Professional Documents
Culture Documents
DGTL Brkini 2534
DGTL Brkini 2534
DGTL Brkini 2534
Cisco Intersight
Architecture and Operations
#CiscoLive
Agenda
• Chapter 1: Intersight Overview
• What is a Device Connector?
• Intersight Deployable Architectures
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Chapter 1:
Intersight Overview
Cisco Intersight Guiding Principles / Vision
Unified management Programmability
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Value Proposition – Intelligent Operations
What does Intersight do?
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Cisco Compute Simplicity – One Framework
Intersight
Management Platform
(Cloud or On-Prem)
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Device Connectors
UCS & HyperFlex become SaaS
Enabled
Intersight Connectivity with Managed Devices
Device Connector:
• Bundled in Firmware / Management SW
• DC controls connectivity
➢ Device initiated outbound connections
➢ HTTPS on port 443 or through proxy
➢ MFA
▪ Device ID
▪ Rolling Claim Code
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Intersight – Device Connector Connectivity
Device
Intersight Microservices DC passes
Connector
- Recommendation Engines API calls to
- Policy Management
- RBAC Hosting
HostingWidget
Entity
- Licensing
- Automation
Device
- Monitoring Connector
DC Connection is:
• Durable WebSocket
SaaS or On-prem - Analytics
• Port 443 - Etc. On Prem
• Bottom-up Appliance (API)
• Highly Secure
Device Device
Device Connector Connector
Connector
UCS Manager (API) HX Storage
BMC Device
(API)
BMC
Connector
UCSD VM
Device
C Series Server (API)
Intersight Microservices
SaaS or On-prem
Paradigm Shift
DC
Hosting
• Intersight is based on CI / CD Methodology
Widget • It is a SERVICE enabled with Device Connectors
• Traditional Methodology requires software upkeep
Device
• Intersight & Device Connectors are constantly evolving
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Device Connector Upgrades
Device Connector reports current version each startup
If Intersight determines an upgrade is needed, UpgradeRequest is created with the
desired version
Device performs upgrade
• Only attempted if device is currently connected
• Only impacts Device Connector – Infrastructure, Server, or HyperFlex FW/SW
remains user controlled and is not automatically updated
Intersight polls DeviceRegistration to determine upgrade success
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Intersight Architecture:
SaaS and On-Prem Appliances
TAC
Architecture - SaaS •
•
Case Open
Contract Status
• Proactive RMA
• TechSupport / Log Upload
Cisco / Cloud
Customer Premises
Device Device
Device Connector Connector
Connector
UCS Manager (API) HX Storage
BMC
(API) Controller VM
(API)
BMC
Connector
Device
C Series Server
Device Device
Device Connector Connector
Connector
UCS Manager (API) HX Storage
BMC
(API) Controller VM
(API)
BMC
Connector
Device
C Series Server
HCL Intelligence
Device Connector
• Driver / Firmware Updates
Intersight Portal
- Recommendation Engines Advisories (roadmap)
- Policy Management
- RBAC • PSIRT
- Licensing • Software Deferrals
- Automation • Field Notices
- Monitoring
- Analytics
On-Prem - Etc.
Connected Appliance
Device Device
Device Connector Connector
Connector
UCS Manager (API) HX Storage
BMC
(API) Controller VM
(API)
BMC
Connector
Device
C Series Server
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Cisco Intersight Features – Additional License Tiers
Objects
Change Hierarchically organized
(Commit)
Policy creation & enforcement
Programmable
New Desired State
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
How do we do all of this with a MaaS Solution?
• Cloud-based
• Operations Capabilities
Monitoring Deployment
• Model-based
• Extensible
• CI / CD
• Recommendation Engines Compliance Telemetry
• Automation
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Intersight Behavioral Changes versus Legacy
Organizations in UCS Manager and Central
• Physical resources arranged in Domain Groups
• Logical resources arranged in organizations
• Organizations are hierarchical
• Policies resolved by name via parent relationships up the organization hierarchy
• Services profiles policy references can be layered across multiple organizations
• Organization structure and service profiles are not movable across the org
structure
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Intersight Behavioral Changes versus Legacy
Organizations in Intersight
• Organizations are flat
• Policy references across organizations is not permitted
• Physical and logical resources combined
• Servers, profiles, templates, policies, and pools
• Policies referenced by managed object ID (MOID) from service profile
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Intersight Users/Groups,
Organizations, and Role-
Based Access Control
(RBAC)
Guided Help: ?->Learn How to...
