Upload
buidang
View
250
Download
0
Embed Size (px)
Citation preview
Cisco Intersight: Enabling management of Cisco UCS and HyperFlex
Jeff Foster, Sr. Product Manager - UCS
BRKDCT-2088
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKDCT-2088
• Background
• Value Proposition & Offering
• Architecture
• Device Connectors
• Security
• Getting Started
• Server Management
• API
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Edge Data Center Multi Cloud
Risk of Silos Manual Processes Limited Visibility
Operational Simplicity and Automation
Dev Ops FriendlySeamless Data Center Extension to Edge and Clouds
PrivateClouds
PartnerClouds
Public Clouds
Customer Needs
Too Many Parts, Moving Too Fast
BRKDCT-2088 5
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Challenges We’re Solving Against
Distributed
Apps and IT
Physical and Virtual Sprawl,
IoT, Microservices
Traditional
Management
Building a Monster to
Manage the Monster
Human
Limitations
Scale, Speed, Complexity in Modern
Data Centers is Unmanageable
BRKDCT-2088 6
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Strategy for Next-Generation Systems Management
Use the Cloud
Connect Everything
1
Analyze the
Telemetry
Create Actionable Insight
2
Combine Insight
with Automation
Have Machines
Manage Machines
3
BRKDCT-2088 7
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCS Management Simplification
Server
Tools
Network
Tools
Storage
Tools
Conventional Infrastructure
UCS Today
Silos of Manual Element Management UCS Central
Global Resource Pooling and Policy Management
UCS Director
Infrastructure-as-a-Service and Orchestration
Third Party Infrastructure
UCS Manager
Unified Element Management
Policy-Based Automation
HyperFlex Connect
Hyperconverged Management
IMC Supervisor
Policy Management and Remote vKVM
IMC
Standalone
C-Series, S-Series
Cisco UCS: Programmable Infrastructure
BRKDCT-2088 8
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simplicity
Agility
Efficiency
Scale
Intuitive
Adaptive
Automated
Semi-AutomatedManual
Hand-crafted:
Server-focused
Stateless Computing:
Policy-focused
DIY Workflows:
Infrastructure-focused
Intent-Based:
Application-focused
AI Powered:
Optimization-focused
Inflection Point:
Cloud Managed Infrastructure
ML / AI for IT Ops
Past Future
A New Era of Adaptive Systems Management
BRKDCT-2088 9
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKDCT-2088
Introducing Cisco Intersight
10
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SaaS Delivered
Intuitive Experience
Enhanced Support
Proactive Guidance
Secure and Extensible
Cisco Intersight Elements
BRKDCT-2088 11
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight: Enhanced SupportConnected TAC
Automated transmission of technical support files to the Cisco Technical Assistance Center (TAC) for accelerated troubleshooting
Future: Telemetry collection, issue fingerprinting, proactive alerting & remediation
BRKDCT-2088 12
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight: Proactive GuidanceRecommendation Engine
Compliance
Proactive Tech Support
Baselining andNotifications
FirmwareUpgrades
Alerts
BRKDCT-2088 13
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Key Features in Intersight Security Architecture
Use of industry standard security protocols
Encryption of all data
Compliance with stringent Cisco InfoSec security and data handling standards
BRKDCT-2088 14
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SaaS-Delivered
UCS CentralGlobal Resource Pooling and Policy Management
UCS DirectorInfrastructure-as-a-Service and Orchestration
Third Party Infrastructure
UCS Manager & IMC
Unified Element Management
Policy-Based Automation
Intersight
Continuous Feature
Integration
Rapid development, delivery and
customer feedback
SaaS/Subscription
Consumption Model
Free customers from care &
feeding of management tools and
eliminate upgrade dependencies
Eliminate the hierarchy of tools
and multiple management
appliances
Seamless ScalabilityIntersight
BRKDCT-2088 15
Intersight Architecture
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
MaaS
Custo
mer
Sites
Cisco Intersight(SaaS or On-Prem)
Data Center 1 Data Center 2
Branch A Branch N
Policy Based
OrchestrationAPI Driven,
DevOps Enabled
Secure and
Compliant
Connected
TACApp Store
Device Connector
Device Connector
Device Connector
Device Connector
Device ConnectorDevice
Connector
Telemetry
& Analytics
17BRKDCT-2088
Cisco Intersight: Management-as-a-Service
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Control
Nodes
(Cisco DC)
Intersight Data Centers
#2
#1
Manage Anywhere, 24/7/365, Cloud Scale
BRKDCT-2088 18
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Connector: Overview
A very light and autonomous
piece of software allowing:
• Communication with the Intersight portal,
wherever the portal is.
