How to configure Cisco UCS for LDAP and Active Directory authentication

I was helping out a team member with setting up AD authentication on a UCS chassis in our internal lab. It looked to be a pretty easy task but turned out to be a dog fight. In the end it was easy but I found a few errors in the Cisco document that explains how to configure LDAP for Cisco UCS. I will point out the items that caused me grief.

In the end its now working as expected and is a great feature to put to use. With so many different pieces of equipment in your environments being able to have a unified log in is much better than trying to remember 20 different local ID’s.

You can download and view a copy of the LDAP for Cisco UCS guide from here or a Google search will turn up the same thing.

Error #1

In the “Creating LDAP Provider” section the main part that tripped me up was the following.

If you refer to the image below shows the highlighted portion according to the document. I have updated the instruction below. Once I changed this the authentication worked immediately. Before changing it would just fail and according to the logs on the AD server it was not even making the attempt and failing.

c) This should be the string for the Bind user that you created earlier in the document. Example below

BindDN value is CN=ucsbind,OU=CiscoUCS,DC=sampledesign,DC=com

Error #2

This section in the collecting information section was also wrong. It did not cause me any issues but did require me to go back and read things a few more times to make sure.

In part d it references OU=CiscoUsers in the string. But the instructions never requested us to create this OU. It should just be the OU=CiscoUCS that you did create. Nothing to cause you issue just to clear things up.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Cisco Fabric Manager Install Walkthrough

Security:  a necessity for all the right reasons.  But it can play hell with the installation of those much-needed applications.  Recently, during the implementation for a customer, a number of Cisco Nexus series switches have been deployed into fresh new environments, ready to allow for connectivity into new virtualized environments.  During the Fabric Manager install, we ran into a number of challenges during the install and I thought it would be helpful to capture the steps that we took.  These steps should work in just about any environment.

The Windows 2008 x64 image being used for the basis of the install for the application servers (vCenter, Fabric Manager and Netapp utilities server, etc) is very security focused, and as such, can be a real pain for application installs.  In this case, for Fabric Manager (version 5.0.4b), we did the following:

1)      Unzip Fabric Manager, and double click your way into the software folder

2)      Install Java from jre-1_5_0_11-windows-i586-p.exe by right clicking and choosing Run as Administrator.  One thing of note:  this was a fresh install and did not have an existing install of Java.  As I’m sure we all know how fussy Java can be, I would recommend this being installed in a location that does not require any additional Java-oriented applications

3)      Once installed, I had to put the java bin folder into the PATH for the server, else I could not get the Fabric Manager installer to run correctly.  (this is the path: C:Program Files (x86)Javajre1.5.0_11bin)

4)      Next, head into the postres folder (located in the software folder, same as the java installer), then the Windows folder and run postgresql-8.2.msi. This will install the Postgres database that will be used for Fabric Manager.  During the install, we accepted the default components, then set the password for the service that it would run as (you can choose the name, the default is postgres).  This will also create the account for you as part of this process:

5)      Next you will be able to give the superuser account for Postgres a password, and remain the account should you want to.  You should also set the locale (English, United States in our case):

6)      The procedural languages selection is fairly straightforward, as only PL/pgsql is available as a choice.

7)      For the enable contrib modules, I leave the default selected (Adminpack.)

8)      The install should continue and complete.  When it is done, we need to now create the database that will be used for Fabric Manager

9)      Launch pgAdmin III from the start menu:

10)   On initial launch, you will see it the admin gui is disconnected from the default postgres instance.  Right click and choose Connect, then enter your password you created during install:

11)   To create a database for Fabric Manager, right click on the default instance and select New Database:

12)   You can name the database whatever you prefer, but make sure to set the Owner to the user postgres:

13)   Now it’s time to launch the fabric manager installer (finally, right?).  You can do so from the start.html .  Don’t worry if you get an unsupported environment pop up, just hit okay and choose a Custom install

14)   We went with the Standalone install, and when the Database Options appears, make sure to select Use Existing DB, set the DB superuser account (postgres by default) and the password that you set during the install for Postgressql, and set the DB URL to have the name of the database you created in place of “dcmdb”

15)   Set the local fabric manager user (defaults to admin, we used fmadmin) and set the password:

16)   For the Authentication Options, since these are standalone installs, the mode we are using is Local

17)   And for Configuration Options, we check both the “Use FC Alias as fabric default” and “Require SNMPv3 and disable SNMPv2c for increased security”.

At this point, you should get the Fabric Manager and Device Manager icons on your desktop, and you should be all ready to go.  Hopefully this will help should you try the Express install and run afoul of the many issues of security that can come up during application installs.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Cisco UCS Service Profile videos from Cisco Datacenter YouTube

I noticed some new videos recently released to a Cisco Channel on Youtube. These videos are explaining some of the features of UCS service profiles. This set of videos is showing off some of the cool things that can be done with Service Profiles and what the console looks like.

I will be creating some posts myself over time about these same features.

This next video is walking you through the creation of the Service Profile and explains the ability to create an Updating Service Profile that will update child templates created from it. This would help you keep those profiles all in compliance with your changes.

The next video talks about creating your UCS service profiles and pre-provisioning servers before the blade servers arrive. This method allows for you to do the work up front then when the blades arrive just install them and your work is done already.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Some little things that make Cisco UCS awesome

I was recently introduced to Cisco UCS and have been really enjoying working with the product. After working with HP, Dell and IBM products for almost 20 years it has been a refreshing change. Sure I was keeping an eye on what Cisco was doing with UCS and reading what others have been writing. But after working with the UCS and sitting for the UCS class I am a firm believer in what they have created now.

So I figured that it would be good just to write down a few of the little things that have impressed me so far. I will be writing a lot more about UCS in the coming weeks. But these are just some UCS features that I thought were cool.

This is no surprise but does the back of your server rack look this clean? Unless you have a UCS blade chassis I doubt it does. Sure other vendors have been creating Blade Chassis for years and they have done many things to cut down on cable clutter. But nothing comes close to making things this simple and clean.

The next one is maybe not so much a technology innovation but it’s just something so simple that I can’t believe no one has done this before. On each UCS blade server that is a little paper card that flips out. This can be used to write server names, put asset tags or other labeling details. No more are the days were you are forced to paste labels on the front of servers reducing the air flow by partially covering up some of the vents. This seems so dang easy but I’ve not seen any other vendor do this yet.

This will probably have people split on if its good or bad. Every UCS blade and C series rack mount server has the console port on the front and you can use the dongle in the picture below to access. The UCS dongle provides you with a video port, 2 USB ports and a 9 pin serial connection. This gives you the ability to connect monitor, keyboard and mouse to any blade or server. You could also use it for a console connection to a nearby switch if your laptop like many does not have a serial port. Sure others will probably say why would you want this when I just cable up my chassis to a KVM and forget about it. But after years of working with remote data centers and having a wide variety of skilled and non-skilled works there to be your hands in a crisis. This makes things dead simple just connect this dongle to server 1 and what do you see on the screen. No more try to remotely talk someone through how to use a KVM and never really being sure if they are looking at the right screen.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Cisco unveils Cius Android tablet with HD video

Today Cisco announce a sweet looking Android based Tablet. The tablet will offer HD video streaming, real-time video, multi-party conferencing, plus all the regular tablet functions like messaging, email, and browsing. The expected release date should be some time in first quarter of 2011. Full press release listed below.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More
%d bloggers like this: