Cisco Converged Branch Infrastructure
Tony Banuelos, Technical Marketing Engineer
BRKARC-2029
• Cisco ISR series (chassis) and Cisco UCS E-series server
• The converged branch infrastructure solution
• Use Cases
• Managing distributed servers (E-series)
• Application and networking services solution
• How many applications can run on E-series
• How can high-availability be delivered
• Conclusion
Agenda
Cisco ISR routers
Cisco Branch Router Evolution
ISR 4431 & 4300 familyMaking for a complete ISR 4000 familyISR 4451-X
First ISR based on IOS XE
ISR G2 family
800*, 1900, 2900 &
3900
Taking the ISR
concept to the next
level
ISR G1 family
1800, 2800, 3800
The first architecture
custom designed for
integrated services
Cisco 2500
Cisco’s first family of
branch routers for 23
different deployments
Cisco 2600
Superseded 2500.
Considered one of Cisco's
premier products.
2014
2013
2009
2004
1998
1993
Not shown here: 700, 1600, 1700,
4000/4500, 3600 & 3700 series routers
Support UCS E-series
*ISR800 series do not support UCS E-series
Revolutionary Platform ArchitectureArchitected for the Optimal Application Experience
Converged Branch with
UCS® E-SeriesIntegrated compute
Up to 8 cores
4-10 Times Faster Than ISR G2 at similar price
Native L2-7 ServicesSecurity, optimization
Pay as You GrowPerformance and
services
Virtualized Services
FrameworkAppliance-level
performance
Service-Aware
Data Plane For efficient traffic handling Cisco ISR
4000
Powering the Intelligent WAN
Cisco ISR 4000 Series
ISR 432150-100 Mbps
ISR 4331100-300 Mbps
ISR 4351 200-400 Mbps
ISR 4431 500-1000 Mbps
ISR 4451 1-2Gbps
Newest ISR 4000 series portfolio
4-10X Faster
Add performance and services anytime
Flexible consumption options
Cisco ISR 4000 Series
Management Interface
out-of-band control plane
connection directly to a
management network
Front-Panel GE
RJ45/SFP GE Interfaces
PoE+ available on some
models
Network Interface Modules Larger and more powerful than EHWICs
Up to 8 ports per module
DSPs directly on modules
Optional Drive NIM for
Service Containers RAID 1 for data protection
Single HD (future) and
dual SSD options
Embedded SSD option
USB Connections 2 type A for file storage
USB type B console in addition
to RJ45 console and aux ports
Enhanced Service Modules Compatible with Cisco® ISR G2
Up to 10-Gbps connection to system
Faster and more powerful than SMs
Internal Services Card
Internal Expansion
Currently for PVDM4’s
UCS-EN NIM
UCS-E SM
Cisco UCS E-Series Servers
Cisco UCS E-Series ServersS
ca
lab
ility
Performance
Cisco UCS-E140S
• Service Module
• Vmware, Hyper-V, Citrix
Certified
• Intel E3 4 Core Processor
• vWLC, vWAAS, Physical
Security
Cisco UCS-E180D
• Service Module
• Vmware, Hyper-V, Citrix
Certified
• Intel E5 8 Core Processor
• vWLC, vWAAS, Virtual
Desktops, Physical
Security, Security
applications
Cisco UCS-E160D
• Service Module
• Vmware, Hyper-V, Citrix
Certified
• Intel E5 6 Core Processor
• vWLC, vWAAS, Virtual
Desktops, Physical Security
Cisco UCS E-Series Single-Wide Blade Compact Blade Housed in Cisco ISR G2 and ISR 4000 Chassis – UCS-E140S M2
Up to 2 SATA, SAS, or SSD hard drives
Configuration and
management through CIMC
Intel® Xeon® E3 Family quad-core
processor
On-board hardware RAID 0/1 with hot-
swappable capability
One external and two
internal GE ports
USB 2.0 port for external
device connectivity
8, 12, and 16 GB
DRAM options
Maximum 65 W power draw
80 percent less than server
Wire-free, plug-and-play modularity,
low shipping weight (2.5 lb/1.1 kg)
Remote and
schedulable power
management
KVM console connector
10/100 Ethernet
management port
Two SD cards: One for the CIMC
and temporary storage of OS and
one for a blank virtual drive
Cisco UCS E-Series Double-Wide BladeMultipurpose Blade Housed in ISR G2 and ISR 4000 Chassis – UCS-E160DM2/UCS-E180DM2
Up to 3 SATA, SAS, SSD hard drives or 2
HDD and a PCIe card
Out-of-band
configuration and
management through
CIMC
On-board hardware RAID 0, 1,
and 5 configuration options
with hot-swappable capabilityTwo external and two internal GE ports
with TCP/IP acceleration
Front-panel VGA, 2 USB, and serial
console connectors
8 GB – 96* GB
DRAM options
Maximum 130 W power draw,
80 percent less than server
Wire-free, plug-and-play modularity,
low shipping weight (7 lb / 3.2 kg)
Remote and
schedulable power
management
Two SD Cards: one for the CIMC
and temporary storage of OS
and one for a blank virtual drive
Intel Xeon E5-2400 Quad
Core/Six-Core/Eight-Core
Processor
UCS-E140S M2 UCS-E160D M2 UCS-E180D M2
Processor Intel Xeon E3-1105C v2 (1.8
GHz)
Intel Xeon E5-2418L v2 (2.0
GHz)
Intel Xeon E5-2428L v2 (1.8 GHz)
Core/vCPU 4/8 6/12 8/16
Memory 8 - 16 GB 8 - 96 GB 8 - 96 GB
Storage Up to 3.6 TB (2 HDD bays)
SATA, SAS, SED, SSD
Up to 5.4 TB (3 HDD bays)
SATA, SAS, SED, SSD
Up to 5.4 TB (3 HDD bays)
SATA, SAS, SED, SSD
RAID RAID 0 & RAID 1 RAID 0, RAID 1 & RAID 5 RAID 0, RAID 1 & RAID 5
Network Port Internal: 2 GE Ports
External: 1 GE Port
Internal: 2 GE Ports
External: 2 GE Ports
Internal: 2 GE Ports
External: 2 GE Ports
Platforms 4451-X, 4351, 4331, 2911,2921,
2951, 3925,3945,3925E, 3945E
