Cisco Converged Branch Infrastructure

Tony Banuelos, Technical Marketing Engineer

BRKARC-2029

• Cisco ISR series (chassis) and Cisco UCS E-series server

• The converged branch infrastructure solution

• Use Cases

• Managing distributed servers (E-series)

• Application and networking services solution

• How many applications can run on E-series

• How can high-availability be delivered

• Conclusion

Agenda

Cisco ISR routers

Cisco Branch Router Evolution

ISR 4431 & 4300 familyMaking for a complete ISR 4000 familyISR 4451-X

First ISR based on IOS XE

ISR G2 family

800*, 1900, 2900 &

3900

Taking the ISR

concept to the next

level

ISR G1 family

1800, 2800, 3800

The first architecture

custom designed for

integrated services

Cisco 2500

Cisco’s first family of

branch routers for 23

different deployments

Cisco 2600

Superseded 2500.

Considered one of Cisco's

premier products.

2014

2013

2009

2004

1998

1993

Not shown here: 700, 1600, 1700,

4000/4500, 3600 & 3700 series routers

Support UCS E-series

*ISR800 series do not support UCS E-series

Revolutionary Platform ArchitectureArchitected for the Optimal Application Experience

Converged Branch with

UCS® E-SeriesIntegrated compute

Up to 8 cores

4-10 Times Faster Than ISR G2 at similar price

Native L2-7 ServicesSecurity, optimization

Pay as You GrowPerformance and

services

Virtualized Services

FrameworkAppliance-level

performance

Service-Aware

Data Plane For efficient traffic handling Cisco ISR

4000

Powering the Intelligent WAN

Cisco ISR 4000 Series

ISR 432150-100 Mbps

ISR 4331100-300 Mbps

ISR 4351 200-400 Mbps

ISR 4431 500-1000 Mbps

ISR 4451 1-2Gbps

Newest ISR 4000 series portfolio

4-10X Faster

Add performance and services anytime

Flexible consumption options

Cisco ISR 4000 Series

Management Interface

out-of-band control plane

connection directly to a

management network

Front-Panel GE

RJ45/SFP GE Interfaces

PoE+ available on some

models

Network Interface Modules Larger and more powerful than EHWICs

Up to 8 ports per module

DSPs directly on modules

Optional Drive NIM for

Service Containers RAID 1 for data protection

Single HD (future) and

dual SSD options

Embedded SSD option

USB Connections 2 type A for file storage

USB type B console in addition

to RJ45 console and aux ports

Enhanced Service Modules Compatible with Cisco® ISR G2

Up to 10-Gbps connection to system

Faster and more powerful than SMs

Internal Services Card

Internal Expansion

Currently for PVDM4’s

UCS-EN NIM

UCS-E SM

Cisco UCS E-Series Servers

Cisco UCS E-Series ServersS

ca

lab

ility

Performance

Cisco UCS-E140S

• Service Module

• Vmware, Hyper-V, Citrix

Certified

• Intel E3 4 Core Processor

• vWLC, vWAAS, Physical

Security

Cisco UCS-E180D

• Service Module

• Vmware, Hyper-V, Citrix

Certified

• Intel E5 8 Core Processor

• vWLC, vWAAS, Virtual

Desktops, Physical

Security, Security

applications

Cisco UCS-E160D

• Service Module

• Vmware, Hyper-V, Citrix

Certified

• Intel E5 6 Core Processor

• vWLC, vWAAS, Virtual

Desktops, Physical Security

Cisco UCS E-Series Single-Wide Blade Compact Blade Housed in Cisco ISR G2 and ISR 4000 Chassis – UCS-E140S M2

Up to 2 SATA, SAS, or SSD hard drives

Configuration and

management through CIMC

Intel® Xeon® E3 Family quad-core

processor

On-board hardware RAID 0/1 with hot-

swappable capability

One external and two

internal GE ports

USB 2.0 port for external

device connectivity

8, 12, and 16 GB

DRAM options

Maximum 65 W power draw

80 percent less than server

Wire-free, plug-and-play modularity,

low shipping weight (2.5 lb/1.1 kg)

