CCNP Data Center Centralized Management Automation

April 20, 2017
Learning@Cisco
CCNP Data Center
Centralized Management and Automation of
Cisco Data Center Technology

Today’s Speakers
Robert Burns
CCIE Datacenter, CCDP, and Technical Leader for Cisco Technical Services – Data
Center Technologies
Matt Saunders
Community Manager for Cisco Learning Network Data Center and Security

Agenda
Overview of Orchestration &
Automation in the Data center
Tech Spotlight: UCS Director
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Q&A
Tech Spotlight: POAP

Centralized Management &
Automation

Orchestration & Automation
• There are a number of solutions that fall under this category a CCNP candidate should be
familiar with:
• POAP
• UCS Director
• UCS Central
• IMC Supervisor
• Cisco Process Orchestrator
• Open Network Environment Suite
You will see these products sprinkled across the DCVAI & DCID exams.
Today we’ll take a look at these two
5TECCCIE-3644

• Day 0 Problem – Time - Provisioning
of Physical Infrastructure is time
consuming – days to weeks
• Day 1 Problem - Inefficiency - Silo
Operations to setup and configure
Compute, network, storage and
Virtualization, Private Cloud infra
• Day-2 Problem – Maintenance -
Infrastructure Lifecycle management,
Operations
• Business Problem - Huge Opex due
to manual setup of Infrastructure for
DC and private clouds building up
DC Problems we are solving
• DC Infrastructure Automation
Investments
• Infrastructure Automation
• Private Cloud Infrastructure
Setup and Automation
• Open and Extensible Platform

API API
Basic Management Functionality
API
API
UCS Director API
Stand-Alone UCS
C-Series Unified Computing
System
UCS Central
Policy Driven Multi DC,
Multi-Domain
Management
UCS Director
Policy Driven, Application Centric Infrastructure Management and
Orchestration
CIMC
Integrated & Converged
Infrastructure
UCS Manager
Domain 1
UCS Manager
Domain x
FlexPod vBlock
Storage
Virtual Machines
Network Devices
Servers
Non-Cisco
Infrastructure
Advanced Infrastructure Abstraction & Automation
UCS Management Portfolio
API
IMC Supervisor
API
UCS Performance
Manager
Performance Monitoring
7TECCCIE-3644

This is POAP
DHCP
Server
POAP Script Server
(HTTP/TFTP)
Config and Software Image Server
(SCP/FTP/SFTP/HTTP)
Nexus Switch
(Unconfigured)
POAP
Script
DHCP
Request
DHCP
Offer &
Script
Location
Here I
am,
What’s
next!?
Request
Image &
Config
File
Correct Software
Installed &
Configuration
applied!
Can be same host

Example DHCP server from Windows
**Lease time must be 3600 seconds or longer.
TFTP server where script is to
be downloaded from.
Script file name.

Example for Linux DHCP server
[root@localhost etc]# cat dhcpd.conf
allow booting;
allow bootp;
deny duplicates;
ddns-update-style none;
subnet 192.168.40.0 netmask 255.255.255.0 {
option domain-name "cisco.com";
option domain-name-servers 64.102.6.247;
option subnet-mask 255.255.255.0;
option routers 192.168.40.1;
range 192.168.40.9 192.168.40.11;
group {
filename "/poap.py";
next-server 192.168.30.30;
option tftp-server-name ”192.168.30.30";
option bootfile-name "/poap.py";
}
TFTP server and script
file name are specified.

Debug: DHCP discovery
• Switch sends both mgmt 0 MAC and Serial Number in the DHCP discovery options.
Either can be used for DCHP reservations on the server.
Client MAC address, this will
always be the MAC from
mgmt0.
Nexus serial number in Ascii
format in option 61, Client
Identifier
ASCII translation of the PoaP
switch serial number
DHCP
Request

Debug: DHCP Offer
Bootfile name and TFTP server
address are passed back to the switch
along with the IP address, subnet
mask, and default router in the DHCP
Offer packet.
CAA81E1E is the hex value for
192.168.30.30.
This offer passes through the
192.168.40.1 router on the subnet that
the mgmt 0 interface is attached to.
DHCP
Offer

POAP Script details
• Filename is not important, as long as the file name exists in the TFTP server directory path that is
noted in the DHCP offer, and is a valid Python or TCL script.
• MD5 check sum can be used to verify file integrity.
• Script will provide transfer protocol to use and credentials for switch to use when downloading the
image and configuration file.
• Configuration file name can be determined multiple ways(explained later)
• When using a ‘Expect Script’ syntax and upper/lower case are important. Nexus devices support
python and tcl scripting.
• Sample scripts are available providing minimum functionality, users can enhance as needed to
meet their requirements.
POAP
Script