• Capability of inserting tasks / calls
against the infrastructure (UCS Manager,
Cisco IMC Software, HyperFlex, UCS
Director) via the pluggable / extensible
framework
Key Features
• Bundled with Firmware
• Embedded Product Feature
• Secure Communications
• Self Updated
• Autonomous Check-In
BRKDCT-2088 19
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight Continuous Integration and Delivery
Micro-services, DevOps, Independent Delivery, Always on, Rolling Upgrades,
Horizontal scale
Developers Micro-Services Continuous Delivery Pipelines
OperateReleaseTestBuild
OperateReleaseTestBuild
OperateReleaseTestBuild
BRKDCT-2088 20
Intersight Value Proposition & Offering
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight: Initial Release
IMC Policy Framework
HyperFlex Cloud Installer
Deployment
Fault Alerting
Platform Inventory
Dashboard
HW/FW Compatibility
FW Upgrades
Platform Compliance
Cloud Connectors
Supportability
Telemetry Data Collection
UCSM, HXDP & IMC SW
UI Launch
SaaS Subscription
Intersight
BRKDCT-2088 22
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23BRKDCT-2088
Cisco Intersight Customer Outcomes
Pervasive
Simplicity
Actionable
Intelligence
Agile
Delivery
Easy for development
and operations
Best practices to enable
proactive operations
Respond quickly to
New requests
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight Delivers Simplified Management
Unified Management
Single pane of glass, consistent operations
model and experience for managing all
systems and solutions
Recommendation EngineEmbedded recommendation platform with
insights sourced from across Cisco installed
base and tailored to each customer
SaaS/SubscriptionHosted management will free customers
from care/feeding of management tools and
eliminate upgrade dependencies
Enhanced Support Experience
Hosted platform allows Cisco to address issues
platform-wide and experience extends into TAC
supported platforms
ProgrammabilityEnd to end programmability with native API,
SDK’s and popular DevOps toolsets will enable
customers to consume natively
No-Impact TransitionIMC/UCSM/HX embedded connector will allow
customers to start consuming benefits without
forklift upgrade
BRKDCT-2088 24
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Project Starship is now Cisco Intersight
1
2
Cisco Intersight Base live in December 2017
Cisco Intersight Base live on January 2018
Tech Preview *ucs-starship.com) accounts migrated to Intersight.com
Continued steady growth in connected devices (over 56,000!)
BRKDCT-2088 25
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight Packaging
Orchestration—
Adaptive Assist
Analytics—
Monitoring—
OperationsAvailable
Essentials$
Standard$$
SaaS
Telemetry Collection
Centralized Inventory
Basic Search
Cloud Connect
License ManagementBase
BRKDCT-2088 26
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27BRKDCT-2088
Cisco Intersight: Edition Comparison
Base Edition:
• Supports Cisco UCS and HyperFlex
Systems
• Global inventory, health status, and
customizable dashboard
• Tagging and basic global search
• Context-launch of element managers
• Cisco HyperFlex installation
Essentials Edition:
• All functionality of the Base Edition
• Server HCL compliance check
• Virtual Keyboard-Video-Mouse
(vKVM) launch
• UCS C-Series policy-based
configuration with Service Profiles
• Detailed inventory and firmware
management
Server Monitoring & Management Demo
Server Policies and Profiles
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight Server Policies Overview
• Individual Server policies are created within the policies tab
• Policies can also be created on the fly when creating a Server Profile
• Policies Include:
• Server Policies must be assigned to Server Profile before they can be associated with a server and deployed
• LDAP policy
• Serial Over LAN Policy
• NTP Policy
• BIOS Policy
• Disk Group Policy
• Storage Policy
• Network Connectivity Policy
• Virtual KVM Policy
• SMTP Policy
• SNMP Policy
• IPMI Over LAN Policy
• SSH Policy
• User Policy
• Precision Boot Order Policy
BRKDCT-2088 30
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight Server Profiles Overview
• Individual Server profiles are created within the Profiles tab
• Users select desired policies to include in profile
• Users can also create new policies within profile setup
• A profile can only be assigned to a single server
• Profiles can be cloned and assigned to additional endpoints
• Profiles can be exported to CSV file and tagged for better organization
• Profile summary page will show list of profiles, status and the endpoint association
BRKDCT-2088 31
Policy & Profile Demo
Firmware Demo
Cisco Intersight HyperFlex Installer
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Deploy from anywhere!