4451-X, 4351, 2911,2921, 2951,
3925,3945,3925E, 3945E
4451-X, 4351, 2911,2921, 2951,
3925,3945,3925E, 3945E
Hardware Comparison Matrix (UCS E-Series) Reference
UCS E-Series in an ISR Chassis
ISR UCSE 140S M2 UCSE 160D M2 UCSE 180D M2 Max Modules / Router
2911 Yes No No 1 SW
2921 Yes Yes No 1 SW or 1 DW
2951 Yes Yes No 2 SW or 1 DW
3925 Yes Yes Yes 2 SW or 1 DW & 1 SW
3925E Yes Yes Yes 2 SW or 1 DW & 1 SW
3945 Yes Yes Yes 4 SW or 2 SW & 1 DW
3945E Yes Yes Yes 4 SW or 2 SW & 1 DW
ISR 4451-X Yes Yes Yes 2 SW or 1 DW
ISR 4431 No No No NA
ISR 4351 Yes Yes Yes 2 SW or 1 DW
ISR 4331 Yes No No 1 SW
ISR 4321 No No No NA
Reference
Cisco UCS E-series Network Compute EngineS
ca
lab
ility
Performance
Cisco UCS-EN 120E
(Supported on ISR-G2 Only
• Enhanced HWIC
• Virtualization
Enabled
• Network Compute
Applications
- vWLC, vWAAS
• Service Module
• VMware and Hyper-V
Certified
• Network Compute
Applications – vWLC,
vWAAS
Cisco UCS-EN 140N
(Supported on ISR4000 Only
• NIM network compute
module
• Virtualization Enabled
• Network Compute
Applications
- vWLC, vWAAS
Available 3QCY15
Cisco UCS-EN 120S
Cisco UCS E-Series Network Compute EngineCompact, Multipurpose Blade Housed in ISR 4000 – UCS-EN140N M2
Up to 8 GB
RAM
Intel® Atom Quad-
core processor
One 2GB SD
card for
CIMC
50, 100, 200
GB mSATA
SSD Options
Dedicated
Management
Port
One External Gigi
Ethernet Interface
KVM console connector
USB 2.0 port for external
device connectivity
Target
Launch
Q3CY15’
UCS-EN120S M2 UCS-EN140N (Only on ISR4000)
UCS-EN120E (only on
ISRG2)
Processor Intel Pentium
B925C (2.0 GHz)Intel Atom C2518
(1.7 GHz)
Intel Atom C2358
(1.7 GHz)
Core 2 4 2
Memory 8 - 16 GB 8GB 8GB
Storage 500 GB- 2 TB (2 HDD)
SATA, SAS50GB – 200GB 50GB – 200GB
RAID RAID 0 & RAID 1 NA NA
Network Port Internal: 2 GE Ports
External: 1 GE PortInternal: 2 GE Ports
External: 1 GE Port
Internal: 2 GE Ports
External: 1 GE Port
Platforms 2911, 2921, 2951, 3925,3945,
3925E, 3945E, 4451-X, 4351,
4331
4451, 4431, 4351, 4331, 4321 1921, 1941,2911, 2921,
2951, 3925,3945,3925E,
3945E
Hardware Comparison Matrix (UCS E-Series NCE) Reference
Cisco Converged Branch Office solution
• No local servers
• Full reliance on WAN
• Simplicity, low cost
• No service guarantees
The Lean Branch OfficeBalancing IT Efficiency and User Experience
Serverless Branch
Data Center/
Cloud
WAN/Internet
Branch Office
Lean Branch
Data Center/
Cloud
WAN/Internet
Branch Office
• 4-5 local servers
• Reliance on WAN except for mission-critical applications hosted locally
• All servers local
• No reliance on WAN
• Complexity, high cost
• Service guarantees
Full-Service Branch
Data Center/
Cloud
WAN/Internet
Branch Office
Cisco Converged Branch InfrastructureCisco ISR with integrated UCS E-Series
+ Converged networking, compute and
storage
+ Flexible WAN, LAN and application
hosting services
+ Common Server Management Tools
+ Software vendor agnostic
+ Efficient platform footprint
+ Rugged core network platform
with dedicated hardware
+ 7-year hardware lifecycle
+ Single support contract
+ Integrated networking
+ Redundant HW & SW (VM and IOS)
Virtual
Applian
ce
Virtual
Applian
ce
Virtual
Applian
ce
Virtual
Applian
ce
ISR
IO UCS
Branch Challenges Need for Converged Branch IT
Growing Complexity in the Branch
Management Complexity
Branch Footprint
OpEx, Power, Cooling
Business Agility
Increased Productivity
Lower Costs
Compute and Storage
Unified Communications
WAN Optimization
WAN Path Control
QoS
Application Visibility
Threat Defense
VPN Services
Branch in a Box – Service Possibilities
ISR with UCS E- Series
Versus
• Separate System for Critical POS Systems or Other Applications(i.e POS Back office, Time and attendance, etc…)
• Separate System for Training
• Separate System for Video Surveillance/Loss Prevention
• Separate System for Wireless(i.e Controller)
• Separate System for Switching
• Separate System for Voice Systems(i.e Key Switch/Voicemail, PBX)
• Separate System for Virtual Desktop Infrastructure
Cisco UCS E-Series Server Hypervisor and OS Support
VMware Hypervisor
• VMware vSphere Hypervisor™ 5.0, update 1
• VMware vSphere Hypervisor™ 5.1
• VMware vSphere Hypervisor™ 5.5
• VMware vSphere Hypervisor™ 6.0
Other Hypervisors
• Hyper-V (Windows 2008 R2, 2012 R2)
• Citrix XenServer 6.0
Microsoft Windows
• Windows Server 2008 R2 Standard 64-bit
• Windows Server 2008 R2 Enterprise 64-bit
• Windows Server 2012, 2012 R2
Linux
• Red Hat Enterprise Linux 6.2
• SUSE Linux Enterprise 11, service pack 2
• Oracle Enterprise Linux 6.0, update 2
Supported by Cisco SMARTnet
Attached to ISR
Supported by OS / Hypervisor Vendor
Purchased separately
ISR Chassis
Cisco® UCS E-Series Server Module
Hypervisor
Hardware Support
Provided by Cisco®
UCS E-Series hardware
supported under ISR
SMARTnet at no
additional cost
VMware Embedded
Software - ESX and
Foundation supported
by ISR SMARTnet
Cisco ISR 4451-X Converged Branch Infrastructure Solution
Technology Consolidation for Branch Services
Unified Communications
Server Blades with Storage
Security
WAN Optimization Mobility
Routing
Management Interface
Connects control plane directly to a
management network.
Front Panel GE
• 4 RJ45/SFP GE Interfaces
• PoE available on 2 Interfaces
Network Interface Modules (NIM)
• Larger & more powerful than EHWICs
• Up to 8 ports per module
• DSPs directly on modules
Optional Drive NIM for Embedded
Applications
• RAID 1 for data protection
• Single HD (future) &
Dual SSD Options
Extended Service Modules
• Compatible with ISR G2
• Up to 10Gb connection to system
• Faster & more powerful than SMs
SM-X Layer2/3 EtherSwitch® Service Module(SM-X)
• Capable of PoE+ (30W), MACSec and Cisco TrustSec
• Simplified Licensing for upgrade to Layer-3 features
Feature Description Benefit
Blade server form
factor
• Compact and light-weight form factor that
fits into router chassis
• Plug-and-play (slide-in and clamp-down),
wire-free hardware provisioning
• Maximum 65W power draw (80% less
than a typical server)
• Save on energy cost
Less physical space with no rack or wall-mounting
• No wires or power cords to hook up
• Free up ports on branch switch for other purposes
• Installation that can be performed by non-technical
person under 2 minutes (no on-site visit)
• Low shipping costs due to low shipping weight
• Reduced environmental impact
Key Features of UCS E-Series
Cisco Converged Branch Office – Use cases
Cisco Intelligent WAN Solution on Cisco ISR
Internet
Branch
3G/4G-LTE
AVC
MPLS
PrivateCloud
VirtualPrivateCloud
PublicCloudWAAS PfR
Application Optimization
Secure Connectivity
• Certified strong
encryption
• Comprehensive threat
defense with ASA and
IOS firewall/IPS
• Cloud Web Security
(CWS)
for scalable secure
direct
Internet access
Intelligent Path Control
• Application best path
based
on delay, loss, jitter, path
preference
• Load balancing for full
utilization
of all bandwidth
• Improved network
availability
• Performance Routing (PfR)
TransportIndependent
• Consistent operational model
• Simple provider migrations
• Scalable and modular design
• DMVPN IPsec overlay design
• AVC: Application
monitoring with
Application Visibility and
Control
• WAAS: Intelligent Edge
Caching with Akamai
Connect
• WAAS: Application
Acceleration
and bandwidth savings
Lean Branch Office ApplicationsWAN Edge Applications That Defy Centralization
• DNS and DHCP servers
• Microsoft active directory
• Windows print services
• Windows file services
• Others
Core Windows Services
• Point-of-sale server
• Bank teller control point
• Electronic medical records
• Inventory management
• Others
Mission-Critical Business Applications
• Software update service
• Client monitoring service
• Backup and recovery
• Terminal server gateway
• Others
Client Management Services
Server Virtualization Consolidate physical servers to
reduce costs
Improve application uptime and failure recovery time
Shorten time-to-deployment for new apps
Blade Form Factor Eliminate wires, components and
save space
Rapidly provision hardware with plug-and-play modularity
Right-size hardware profile for the lean branch office
Hosting Business Critical Applications LocallyUCS E-Series Server Blades
Network | Compute | Storage
Clinic in a
Box
Bank in a Box
School in a Box
Store in a Box
Cisco Energy Management:Energy Management at Scale across all branches
See
• Discover any IP connected device
• Asset visibility and Utilization
Measure
• Energy cost, energy use, carbon emissions
• Advanced analytics and reporting
Manage
• Control devices to lower power consumption
• Flexible time, event, location based policy
Savings
Baseline
CEM ComponentsCisco Energy Manager (CEM)
Cisco Cloud Or Customer Private Cloud
WAN/Internet
LAN
ISR + UCS-E with CEM
controller
CEM Server • SaaS or Private cloud option
• User/IT manager interface via browser
• Manages energy in all branches
• Hosts DB, reports, analytics
CEM Controller• Runs on UCS-E
• Aggregates information from EPs (endpoints) & pushes
policy
• No management required after initial configuration
* CEM uses various methods to build device
inventory. AD & CUCM if deployed by customer will
be used
Fits perfectly into Fog Computing
Network Edge Data Processing Perform analytics at the edge and send analyzed data
Ideal for Retail environments with limited WAN circuits
For applications like RetailNext, Scopics, Data-in-Motion
Real time interaction with sensors and quick decision making in IOT
Harness the power of Cisco’s Data in Motion
Mirroring – Mirror Data to the Data Center vSphere Replication, Cetera, Unitrends
Local Resource Directory for local devices
Enable multicasting at application layer VMware Mirage - Local resource for desktop image management
solution
Tiani spirits in healthcare “The Tiani "Spirit" SpiritEHR (Electronic Health Record) app on a Cisco®
UCS E-series. Deploy the EHR directly in the network layer and use the network as an HIE platform. The deployment in several router instances avoids a “single point of failure.” Another advantage of this deployment strategy is that each router instance provides Secure Node –Compliancy according to the ISO 27002 standard”
FOG Computing
Nimble Delivery of WAN ServicesImproves IT operations and efficiency
Network virtualization reduces Physical Appliances
WAN
Data Center/Cloud Branch Office
VNF
Voice Systems
Storage Security
vWSA vWAAS
WAAS
ASAvThird
-party
Cisco converged branch office solution for VDI
* WAAS is recommended for limited bandwidth/high-latency WAN links
Data Center or Headquarters
WAN
Remote Office Clients
Branch
Office
Cisco ISR G2 & Cisco UCS
E-Series server
• VDI and applications resiliency
• Best user experience
• Data center compute offloading
• Simplified management
• All or subset of desktops can be hosted on Cisco UCS E-Series
server
• Apps can be hosted centrally or run mission-critical apps on E-
series (e.g. POS, medical records)
•Virtualized desktops are managed by central server
• Applications can be accessed local or across the WAN
• WAN optimization provides performance upgrade to desktop
over apps across the WAN
WAAS
WAAS
Remote Office Desktop Master
Image
Managing Distributed UCS E-Series Servers
Cisco Converged Branch InfrastructureDomain Isolation (Network & IT Administrator)
Network Administrator
Provisions IP Address
System Ready to Use
Network Administrator
Provisions Hardware
IT Administrator
Installs Software
IT Administrator
Configures Network
IT Administrator
Connects
to Provisioned IP
Cisco Blade Management
• Out-of-Band Management
• Management accessed hosted on dedicated base board management controller(BMC) chip on each UCS E-series Server
• 10/100 Ethernet out-of-band management interface •
• Lights-out management
• Virtual KVM and Virtual Media support
• Consistent CLI and GUI look-and-feel
• Same user interface as UCS C-Series rack server CIMC
• UCS E-series CIMC XML API http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/e/api/guide/b_cimc_api_book/b_cimc_api_book_chapter_01.html#topic_B19A7BEBFBAB4DDFB90B9456709C6402
• Cisco IMC PowerTool – Configure and download CIMC settings using cmdletand scripts https://communities.cisco.com/docs/DOC-51321
Cisco Integrated Management Controller
UCS E-Series Server
Web GUI
CLILAN, WAN, Console
Ports, and Interfaces
CIMC
IOS CIMC Configuraton – Dedicated Mode
Configuring CIMC Access Using Dedicated Mode
Router#
!
interface ucse 2/0
imc ip address 10.0.0.1 255.0.0.0 default-gateway 10.0.0.2
imc access-port dedicated
!
Router#
Host Router
E-Series Server
GE0 GE1
GE2 GE3
Router CPU
PCIe MGF
M
ucse2/0
BMC
CIMC GUI
IOS CIMC Configuraton Shared-LOM Console
Ie):
Router#
!
interface g0/0
ip address 10.0.0.1 255.0.0.0
!
interface ucse 2/0
ip unnumbered g0/0
imc ip address 10.0.0.2 255.0.0.0 default-gateway 10.0.0.1
imc access-port shared-lom console
!
ip route 10.0.0.2 255.255.255.255 ucse 2/0
!
end
Host Router
E-Series ServerGE2 GE3
Router CPU
PCIe MGF
ucse2/0
BMC
CIMC GUI G0/0
GE0 GE1
Shared-lom console and ip
unnumbered will require static ip
route to access CIMC
IOS CIMC Configuration Shared-LOM MGFConfiguring CIMC Access Using Shared LOM – GE1 (MGF):
Router#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/0/0, Gi0/0/1, Gi0/0/2
Gi0/0/3, uc2/1
Router#
!
interface vlan 1
ip address 10.0.0.1 255.0.0.0
!
interface ucse 2/0
imc ip address 10.0.0.2 255.0.0.0 default-gateway 10.0.0.1
imc access-port shared-lom ge1
!
Router#
Host Router
E-Series ServerGE2 GE3
Router CPU
PCIe MGF
ucse2/0
BMC
CIMC GUI
*Gi0/0/0
GE0 GE1
ucse2/1
Note:UCS-E Series supported with EHWIC-4ESGP
and not EHWC-4ESW
*Gi0/0/1*Gi0/0/2*Gi0/0/3
EHWIC
IOS CIMC Shared LOM Front Panel GE2
Configuring CIMC Access Shared LOM GE2
Router#
!
interface ucse 2/0
imc ip address 10.0.0.1 255.0.0.0 default-gateway 10.0.0.2
imc access-port shared-lom ge2
!
Router#
Host Router
E-Series Server
GE0 GE1
Router CPU
PCIe MGF
ucse2/0
BMC
CIMC GUI
GE2 GE3
UCS E-series Management MIBS
ITU-ALARM-TC-MIB
SNMPv2-MIB
SNMPv2-CONF-MIB
SNMPv2-SMI-MIB
SNMPv2-TC-MIB
SNMP-FRAMEWORK-MIB
INET-ADDRESS-MIB
CISCO-SMI
CISCO-TC
CISCO-UNIFIED-COMPUTING-EQUIPMENT-MIB
CISCO-UNIFIED-COMPUTING-FAULT-MIB
CISCO-UNIFIED-COMPUTING-MIB
CISCO-UNIFIED-COMPUTING-MEMORY-MIB
CISCO-UNIFIED-COMPUTING-NOTIFS-MIB
CISCO-UNIFIED-COMPUTING-PROCESSOR-MIB
CISCO-UNIFIED-COMPUTING-STORAGE-MIB
CISCO-UNIFIED-COMPUTING-TC-MIB
• Memory, Processor and Storage MIBS used for SNMP query for memory, CPU and disk/controller (SNMPGET, SNMPWALK)
• Notifications and Fault generate trap events
UCS Director 5.5 /IMC Supervisor 1.0
Cisco Prime Third Party Tools
• Centrally Manage Distributed E-Series
• Platform Hardware Inventory
• Firmware Inventory
• Hardware Health Status
• Detailed Fault Logging & History
• vKVM Launch
• CIMC Plug-in for
• MS SCCM
• MS SCOM
• HP OM
• HP OO
• Nagios
• Powershell scripting
• Prime DCNM to monitor
distributed E-Series
• Platform hardware inventory
• Firmware inventory
• vKVM launch
• Detailed fault logging &
history
• Prime infrastructure 2.2
• E-Series support to be added
as part of device pack
Centrally Manage Distributed E-Series
Platform Hardware Inventory
Firmware lifecycle
Hardware Health Status
Detailed Fault Logging & History
vKVM Launch
UCS Director 5.5 / IMC Supervisor 1.0
Discovering UCS E-series branch servers on Cisco IMC SupervisorFirst Step is to create a “Rack Group”
- Create a new Rack Group to sub-divide distributed managed server groups
- The new “Rack Group” will be where you discover and add servers that are part of its management domain (for example E-series at stores)
Discovering UCS E-series branch servers on Cisco IMC SupervisorSecond Step is to create a “Discover Profile”
- Create a discover profile for IMC SUP to find servers across the network (WAN)
- Typically devices at branch offices will not be on same subnet, nor have matching subnet masks. A list of IP addresses in a spreadsheet (.csv) seems like the best approach
Discovering UCS E-series branch servers on Cisco IMC SupervisorThird Step is to activate the discovery process and wait for the servers to appear
- Ready to discover click “Discover” and select the discover profile created in previous
- The discover process will initiate and the IMC supervisor to request a each individual E-series CIMC system to join its domain
Discovering UCS E-series branch servers on Cisco IMC SupervisorThird Step is to activate the discovery process and wait for the servers to appear - continued
- Monitor the progress of the server list being discovered
- Servers that fail to be discovered return an error message to help with troubleshooting the connectivity issue
Discovering UCS E-series branch servers on Cisco IMC SupervisorFourth Step is to migrate newly discovered servers to the assigned Rack Group
- Discovered servers must be imported to defined Rack Group
- After servers are imported to Rack Group the system is ready for monitoring and management
Click “Submit”
Cisco IMC Supervisor managing UCS E-seriesCisco IMC Dashboard – What can you do?
- Monitor health of CPU, memory and storage
- Have a granular view of what firmware version each server is running, the server power state and the server model type
- Each server can be labeled to identify its location (Tag management)
- Server report can be viewed to show boot order config, IP address, server MAC address and other parameter details
- Launch vKVM console, Launch individual CIMC GUI
- PowerON, PowerOFF, Reboot
- Update/Patch firmware (requires HUU file)
Cisco IMC Supervisor managing UCS E-seriesUpgrading Firmware
- Using Physical Accounts go to Firmware upgrade tab and create a “Upgrade Profile”
- You must download E-series server huux.x.iso file to a CIFS or NFS server share
- Configure the details for IMC SUP to download the huufile
- The huu file contains, CIMC, NIC, RAID controller, BIOS firmware upgrades
Cisco IMC Supervisor managing UCS E-seriesUpgrading Firmware - continued
- To start an upgrade click “Upgrade Image”
- Select the upgrade profile to run and the servers to upgrade
- Monitor the upgrade progress of each server from the IMC Sup console
Cisco IMC Supervisor managing UCS E-seriesImaging a server across the WAN – Host Image Mapping -
- All Cisco UCS servers support vKVM with virtual CD/DVD mounting to install OS
- But using vKVM with virtual CD/DVD takes a compressed OS iso file and decompresses it and runs an active install across the WAN link
- Using Host Image Mapping you can upload the compressed OS iso image directly to the UCS E-series SD flash and once copied map the image to the x86 systems as a virtual CD/DVD
- Advantage of Host Image Mapping is you can download and initiate install of the OS image at off peak hours
- You save on WAN BW utilization
- You don’t have to be always connected to the system during the installation process
- The OS iso file is now available locally in case of DR situation
Cisco IMC Supervisor managing UCS E-seriesImaging a server across the WAN – Host Image Mapping - continued
- Only one type of virtual mount can be active “don’t have vKVM CD/DVD mount at the same time as HIM”
- Make sure your BIOS boot order is set to boot from virtual CD/DVD drive first
- Before a reboot after a OS is installed make sure you unmap the boot image from HIM and that your install drive (RAID, SD flash) is set as second option boot
Microsoft SCCM IMC Plugin
Unified Virtualization ManagementCentral Management with VMware vCenter or Microsoft System Center
Branch Office
UCS E-Series
Branch Office
UCS E-Series
Branch Office
UCS E-Series
Data Center
UCSSystem Center
or
vCenter
Single console for all VMs and hypervisor administration
Extend virtualization management from the data center to the branch
Centralize control and visibility at every level of virtual infrastructure
Simplify, standardize, and automate remote server infrastructure
Cisco End-to-End SolutionUCS B-Series and C-Series for Data Center; UCS E-Series for Branch
Cisco UCS B/C Series
Unified compute platform for infrastructure consolidation in the data center. Offers innovative virtualization, memory, provisioning, I/O, and management capabilities.
Cisco UCS E-Series Servers
Residual compute platform with all-in-one device convergence that facilitates centralization of branch applications into the
data center.