Remote and

schedulable power

management

KVM console connector

10/100 Ethernet

management port

Two SD cards: One for the CIMC

and temporary storage of OS and

one for a blank virtual drive

Cisco UCS E-Series Double-Wide BladeMultipurpose Blade Housed in ISR G2 and ISR 4000 Chassis – UCS-E160DM2/UCS-E180DM2

Up to 3 SATA, SAS, SSD hard drives or 2

HDD and a PCIe card

Out-of-band

configuration and

management through

CIMC

On-board hardware RAID 0, 1,

and 5 configuration options

with hot-swappable capabilityTwo external and two internal GE ports

with TCP/IP acceleration

Front-panel VGA, 2 USB, and serial

console connectors

8 GB – 96* GB

DRAM options

Maximum 130 W power draw,

80 percent less than server

Wire-free, plug-and-play modularity,

low shipping weight (7 lb / 3.2 kg)

Remote and

schedulable power

management

Two SD Cards: one for the CIMC

and temporary storage of OS

and one for a blank virtual drive

Intel Xeon E5-2400 Quad

Core/Six-Core/Eight-Core

Processor

UCS-E140S M2 UCS-E160D M2 UCS-E180D M2

Processor Intel Xeon E3-1105C v2 (1.8

GHz)

Intel Xeon E5-2418L v2 (2.0

GHz)

Intel Xeon E5-2428L v2 (1.8 GHz)

Core/vCPU 4/8 6/12 8/16

Memory 8 - 16 GB 8 - 96 GB 8 - 96 GB

Storage Up to 3.6 TB (2 HDD bays)

SATA, SAS, SED, SSD

Up to 5.4 TB (3 HDD bays)

SATA, SAS, SED, SSD

Up to 5.4 TB (3 HDD bays)

SATA, SAS, SED, SSD

RAID RAID 0 & RAID 1 RAID 0, RAID 1 & RAID 5 RAID 0, RAID 1 & RAID 5

Network Port Internal: 2 GE Ports

External: 1 GE Port

Internal: 2 GE Ports

External: 2 GE Ports

Internal: 2 GE Ports

External: 2 GE Ports

Platforms 4451-X, 4351, 4331, 2911,2921,

2951, 3925,3945,3925E, 3945E

4451-X, 4351, 2911,2921, 2951,

3925,3945,3925E, 3945E

4451-X, 4351, 2911,2921, 2951,

3925,3945,3925E, 3945E

Hardware Comparison Matrix (UCS E-Series) Reference

UCS E-Series in an ISR Chassis

ISR UCSE 140S M2 UCSE 160D M2 UCSE 180D M2 Max Modules / Router

2911 Yes No No 1 SW

2921 Yes Yes No 1 SW or 1 DW

2951 Yes Yes No 2 SW or 1 DW

3925 Yes Yes Yes 2 SW or 1 DW & 1 SW

3925E Yes Yes Yes 2 SW or 1 DW & 1 SW

3945 Yes Yes Yes 4 SW or 2 SW & 1 DW

3945E Yes Yes Yes 4 SW or 2 SW & 1 DW

ISR 4451-X Yes Yes Yes 2 SW or 1 DW

ISR 4431 No No No NA

ISR 4351 Yes Yes Yes 2 SW or 1 DW

ISR 4331 Yes No No 1 SW

ISR 4321 No No No NA

Reference

Cisco UCS E-series Network Compute EngineS

ca

lab

ility

Performance

Cisco UCS-EN 120E

(Supported on ISR-G2 Only

• Enhanced HWIC

• Virtualization

Enabled

• Network Compute

Applications

- vWLC, vWAAS

• Service Module

• VMware and Hyper-V

Certified

• Network Compute

Applications – vWLC,

vWAAS

Cisco UCS-EN 140N

(Supported on ISR4000 Only

• NIM network compute

module

• Virtualization Enabled

• Network Compute

Applications

- vWLC, vWAAS

Available 3QCY15

Cisco UCS-EN 120S

Cisco UCS E-Series Network Compute EngineCompact, Multipurpose Blade Housed in ISR 4000 – UCS-EN140N M2

