Cisco UCS Director Administration Guide, Release 5.1

(1)

Cisco UCS Director Administration Guide, Release 5.1

First Published: September 29, 2014

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883

(2)

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright©_{1981, Regents of the University of California.}

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:http://

www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

(3)

C O N T E N T S

P r e f a c e Preface xv

Audience xv

Conventions xv

Documentation Feedback xvii

Obtaining Documentation and Submitting a Service Request xvii

C H A P T E R 1 New and Changed Information for this Release 1

New and Changed Information for this Release 1

C H A P T E R 2 Overview 3

About Cisco UCS Director 3

Features and Benefits 4

Physical and Virtual Management Features 5

Model-Based Orchestration 6

Wizards in Cisco UCS Director 6

Initial Login 7

Recommended Order of System Setup 7

C H A P T E R 3 Managing Users and Groups 9

Managing User Roles 9

Adding a User Role 10

Managing User Types 11

Default User Permissions 11

All Policy Admin 11

Billing Admin 13

(4)

IS Admin 19

Network Admin 21

Operator 22

Service End User 24

Storage Admin 26

User Roles and Permissions 28

Managing Groups 31

Creating a Group or Customer Organization 31

Password Policy 32

Creating a Password Policy 32

Group Budget Policy 33

Viewing and Editing a Group Budget Policy 33

Resource Limits 34

Viewing Resource Limits 34

Editing Resource Limits 34

Configuring the Administration Profile 36

Creating the Admin Profile 36

Changing the Admin Password 37

Adding Users 37

Viewing Current Online Users 39

Managing User Access Profiles 39

Multi-Role Access Profiles 39

Creating a User Access Profile 39

Editing User Access Profile 40

Deleting a User Access Profile 41

Logging in to a Profile 41

Delete Profile 41

Changing Default Profile 41

Authentication and LDAP Integration 42

Configuring Authentication Preferences 42

LDAP Integration 43

LDAP Integration Rules and Limitations 44

Managing LDAP Integration 44

Configuring LDAP Servers 45

(5)

Testing LDAP Server Connectivity 48

Adding LDAP Search BaseDN Entries 48

Executing LDAP Synchronization System Task 48

Modifying LDAP Server Details 49

Deleting LDAP Server Information 50

Single Sign On 50

Enabling a Single Sign-On 50

Branding Groups and Customer Organizations 51

Login Page Branding 52

Configuring Custom Domain Logo 52

C H A P T E R 4 Managing System Administration Settings 53

Setting Up the Outgoing Mail Server 53

Working with Email Templates 54

Adding an Email Template 55

Previewing an Email Template 56

Setting a Default Email Template 56

Configuring System Parameters (Optional) 56

Configuring System Parameters 56

Configuring Infrastructure System Parameters (Optional) 58

Updating the License 58

Verifying License Utilization 58

Viewing License Utilization History 59

Viewing Resource Usage Data 59

Edit Application Categories 60

Customizing the Portal 61

Customizing the Login Page and Background Images 61

Customizing the Application Logo 61

Customizing Favicons 62

Customizing Application Header 62

Customizing Date Display 63

Customizing the Color Theme 64

Customizing Logout Redirect 64

Customizing Reports 64

(6)

Enabling Advanced Controls 65

User Menus 66

Setting User Menus 66

Setting User Permissions 67

Managing System Tasks 67

Creating a Node Pool 67

Creating System Task Policy 68

Assigning a Node Pool to System Policy Task 68

Creating a Service Node 69

Assigning a System Policy to a System Task 70

Executing System Tasks 70

Disabling a System Task 70

Managing Icons 71 Adding an Icon 71 Editing an Icon 72 Deleting an Icon 72 Previewing an Icon 72 Tag Library 73 Creating a Tag 73 Editing a Tag 74 Cloning a Tag 76 Deleting a Tag 77 Support Information 78

Viewing Support Information 78

Viewing System Information 78

Showing Logs 78

Downloading the Logs 78

Starting the Debug Log 78

C H A P T E R 5 Managing Integration Settings 81

Configuration Management Database Integration 81

Setting Up CMBD Integration 81

Metering Data Export 82

Setting Up Metering Data Export 82

(7)

Viewing Change Records 83

System Logs 83

Setting Up System Logs 83

Storage and OVF Upload 84

Multiple Language Support 84

C H A P T E R 6 Managing a Physical Infrastructure 85

About Managing a Physical Infrastructure 85

Adding a Site 85

Adding a Pod 86

Adding a Physical Account 87

Adding a Multi-Domain Manager Account 89

Adding a Network Element 90

Enabling DHCP Logging 91

Testing Connectivity 92

Testing Connectivity of Managed Network Elements 92

Testing the Connection to a Physical Account 92

Enabling Device Discovery 93

C H A P T E R 7 Managing a Virtual Infrastructure 95

About Managing WMware 95

Creating a Cloud 95

Downloading the PowerShell Agent Installer 97

Creating a PowerShell Agent 97

Verifying Cloud Discovery and Connectivity 98

Testing the Connection 98

Viewing vCenter Plug-ins 98

C H A P T E R 8 Managing Policies 99

Policies 99

Computing Policies 99

Creating a Computing Policy 100

Data Collection Policy 102

Configuring a Data Collection Policy for a Virtual Account 102

(8)

About Group Share Policy 103

Creating a Group Share Policy 104

Storage Policies 104

Storage Policies for Multiple VM Disks 105

Adding and Configuring a Storage Policy 105

Virtual Storage Catalogs 107

Configuring a Virtual Storage Catalog 107

Network Policies 108

Adding a Static IP Pool Policy 108

Adding a Network Policy 109

Networking Provisioning Policies 111

Configuring a Network Provisioning Policy 111

VLAN Pool Policies 112

Configuring a VLAN Pool Policy 113

System Policies 113

Configuring a System Policy 113

OS Licenses 116

Adding an OS License 116

About End User Self-Service Policy 117

Creating an End User Policy 118

C H A P T E R 9 Managing Virtual Data Centers 119

About Managing Virtual Data Centers 119

VDC Actions 120

Adding a Virtual Data Center 120

Viewing a Virtual Data Center 122

Editing a Virtual Data Center 123

Deleting a Virtual Data Center 125

Cloning a Virtual Data Center 125

Managing Application Categories in a Virtual Data Centers 127

Virtual Data Center Service Profiles 128

Adding a Virtual Data Center Service Profile 128

C H A P T E R 1 0 Managing Catalogs 131

(9)