• No need for existing infrastructure or OVA setup
• Latest version always available
• Reusable policy for rapid & consistent deployment
• Simple ramp-up of large HX projects with simultaneous background deployment
• Download latest OVA from Cisco.com
• Deploy on existing infrastructure
• Run single cluster deployment
HyperFlex Installer User Experience
Intersight
BRKDCT-2088 35
Cisco HyperFlex Installer Demo
Intersight API
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Extensible ArchitectureAdvanced Integrations
Cisco and 3rd Party
Infrastructure
Intersight Portal
UCS HW
Connector
(XML/REST)
(BU / Cust. / 3rd party)
Partner
Developed
Connectors
Inventory
& Alerting
OrchestrationSecurity
&
Authentication
New Connectors
Open Connector Framework
OData Restful API Example: Tools and SDK
BRKDCT-2088 38
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight Model Browser & Swagger SpecVersioned API Downloadable Swagger Spec
Run queries in model
browser
Search
Description
& Detail
BRKDCT-2088 39
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight
Single Endpoint for Management/Monitoring
Servers Network
Devices
Storage
Silos of Manual Element Management
OData Restful
API
Configuration Management/Monitoring
Servers
Servers
Storage
Storage
Network
DevicesNetwork
Devices
BRKDCT-2088 40
Cisco Intersight API Demo
Device Connectors
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight: UCS Software Architecture Evolution Empowering the Connection to Cloud-Based Systems Management
UCS FI + B/C/S UCS C/S HyperFlex
UCS Manager IMC HX Connect
Device Connector
BRKDCT-2088 43
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight Connection to Element Managers
A very light and autonomous piece of software allowing:
• Communication with the Intersight
portal, wherever the portal is.
• Capability of inserting tasks / calls
against the infrastructure (UCS
Manager, Cisco IMC Software,
HyperFlex, UCS Director) via the
pluggable / extensible framework
Key Features
• Bundled with Firmware
• Embedded Product Feature
• Secure Communications
• Self Updated
• Autonomous Check-In
UCSManager
ElementManagement
Cisco Intersight
Unique Customer InstanceTwo-factor Authentication
US Fabric Interconnect
(All Servers)
IMCSoftware
ElementManagement
C-Series Servers
(Standalone)
HXConnect
ElementManagement
HyperFlex
(Under UCS Manager or Edge)
BRKDCT-2088 44
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
How is the Device Connector Deployed?