Up to 8 GB

RAM

Intel® Atom Quad-

core processor

One 2GB SD

card for

CIMC

50, 100, 200

GB mSATA

SSD Options

Dedicated

Management

Port

One External Gigi

Ethernet Interface

KVM console connector

USB 2.0 port for external

device connectivity

Target

Launch

Q3CY15’

UCS-EN120S M2 UCS-EN140N (Only on ISR4000)

UCS-EN120E (only on

ISRG2)

Processor Intel Pentium

B925C (2.0 GHz)Intel Atom C2518

(1.7 GHz)

Intel Atom C2358

(1.7 GHz)

Core 2 4 2

Memory 8 - 16 GB 8GB 8GB

Storage 500 GB- 2 TB (2 HDD)

SATA, SAS50GB – 200GB 50GB – 200GB

RAID RAID 0 & RAID 1 NA NA

Network Port Internal: 2 GE Ports

External: 1 GE PortInternal: 2 GE Ports

External: 1 GE Port

Internal: 2 GE Ports

External: 1 GE Port

Platforms 2911, 2921, 2951, 3925,3945,

3925E, 3945E, 4451-X, 4351,

4331

4451, 4431, 4351, 4331, 4321 1921, 1941,2911, 2921,

2951, 3925,3945,3925E,

3945E

Hardware Comparison Matrix (UCS E-Series NCE) Reference

Cisco Converged Branch Office solution

• No local servers

• Full reliance on WAN

• Simplicity, low cost

• No service guarantees

The Lean Branch OfficeBalancing IT Efficiency and User Experience

Serverless Branch

Data Center/

Cloud

WAN/Internet

Branch Office

Lean Branch

Data Center/

Cloud

WAN/Internet

Branch Office

• 4-5 local servers

• Reliance on WAN except for mission-critical applications hosted locally

• All servers local

• No reliance on WAN

• Complexity, high cost

• Service guarantees

Full-Service Branch

Data Center/

Cloud

WAN/Internet

Branch Office

Cisco Converged Branch InfrastructureCisco ISR with integrated UCS E-Series

+ Converged networking, compute and

storage

+ Flexible WAN, LAN and application

hosting services

+ Common Server Management Tools

+ Software vendor agnostic

+ Efficient platform footprint

+ Rugged core network platform

with dedicated hardware

+ 7-year hardware lifecycle

+ Single support contract

+ Integrated networking

+ Redundant HW & SW (VM and IOS)

Virtual

Applian

ce

Virtual

Applian

ce

Virtual

Applian

ce

Virtual

Applian

ce

ISR

IO UCS

Branch Challenges Need for Converged Branch IT

Growing Complexity in the Branch

Management Complexity

Branch Footprint

OpEx, Power, Cooling

Business Agility

Increased Productivity

Lower Costs

Compute and Storage

Unified Communications

WAN Optimization

WAN Path Control

QoS

Application Visibility

Threat Defense

VPN Services

Branch in a Box – Service Possibilities

ISR with UCS E- Series

Versus

• Separate System for Critical POS Systems or Other Applications(i.e POS Back office, Time and attendance, etc…)

• Separate System for Training

• Separate System for Video Surveillance/Loss Prevention

• Separate System for Wireless(i.e Controller)

• Separate System for Switching

• Separate System for Voice Systems(i.e Key Switch/Voicemail, PBX)