Publishing a Catalog 132

About Publishing Advanced Catalogs 137

Publishing Advanced Catalogs 137

Viewing a Catalog 138

Editing a Catalog 139

Reordering Catalogs Within a Folder 143

Cloning a Catalog 143

Deleting a Catalog 144

Accessing Hosts for Deployment 144

Re-ordering Catalog Folders 145

C H A P T E R 1 1 Using Self-Service Provisioning 147

About Self Service Provisioning 147

About Service Requests 147

Creating a Service Request with Catalog Type—Standard 148

Creating a Service Request with Catalog Type—Advanced 151

Service Request Workflow and Details 151

Service Request Workflow 152

Service Request Details 152

Viewing the Workflow Status of a Service Request 154

Viewing Log Details for a Service Request 154

About Scheduling a Service Request 154

Scheduling Service Requests 155

About Resubmitting a Service Request 155

Resubmitting a Service Request 155

Other Service Request Functions 156

Canceling a Service Request 156

Rolling Back a Service Request 156

Viewing Service Requests for a Particular Group 157

Searching the Service Requests History for a Group 157

Exporting the Service Requests History for a Group 157

Reinstating an Archived Service Request 158

Service Request Approval Process 158

Approving a Service Request 158

(10)

Viewing the Service Requests Approvals History 159

Searching the Service Request Approvals History 159

Exporting Service Request Approvals History 160

Service Request Budgeting 160

Viewing the Current Month Budget Availability 160

Viewing Budget Entries 160

Adding a Budget Entry 161

Editing a Budget Entry 161

Deleting a Budget Entry 162

C H A P T E R 1 2 Multiple Disk VM Provisioning 163

About Multiple Disk VM Provisioning 163

Workflow for Multiple Disk VM Provisioning 164

About Templates with Multiple Disks 164

Assigning Disk Categories 164

Defining Storage Policies 165

Creating a Storage Policy 165

Creating a Catalog 167

Adding a Catalog 167

Creating a VM Disk 172

C H A P T E R 1 3 Using the Chargeback Module 175

About Chargeback Features 175

Budget Policies 176

Configuring a Budget Policy 176

Cost Models 176

Creating a Cost Model 177

Modifying a VDC to Include a Cost Model 179

Adding a Cost Model to a VDC 179

Editing a VDC to Include a Cost Model 181

Package-Based Cost Models 181

Creating a Package-Based Cost Model 182

Storage Tier Cost Models 183

Assigning a Cost to a Tier 184

(11)

Assigning a Datastore to a Tier 184

Chargeback Reports 185

Viewing the Current Month Summary 186

Viewing the Previous Month’s Summary 186

Viewing Monthly Resource Accounting Information 186

Viewing the VM Level Resource Accounting Details 187

Viewing the VM Level Chargeback Details 187

Exporting the Monthly Resource Accounting Details 187

Exporting VM Level Resource Accounting Details 188

Exporting VM Level Chargeback Details 188

About Change Records 188

Accessing Change Records 189

Chargeback Calculations 189

C H A P T E R 1 4 System Monitoring and Reporting 191

Dashboard 191

Enabling the Dashboard 191

Adding Report Widgets 192

Refreshing Widget Data 192

Summary 192

Viewing Virtual Machine, Cloud and System Summary Information 192

Customizing Summary Report Widgets 193

Inventory Management 193

Accessing System Inventory Details 193

Resource Pools 194

Accessing Resource Details 194

Clusters 194

Accessing Clusters 194

Images 194

Accessing Images 195

Host Nodes 195

Accessing Host Nodes 195

Virtual Machines (VMs) 195

Accessing VMs 195

(12)

Topology 196

Accessing Topology Types 196

Assessment 197

Accessing Assessments 197

Reports 197

Accessing Reports 198

C H A P T E R 1 5 Managing Lifecycles 199

Managing VM Power Settings 199

Resizing VMs 200

Managing VM Snapshots 201

Creating VM Snapshots 201

Reverting to a Snapshot 202

Marking a Golden Snapshot 203

Deleting a Snapshot 203

Deleting All Snapshots 204

Configuring the Lease Time for a Virtual Machine 204

Managing VM Actions 205

Viewing VM Details 206

Using Stack View 206

Deleting a VM 206 Creating a VM Disk 207 Deleting a VM Disk 208 Adding vNICs 208 Replacing a vNIC 210 Deleting vNICs 211

Launching the VM Client 211

Enabling the VNC Console on a VM 212

Accessing the VNC Console Window for a VM 212

Assigning a VM 213

VM Credentials 215

Viewing VM Credentials 215

Using the Inventory Collection Request for a VM 215

Testing VNC Connectivity 215

(13)

Moving a VM to VDC 220

Resynchronizing a VM 221

C H A P T E R 1 6 Managing CloudSense Analytics 223

About CloudSense Analytics 223

Generating a Report 224

Generating an Assessment 224

A P P E N D I X A Appendix 225

Configuring the VNC Console on an ESX Server 225

(14)

(15)

Preface

This preface contains the following sections: • Audience, page xv

• Conventions, page xv

• Documentation Feedback, page xvii

• Obtaining Documentation and Submitting a Service Request, page xvii

Audience

This guide is intended primarily for data center administrators who use Cisco UCS Director and who have responsibilities and expertise in one or more of the following:

• Server administration • Storage administration • Network administration • Network security

• Virtualization and virtual machines

Conventions

Indication Text Type

GUI elements such as tab titles, area names, and field labels appear in this font. Main titles such as window, dialog box, and wizard titles appear in this font. GUI elements

Document titles appear in this font. Document titles

In a Text-based User Interface, text the system displays appears in this font. TUI elements

(16)

Indication Text Type

Terminal sessions and information that the system displays appear in this font.

