Lab
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
Aruba, a Hewlett Packard Enterprise company
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
Milton Bengui
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlan
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29
Varun Mahajan
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-scheduling
Olivier Cervello
 
Ad

More Related Content

What's hot (20)

Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
APNIC
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebula Project
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wireless
kratos2424
 
VXLAN
VXLANVXLAN
VXLAN
SAliyev1
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
ASHISH SEHGAL
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
irbas
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
David Lapsley
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
ronsito
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
Muhd Mu'izuddin
 
VTP
VTPVTP
VTP
Haidar-Mohammed
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtp
Hector Camba Lainez
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
igede tirtanata
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwarding
Mohammed Umair
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
Cumulus Networks
 
Configure vtp
Configure vtpConfigure vtp
Configure vtp
Javier Jimenez
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN Routing
Netwax Lab
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
Aruba, a Hewlett Packard Enterprise company
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
Milton Bengui
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlan
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
APNIC
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebula Project
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wireless
kratos2424
 
VXLAN
VXLANVXLAN
VXLAN
SAliyev1
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
ASHISH SEHGAL
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
irbas
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
David Lapsley
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
ronsito
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
Muhd Mu'izuddin
 
VTP
VTPVTP
VTP
Haidar-Mohammed
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtp
Hector Camba Lainez
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
igede tirtanata
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwarding
Mohammed Umair
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
Cumulus Networks
 
Configure vtp
Configure vtpConfigure vtp
Configure vtp
Javier Jimenez
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN Routing
Netwax Lab
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
Aruba, a Hewlett Packard Enterprise company
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
Milton Bengui
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlan
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 

Similar to Ucs security part2 (20)

Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29
Varun Mahajan
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-scheduling
Olivier Cervello
 
RR_07 Maint Monitoring and Tshooting.pptx
RR_07 Maint Monitoring and Tshooting.pptxRR_07 Maint Monitoring and Tshooting.pptx
RR_07 Maint Monitoring and Tshooting.pptx
joomaverick007
 
NSA Basical Procedure Introduction EMERSON EDUARDO RODRIGUES EMERSON EDUARDO...
NSA Basical Procedure Introduction EMERSON EDUARDO RODRIGUES EMERSON EDUARDO...NSA Basical Procedure Introduction EMERSON EDUARDO RODRIGUES EMERSON EDUARDO...
NSA Basical Procedure Introduction EMERSON EDUARDO RODRIGUES EMERSON EDUARDO...
EMERSON EDUARDO RODRIGUES
 
1-NSA Basical Precedure Introduction -trainning EMERSON EDUARDO RODRIGUES
1-NSA Basical Precedure Introduction -trainning EMERSON EDUARDO RODRIGUES1-NSA Basical Precedure Introduction -trainning EMERSON EDUARDO RODRIGUES
1-NSA Basical Precedure Introduction -trainning EMERSON EDUARDO RODRIGUES
EMERSON EDUARDO RODRIGUES
 
Cisco asa active,active failover configuration
Cisco asa active,active failover configurationCisco asa active,active failover configuration
Cisco asa active,active failover configuration
IT Tech
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
 
Pms System Training
Pms System TrainingPms System Training
Pms System Training
vkmalik
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
Lori Head
 
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
EMERSON EDUARDO RODRIGUES
 
lecciones ccna3
lecciones ccna3lecciones ccna3
lecciones ccna3
luisalfredoa9
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
ssusere31b5c
 
BKK16-208 EAS
BKK16-208 EASBKK16-208 EAS
BKK16-208 EAS
Linaro
 
Fault tolerance
Fault toleranceFault tolerance
Fault tolerance
Aman Balutia
 
data-link layer protocols
data-link layer protocols data-link layer protocols
data-link layer protocols
BE Smârt
 
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsHA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy Groups
Kashif Latif
 
Analysis optimization and monitoring system
Analysis optimization and monitoring system Analysis optimization and monitoring system
Analysis optimization and monitoring system
slmnsvn
 
Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9
encikkidal
 
Q2.12: Power Management Across OSs
Q2.12: Power Management Across OSsQ2.12: Power Management Across OSs
Q2.12: Power Management Across OSs
Linaro
 
OSX Complex Application Challenge Architecture
OSX Complex Application Challenge ArchitectureOSX Complex Application Challenge Architecture
OSX Complex Application Challenge Architecture
CocoaHeads France
 
Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29Hibernation in Linux 2.6.29
Hibernation in Linux 2.6.29
Varun Mahajan
 
Implementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-schedulingImplementation of MAC-level sleep-scheduling
Implementation of MAC-level sleep-scheduling
Olivier Cervello
 