Data Center/Cloud
Branch Office
WAN/Internet
Address WAN-induced performance, availability, compliance challenges
Consolidate Infrastructure
Centralize Applications
Support User experience
Location-Suitable Form Factors, Consistent Device Management
UCS E-Series networking intergration
Cisco UCS E-Series Server Components Simplifying Lean Branch Office Infrastructure
Platform for WAN Edge Applications
• Host applications locally either bare metal or virtualized
Server Virtualization and Bare Metal OS
• Certified for vSphere, Hyper-V and Xen Server
• Bare metal OS: Certified for Windows Server, RHEL, SUSE Linux, Oracle Enterprise Linux
Dedicated Blade Management
• Cisco® Integrated Management Controller per module
• Consistent stand-alone management with UCS C-Series family
Multipurpose x86 Blades
• Intel Xeon E3 or E5-2400 Quad Core or better CPU, up to 48 GB RAM and 3 TB Storage
• House up to four server blades in ISR G2
Single-Device Network Integration
• House all devices in ISR G2 chassis
• Multigigabit fabric backplane switch
IOS, MGF Backplane Switch
UCS E-SeriesServer
Hypervisor
OS
App
OS
App
CIMCUCS E-Series
Server
Hypervisor
OS
App
OS
App
CIMC
x86 Processor
Hypervisor
VNF
VNFApp
vSwitch
MGF
(Internal)
IOS-XE Data
Plane
IOS-XE Control
Plane
x86 Processor
3x1GE
WAN
interfaces
UCS-E Module
2x1GE
Linux
10GE
NIM/SM ModuleNIM/SM Module
NIM/SM Module
2x1GE
1GE
Route/Forwarding Processor
BMC
CIMC
App
Cisco ISR4000 with UCS-E Module
Cis
co
ISR
Ch
assis
Mo
the
rbo
ard
To WAN
vWAAS
UC
S-E
Se
rve
r Mo
du
le vASA
vWLC
vWSA ES
X H
ost
To LAN Switch
vSwitch0 vSwitch1 vSwitch2
vNIC
vmnic0
UCSE1/0/0
(BDI 10)
UCSE1/0/1
(BDI 20)
GE 0 GE 1
GE 2
GE 0/0/0
outside vNIC inside vNIC
WCCP IN
Use standard routing to
route traffic from vWAAS
to BDI/VLAN 20 to the
UCS-E blade
vWAAS will redirect traffic
back to the ISR router
1
1
2
3
4
5
2
3
4
5
6
6
7
Ingress WAN traffic from
the ISR WAN port is
redirected to vWAAS
running on the UCS-E
Traffic will be routed to
the vASA outside
interface set to its own
internal switch
vWSA and miscellaneous
LAN apps are installed
behind the firewall such
that they are accessible
to LAN devices
All LAN traffic accesses
the LAN apps via the
physical external GE 2
port on the UCS-E
module
Traffic is filtered and only
authorized traffic is
allowed out to the vASA
inside network
vmnic1
vmnic2
vN
ICvN
IC
Service Chaining Applications
7
WAN
Ge0/0/0 ucse 1/0/0.10
wccpredirects traffic for optimization
ucse 1/0/0.200
Traffic LAN to WAN/WAN to LAN
ucse 1/0/1.100
outside
inside
LAN
Ge0/0/2
Logical Diagram of vWAAS+ASAv Configuration:
Configuration Example: vWAAS+ASAvUsing ISR on-board interfaces
VMware vswitch config:
Maps to ucse 1/0/0.200 sub-intfcvlan200 (outside asav intfc)
Maps to ucse 1/0/0.10 sub-intfcvlan10 (vwaas optimization)
Maps to ucse 1/0/0 native intfc
Maps to ucse 1/0/1.100 sub-intfcvlan100 inside vrf (inside asavintfc)
ip wccp 61 redirect-list WAAS-Traffic_BranchtoDC
ip wccp 62 redirect-list WAAS-Traffic_BranchtoDC
!
interface GigabitEthernet0/0/0
description WAN intfc
ip address 172.19.153.210 255.255.255.0
ip nat outside
ip wccp 62 redirect in
negotiation auto
!
interface ucse1/0/0
description native vlan for mngmnt
ip unnumbered GigabitEthernet0/0/0
no negotiation auto
switchport mode trunk
!
interface ucse1/0/0.10
description vlan10 dedicated to vwaas
encapsulation dot1Q 10
ip address 176.19.153.1 255.255.255.0
ip nat inside
ip wccp redirect exclude in
ip virtual-reassembly
!
interface ucse1/0/0.200
description vlan200 outside of asav
encapsulation dot1Q 200
ip address 192.168.24.1 255.255.255.0
ip nat inside
ip wccp 61 redirect in
ip virtual-reassembly
WAN facing configuration:Enable wccpredirect to vwaas
WAN facing interface
UCSE 1/0/0 native vlan for mngmnt(esxi, vwaas, asav)
ucse1/0/0 sub-intfcvlan10 for vwaasopt traffic
UCSE1/0/0 sub-intfc vlan200 for outside intfc asav(LANtoWAN/WANtoLANtraffic)
ip route 0.0.0.0 0.0.0.0 172.19.153.117
ip route 172.19.153.17 255.255.255.255 ucse1/0/0
ip route 172.19.153.213 255.255.255.255 ucse1/0/0
ip route 172.19.153.214 255.255.255.255 ucse1/0/0
Default-gateway and static routes to mgmnt console:
ip route 192.168.25.0 255.255.255.0 192.168.24.2
Static route to LAN network:
WAN default-gateway
ASAv mngmnt
CIMC mngmnt
ESXi host mngmnt
Static route to LAN device subnet
LAN facing configuration:ip vrf inside
!
interface GigabitEthernet0/0/2
description intfc to LAN access switch
ip vrf forwarding inside
ip address 192.168.25.1 255.255.255.0
negotiation auto
!
interface ucse1/0/1
no ip address
no negotiation auto
switchport mode trunk
!
interface ucse1/0/1.100
description to inside intfc of asav
encapsulation dot1Q 100
ip vrf forwarding inside
ip address 192.168.24.2 255.255.255.252
ip route vrf inside 0.0.0.0 0.0.0.0 192.168.24.1
LAN static route default-gateway:
interface GigabitEthernet0/8
description connect to Ge0/0/2 of router
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/9
description connect to JoeS-windows7
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/10
description connect to MarieW-Windows7
switchport access vlan 100
switchport mode access
LAN access switch configuration (C3560c):
Interface in VRF inside connects to LAN access switch, segregated from native routing table. 192.168.25.1 is the LAN default-gateway
UCSE1/0/1 sub-interface vlan100 and VRF inside connects to inside intfc of asav
Static default route for LAN to WAN traffic. LAN to WAN and WAN to LAN traffic traverse asav in transparent mode (bump in the wire)
ASAv QSG: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/asav/quick-start/asav-quick.html
ASAv mngmnt 0/0 intfc
ASAv gig0/0 intfc
ASAv gig0/1 intfc
Cisco ASAv VM Settings
interception-method wccp
!
primary-interface Virtual 1/0
!
interface Virtual 1/0
ip address 176.19.153.10 255.255.255.0
exit
interface Virtual 2/0
shutdown
exit
!
ip default-gateway 176.19.153.1
!
wccp router-list 7 176.19.153.1
wccp tcp-promiscuous service-pair 61 62
router-list-num 7
enable
exit
!
central-manager address 172.19.153.110
cms enable
Cisco vWAAS VM settings:
Maps to ucse1/0/0.10 sub-
intfc vlan10
Cisco Converged Branch InfrastructureUse Case 1: Video Application, Storage System, and IP Cameras
MGF Fabric
Router
CPU
Hypervisor
OS
App
Hypervisor
OS
App
Video Management System
(10.1.30.10)
Storage
Application
(10.1.30.20)
C44(config)# interface BDI 1
C44(config-if)# ip address 10.1.30.1
255.255.255.0
UCS-E 2/0/0service instance 1 ethernet
encapsulation untagged
bridge-domain 1
UCS-E 1/0/0service instance 1 ethernet
encapsulation untagged
bridge-domain 1
Cisco Converged Branch Infrastructure Use Case 2: Multiple VMs in Different VLANs
MGF Fabric
Router
CPUEtherSwitch
Module / EHWIC
Card
Hypervisor
OS
App
OS
App
OS
App
UCS-EC44(config)# interface g0/0/XC44(config-if)# service instance ethernet 40
C44(config)# interface BDI 40
C44(config-if)# ip address 10.1.40.1 255.255.255.0
Cisco ISR+UCS E+Etherswitch moduleAll-in-one network integration
Cisco converged branch platform configuration:
Logical solution topology:
UCS E-series Performance
CPU Utilization on UCS E-140S
CPU Utilization on UCS E-140D
CPU Utilization on UCS E-160D
http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-e-series-servers/guide-c07-731139.html
High Availability
UCS E-Series and ISR
• The UCS E-Series depends on the ISR platform for power only
• Soft reload of ISR router does not have any effect on the UCS E-Series Compute Blades
• Power to slots will not be disrupted and will continue to power E-Series
• Hard Reset/Power down of the router will cause the E-Series to power down
• Equivalent of removing power supply to an external server
• ISR routers have the option for Dual Power supplies
• ISR 3900s and 4451, 4431 have option for inbuilt dual power supply
• ISR 2900s has the option for external RPS 2300 power supply
• ISR 4300s have no power supply redundancy
UCS E-Series and ISR
• Online Insertion and Removal supported on ISR 3900 and ISR 4000 platforms
• UCS E-series can be installed or removed without powering down the router
• OIR not supported on the ISR 2900s
• Hard drives on the UCS E-Series can be removed and installed without powering down the blade or the router.
• Note: RAID disks would have to be rebuilt.
• Two UCS E-Series can be installed in two ISRs with HSRP running between them
• Provides additional resiliency in terms of power to the E-Series
Providing Data Protection on the E-Series
• Consistency of data is key between E-Series and Data Center
• Protection of data is vital for disaster recovery
• Use technologies like VMware vSphere replication to set up automatic backup of data between E-Series and Data Center
• Data backup is asynchronous
• Data protection and high availability requires synchronous mirroring of data between E-Series servers at the branch. By clustering Direct Attached Storage (DAS) across multiple UCS E-series servers mirroring storage pool can be created.
• Software-defined-storage technologies from VMware and StorMagic create shared storage using DAS on E-series servers
• The clustered storage is presented as an iSCSI target where VMs requiring HA can run.
• Allows for synchronous mirroring across participating server nodes
In Box Server Redundancy
- Stormagic VC plugin installs on Windows server running vCenter
- Stormagic running in vCenter allows for full management directly from vCenter console
Before deploying a VSA configure networking
- Configure networking interfaces for each cluster storage traffic type
- Used UCSE X/0/0 to access management interface (makes it easy to reach across WAN)
- Used UCSE X/0/1 to create vlan192 and assign a 192.168.24.X target IP address for my iSCSI storage target
- Used external GE2 on UCS E-series server to connect back-to-back and provide dedicated data path for synchronous data mirroring
- Networking settings (port-group name, interface mapping, vswitch settings) must match between each participating server
Configuring VMware networking:
Before deploying a VSA configure networking – cont’d
Configuring ISR 2900/3900Management access:interface GigabitEthernet0/0description WAN interfaceip address 172.19.153.131 255.255.255.0
!interface ucse1/0ip unnumbered GigabitEthernet0/0imc ip address 172.19.153.119 255.255.255.0imc access-port shared-lom console
!interface ucse2/0ip unnumbered GigabitEthernet0/0imc ip address 172.19.153.120 255.255.255.0
imc access-port shared-lom console
!
ip route 172.19.153.123 255.255.255.255 ucse1/0
ip route 172.19.153.140 255.255.255.255 ucse2/0
!
interface ucse1/1
description Internal switch interface connected to Service
Module
switchport mode trunk
no ip address
!
interface ucse2/1
description Internal switch interface connected to Service
Module
switchport mode trunk
no ip address
!
interface Vlan192
ip address 192.168.20.1 255.255.255.0
Static routes to
VSA management
GUIt
Interface to access
iSCSI target
Configuring ISR 4000 seriesManagement access:bridge-domain 192!interface GigabitEthernet0/0/0description WAN intfcip address 172.19.153.210 255.255.255.0
!interface ucse1/0/0ip unnumbered GigabitEthernet0/0/0no negotiation autoswitchport mode trunk
!interface ucse2/0/0ip unnumbered GigabitEthernet0/0/0no negotiation autoswitchport mode trunk
!
