Notes from the Field - Decommissioning a UCS Blade

Consider this a UCS 101 type of tip.  Removing a server from a UCS Chassis is simple process, but it's one that may need a refresher for most people depending upon how often it's done.  Whenever a blade is removed from a chassis, it's best to issue a decommission command.  While easy to do, the option is buried under a sub menu called, "Server Maintenance."  The words come from Cisco, I just provided a few pics to supplement the text.

Removing a Server from a Chassis

Procedure

Step 1 In the Navigation pane, click the Equipment tab.

Step 2 On the Equipment tab, expand Equipment ➤ Chassis ➤ Chassis Number ➤ Servers.

Step 3 Choose the server that you want to remove from the chassis.

Step 4 In the Work pane, click the General tab.

Step 5 In the Actions area, click Server Maintenance.

Step 6 In the Maintenance dialog box, do the following:

a) Click Decommission.

b) Click OK.

The server is removed from the Cisco UCS configuration.

Step 7 Go to the physical location of the chassis and remove the server hardware from the slot.

For instructions on how to remove the server hardware, see the Cisco UCS Hardware Installation Guide for your chassis.


What to Do Next If you physically re-install the server, you must re-acknowledge the slot to have Cisco UCS Manager rediscover the server.






Microsoft Announces Critical Security Flaw in Hyper-V

When Microsoft announced the latest round of security fixes, one very important flaw was announced.  The flaw exists in Hyper-V and is rated as critical.  In Microsoft's words, "The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. "  Worse, to exploit the vulnerability, "An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability."  At the time of Microsoft's announcement, no known mitigating factors existed and no known workarounds were published.  There is a patch available that requires a reboot.  The vulnerability is in Windows Server 2008, Windows Server 2008 R2, Windows 8 and Windows Server 2012, and Windows 8.1 and Windows Server 2012 R2.

So let's look at that for a moment.  A host OS could be compromised by a guest.  This is definitely worst case scenario territory for anyone who hosts a virtual infrastructure.  If you run Hyper-V, you should look to patch immediately as that seems to be the only way to correct the issue.

What surprises, and disappoints me, is the lack of press this flaw has received.   It's possible that this flaw could cause a lot of disruption.  In IT, we often talk about our ability to host Coke and Pepsi on the same server because the hypervisor is a protective layer.  This vulnerability strikes at the heart of that belief.  If the hypervisor can be hacked by a compromised guest virtual machine, then the whole idea of hosting multiple virtual machines where each is insulated from the other takes  a credibility hit.

To their credit, Microsoft has acted quickly and released a fix.  Again, I urge anyone with the product to deploy the patch quickly.  No product is perfect and every hypervisor vendor has issued security alerts.

Microsoft's official post is at this link https://technet.microsoft.com/library/security/MS15-068

Applicable CVE numbers are CVE-2015-2361, and CVE-2015-2362

Notes From the Field - Install NetApp OnCommand System Manager 3.1.2 to use w/ Java 8

I recently received a replacement laptop.  The PC was clean except for Windows 8.1 and Office.  Also installed was the latest 64 bit release of Java.  I needed to install NetApp OnCommand System Manager to perform admin duties on some FAS controllers running 7-mode.  The older versions of OnCommand I'd downloaded previously all produced errors related to Java being required.  I thought about installing an older version, but that can be a pain as well as security risk.

I then went to the Netapp support website on the off chance a newer release was available.  And there it was, OnCommand for Windows 3.1.2.  The overview section said exactly what I needed to read:

New Features in System Manager 3.1.2

  • Support for 32-bit or 64-bit Oracle® Java Runtime Environment (JRE) 8
  • Support for Internet Explorer® 11

So there it is, if you're looking to run Java 8, there's a version of OnCommand System Manager ready for you.

Notes from the Field - Newer Versions of NetApp OnCommand Require TLS

Depending on when you installed your NetApp storage running ONTAP, certain connectivity parameters might prevent web based managent with newer version of OnCommand Manager.

There are several errors that could be displayed including "500 Connection refused."

The web based onCommand management suite worked fine, until TLS was required. Previously, only HTTPS was enabled on the NetApp.  TLS is a much more secure protocol and is the preferred method of connectivity.

TLS can be enabled via the command line with the following command:

options tls.enable on

The setting can be verified by running the options command.

The list will display the status of every option in the system.  The TLS.Enable option is the one of concern.

acp.domain                   43200
acp.enabled                  on
acp.netmask                  16580607
acp.port                     e0P
auditlog.enable              on         (value might be overwritten in takeover)
auditlog.max_file_size       10000000   (value might be overwritten in takeover)
auditlog.readonly_api.enable off        (value might be overwritten in takeover)
autologout.console.enable    on         (value might be overwritten in takeover)
autologout.console.timeout   60         (value might be overwritten in takeover)

...

timed.sched                  hourly     (same value in local+partner recommended)
timed.window                 0s         (same value in local+partner recommended)
tls.enable                   on         (same value required in local+partner)
trusted.hosts                *          (same value required in local+partner)
vfiler.vol_clone_zapi_allow  off
vol.copy.throttle            10         (value might be overwritten in takeover)
vol.move.cutover.cpu.busy.limit 100
vol.move.cutover.disk.busy.limit 100

 

Apply this command to all filers in a failover cluster.

The settings and commands were tested on DataOntap running in 7 mode.

Installation of Cisco UCS Platform Emulator on VMware Fusion - Mac OS X

The Cisco UCS Platform emulator allows a person to simulate a complex Cisco UCS environment.  The emulator is a great way to familiarize yourself with UCS Manager.  Several examples of UCS PE installs exist online, but I found very few for Mac OS X users with VMware Fusion.  These videos aim to rectify that.

Note - The videos are a little long as they are real time.  The video is cut only in a few places for the sake of time.

Part 1

https://www.youtube.com/watch?v=XSSxHLmxHpQ

The latest versions of the UCS Platform Emulator can be found on the Cisco Community webiste

https://communities.cisco.com/docs/DOC-37827

 

 

 

Started a Little Blog ...

Here's the first entry in what will hopefully be a long lasting effort.  I've been on the fence for a little while about starting a blog, but finally decided to do it.  This Blog will be a place to discuss IT ideas, products, tech, and just general info related to this industry.  The goal is to foster a dialogue and do something engaging.  One way data flow very rarely leads to the type of growth that's possible when both sides participate.

I won't begin to claim to be an expert at blogging, building a brand, and all the stuff that goes along with it.  I'm lucky to have some help with the site.  Mr. Vernon Reid has agreed to partner with me to build this into something cool.  It's difficult for any one person to keep enough content flowing, but between the two of us, we'll keep presenting interesting content.

With any luck, this should be an interesting journey.