• Guided help has been updated to provide walk
throughs for User, Group, Role, and Organization
setup
• Typical setup would be in the following order:
• Organization
• Role (Custom Role based on existing Organization)
• User/Group access to the Custom Role
• Users or Groups can be configured with multiple Roles
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Users, Groups, and Roles
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Roles
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Roles (Predefined User/Group Privilege Sets)
Account Administrator
• Complete access to all services and resources in Intersight. Can perform all administrative and management tasks, including claim and manage devices, create and deploy Server and
HyperFlex Cluster profiles, upgrade firmware, perform server actions, cross launch devices, add and manage users and groups, configure Identity providers and more.
Read-Only
• Can view the dashboard, table views of managed devices, change current user preferences, and generate API keys. Cannot claim devices, add or remove users, configure Identity
Providers, or perform any server actions.
Device Administrator
• Can claim and unclaim devices, view device details, license status, and generate API keys. Cannot perform any other management or administrative tasks.
Device Technician
• Can claim devices, view device details, license status, and generate API keys. Cannot perform any other management or administrative tasks.
Server Administrator
• Can view and manage UCS Servers and Fabric Interconnects, view all server and Fabric Interconnect dashboard widgets, perform server actions, view server details, launch
management interfaces and the CLI, create and deploy server policies and profiles, and manage API keys. Cannot claim devices.
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
RBAC Summary
Privileges Account Administrator Read-Only Device Technician Device Administrator User Access Server Administrator HyperFlex Cluster
(View Access only) Administrator Administrator
Dashboard views ✔ ✔ ✔ ✔
Servers Table view ✔ ✔ ✔ ✔
HyperFlex Clusters ✔ ✔ ✔
Table view
Fabric Interconnect ✔ ✔ ✔ ✔
Table view View details View details
Service Profiles ✔ ✔ ✔ ✔
Create Server Profiles Create HyperFlex
Profiles
Policies ✔ ✔ ✔ ✔
Create Server policies Create HyperFlex
policies
Devices ✔ ✔ ✔ ✔ ✔ ✔
Claim and view device Claim, view device View device details View device details
details details, and delete only only
devices
Alarms ✔ ✔ ✔ ✔
Tasks ✔ ✔ ✔ ✔ ✔ ✔
Global Search ✔ ✔ ✔ ✔
Settings ✔ ✔ ✔ ✔ ✔ ✔ ✔
View Licensing status, View Licensing status, Audit logs, Sessions, View Licensing status, View Licensing status,
Account details, and Account details, and Licensing, and Settings Account details, and Account details, and
generate API keys generate API keys generate API keys generate API keys
Help ✔ ✔ ✔ ✔ ✔ ✔ ✔
User Profile ✔ ✔ ✔ ✔ ✔ ✔ ✔
Cross Launch of ✔ ✔ ✔ ✔
Element Managers
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Organizations
• Settings->Access & Permissions -
>Organizations
• Enables multi-tenancy by placing devices into
logical groups
• Only Account Admins can create Orgs
• Devices can be in multiple orgs
• All devices are in the default Org
• Devices in a Custom Org are also in the default Org
• Organization column is in table views (e.g.,
Servers, Policies, Profiles)
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Intersight Identity Providers and SSO
• Intersight SaaS and the Virtual Appliance
support external Identity Providers (IdPs)
• IdPs supporting SAML 2.0 can be configured in
Intersight to authenticate users
• Intersight supports use of IdP groups so that
individual users can authenticate through their
group permissions (does not require per user
config in Intersight)
• Video demo of SSO setup
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Chapter 3:
Use Cases &
Key Features
Intersight Managed
Mode
Intersight Managed Mode Summary
What is it?
• Brand new software stack
(Alternative to UCSM)
• Foundation of UCS Management
• Standards based approach
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Intersight Managed Mode
Enabling Modernized Compute
Intersight
4th Generation Fabric Interconnect (Pair) FI (services in FI-A and B)
Device Connector
Intersight Network DC EP
IOM 2208 Agent (INA) Proxy Proxy
NXOS
Redfish
DC
CIMC CMC
Redfish
IOM
Blades & IOMs maintained using
VIC “Headless mode” through FI-based
Redfish DC Proxy & EP Proxy
Blade Chassis
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Intersight Managed
Mode Demo
Intersight Firmware
Updates
Intersight – Firmware Upgrades
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Intersight Firmware
Upgrade Demo
Intersight Support:
Connected TAC
“No Customer should ever be
impacted by an issue we know about
or could predict”
Datacenter TAC’s North Star
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Connected TAC Workflow
Automatic Actions
Diagnostic Detected
Data Requested issues are
& Generated by presented
device to TAC
Eng
Data Our IC is
uploaded to executed
Cisco against the
data
CHS A56
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Examples – Time Saved
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Service Contract Status
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Intersight – Next Steps for Connected TAC
#CiscoLive DGTL-BRKINI-2534 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Thank you
#CiscoLive
#CiscoLive