ip route 172.19.153.123 255.255.255.255 ucse1/0/0
ip route 172.19.153.140 255.255.255.255 ucse2/0/0
!
interface ucse1/0/1
no ip address
switchport mode trunk
service instance 192 ethernet
encapsulation dot1q 192
rewrite egress tag push dot1q 192
bridge-domain 192
!
interface ucse2/0/1
no ip address
switchport mode trunk
service instance 192 ethernet
encapsulation dot1q 192
rewrite egress tag push dot1q 192
bridge-domain 192
!
interface BDI192
ip address 192.168.20.1 255.255.255.0
Static routes to
VSA management
GUIt
Interface to access
iSCSI target
Note: mirroring traffic is a wire between each GE2 on the servers
Creating shared storage for data mirroring
- Deploy a VSA (Virtual Storage Adapter) on each UCS E-series host (simple OVA deployment)
- Assign equal amount of storage on each server to each VSA using deployment tool GUI
- Create the iSCSI target (shared storage cluster) where VM data replication will run
Fully deployed shared storage solution with mirroring data replication
- Shared storage across two or more E-series servers enables VM live migration
- Full support for HA and FT features
- Fully redundant system from L2 through L7
- Solves the issue of all eggs in one basket
Box 2 Box Redundancy
• Network redundancy across two Cisco ISR using HSRP• Two physical routers provide one logical IP address and MAC address as subnet default gateway.
• HSRP works in an active/standby scheme where if the active router fails the standby router continues to processing network requests
• Each Cisco ISR houses a Cisco UCS E-series.• Network connectivity between UCS E-series is done using the front-panel GE interfaces for data replication (mirror) traffic
• Each UCS E-series runs the SDS application with data mirroring capability to synchronously replicate VM files across
• Network access to iSCSI target and application VMs must match exactly in each router config (be sure to use the virtual router IP address as the default-gateway)
Case Studies
Customer Success - Finance(Retail Banking)Commercial bank headquartered in Anchorage, Alaska, Northrim Bank employs 250 people in 11 branches across 350 miles in southern Alaska.
Challenge :
• Northrim wanted to upgrade the bank's legacy infrastructure to dramatically increase the speed of service at the bank's teller stations.
• A slow circuit-based network created high latency problems that affected expensive third-party banking software applications that were very sensitive to bandwidth delay.
• Several times a day, users encountered sluggish application response or program errors that required re-login or even rebooting the system, a frustrating and time-consuming occurrence.
Next Gen Branch Architecture
• VMware Horizon View running on VMware ESXi , Microsoft AD, DNS,DHCP on the Double Wide UCS E-Series Server Blade
• Plans to add Unified Communications , FXS/FXO voice interfaces and Security
Customer Success – RetailColumbia Sportswear
Columbia Sportswear stores use compact Integrated Services Routers, which combine routing, switching, compute and voice services.
Challenge :
The company has retail stores and branch offices across North America and is expanding globally.
• Need to Shrink IT footprint in its stores.
• Central management.
• Stores need to accept payment cards and receive phone calls even in spite of WAN outage to the HQ network.
Next Gen Store Architecture:
Cisco Store-in-a-box provided the perfect solution for a Smaller IT Footprint while lowering Costs using the Cisco® 3945 Series Integrated Services Router (ISR), Cisco UCS E-Series Blade Server and a 48-port integrated switch.
“The POS application is now a virtual machine on the blade server,”
Simplified Management - “We chose the Cisco ISR partly because it’s easy to set up and manage,” says Spiegel. “For example, technicians no longer have to rack, stack, and power four separate systems, or install the operating system and applications on a physical server.
Before, deploying or replacing store infrastructure took days. Now the IT team just ships the router to the store, and any employee can connect it in minutes.”
Cisco UCS E-Series in Summary
• Application hosting platform for the lean branch office
• Bare metal OS, certified for Windows Server, RHEL, SUSE Linux, Oracle Enterprise Linux
• Virtualization powered by Microsoft Hyper–V, VMware vSphere, Citrix XenServer or Linux KVM
• The Converged branch solution (ISR+UCS E-series) – Allows intelligent consolidation of services
• Enables instantiation of applications and VNFs on demand, avoiding network infrastructure refreshes
• Extremely reliable - > 200K hour MTBF, Easy to manage one box solution
ResourcesCustomer resources:http://www.cisco.com/go/ucse
Contacts
Tony Banuelos - [email protected]
Kishan Ramaswamy - [email protected]
VideoNorthrim Deployment - http://www.youtube.com/watch?v=SY_4exRDPK4
Cisco Office-in-a-box - http://www.youtube.com/watch?v=jZtNH1nUF1I&list=PL2C2B4E34EE649245
UCS E-Series - http://www.youtube.com/watch?v=jkTekMg3YDo
Participate in the “My Favorite Speaker” Contest
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could Be a Winner
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys through the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
Internet of Things (IoT) Cisco Education OfferingsCourse Description Cisco Certification
NEW! CCNA Industrial An associate level instructor led training course designed to prepare you
for the CCNA Industrial certification
CCNA® Industrial
Managing Industrial Networks with
Cisco Networking Technologies (IMINS)
This curriculum addresses foundational skills needed to manage and
administer networked industrial control systems. It provides plant
administrators, control system engineers and traditional network engineers
with an understanding of the networking technologies needed in today's
connected plants and enterprises
Cisco Industrial
Networking Specialist
Control Systems Fundamentals
for Industrial Networking (ICINS)
For IT and Network Engineers, covers basic concepts in Industrial Control
systems including an introduction to automation industry verticals,
automation environment and an overview of industrial control networks
Networking Fundamentals
for Industrial Control Systems (INICS)
For Industrial Engineers and Control System Technicians, covers basic IP
and networking concepts, and introductory overview of Automation
industry Protocols.
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]