Ten Tips for Successful Cisco UCS Deployments - Part One
Cisco has lots of excellent documentation for setting up its flexible Unified Computing System (UCS), but any seasoned IT professional understands that there are invariably a few tips and tricks that can only be learned the hard way—by making mistakes and learning from your errors.
But of course, mistakes can be costly, and they’re undoubtedly frustrating. As systems integrators, we’ve had the unique privilege of deploying several UCS and converged infrastructure solutions in numerous environments, so we’ve had the opportunity to amass a tidy collection of UCS deployment ‘gotchas.’
In the spirit of sharing, here are the first five of our top ten technical tips for anyone deep in the trenches of a UCS installation.
1. If you have DMZ virtual machines in your environment, consider whether the DMZ and normal VLANs can come down the same trunk wires. If not (that means you’ve probably have an inside production core and a DMZ core outside the firewall), then you have to implement a ‘Disjoint Layer 2’ design. It's not hard to set up, but it does have some rigid assumptions. For example, don’t overlap VLAN IDs, and—due to pinning rules—you should separate vNICs on the blades to go to each core.
2. The KVM IPs assigned to each blade go out the MGMT port, not the 10 GbE ports. The MGMT port doesn't support VLANs, so you need to use a normal access port. That means you’ll use three IPs for the FIs (1 VIP, and 1 for each FI) and then 1 IP for each blade in the environment on the same network over that 1 GbE link.
3. Unless you’re restricted by a CVD document or something similar, run UCS 2.1, also known by its code name "Del Mar,’ which came out late last year. We can’t recommend this highly enough—the firmware update procedure is vastly simplified, and it allows you to rename Service Profiles and run captive SANs, among other things.
4. If you can’t run UCS 2.1 and use a previous version instead, just be aware that you can't rename anything created in UCS. That especially goes for Service Profiles. What you see as the "name" in the UCS display is the unique key for that object in the XML file. If you change your naming convention, you’ll have to copy objects to make new ones instead of just renaming the old.
5. Unless you’re running UCS 2.1, any VLAN is accessible to any "organization" you set up for delegated security. Assigning VLANs to organizations was a new feature of 2.1. Without this feature, many people thought the admin environment insecure.
Be sure to check back here in a few days when we reveal our final five tips for successful UCS deployments. In the mean time, have you recently deployed a Cisco UCS? What did you learn from your experience? Feel free to share your own tips and tricks in the comments below.