System output

CLI command keywords appear in this font. Variables in a CLI command appear in this font. CLI commands

Elements in square brackets are optional. [ ]

Required alternative keywords are grouped in braces and separated by vertical bars.

{x | y | z}

Optional alternative keywords are grouped in brackets and separated by vertical bars.

[x | y | z]

A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.

string

Nonprinting characters such as passwords are in angle brackets. < >

Default responses to system prompts are in square brackets. [ ]

An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

!, #

Means reader take note. Notes contain helpful suggestions or references to material not covered in the document.

Note

Means the following information will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information, similar to a Timesaver.

Tip

Means reader be careful. In this situation, you might perform an action that could result in equipment damage or loss of data.

Caution

Means the described action saves time. You can save time by performing the action described in the paragraph.

Timesaver

Preface Conventions

(17)

IMPORTANT SAFETY INSTRUCTIONS

This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device.

SAVE THESE INSTRUCTIONS

Warning

Documentation Feedback

To provide technical feedback on this document, or to report an error or omission, please send your comments [email protected]. We appreciate your feedback.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthlyWhat's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation.

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Preface

(18)

Preface Obtaining Documentation and Submitting a Service Request

(19)

C H A P T E R

1

New and Changed Information for this Release

This chapter contains the following section:

• New and Changed Information for this Release, page 1

New and Changed Information for this Release

The following table provides an overview of the significant changes to this guide for this current release. The table does not provide an exhaustive list of all changes made to this guide or of all new features in this release.

Table 1: New Features and Changed Behavior in Cisco UCS Director, Release 5.1

Where Documented Description

Feature

Wizards in Cisco UCS Director, on page 6

A set of wizards are available that guide you through configuring a few features Introduction of wizards

(20)

New and Changed Information for this Release New and Changed Information for this Release

(21)

C H A P T E R

2

Overview

This chapter contains the following sections: • About Cisco UCS Director, page 3

• Initial Login, page 7

• Recommended Order of System Setup, page 7

About Cisco UCS Director

Cisco UCS Director (formerly Cisco Cloupia Unified Infrastructure Controller) is a 64-bit appliance that uses the following standard templates:

• Open Virtualization Format (OVF) for VMware vSphere • Virtual Hard Disk (VHD) for Microsoft Hyper-V

Cisco UCS Director delivers unified, highly secure management for the industry's leading converged infrastructure solutions, which are based on the Cisco UCS and Cisco Nexus platforms.

Cisco UCS Director extends the unification of computing and network layers through Cisco UCS to provide data center administrators with a comprehensive visibility and management capability. It supports NetApp FlexPod and ExpressPod, EMC Isilon, EMC VSPEX, EMC VPLEX, and VCE Vblock systems, based on the Cisco UCS and Cisco Nexus platforms.

Cisco UCS Director automates the provisioning of resource pools across physical, virtual, and baremetal environments. It delivers native, automated monitoring for health, status, and resource utilization. You can do the following using Cisco UCS Director:

• Create, clone, and deploy service profiles and templates for all servers and applications

• Monitor organizational usage, trends, and capacity across a converged infrastructure on a continuous basis, such as by viewing heat maps that show virtual machine (VM) utilization across all your data centers

• Deploy and add capacity to ExpressPod and FlexPod infrastructures in a consistent, repeatable manner • Manage, monitor, and report on Cisco UCS domains and their components

(22)

• Manage secure multitenant environments to accommodate virtualized workloads that run with nonvirtualized workloads

Features and Benefits

The features and benefits of Cisco UCS Director are as follows:

Benefit Feature

• Provides a single interface for administrators to monitor, provision, and manage the system across physical, virtual, and baremetal environments • Provides unified dashboards, reports, and heat maps, which reduce

troubleshooting and performance bottlenecks Central management

• Allows end users to order and deploy new infrastructure instances following IT-prescribed policies and governance

Self-service catalog

• Provides a real-time available capability, internal policies, and application workload requirements to optimize the availability of your resources Adaptive provisioning

• Provides continuous monitoring that indicates real-time infrastructure consumption to improve capacity planning and management

• Identifies underutilized and overutilized resources Dynamic capacity

management

• Supports VMware ESX, ESXi, Microsoft Hyper-V, and Red Hat hypervisors

Multiple hypervisor support

• Monitors, manages, and provisions physical, virtual, and baremetal servers, as well as blades

• Allows end users to implement virtual machine life-cycle management and business continuance through snapshots

• Allows administrators to access server utilization trending analysis Computing management

• Provides policy-based provisioning of physical and virtual switches and dynamic network topologies

• Allows administrators to configure VLANs, virtual network interface cards (vNICs), port groups and port profiles, IP and Dynamic Host Control Protocol (DHCP) allocation, and access control lists (ACLs) across network devices

Network management

Overview Features and Benefits

(23)

Benefit Feature

• Provides policy-based provisioning and management of filers, virtual filers (vFilers), logical unit numbers (LUNs), and volumes

• Provides unified dashboards that allow administrators comprehensive visibility into organizational usage, trends, and capacity analysis details. Storage management

• Provides mobile management from Apple iPad and iPhone and Android devices

• Supports mobile self-service provisioning, virtual machine management, and viewing of administrative dashboards

Cisco CloudGenie

Physical and Virtual Management Features

Virtual Computing Management

• Discover, collect, and monitor virtual computing environments

• Perform policy-based provisioning and dynamic resource allocation

• Manage the host server load and power • Manage the VM life cycle and snapshots • Perform analytics to assess VM capacity,

sprawl, and host utilization

Physical Server Management

• Discover and collect configurations and changes • Monitor and manage physical servers

• Perform policy-based server provisioning • Manage blade power

• Manage the server life cycle

• Perform server use trending and capacity analysis

• Perform baremetal provisioning using preboot execution environment (PXE) boot management

Virtual Storage Management

• Discover, collect, and monitor storage of vFilers and storage pools

• Perform policy-based storage provisioning for thick and thin clients

• Create new datastores and map them to virtual device contexts (VDCs)