• Separate System for Virtual Desktop Infrastructure

Cisco UCS E-Series Server Hypervisor and OS Support

VMware Hypervisor

• VMware vSphere Hypervisor™ 5.0, update 1

• VMware vSphere Hypervisor™ 5.1

• VMware vSphere Hypervisor™ 5.5

• VMware vSphere Hypervisor™ 6.0

Other Hypervisors

• Hyper-V (Windows 2008 R2, 2012 R2)

• Citrix XenServer 6.0

Microsoft Windows

• Windows Server 2008 R2 Standard 64-bit

• Windows Server 2008 R2 Enterprise 64-bit

• Windows Server 2012, 2012 R2

Linux

• Red Hat Enterprise Linux 6.2

• SUSE Linux Enterprise 11, service pack 2

• Oracle Enterprise Linux 6.0, update 2

Supported by Cisco SMARTnet

Attached to ISR

Supported by OS / Hypervisor Vendor

Purchased separately

ISR Chassis

Cisco® UCS E-Series Server Module

Hypervisor

Hardware Support

Provided by Cisco®

UCS E-Series hardware

supported under ISR

SMARTnet at no

additional cost

VMware Embedded

Software - ESX and

Foundation supported

by ISR SMARTnet

Cisco ISR 4451-X Converged Branch Infrastructure Solution

Technology Consolidation for Branch Services

Unified Communications

Server Blades with Storage

Security

WAN Optimization Mobility

Routing

Management Interface

Connects control plane directly to a

management network.

Front Panel GE

• 4 RJ45/SFP GE Interfaces

• PoE available on 2 Interfaces

Network Interface Modules (NIM)

• Larger & more powerful than EHWICs

• Up to 8 ports per module

• DSPs directly on modules

Optional Drive NIM for Embedded

Applications

• RAID 1 for data protection

• Single HD (future) &

Dual SSD Options

Extended Service Modules

• Compatible with ISR G2

• Up to 10Gb connection to system

• Faster & more powerful than SMs

SM-X Layer2/3 EtherSwitch® Service Module(SM-X)

• Capable of PoE+ (30W), MACSec and Cisco TrustSec

• Simplified Licensing for upgrade to Layer-3 features

Feature Description Benefit

Blade server form

factor

• Compact and light-weight form factor that

fits into router chassis

• Plug-and-play (slide-in and clamp-down),

wire-free hardware provisioning

• Maximum 65W power draw (80% less

than a typical server)

• Save on energy cost

Less physical space with no rack or wall-mounting

• No wires or power cords to hook up

• Free up ports on branch switch for other purposes

• Installation that can be performed by non-technical

person under 2 minutes (no on-site visit)

• Low shipping costs due to low shipping weight

• Reduced environmental impact

Key Features of UCS E-Series

Cisco Converged Branch Office – Use cases

Cisco Intelligent WAN Solution on Cisco ISR

Internet

Branch

3G/4G-LTE

AVC

MPLS

PrivateCloud

VirtualPrivateCloud

PublicCloudWAAS PfR

Application Optimization

Secure Connectivity

• Certified strong

encryption

• Comprehensive threat

defense with ASA and

IOS firewall/IPS

• Cloud Web Security

(CWS)

for scalable secure

direct

Internet access

Intelligent Path Control

• Application best path

based

on delay, loss, jitter, path

preference

• Load balancing for full

utilization

of all bandwidth

• Improved network

availability

• Performance Routing (PfR)