Configuration File naming Options
• Various methods available for use in determining the configuration file that will be downloaded by
the POAP process for the Nexus 9K device.
• poap_static – in this method the script will contain the configuration file name to download.
• poap_serial_number – in this method, the backplane sprom chassis serial number is used to determine the name of the
configuration file to download. This number is also printed on the external chassis.
• poap_location – in this method, the script will use the CDP information for the interface that the chosen DHCP offer was
received over. It concatenates the switch name, and interface that the POAP device is attached to.
9508-1-poap-config# sh cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
Device-ID Local Intrfce Hldtme Capability Platform Port ID
AggSw1.cisco.com mgmt0 124 R S I CISCO7606-S Gig3/13
File name will be ‘config_file_src.AggSw1.cisco.com_Gig_3_13’

Nexus image for the PoAP switch
• The POAP script file will contain the desired image name for the switch to use during the final
boot up.
• The script will attempt to download the image.
• The name is divided into 2 parts within the script.
• Sample coding in the script:
# **** Here are all variables that parameterize this script ****
# *************************************************************
# system and kickstart images, configuration: location on server (src) and target (dst)
eor_image_version = "6.1.2.I1.1" # inseor fcs release version
image_dir_src = "/tftpb"
ftp_image_dir_src_root = "/tftpb" # part of path to remove during copy
tftp_image_dir_src_root = "/tftpb" # part of path to remove during copy
eor_system_image_src = "n9000-dk9.%s.bin" % eor_image_version
config_file_src = "/tftpb/config_file_src"
image_dir_dst = "bootflash:poap"
system_image_dst = "system.img"
config_file_dst = "volatile:poap.cfg" # special copy command will copy to persistent location
md5sum_ext_src = "md5" # extension of file containing md5sum of the one without ext.

Completion of PoAP
• During the process the switch will boot 2 times.
• The first boot results in the script file, config file, and image download.
• Upon the second boot, the system will attempt to write the configuration into NVRAM.
Applying scheduled configuration...
Syntax error while parsing 'allocate interface
Ethernet1/1-36'
Copy complete.
[########################################] 100%
Copy complete.
Auto provisioning
User Access Verification
switch login:
If the configuration file is corrupted, or
contains invalid control characters, the file
saving will fail at this point and the PoAP
process will restart from scratch.
Once you see Copy complete, you know
that the PoAP process has completed.
You may see some syntax errors when the
staged configuration file is played into
running-config.

Debugging
• Must have a console attached
• Console output provides details on the process.
2013 Nov 8 19:38:27 switch %$ VDC-1 %$ %POAP-2-POAP_DHCP_DISCOVER_START: POAP DHCP Discover phase started
2013 Nov 8 19:38:27 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Abort Power On Auto Provisioning and continue with normal setup ?(yes/no)[n]:
2013 Nov 8 19:38:52 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Using DHCP, information received over mgmt0 from 192.168.30.30
2013 Nov 8 19:38:52 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Assigned IP address: 192.168.40.9
2013 Nov 8 19:38:52 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Netmask: 255.255.255.0
2013 Nov 8 19:38:52 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Default Gateway: 192.168.40.1
2013 Nov 8 19:38:52 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Script Server: 192.168.30.30
2013 Nov 8 19:38:52 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Script Name: /poap.py
2013 Nov 8 19:39:02 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: The POAP Script download has started
2013 Nov 8 19:39:02 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: The POAP Script is being downloaded from
[copy tftp://192.168.30.30//poap.py bootflash:scripts/script.sh vrf management ]
2013 Nov 8 19:39:03 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_DOWNLOADED: Successfully downloaded POAP script file
2013 Nov 8 19:39:03 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Script file size 20442, MD5 checksum ff43dbceeb5a9f23069207f27af27d64
2013 Nov 8 19:39:03 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_STARTED_MD5_NOT_VALIDATED: POAP script execution started(MD5 not validated)
2013 Nov 8 19:39:39 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_EXEC_SUCCESS: POAP script execution success
2013 Nov 8 19:39:39 switch %$ VDC-1 %$ %POAP-2-POAP_RELOAD_DEVICE: Reload device
2013 Nov 8 19:39:39 switch %$ VDC-1 %$ %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from Command Line Interface