• Integrated in Firmware/Management SW
• UCS Manager
• Standalone IMC
• HyperFlex (Controller VM)
• Connects to a known cloud management location (specific URL)
• Device drives all workflows
• Only device outbound connections
• Device connects to Intersight and receives instructions
45BRKDCT-2088
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Connector Upgrades
Device Connector reports current version each startup
If Intersight determines an upgrade is needed, an upgrade request is created with the desired version
Device performs upgrade
Only attempted if device is currently connected
Only impacts Device Connector – Infrastructure, Server, or HyperFlex FW/SW remains user controlled and is not automatically updated
Intersight polls device registration to determine upgrade success
46BRKDCT-2088
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Connector Availability
Cisco HyperFlex:
- HX v2.5.1 (or later)
Cisco UCS Manager:
- UCSM v3.2 (or later)
Standalone C-Series: (M5 Servers):
- IMC Software v3.1 (or later)
BRKDCT-2088 47
Security
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Stand-Alone
UCS C-SeriesHyperFlex
Intersight Enhanced Security
• Ensuring Connections
• Durable websocket is used after initial connection
• Two factor authentication when claiming a device: serial number and claim code
• During subsequent transfers: identify, authenticate, and authorize
• All communication from device is outbound
• Device initiates connection
• No inbound connections are needed
Intersight
HTTPS/TLSIntersight and device in syncwith latest security updates
BRKDCT-2088 49
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight InfoSec
• 6-month Formal InfoSec Engagement
• Continuous monitoring & assessment
50BRKDCT-2088
DevelopmentTech
PreviewProduction
• Threat Modeling
• Architecture
• Training
• Design & Implementation
• Operations
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Management Network Separation
• Intersight uses an Out of Band Management Architecture to separate management data from IT production network and application data
• No disruption to customer’s IT production if Intersight connection is interrupted
• Only management network accessible data (e.g., device configuration and usage) is stored in Intersight
• All sensitive data (e.g., passwords) stored in encrypted format
• Application workload data does not pass through to Intersight
51BRKDCT-2088
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight Device/Browser Connectivity
HTTPS (port 443) or proxy
Outbound Initiated Only (from Browser)
HTTPS (port 443) or proxy
Outbound Initiated Only (from Browser)
1. Operations/Administration
Off Premise
1. Account Setup/Creation
2. Device Claiming
3. Operations/Administration
Customer Premise
Fabric Interconnect Device Connector
C-series (IMC) Device Connector
HX Device Connector
Tie
r-1,
SA
S70
typ
e II /
SS
AE1
6 C
ert
ifie
d D
ata
cente
rs
Cloud Portal
FIPS 140-2ISO 27001HIPAAPCI (Level 1)
User Access
https://intersight.com• cisco.com used to create a
Intersight account• Becomes the “root” user• Invite other cisco.com users
• User can only be “root” for one Intersight instance
Device Access
• DNS required - must resolvesvc.ucs-connect.com
• Intersight always provides CA signed x509 certificate
• Two Factor Authentication for device claim• Device Serial Number• Device Claim Code
Device Traffic
Certificate Authority (CA) Signed Certificate
User Browser Traffic
Certificate Authority (CA) Signed Certificate
TLS v1.1 (or higher)
BRKDCT-2088 52
Getting Started
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight Account Creation
• Users navigate to https://www.intersight.com and sign into portal with cisco.com ID/password – required
• Can create new account or sign into exisiting account
• Existing account accessed with account number
• New accounts created with device ID / claim code (IMC/UCSM/HX Cluster) – must accept offer agreement first
• Must claim a single device to create account
BRKDCT-2088 54
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight Device Claim
• Additional devices can be claimed from Devices tab – each device has a unique device ID and claim code
• Devices must be running supported firmware version that includes Intersight Device Connector
• Devices are claimed one at a time, bulk claim is a work in progress
BRKDCT-2088 55
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight Portal Status
https://status.intersight.com/
Overall Status of Portal Services Displayed
• Device Connector
• Inventory (Device Data Collection)
• Login/Account Authentication
• Techsupport
56BRKDCT-2088
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intersight Online Help
https://intersight.com/help
Site Tour of Dashboard, Alarms, Search, Settings, etc.
Specific flows also covered
• Claim a New Device
• Add a New User
57BRKDCT-2088
Guided Help for
common operations
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Feedback/Troubleshooting
[email protected] for feedback/issues
End of the Guided Site Tour references the feedback mailer
Settings->Audit Logs displays information on activity/timestamps
• Important to capture when submitting issues
58BRKDCT-2088
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKDCT-2088
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Session Evaluations after each session
• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.
Complete Your Online Session Evaluation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
61BRKDCT-2088
Thank you