TransportIndependent

• Consistent operational model

• Simple provider migrations

• Scalable and modular design

• DMVPN IPsec overlay design

• AVC: Application

monitoring with

Application Visibility and

Control

• WAAS: Intelligent Edge

Caching with Akamai

Connect

• WAAS: Application

Acceleration

and bandwidth savings

Lean Branch Office ApplicationsWAN Edge Applications That Defy Centralization

• DNS and DHCP servers

• Microsoft active directory

• Windows print services

• Windows file services

• Others

Core Windows Services

• Point-of-sale server

• Bank teller control point

• Electronic medical records

• Inventory management

• Others

Mission-Critical Business Applications

• Software update service

• Client monitoring service

• Backup and recovery

• Terminal server gateway

• Others

Client Management Services

Server Virtualization Consolidate physical servers to

reduce costs

Improve application uptime and failure recovery time

Shorten time-to-deployment for new apps

Blade Form Factor Eliminate wires, components and

save space

Rapidly provision hardware with plug-and-play modularity

Right-size hardware profile for the lean branch office

Hosting Business Critical Applications LocallyUCS E-Series Server Blades

Network | Compute | Storage

Clinic in a

Box

Bank in a Box

School in a Box

Store in a Box

Cisco Energy Management:Energy Management at Scale across all branches

See

• Discover any IP connected device

• Asset visibility and Utilization

Measure

• Energy cost, energy use, carbon emissions

• Advanced analytics and reporting

Manage

• Control devices to lower power consumption

• Flexible time, event, location based policy

Savings

Baseline

CEM ComponentsCisco Energy Manager (CEM)

Cisco Cloud Or Customer Private Cloud

WAN/Internet

LAN

ISR + UCS-E with CEM

controller

CEM Server • SaaS or Private cloud option

• User/IT manager interface via browser

• Manages energy in all branches

• Hosts DB, reports, analytics

CEM Controller• Runs on UCS-E

• Aggregates information from EPs (endpoints) & pushes

policy

• No management required after initial configuration

* CEM uses various methods to build device

inventory. AD & CUCM if deployed by customer will

be used

Fits perfectly into Fog Computing

Network Edge Data Processing Perform analytics at the edge and send analyzed data

Ideal for Retail environments with limited WAN circuits

For applications like RetailNext, Scopics, Data-in-Motion

Real time interaction with sensors and quick decision making in IOT

Harness the power of Cisco’s Data in Motion

Mirroring – Mirror Data to the Data Center vSphere Replication, Cetera, Unitrends

Local Resource Directory for local devices

Enable multicasting at application layer VMware Mirage - Local resource for desktop image management

solution

Tiani spirits in healthcare “The Tiani "Spirit" SpiritEHR (Electronic Health Record) app on a Cisco®

UCS E-series. Deploy the EHR directly in the network layer and use the network as an HIE platform. The deployment in several router instances avoids a “single point of failure.” Another advantage of this deployment strategy is that each router instance provides Secure Node –Compliancy according to the ISO 27002 standard”

FOG Computing

Nimble Delivery of WAN ServicesImproves IT operations and efficiency

Network virtualization reduces Physical Appliances

WAN

Data Center/Cloud Branch Office

VNF

Voice Systems

Storage Security

vWSA vWAAS

WAAS

ASAvThird

-party

Cisco converged branch office solution for VDI

* WAAS is recommended for limited bandwidth/high-latency WAN links

Data Center or Headquarters

WAN

Remote Office Clients

Branch

Office

Cisco ISR G2 & Cisco UCS

E-Series server

• VDI and applications resiliency

• Best user experience

• Data center compute offloading

• Simplified management

• All or subset of desktops can be hosted on Cisco UCS E-Series

server

• Apps can be hosted centrally or run mission-critical apps on E-

series (e.g. POS, medical records)

•Virtualized desktops are managed by central server

• Applications can be accessed local or across the WAN

• WAN optimization provides performance upgrade to desktop

over apps across the WAN

WAAS

WAAS

Remote Office Desktop Master

Image

Managing Distributed UCS E-Series Servers

Cisco Converged Branch InfrastructureDomain Isolation (Network & IT Administrator)

Network Administrator

Provisions IP Address

System Ready to Use

Network Administrator

Provisions Hardware

IT Administrator

Installs Software

IT Administrator

Configures Network

IT Administrator

Connects

to Provisioned IP

Cisco Blade Management

• Out-of-Band Management

• Management accessed hosted on dedicated base board management controller(BMC) chip on each UCS E-series Server

• 10/100 Ethernet out-of-band management interface •

• Lights-out management

• Virtual KVM and Virtual Media support

• Consistent CLI and GUI look-and-feel

• Same user interface as UCS C-Series rack server CIMC

• UCS E-series CIMC XML API http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/e/api/guide/b_cimc_api_book/b_cimc_api_book_chapter_01.html#topic_B19A7BEBFBAB4DDFB90B9456709C6402

• Cisco IMC PowerTool – Configure and download CIMC settings using cmdletand scripts https://communities.cisco.com/docs/DOC-51321

Cisco Integrated Management Controller

UCS E-Series Server

Web GUI

CLILAN, WAN, Console

Ports, and Interfaces

CIMC

IOS CIMC Configuraton – Dedicated Mode

Configuring CIMC Access Using Dedicated Mode

Router#

!

interface ucse 2/0

imc ip address 10.0.0.1 255.0.0.0 default-gateway 10.0.0.2

imc access-port dedicated

!

Router#

Host Router

E-Series Server

GE0 GE1

GE2 GE3

Router CPU

PCIe MGF

M

ucse2/0

BMC

CIMC GUI

IOS CIMC Configuraton Shared-LOM Console

Ie):

Router#

!

interface g0/0

ip address 10.0.0.1 255.0.0.0

!

interface ucse 2/0

ip unnumbered g0/0

imc ip address 10.0.0.2 255.0.0.0 default-gateway 10.0.0.1

imc access-port shared-lom console

!

ip route 10.0.0.2 255.255.255.255 ucse 2/0

!

end

Host Router

E-Series ServerGE2 GE3

Router CPU

PCIe MGF

ucse2/0

BMC

CIMC GUI G0/0

GE0 GE1

Shared-lom console and ip

unnumbered will require static ip

route to access CIMC

IOS CIMC Configuration Shared-LOM MGFConfiguring CIMC Access Using Shared LOM – GE1 (MGF):

Router#show vlan-switch

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/0/0, Gi0/0/1, Gi0/0/2

Gi0/0/3, uc2/1

Router#

!

interface vlan 1

ip address 10.0.0.1 255.0.0.0

!

interface ucse 2/0

imc ip address 10.0.0.2 255.0.0.0 default-gateway 10.0.0.1

imc access-port shared-lom ge1

!

Router#

Host Router

E-Series ServerGE2 GE3

Router CPU

PCIe MGF

ucse2/0

BMC

CIMC GUI

*Gi0/0/0

GE0 GE1

ucse2/1

Note:UCS-E Series supported with EHWIC-4ESGP

and not EHWC-4ESW

*Gi0/0/1*Gi0/0/2*Gi0/0/3

EHWIC

IOS CIMC Shared LOM Front Panel GE2

Configuring CIMC Access Shared LOM GE2

Router#

!

interface ucse 2/0

imc ip address 10.0.0.1 255.0.0.0 default-gateway 10.0.0.2

imc access-port shared-lom ge2

!

Router#

Host Router

E-Series Server

GE0 GE1

Router CPU

PCIe MGF

ucse2/0

BMC

CIMC GUI

GE2 GE3

UCS E-series Management MIBS

ITU-ALARM-TC-MIB

SNMPv2-MIB

SNMPv2-CONF-MIB

SNMPv2-SMI-MIB

SNMPv2-TC-MIB

SNMP-FRAMEWORK-MIB

INET-ADDRESS-MIB

CISCO-SMI

CISCO-TC

CISCO-UNIFIED-COMPUTING-EQUIPMENT-MIB

CISCO-UNIFIED-COMPUTING-FAULT-MIB

CISCO-UNIFIED-COMPUTING-MIB

CISCO-UNIFIED-COMPUTING-MEMORY-MIB

CISCO-UNIFIED-COMPUTING-NOTIFS-MIB

CISCO-UNIFIED-COMPUTING-PROCESSOR-MIB

CISCO-UNIFIED-COMPUTING-STORAGE-MIB

CISCO-UNIFIED-COMPUTING-TC-MIB

• Memory, Processor and Storage MIBS used for SNMP query for memory, CPU and disk/controller (SNMPGET, SNMPWALK)