Logging files
9508-1-poap-config# dir bootflash: | inc log
4371 Nov 08 15:13:21 2013 20131108_151321_poap_6397_init.log
5162 Nov 08 17:31:44 2013 20131108_173112_poap_6361_init.log
11694 Nov 08 19:39:03 2013 20131108_193435_poap_6090_init.log
1636 Nov 08 19:39:36 2013 poap.log.19_39_3
9508-1-poap-config#
• Files placed in bootflash for every poap attempt.
• The xxx_poap_xx_init.log file details the DHCP phase. Notice how the timestamps are used.
• The poap.log.xx_xx_xx file details the script execution phase including image download and
configuration file download.
• Errors in applying the downloaded configuration will be logged in the normal system event log
9508-1-poap-config# show logging last 10
2013 Nov 8 19:42:47 9508-1-poap-config%FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 0 of Fex 198 that is connected with
Ethernet1/10 changed its status from Created to Configured
2013 Nov 8 19:42:48 9508-1-poap-config%ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/1
6 is down (None)
2013 Nov 8 19:42:48 9508-1-poap-config%FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 0 of Fex 199 that is connected with
Ethernet1/16 changed its status from Created to Configured

The POAP Script Log
9508-1-poap-config# show file poap.log.19_39_3
INFO: Selected config filename (serial-nb) : /tftpb/config_file_src.FGE173500HS
INFO: free space is 17803768 kB
CLI : terminal dont-ask ; terminal password cetest ; copy ftp://cetest@192.168.30.30/n9000-dk9.6.1.2.I1.1.bin
bootflash:poap.new/system.img vrf management
INFO: Completed Copy of System Image
CLI : terminal dont-ask ; terminal password cetest ; copy ftp://cetest@192.168.30.30/n9000-dk9.6.1.2.I1.1.bin.md5
volatile:n9000-dk9.6.1.2.I1.1.bin.md5.poap_md5 vrf management
WARN: Copy Failed: 'File not foundn***** Transfer of file aborted, file not found or Login failed*****nError during
copyn***** Transfer of file aborted *****n'
CLI : move bootflash:poap.new/system.img bootflash:poap/system.img
INFO: Verification passed. (system : 11/7/2013)
INFO: Verification passed. (system : 11/7/2013)
CLI : terminal dont-ask ; terminal password cetest ; copy ftp://cetest@192.168.30.30/config_file_src.FGE173500HS
volatile:poap.cfg vrf management
INFO: Completed Copy of Config File
CLI : terminal dont-ask ; terminal password cetest ; copy ftp://cetest@192.168.30.30/config_file_src.FGE173500HS.md5
volatile:config_file_src.FGE173500HS.md5.poap_md5 vrf management
WARN: Copy Failed: 'File not foundn***** Transfer of file aborted, file not found or Login failed*****nError during
copyn***** Transfer of file aborted *****n'
CLI : show system internal platform internal info | grep box_online | sed 's/[^0-9]*//g'
INFO: Setting the boot variables
CLI : config terminal ; boot nxos bootflash:poap/system.img
CLI : copy running-config startup-config
CLI : copy volatile:poap.cfg scheduled-config
INFO: Configuration successful
Notice the file name chosen, and the
commands entered to copy the files
from the server. There were no MD5
files on the server, so those copy
commands failed.

Debugging POAP Script Actions
• The script will generate and issue commands to download the image file, and the configuration
file using the credentials and download protocol specified.
• If any of the downloads fail, you can abort the poap process and manually verify file download
download, using the single command the script will use.
• Remember to configure the switch with the same IP address and gateway that is configured in the
DHCP offer. You may also have to configure the hostname to match the DHCP offer.
• Validate the configuration file naming mode in the script, and verify that the file does exist with the
correct name. (example uses FTP and static file name.)
9508-1-poap-config# copy ftp://cetest@192.168.30.30/n95k.cfg bootflash: vrf management
Password:
***** Transfer of file Completed Successfully *****
Copy complete, now saving to disk (please wait)...
9508-1-poap-config#

POAP process flow chart
Existing Nexus documentation available
on CCO details the POAP process and
flows involved in the process.