RR_07 Maint Monitoring and Tshooting.pptx
RR_07 Maint Monitoring and Tshooting.pptxRR_07 Maint Monitoring and Tshooting.pptx
RR_07 Maint Monitoring and Tshooting.pptx
joomaverick007
 
NSA Basical Procedure Introduction EMERSON EDUARDO RODRIGUES EMERSON EDUARDO...
NSA Basical Procedure Introduction EMERSON EDUARDO RODRIGUES EMERSON EDUARDO...NSA Basical Procedure Introduction EMERSON EDUARDO RODRIGUES EMERSON EDUARDO...
NSA Basical Procedure Introduction EMERSON EDUARDO RODRIGUES EMERSON EDUARDO...
EMERSON EDUARDO RODRIGUES
 
1-NSA Basical Precedure Introduction -trainning EMERSON EDUARDO RODRIGUES
1-NSA Basical Precedure Introduction -trainning EMERSON EDUARDO RODRIGUES1-NSA Basical Precedure Introduction -trainning EMERSON EDUARDO RODRIGUES
1-NSA Basical Precedure Introduction -trainning EMERSON EDUARDO RODRIGUES
EMERSON EDUARDO RODRIGUES
 
Cisco asa active,active failover configuration
Cisco asa active,active failover configurationCisco asa active,active failover configuration
Cisco asa active,active failover configuration
IT Tech
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
 
Pms System Training
Pms System TrainingPms System Training
Pms System Training
vkmalik
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
Lori Head
 
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
1-NSA Basical Precedure Introduction -trainning 5G RADIO FREQUENCY EMERSON E...
EMERSON EDUARDO RODRIGUES
 
lecciones ccna3
lecciones ccna3lecciones ccna3
lecciones ccna3
luisalfredoa9
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
ssusere31b5c
 
BKK16-208 EAS
BKK16-208 EASBKK16-208 EAS
BKK16-208 EAS
Linaro
 
Fault tolerance
Fault toleranceFault tolerance
Fault tolerance
Aman Balutia
 
data-link layer protocols
data-link layer protocols data-link layer protocols
data-link layer protocols
BE Smârt
 
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsHA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy Groups
Kashif Latif
 
Analysis optimization and monitoring system
Analysis optimization and monitoring system Analysis optimization and monitoring system
Analysis optimization and monitoring system
slmnsvn
 
Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9Cymphonix active-passive high availability v9
Cymphonix active-passive high availability v9
encikkidal
 
Q2.12: Power Management Across OSs
Q2.12: Power Management Across OSsQ2.12: Power Management Across OSs
Q2.12: Power Management Across OSs
Linaro
 
OSX Complex Application Challenge Architecture
OSX Complex Application Challenge ArchitectureOSX Complex Application Challenge Architecture
OSX Complex Application Challenge Architecture
CocoaHeads France
 
Ad

More from Krunal Shah (7)

Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-ps
Krunal Shah
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part ii
Krunal Shah
 
Nexus 1000v
Nexus 1000vNexus 1000v
Nexus 1000v
Krunal Shah
 
Ha nsf notes
Ha nsf notesHa nsf notes
Ha nsf notes
Krunal Shah
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
Krunal Shah
 
Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2
Krunal Shah
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
Krunal Shah
 
Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-ps
Krunal Shah
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part ii
Krunal Shah
 
Nexus 1000v
Nexus 1000vNexus 1000v
Nexus 1000v
Krunal Shah
 
Ha nsf notes
Ha nsf notesHa nsf notes
Ha nsf notes
Krunal Shah
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
Krunal Shah
 
Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2
Krunal Shah
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
Krunal Shah
 
Ad

Recently uploaded (20)

Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 

Ucs security part2

  • 1. UCS Security www.silantia.com1  System Policies  High Availability  System Events  SNMP  Firmware  TAC Information
  • 3. Overview of High Availability www.silantia.com3
  • 4. High Availability www.silantia.com4  Two fabric interconnects two IOM per chassis so two data paths. Per blade.  Clustering of FI requires same UCS manager version and same model of FI.  Clustering is done thru L1 and L2 port on Fabric interconnect. These ports are non-configurable.  L1-L2 ports 1000BaseTX using straight through Cat6 cable  Pre-configured to run LACP and CDP.  Links are 802.3ad bond managed by underlying OS.
  • 5. High Availability www.silantia.com5  Cisco UCS manager controller:  Distributed application runs on both the primary and subordinate UCS manager instance  Each instance is represented by node ID  Separate process running on Cisco NX-OS  Defines running mode UCS manager processes  Cisco NX-OS:  Starts all Cisco UCS manager processes  Monitors and restart UCS manager processes.
  • 6. High Availability www.silantia.com6  Local Storage:  NVRAM and flash stores static data  Read and written but local Cisco UCS manager instance  Replicated when both nodes are up  Chassis EEPROM  Serial EEPROM stores state data  Upto 3 chassis has its EEPROM written with state information in two partitions.  Read and written by both chassis management controller  Used to assist the Cisco UCS manager in determining state of the cluster.
  • 7. Viewing and Changing Management HA www.silantia.com7  connect local-mgmt  dc101-A# sh cluster extended-state  Cluster Id: 0x898942147f8311e2-0x8af9547feeed8104  Start time: Sun May 26 18:36:30 2013  Last election time: Sun May 26 18:36:33 2013  A: UP, PRIMARY  B: UP, SUBORDINATE  A: memb state UP, lead state PRIMARY, mgmt services state: UP  B: memb state UP, lead state SUBORDINATE, mgmt services state: UP  heartbeat state PRIMARY_OK  INTERNAL NETWORK INTERFACES:  eth1, UP  eth2, UP  HA READY  Detailed state of the device selected for HA storage:  Chassis 1, serial: FOX1450H4JK, state: active  dc101-A#  cluster lead  cluster force L1 and L2 ports Serial EEPROM Chassis
  • 8. High Availability (split brain issues) www.silantia.com8  Partition in space:  A partition in space occurs when the private network fails (no path from L1 to L1 and L2 to L2)  There is a risk of active-active management node.  Both nodes are demoted to subordinate and a quorun race begins.  The node that claims the most resources wins.  Partition in time:  A partition in time occurs when a node boots alone in the cluster.  Node compares its database version against the serial EEPROM and discovers that its version number is lower than current database version.  There is risk of applying an old configuration to UCS components.  This node will not become the active management node.
  • 10. Fault severity www.silantia.com10 Severity Description Critical A service-affecting condition that requires immediate corrective action. This severity might indicate that the managed object is out of service and its capability must be restored. Major A service-affecting condition that requires urgent corrective action, This severity might indicate a severe degradation in the capability of managed object and that its full capability must be restored. Minor A non-service impacting fault condition that requires corrective action to prevent a mode serious fault from occurring,. Warning A potential service-affecting fault that currently has no significant effects in the system. Condition An informational message about a condition, possibly independently insignificant. Info A basic notification or informational message, possibly independently insignificant.
  • 11. Fault states www.silantia.com11 State Description Active A fault was raised and it currently active Cleared A fault was raised but did not reoccur during the flapping interval. The condition that caused the fault has been resolved, and the fault has been cleared Flapping A fault was raised, cleared, and then raised again within a short time interval, known as flap interval. Soaking A fault raised and then cleared but since it was a flapping condition, the fault severity remains at its original active value, but this state indicates that condition that raised the fault has cleared.
  • 12. System Events settings www.silantia.com12 Admin Tab- >Fault,events and audit log -> Settings
  • 14. SNMP www.silantia.com14  All SNMP versions are supported. V1,v2c and v3.  Username and password is configurable on device for SNMP version 3.  Source IP address of all SNMP transaction uses cluster IP address.  Admin Tab -> Communication management -> Communication services -> SNMP
  • 16. Firmware www.silantia.com16  UCSM, IOM and Fabric interconnect upgrade  Following steps are done under Equipment-> firmware management - > Update/Activate firmware.  Activate Cisco UCS Manager new image  Activate the I/O modules new image  Activate the subordinate fabric interconnect new image  Manually failover the primary fabric interconnect to the fabric interconnect that has already been upgraded.  This step is done thru command line using following command  UCS-A (local-mgmt) # cluster {force primary | lead {a | b}}  Verify that the data path has been restored.  Activate the primary fabric interconnect new image  Note: During fabric interconnect upgrade each blade will lose one path but other path is available so fabric failover from UCS and/or vmware nic teaming should work.  Upon activating IOM image, does not reboot the IOM, IOM reboots and upgrade when connected fabric interconnect reboots and upgraded.
  • 17. Firmware www.silantia.com17  Host firmware packages.  Grouping of Adapter, BIOS, Board controller, Storage controller firmwares in to an entity which can be then used in service profile.  Management firmware packages.  Set of CIMC images for different kinds of blades.  When above applied to a service profile which is already associated it will trigger maintenance task. Depends on how it is scheduled this firmware updates will be applied.
  • 18. TAC Information www.silantia.com18  Go to Admin Tab click on All and then “Collect TAC specific information”
  • 19. TAC Information www.silantia.com19  cisco-ucspe# connect local-mgmt  cisco-ucspe(local-mgmt)# show tech-support  chassis Chassis  fex FEX (fabric-extender) Module  server Rack Server  ucsm UCSM  ucsm-mgmt UCSM Management(excludes fabric interconnect)  cisco-ucspe(local-mgmt)# show tech-support chassis 1 cimc 2  cisco-ucspe(local-mgmt)# show tech-support chassis 1 iom 1