• Add and resize disks to VMs

• Monitor and manage organizational storage use • Perform virtual storage trend and capacity

analysis

Physical Storage Management

• Discover, collect, and monitor storage filers • Perform policy-based provisioning of vFilers • Provision and map volumes

• Create and map Logical Unit Number (LUN) and iGroup instances

• Perform SAN zone management

• Monitor and manage network-attached storage (NAS) and SAN-based storage

• Implement storage best practices and recommendation

Overview

(24)

Virtual Network Management

• Add networks to VMs

• Perform policy-based provisioning with IP and DHCP allocation

• Configure and connect Virtual Network Interface Cards ( vNICs) to VLANs and private VLANs

• Create port groups and port profiles for VMs • Monitor organizational use of virtual networks

Physical Network Management

• Discover, collect, and monitor physical network elements

• Provision VLANs across multiple switches • Configure Access Control Lists (ACLs) on

network devices

• Configure the storage network

• Implement dynamic network topologies

Model-Based Orchestration

Cisco UCS Director includes a task library containing over 1000 tasks, and out-of-the-box workflows. The model-based orchestration and a workflow designer enable you to customize and automate the infrastructure administrative and operational tasks. You can extend and customize the system to meet individual needs. The following table shows the maintenance and update activities of the task library from day1 through day 3: Day-3 Day-2 Day-1 • Add/upgrade hardware • Repurpose • Monitor performance • Start meeting and billing • Manage tenant change • Self-service Infrastructure as

a Service (IaaS) • Add tenants

• Migrate or add applicants • Integrate with enterprise

systems

• Use self-service portal

Wizards in Cisco UCS Director

Cisco UCS Director includes a set of wizards that guide you through configuring a few features. Following are the available wizards:

• Device Discovery

This wizard enables you to discover devices and assign them to a pod. • Initial System Configuration

This wizard helps you complete initial tasks to set up Cisco UCS Director, such as uploading license, setting up SMPT, NTP and DNS servers.

• vDC Creation

Overview Model-Based Orchestration

(25)

This wizard helps you to configure the policies required to successfully provision a VM in a vCenter cloud.

• FlexPod Configuration

This wizard helps you set up a FlexPod account.

When you first log in to Cisco UCS Director, a Wizard Explorer window is displayed. From this window, you can view the details of the available wizards and choose to launch any of them. If you do not want this

Wizard Explorer to appear every time you log in, you can check the Do not show this page again checkbox.

To launch these wizards later on, click Administration > Guided Setup.

Initial Login

Log into Cisco UCS Director by hostname or IP address with the following credentials: • Username: admin

• Password: admin

We recommend that you delete the startup admin account after you create the first admin account or, at least, change the default password. To access the self-service portal, you must have a valid email address.

Note

Recommended Order of System Setup

The following table shows the recommended order of system setup:

Description Chapter

Name

Describes how to apply a license, set up the Admin profile, create groups, and create users. You will learn how to access language support, apply portal customization, and system settings

2, 3, 4 and 5 Initial set up

Describes how to optionally add a pod and physical account, add network elements, test the connections, and verify account discovery.

6 Physical Infrastructure

You can create the virtual infrastructure before the physical infrastructure if you want.

Note

Describes how to create a cloud, verify cloud discovery and connectivity, test the connections, and view vCenter plug ins.

7 Virtual Infrastructure

Describes how to create and manage computing policies, storage policies, network policies, and system policies. You will learn how to add OS licenses for Microsoft Windows catalogs.

8 Policies

Describes how to set up VDCs to manage specific environments for groups. policies, and cost models, and how resource limits are configured and managed at the VDC level.

9 Virtual Data Centers

Overview

(26)

Description Chapter

Name

Describes how to set up catalog items, attach groups with access to a catalog, and publish catalog items.

10 Catalogs

Describes how you can create and manage provisioning service requests. 11

Self-Service Provisioning

Describes how to configure VM disk provisioning on a preferred single datastore or multiple datastores. It also provides instructions on how to configure individual disk policies for each additional disk in a template. 12

Multi-Disk Provisioning

Describes how to create chargeback summary reports, detailed reports, and resource accounting reports. It shows how cost models are defined and assigned to policies within departments and organizations. 13

Chargeback

Describes how you can get complete cloud visibility, monitor resource usage, and manage the cloud stack—clouds, clusters, host servers, and virtual machines.

14 Cloud Management

Describes how to perform post provisioning life cycle management actions on VMs such as VM power management, VM resizing, VM snapshot management, and other VM actions.

15 Life Cycles

Describes the analytical reports about the underlying physical and virtual infrastructure that Cisco UCS Director can generate.

16 CloudSense

Overview Recommended Order of System Setup

(27)

C H A P T E R

3

Managing Users and Groups

This chapter contains the following sections: • Managing User Roles, page 9

• Adding a User Role, page 10

• Managing User Types, page 11

• Default User Permissions, page 11

• Managing Groups, page 31

• Configuring the Administration Profile, page 36

• Managing User Access Profiles, page 39

• Branding Groups and Customer Organizations, page 51

• Login Page Branding, page 52

Managing User Roles

Cisco UCS Director supports the following user roles: • All Policy Admin

• Billing Admin • Computing Admin

• Group Admin—An end user with the privilege of adding users. This user can use the Self-Service portal. • IS Admin

• MSP Admin • Network Admin • Operator

• Service End User—This user can only view and use the Self-Service portal. • Storage Admin

(28)

• System Admin

These user roles are system-defined and available by default. You can determine if a role is available in the system by default, if the Default Role column in the User Roles page is marked with Yes.

As an administrator in the system, you can perform the following tasks with user roles: • Create a new user role in the system, and create users with this role.

While creating a new user role, you can specify if the role is that of an administrator or an end user. For more information on creating a user role, seeAdding a User Role, on page 10. For information on creating users for a role, seeAdding Users, on page 37.

• Modify existing user roles, including default roles, to change menu settings and read/write permissions for users associated with that role.

The procedure to modify menu settings and permissions for a role is the same as the procedure followed while adding a user role.

Adding a User Role

You can create any number of user roles in Cisco UCS Director and define their menu settings for the users of this role.

Procedure

Step 1 On the menu bar, choose Administration > System.

Step 2 Click the User Roles tab.

Step 3 Click Add (+).

Step 4 In the Add User Role dialog box, complete the following fields:

Description Name

Name of the user role.

User Role field

Choose the type of role that you are adding. It can be one of the following:

• Admin • End user

Role Type drop-down list

The description of the role being added.

Description field

Managing Users and Groups Adding a User Role

(29)

Step 5 Click Next.

Step 6 In the Menu Settings pane, choose the menu options that will be visible to users that are defined this role.

Step 7 Click Next.

Step 8 In the User Permissions pane, choose the read or write permissions for various tasks for users that are created with this role.

Step 9 Click Submit.

What to Do Next

Create a user with this role type.

Managing User Types

As the system administrator, you have full privileges to manage Cisco UCS Director, including adding users, viewing users and user permissions, and modifying individual user read/write permissions for different system components.

Most users view and use the Administrative portal when they log in.

Default User Permissions

Each admin user has a set of permissions to access Cisco UCS Director . The types of user permissions are as follows:

• Read—An admin user with Read permission has the ability to only read a file.

• Write—An admin user with Write permission has the ability to read, write and modify a file. This permission grants the ability to modify, delete or rename files.

• Read/Write—An admin with Read/Write permission has the ability to read and write a file.

All Policy Admin

The following table shows a list of operations that an All Policy admin can perform:

Permissions Operations Write Read No Yes Virtual Computing Yes No VM Label Yes No Assign VM to vDC No Yes Virtual Storage

Managing Users and Groups

(30)

Permissions Operations No Yes Virtual Network Yes Yes Physical Computing Yes Yes Physical Storage Yes Yes Physical Network No No

Group Service Request

No No

Approver Service Request

No Yes Budgeting No Yes Resource Accounting No Yes Chargeback No Yes System Admin No Yes

Users and Groups

No Yes Virtual Accounts No Yes Catalogs No Yes vDC Yes No Computing Policy Yes No Storage Policy Yes No Network Policy Yes No Deployment Policy Yes No SLA Policy Yes No

Resource Limit Report

No Yes Group Users No Yes Cloudsense Reports No Yes Cloudsense Assessment Reports No Yes Orchestration

Managing Users and Groups All Policy Admin

(31)

Permissions Operations No Yes Discovery Yes No MSP No No

Open Automation Modules

No No Group Users No No CS Shared Reports No No CS Shared Assessments No No Remote VM Access No No

Mobile Access Settings

No No

End User Chargeback

No No

Write Resource Accounting

Yes No Write Chargeback No No UCSD Cluster

Billing Admin

The following table show a list of operations that a Billing admin can perform:

Permission Operation Write Read Virtual Computing VM Label Assign VM to vDC Virtual Storage Virtual Network Physical Computing Physical Storage Physical Network

(32)

Permission Operation

Yes Group Service Request

Yes Yes Budgeting Yes Resource Accounting Yes Chargeback System Admin Users and Groups Virtual Accounts Catalogs vDC Computing Policy Storage Policy Network Policy Deployment Policy SLA Policy Yes Resource Limit Report

Group Users Yes Yes Cloudsense Reports Cloudsense Assessment Reports Orchestration Yes Discovery Yes Yes MSP

Open Automation Modules Group Users

Managing Users and Groups Billing Admin

(33)

Permission Operation

CS Shared Reports CS Shared Assessments Remote VM Access Mobile Access Settings End User Chargeback

Yes Write Resource Accounting

Yes Write Chargeback

UCSD Cluster

Computing Admin

The following table shows a list of operation that a Computing admin can perform:

Permission Operation Write Read No Yes Virtual Computing Yes No VM Label No No Assign VM to vDC No Yes Virtual Storage No Yes Virtual Network Yes Yes Physical Computing No Yes Physical Storage No Yes Physical Network No Yes Group Service Request Yes Yes Approver Service Request No Yes Budgeting

(34)

Permission Operation No Yes Resource Accouting No Yes Chargeback No Yes System Admin No Yes

Users and Groups

No Yes Virtual Accounts No Yes Catalogs No Yes vDC Yes Yes Computing Policy No Yes Storage Policy No Yes Network Policy No Yes Deployment Policy No Yes SLA Policy No Yes

No Yes Group Users No Yes Cloudsense Reports No Yes Cloudsense Assessment Reports No Yes Orchestration No Yes Discovery Yes Yes MSP No No Open Automation Modules No No Group Users No No CS Shared Reports No No CS Shared Assessments

Managing Users and Groups Computing Admin

(35)

Permission Operation No No Remote VM Access No No Mobile Access Settings No No

End User Chargeback

No No Write Resource Accounting No No Write Chargeback No No UCSD Cluster

Group Admin

Permission Task Write Read Yes Virtual Computing Yes VM Label Assign VM to vDC Virtual Storage Virtual Network Physical Computing Yes Yes Physical Storage Physical Network Yes Yes

Yes Yes

Approver Service Request Budgeting

Resource Accouting Chargeback

(36)

Permission Task

System Admin Users and Groups Virtual Accounts Yes Catalogs Yes vDC Yes Yes Computing Policy Storage Policy Network Policy Deployment Policy SLA Policy

Resource Limit Report Group Users Yes Cloudsense Reports Cloudsense Assessment Reports Orchestration Discovery MSP

Open Automation Modules Group Users Yes Yes CS Shared Reports Yes Yes CS Shared Assessments Remote VM Access Mobile Access Settings

Yes End User Chargeback

Managing Users and Groups Group Admin

(37)

Write Resource Accounting Write Chargeback UCSD Cluster

IS Admin

Permission Task Write Read No Yes Virtual Computing Yes No VM Label Yes No Assign VM to vDC No Yes Virtual Storage No Yes Virtual Network No Yes Physical Computing No Yes Physical Storage No Yes Physical Network No Yes

No No

No Yes Budgeting No Yes Resource Accouting No Yes Chargeback No Yes System Admin No Yes