Best practices
• Verify that the username/passwords specified in the config files works before propagating this file.
If the password does not work, you will need to perform password recovery.
• Use the ’license grace-period’ command in the configuration file to permit usage of the
grace period. This permits licensed features to work until the license is installed later.
• Ensure that the DHCP lease is at least 3600 seconds. (1 hour).
• Specify boot images in the config file, don’t let the process set the boot images named in the
script. They will point to /poap/system.img and not the real image names.
9508-1-poap-config# show boot
Current Boot Variables:
sup-1
NXOS variable = bootflash:/poap/system.img
sup-2
No module boot variable set
Boot Variables on next reload:
sup-1
sup-2
No module boot variable set

Which 3 Files must be present for POAP to successfully image a new
Nexus Switch?
a) TCL script, Kickstart, System Image
b) Bash Script, System Image, DHCP.conf
c) Python/TCL script, Switch Image, Configuration File
d) Python script, TCL script, Switch Image
POAP Pop Quiz – Q1

True or False, the DHCP address must match what the configuration file
has set for the Mgmt0 Interface address
a) True
b) False

Which protocols are supported for the Switch to retrieve the TCL/Python
script?
a) HTTP/FTP
b) TFTP/HTTP
c) TCP/IP
d) SCP/SFTP/TFTP/HTTP

Cisco UCS Director
• A multi-vendor, multi-tenant, multi-hypervisor provisioning and management solution via a single
pane of glass
• Cisco UCSD automates the provisioning of resource pools across physical and virtual from a
unified centralized management console, reducing time-to-value for both applications and end
users.
• Cisco UCSD delivers unified management for the industry’s leading converged infrastructure
solutions, which are based on the Cisco Unified Computing System (UCS) and Nexus platforms.
30
“Like music…there’s an
appropriate timing and order
of operations when
provisioning infrastructure…”

Challenges:
• Manual processes
• Complex handoffs between
teams and domains
• Static resource allocation
Result:
• Days/weeks/months to
deploy IT services
• High operational cost
• Rigid silos
• Infrastructure inefficiency and under utilization
Complex Processes to Deploy Application
Resources
Application
NetworkProfile
Update
Trunks
Create
EPG
Configure
SAN Zoning
UCS Service
Profiles
Create Network
Policies
Server
Admins
Configure
Servers
Update vNIC
With VLAN
Select SP’s
Add VLAN to
Service
Profile
Create
VLAN
Update
Storage
Add vFilers
to Group
Create
vFilers
Create
IP space
Update
Create
Storage Policy
NFS Mount
Add Users
and Groups
IT
Planning
Approvals
Define
Cost Models
Business
Application
Requirements
1
2
3
4
5
6
WebWebWeb App
Bare-Metal HYPERVISOR HYPERVISOR
DB
Hyper-v
Bare-
Metal
Bare-
Metal

Broad Multi-Vendor Support
Compute Network
Nexus
MDS
StorageVM
UCS Director
L4-L7
vASA,
CSR1000v
Converged
* Partner provided
*
*
*
*
*
*
* *

ü Policy based Bare Metal for
UCS Managed Servers (only)
ü Bare Metal Catalog with
Workflow support for UCS
Manager based policy
ü Bare Metal Cost Model –
compute, storage, network,
fixed and one-time cost
ü BM UCS Server Selection –
option to delegate to End
Users (devOps BM roll out)
ü BM UCS Server Lifecycle,
Showback and Chargeback
(devOps BM roll out)
ü HyperFlex Pod – Wizard
(account setup)
ü Day1 / Day2 HyperFlex
Infrastructure automation
(Tasks and Workflows)
ü HyperFlex based Private
Cloud – IaaS automation
ü HX 1.7.1 & 1.8(1a) support
Bare Metal –
UCS Managed Servers
HyperFlex ManagementEnd User Portal UI
ü New User Interface (HTML5)
ü Revamped End User Portal
ü Customizable Landing Page
Dashboard
ü Simplified Wizard Experience
ü Actions with refreshed icons
ü Improved search experience
ü Admin Portal remains as Flash
based UI
UCS Director 6.0 – New Highlights

HTML5 End User Portal – UI
End-User Landing Page
VM Lifecycle Management
Catalog Items with new ICON Images

UCS Director with ACI
APIC
Tasks
Storage
Tasks
Virtual
Server
Tasks
Physical
Server
Tasks
And More
APIs
SDKs
etc.
1800+ Overall Tasks
1 2 3 4 N
Orchestration Workflow
UCS
Director
Create
Tenant
Create
Private
Network
Create
Bridge
Domain
Create
Application
Profiles
And More
REST
API
200+ Tasks for ACI
1 2 3 4 N
Orchestration Workflow
UCS
Director
Network Automation - ACI Fabric Only End-to-End Automation
Out-of-box Workflow Tasks for:
ü Tenant
ü Application Network Profile
ü VRFs, Contracts, EPGs, BDs, L2Out, L3Out
ü Service Graphs, Device Clusters, etc.
ü VMM Domain, Static Paths, etc.
End-to-End automation support:
ü ACI Model (Tenancy, application infra profile,
other ACI constructs)
ü Compute Layer - Virtual/Physical Server
ü Storage Layer
ü Virtualization Layer
ü Lifecycle Management - Services