Users and Groups

No Yes Virtual Accounts Yes Yes Catalogs

(38)

Permission Task Yes Yes vDC No Yes Computing Policy No No Storage Policy No Yes Network Policy Yes Yes Deployment Policy Yes Yes SLA Policy No Yes

No Yes Group Users No Yes Cloudsense Reports No Yes Cloudsense Assessment Reports Yes No Orchestration Yes No Discovery Yes No MSP No No

No No

End User Chargeback

No No

No No Write Chargeback No No UCSD Cluster

Managing Users and Groups IS Admin

(39)

Network Admin

Permission Task No Yes Virtual Computing Yes No VM Label No No Assign VM to vDC No Yes Virtual Storage No Yes Virtual Network No Yes Physical Computing No Yes Physical Storage Yes Yes Physical Network No No

No No

Yes Yes Budgeting Yes Yes Resource Accounting Yes Yes Chargeback No No System Admin No Yes

Users and Groups

No Yes Virtual Accounts No Yes Catalogs No Yes vDC No Yes Computing Policy No Yes Storage Policy Yes Yes Network Policy No Yes Deployment Policy No Yes SLA Policy

(40)

No Yes

No Yes Group Users No Yes Cloudsense Reports No Yes Cloudsense Assessment Reports Yes Yes Orchestration Yes Yes Discovery Yes Yes MSP No No

No No

End User Chargeback

No No

Operator

Permission Task Write Read No Yes Virtual Computing Yes No VM Label Yes No Assign VM to vDC

Managing Users and Groups Operator

(41)

Permission Task No Yes Virtual Storage No Yes Virtual Network No Yes Physical Computing No Yes Physical Storage No Yes Physical Network No No

No No

No Yes Budgeting No Yes Resource Accounting No Yes Chargeback No Yes System Admin No Yes

Users and Groups

No Yes Virtual Accounts No Yes Catalogs No Yes vDC No Yes Computing Policy No Yes Storage Policy No Yes Network Policy No Yes Deployment Policy No Yes SLA Policy No Yes

No Yes Group Users No Yes Cloudsense Reports No Yes Cloudsense Assessment Reports

(42)

Permission Task No No Orchestration No No Discovery No No MSP No No

No No

End User Chargeback

No No

Service End User

Permission Task Write Read Virtual Computing VM Label Assign VM to vDC Virtual Storage Virtual Network Physical Computing Physical Storage

Managing Users and Groups Service End User

(43)

Physical Network

Read Group Service Request

Write Read

Approver Service Request Budgeting

Resource Accounting Chargeback

System Admin Users and Groups Virtual Accounts Catalogs vDC Computing Policy Storage Policy Network Policy Deployment Policy SLA Policy

Resource Limit Report Group Users Cloudsense Reports Cloudsense Assessment Reports Orchestration Discovery MSP

(44)

Permission Task Group Users CS Shared Reports CS Shared Assessments Remote VM Access Mobile Access Settings

Read End User Chargeback

Write Resource Accounting Write Chargeback UCSD Cluster

Storage Admin

Permission Task Write Read Yes Virtual Computing Yes VM Label Assign VM to vDC Yes Virtual Storage Yes Virtual Network Yes Physical Computing Yes Physical Storage Yes Physical Network Yes Group Service Request

Yes Yes

Approver Service Request Yes Budgeting

Managing Users and Groups Storage Admin

(45)

Permission Task Yes Resource Accounting Yes Chargeback Yes System Admin Yes Users and Groups

Yes Virtual Accounts Yes Catalogs Yes vDC Yes Computing Policy Yes Storage Policy Yes Network Policy Yes Deployment Policy Yes SLA Policy Yes Resource Limit Report

Yes Group Users Yes Cloudsense Reports Yes Cloudsense Assessment Reports Yes Orchestration Yes Yes Discovery Yes Yes MSP

Open Automation Modules Group Users

CS Shared Reports CS Shared Assessments Remote VM Access

(46)

Yes Yes

End User Chargeback Write Resource Accounting Write Chargeback

UCSD Cluster

User Roles and Permissions

The following tables shows a list of permissions that are mapped to each admin user type:

Storage Admin Service End User Operator Network Admin MSP Admin IS Admin Group Admin Computing Admin Billing Admin All Policy Admin Permission Read Read Write Write Read Read Read Virtual Computing Write Write Write Write Write Write VM Label Write Write Write Assign VM to vDC Read Read Read Read Read Read Virtual Storage Read Read Read Read Read Read Virtual Network Read Read Read Read Read/Write Read/ Write Physical Computing Read Read Read Read Read/ Write Read Read/ Write Physical Storage Read Read/Write Read/Write Read Read Read/ Write Physical Network Read Read/Write Read/Write Read Read/Write Read Group Service Request

Managing Users and Groups User Roles and Permissions

(47)

Storage Admin Service End User Operator Network Admin MSP Admin IS Admin Group Admin Computing Admin Billing Admin All Policy Admin Permission Read/Write Read Read/Write Read/Write Read/Write Read Approver Service Request Read Read Read/Write Read/Write Read Read Read/Write Read Budgeting Read Read Read/Write Read Read Read Read Read Read Resource Accouting Read Read Read/Write Read Read Read Read Read Read Chargeback Read Read Read Read Read Read System Admin Read Read Read Read Read Read Users and Groups Read Read Read Read Read Read Virtual Accounts Read Read Read Read Read/Write Read Read Read Catalogs Read Read Read Read/Write Read Read Read vDC Read Read Read Read Read/Write Read/Write Read/Write Computing Policy Read Read Read Read Read/Write Storage Policy Read Read Read Read Read/Write Network Policy Read Read Read Read/Write Read Read/Write Deployment Policy Read Read Read Read/Write Read Read/Write SLA Policy Read Read Read Read Read Read/Write Read Read Read/Write Resource Limit Report Read Read Read Read Read Write Read Read Group Users

(48)

Storage Admin Service End User Operator Network Admin MSP Admin IS Admin Group Admin Computing Admin Billing Admin All Policy Admin Permission Read Read Read Read Read Read Read Read/Write Read Cloudsense Reports Read Read Cloudsense Assessment Reports Read/Write Read/Write Read Read Orchestration Read/Write Read/Write Read/Write Read Read Read Discovery Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write MSP Write Open Automation Modules Read Group Users Read Read/Write CS Shared Reports Read/Write CS Shared Assessments Remote VM Access Mobile Access Settings Read Read Read Read End User Chargeback Write Write Resource Accounting Write Write Write Chargeback UCSD Cluster

Managing Users and Groups User Roles and Permissions

(49)

Managing Groups

Creating a Group or Customer Organization

Procedure

Step 1 On the menu bar, choose Administration > Users and Groups.

Step 2 Click the User Groups tab.

Step 3 Click Add.

Step 4 In the Add Group dialog box, complete the following fields:

Description Field Name

The name of the group or the customer organization.

Name field

The description of the group or the customer organization, if required.

A shorter name or code name for the group. This name is used in VM and hostname templates.

Code field

(Optional) The cost center name or number if required. This name or number represents a cost center that a group is associated with. This name can be used in a VMware System policy for the VM naming convention.

For more information about using a cost center for naming conventions, see

Managing Policies, on page 99.

Cost Center field

The email used to notify the group owner about the status of service requests and request approvals if necessary.

Contact Email field

The contact’s first name.

First Name field

The contact’s last name.

Last Name field

The contact’s phone number.

Phone field

The contact’s address.

Address field

Choose the group share policy for the users in this group.

This drop-down list is populated only when you have created group share policies. For more information on creating this policy, seeCreating a Group Share Policy, on page 104.

Group Share Policy

drop-down list

(50)

If checked, the users of this group can have resources assigned to them and can own these resources. Also, these users can view resources belonging to the group. However, the resources among these users cannot be shared.

Allow Resource Assignment To Users check box

What to Do Next

Repeat this procedure if you want to add more groups.

Password Policy

The password policy applies to all the users and is enforced when you add a user or change the password for all user types. This policy enables the following password constraints:

• Password length

• Whether the password can be the same as the username

• Whether a user can reset the current password as a new password • Regular expressions that are disallowed in a password

Creating a Password Policy

Procedure

Step 2 In the Password Policy pane, complete the following fields:

Choose the minimum number of characters for the password.

Minimum Password Length drop-down list

Choose the maximum number of characters for the password.

Maximum Password Length drop-down list

Choose the minimum number of character classes such as upper case, lower case, numbers, and special characters.

Minimum Character Classes drop-down list

Check the check box to disallow passwords, which are the same as the login ID.

Disallow Login in Password check box

Managing Users and Groups Password Policy

(51)

Check the check box to disallow the previous password from being used and the new password being the same as the old password.

Disallow Previous Password check box

The regular expressions (one per line) that are not allowed for passwords. For example, .*abc.* specifies that a given password cannot contain the string “abc”. Disallow Passwords that match regular expression

field

Group Budget Policy

Resources are accounted for by using the Chargeback feature. For resource usage by a group or customer organization, you associate the entity with a budget policy.

You can configure a group or customer organization with a budget watch, and configure a group or customer organization to stay within or exceed the provisioned budget.

Viewing and Editing a Group Budget Policy

Procedure

Step 2 Choose the User Group tab

Step 3 Choose a group from the list.

Step 4 Click Budget Policy.

Step 5 In the Budget Policy dialog box, complete the following fields:

Check the check box to monitor the group's budget usage. Uncheck the check box to ignore all budget entries for this group.

Enable Budget Watch check box

Check if the group members are allowed over the provisioned budget. Uncheck the check box to reject the requests, once the budget is exhausted, until a new budget is added.

Allow Over Budget check box

Step 6 Click Save.

(52)

Resource Limits

You can configure resource limits for a group or customer organization to manage resource utilization. You can specify limits for the following:

Configuration of operating system resource and physical resource limits are not supported for public clouds.

Note

• Virtual resources

• Operating system resources • Physical resources

Viewing Resource Limits

Procedure

Step 1 On the menu bar, choose Organizations > Summary.

Step 2 Click a group to view

Step 3 Choose the Resource Limits to view the current limit, usage, pending SR usage, and status of the resources for the selected group.

Editing Resource Limits

Procedure

Step 2 Choose the User Groups tab

Step 3 Choose a group and click Edit Resources Limits. The Resource Limit dialog box appears.

Step 4 In the Resource Limit dialog box, check the Enable Resource Limits check box and complete the following fields:

The group name Group display-only

Managing Users and Groups Resource Limits

(53)

Check the check box to enable the resource limits or uncheck the check box to disable the resource limits. If checked, the user is provided with the option to set resource limits for a group and all nonzero resource limits are applied.

Enable Resource Limits check box

The maximum number of active VMs. Maximum Active VM Count

The total number of VMs. Maximum Total VM Count

The maximum number of provisioned vCPUs. Provisioned vCPUs Limit

The provisioned memory limit, in gigabytes. Provisioned Memory (GB) Limit

Provisioned CPU (GHz) Limit Provisioned CPU (GHz) Limit

The provisioned limit for disks, in gigabytes. Provisioned Disk (GB) Limit

The reserved limit of CPUs, in gigahertz. Reserved CPU (GHz) Limit

The reserved memory limit, in gigabytes Reserved Memory (GB) Limit

The maximum limit for snapshots, in gigabytes. Maximum Snapshot (GB) Limit

Count CPU and Memory for Inactive Check the check box to include the group's inactive VM CPU or memory data in the computation of resource limits. Uncheck the check box to exclude inactive VM CPU or memory data from the computation of resource limits.VMs check box.

Count CPU and Memory for Inactive VMs check box

OS Resource Limits

The configuration of OS resource limits and physical resource limits are not supported for public clouds.

Note

The maximum number of CentOS (Community Enterprise Operating System) servers.