Cisco UCSD Turn-Key Solution Overview
Self Service
Portal
UCSD Unified Infrastructure Controller
Multi-tenant & integrated cloud platform
Admin
Console
Dashboard
Cloud Infrastructure
Amazon,
Rackspace, …
VMware
vCenter System Center
System
Integration
Admins
End
Users
Operations
ü LDAP, Single Sign On
ü RBAC
ü IT Ticketing Systems
ü CMDB,
ü Metering/Chargeback
Server
Managers
Network
Manager
Storage
APIs
UCS
UCS Director
Integrated Multi-tenant Cloud Platform
Infrastructure
Nexus
Public Clouds
Provider API
Mobile Devices
HyperV
Custom
Connector
Open
Automation
REST API
KVM
RHE-Virtualization
Manager
37TECCCIE-3644

38
Discovering Infrastructure
Discover UCS Compute Domain Discover Network
Discover Storage
Discover Virtual Infrastructure

Task Library – 1000+ Tasks
Plus create Custom Tasks in minutes
39TECCCIE-3644

40
UCS Director Orchestration and Workflows
ü Resume Worfklow
ü Rollback
ü Unprovision
ü Approvals
ü Publish to Catalog
Start
Task-1
Task-2
Task-3
End
Storage
Network
Compute
Task-4Virtualization
my-workflow
TECCCIE-3644

41
Drag ‘n Drop Workflow Creation
Orchestration, Workflow and Tasks Defined
TECCCIE-3644

42
Deployment Automation Scenario:
Automating Server Deployment within a Single Work Flow
Create
VLANs
Update
Trunks
Create Network
Policies
Deploy SP from
SP Template
Create LUN
Create and
Configure IG
Create Zones
and Zonesets
Activate Zoneset
Create
PXE Record Blade Power ON
PXE Boot
OS Installation
Change Boot
Order
Reboot PXE Verification
Register with
vCenter
Send Complete
Notifications
Network Tasks
Storage Tasks
Compute Tasks
Legend
Workflow
Virutalization
Tasks
TECCCIE-3644

HTTP
TFTP
DHCP
PXE
Image Repo
BMA
UCS Director
Bare Metal Server
PXE Record
MAC Address
Mgmt VLAN
IP Address
Network mask
Hostname
Gateway
DNS
Root password
Time zone
OS Type
PXE Record
Mgmt
VLAN
DHCP request
DHCP response
PXE boot
OS Installer/Image
PXE VLAN
43
Bare Metal Server Provisioning Overview
1
2
3
4
5
TECCCIE-3644

44
UCS Director Resources
• UCS Director External Web Page
• http://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-director/index.html
• UCS Director Community Page
• https://communities.cisco.com/community/partner/datacenter/unifiedmanagement/ucs_director
• Live & previously recorded UCS Director Tech Talks
• UCS Director Getting Started Whitepaper
• http://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-director/le-41601-
ucsd-gsd.pdf
• Learning about UCS Director through dCloud Labs
• https://dclould2.cisco.com
TECCCIE-3644

Which UCSD term best describes a series of tasks arrange to automate
a complex operation?
a) Task Chain
b) Orchestration Set
c) Workflow
d) Task List
UCSD Pop Quiz – Q4

When creating workflows in UCSD, how many scripts are generated for
each task?
a) 1
b) 2
c) 3
d) 0

When Integrating UCSD with ACI, how many APICs need to be added?
a) 1
b) 2
c) 3
d) All of them

Which of the following problems does UCSD address?
a) Improved scaling of UCS resources
b) Provisioning Time of Physical Infrastructure
c) Datacenter Design Complexity
d) Security & Compliance

What’s next
• Join the Cisco Learning Network Data Center
community
• Prep for certification:
• Instructor-led training: Cisco Learning
Locator
• Self study resources from the resource panel
and the Cisco Learning Network
• Get certified

CCNP Data Center Centralized Management Automation

CCNP Data Center Centralized Management Automation

More Related Content

What's hot (20)

Similar to CCNP Data Center Centralized Management Automation (20)

More from E.S.G. JR. Consulting, Inc. (20)

Recently uploaded (20)

CCNP Data Center Centralized Management Automation