CentOS

The maximum number of Windows 2008 servers. Windows Server 2008

The maximum number of Windows 7 machines. Windows 7

The maximum number of Windows XP machines. Windows XP

The maximum number of Red Hat machines. Red Hat

The maximum number of Ubuntu machines. Ubuntu

The maximum number of FreeBSD machines. FreeBSD

(54)

The maximum number of other Linux OS. Other Linux

The maximum number of other OS. Other

Physical Resource Limits

The maximum number of servers Maximum Physical Server Count

The maximum amount of server memory. Maximum Physical Server Memory (GB)

The maximum number of server CPUs. Maximum Physical Server CPU Count

The maximum number of vFilers Maximum vFiler Count

The maximum amount of storage space Maximum Physical Storage Space (GB)

Configuring the Administration Profile

Creating the Admin Profile

Procedure

Step 2 Choose Login User tab

Step 4 In the Add User dialog box, complete the following fields:

Choose the user type option as System Admin. The system administrator has full privileges.

User Type drop-down list

The login name. The default is admin. Login Name

The admin password. Password

The admin password that is entered again for confirmation.

Confirm Password

Managing Users and Groups Configuring the Administration Profile

(55)

The administrator’s email address. User Contact Email

The administrator’s first name. First Name

The administrator’s last name. Last Name

The administrator’s phone number. Phone

The administrator’s address. Address

Changing the Admin Password

Procedure

Step 2 In the Login Name column, choose admin

Step 3 Click Change Password.

Step 4 In the Change Password dialog box, enter a new password for the admin user and confirm it.

Adding Users

Before You Begin

Ensure you have created a group before you add a user to it.

Procedure

Step 2 Click the Login Users tab.

Step 3 Click Add (+).

Step 4 In the Add User dialog box, complete the following fields:

(56)

Choose the role type for the user.

This drop-down list displays all the available user roles in Cisco UCS Director. In addition to the user roles available by default, you can create additional user roles. For more information on creating users roles, see

Adding a User Role, on page 10.

Note User Role drop-down list

The login name.

Login Name field

The password.

If the Lightweight Directory Access Protocol (LDAP) authentication is configured to the user, the password is validated only at the LDAP server, and not at the local server.

Note Password field

The password is entered again for confirmation.

Confirm Password field

The email address.

The email address is required to notify the group owner about the service request status and request approval.

Note User Contact Email field

The first name.

First Name field

The last name.

Last Name field

The phone number of the user.

Phone field

The postal address of the user.

Address field

What to Do Next

After choosing a user from the main window and then clicking Manage Profiles, you can optionally assign multiple roles for that user.

Managing Users and Groups Adding Users

(57)

Viewing Current Online Users

Procedure

Step 2 Choose the Current Online Users tab to view a list of online users. You can view the username, IP address, session start time, last data access, and client.

Managing User Access Profiles

Multi-Role Access Profiles

A user can be assigned to more than one role, which is reflected in the system as a user access profile. For example, a user might log into Cisco UCS Director as a group administrator and an all-policy administrator, if both types of access are appropriate.

Access profiles also define the resources that can be viewed by a user. By default, one access profile is created when a user is created. By default, user can see their own resources, and resources of the group. Users can create profiles to view their own resources, or view only resources shared by group.

One of the profiles can be set as the default user access profile.

Note

The Manage Profiles feature enables you to add, log into, edit or delete a user access profile.

Note

Creating a User Access Profile

Procedure

Step 2 Choose the Login User tab

Step 3 Choose a user from the list.

Step 4 Click Manage Profiles.

Step 5 In the Manage Profile window, click Add +

Step 6 In the Add Entry to Access Profiles dialog box, complete the following fields:

(58)

The profile name.

Name field

The description of the profile.

Choose the user role type.

Type drop-down list

Select this checkbox to specify that users can view all resources assigned to them.

Show Own Resources checkbox

Select this checkbox to specify that users can view resources from all other groups that the user has access to or is a part of.

Show Resources From All Other Groups the user has access checkbox

Choose the user's group.

Group drop-down list

Check the check box if this is the default user access profile. Uncheck the check box if it is not the default.

Default Profile checkbox

What to Do Next

Create additional user access profiles as needed.

Editing User Access Profile

Procedure

Step 2 Choose the Login User tab.

Step 5 In the Manage Profiles window, choose a user from the list.

Step 6 Click Edit.

Step 7 In the Edit Access Profiles Entry dialog box, edit the Name, Description, Type, Group, or the Default

Profile fields as needed. Step 8 Click Submit.

Managing Users and Groups Editing User Access Profile

(59)

Deleting a User Access Profile

Procedure

Step 2 Choose the Login Users tab.

Step 5 In the Manage Profiles window, choose a user from the list.

Step 6 In the Manage Profiles dialog box, click Delete.

Logging in to a Profile

Procedure

Step 1 In the Cisco UCS Director login dialog box, enter your username in the Username field, in the format Username: Access Profile Name.

For example, Alex: GrpAdmin

Note

Step 2 In the Password field, enter your password.

Step 3 Click Login.

Delete Profile

The default profile is the first profile that you created in the system. You can change the default to another profile. Using the new default profile, you log in by entering the username and password.

Changing Default Profile

Procedure

Step 1 At the upper right of the window (to the left of logout), click the username.

Step 2 In the User Information window, choose the Access Profiles tab.

Step 3 Choose a user profile, and click Set as Default Profile.

A profile can also be set as default while adding or editing a profile.

Note

(60)

Authentication and LDAP Integration

You can configure a preference with or without a fallback choice for local authentication and a preference with a fallback for the LDAP. You can also configure a preference with no fallback for Verisign Identity Protection (VIP) authentication.

Authentication is local only (Cisco UCS Director), and not through the LDAP server.

Local Authentication

Authentication is done first at the local server (Cisco UCS Director). If the user is unavailable at the local server, the LDAP server is checked.

Local First, fallback to LDAP

Authentication is done first at the LDAP server. If the user is unavailable at the LDAP server, the local server is checked (Cisco UCS Director).

LDAP First, fallback to Local

VIP Authentication Service (two-factor authentication) is enabled.

Verisign Identity Protection

Configuring Authentication Preferences

Procedure

Step 2 Choose the Authentication Preferences tab.

Step 3 In the Authentication Preferences pane, complete the following fields:

Managing Users and Groups Authentication and LDAP Integration