• Notifications and Fault generate trap events

UCS Director 5.5 /IMC Supervisor 1.0

Cisco Prime Third Party Tools

• Centrally Manage Distributed E-Series

• Platform Hardware Inventory

• Firmware Inventory

• Hardware Health Status

• Detailed Fault Logging & History

• vKVM Launch

• CIMC Plug-in for

• MS SCCM

• MS SCOM

• HP OM

• HP OO

• Nagios

• Powershell scripting

• Prime DCNM to monitor

distributed E-Series

• Platform hardware inventory

• Firmware inventory

• vKVM launch

• Detailed fault logging &

history

• Prime infrastructure 2.2

• E-Series support to be added

as part of device pack

Centrally Manage Distributed E-Series

Platform Hardware Inventory

Firmware lifecycle

Hardware Health Status

Detailed Fault Logging & History

vKVM Launch

UCS Director 5.5 / IMC Supervisor 1.0

Discovering UCS E-series branch servers on Cisco IMC SupervisorFirst Step is to create a “Rack Group”

- Create a new Rack Group to sub-divide distributed managed server groups

- The new “Rack Group” will be where you discover and add servers that are part of its management domain (for example E-series at stores)

Discovering UCS E-series branch servers on Cisco IMC SupervisorSecond Step is to create a “Discover Profile”

- Create a discover profile for IMC SUP to find servers across the network (WAN)

- Typically devices at branch offices will not be on same subnet, nor have matching subnet masks. A list of IP addresses in a spreadsheet (.csv) seems like the best approach

Discovering UCS E-series branch servers on Cisco IMC SupervisorThird Step is to activate the discovery process and wait for the servers to appear

- Ready to discover click “Discover” and select the discover profile created in previous

- The discover process will initiate and the IMC supervisor to request a each individual E-series CIMC system to join its domain

Discovering UCS E-series branch servers on Cisco IMC SupervisorThird Step is to activate the discovery process and wait for the servers to appear - continued

- Monitor the progress of the server list being discovered

- Servers that fail to be discovered return an error message to help with troubleshooting the connectivity issue

Discovering UCS E-series branch servers on Cisco IMC SupervisorFourth Step is to migrate newly discovered servers to the assigned Rack Group

- Discovered servers must be imported to defined Rack Group

- After servers are imported to Rack Group the system is ready for monitoring and management

Click “Submit”

Cisco IMC Supervisor managing UCS E-seriesCisco IMC Dashboard – What can you do?

- Monitor health of CPU, memory and storage

- Have a granular view of what firmware version each server is running, the server power state and the server model type

- Each server can be labeled to identify its location (Tag management)

- Server report can be viewed to show boot order config, IP address, server MAC address and other parameter details

- Launch vKVM console, Launch individual CIMC GUI

- PowerON, PowerOFF, Reboot

- Update/Patch firmware (requires HUU file)

Cisco IMC Supervisor managing UCS E-seriesUpgrading Firmware

- Using Physical Accounts go to Firmware upgrade tab and create a “Upgrade Profile”

- You must download E-series server huux.x.iso file to a CIFS or NFS server share

- Configure the details for IMC SUP to download the huufile

- The huu file contains, CIMC, NIC, RAID controller, BIOS firmware upgrades

Cisco IMC Supervisor managing UCS E-seriesUpgrading Firmware - continued

- To start an upgrade click “Upgrade Image”

- Select the upgrade profile to run and the servers to upgrade

- Monitor the upgrade progress of each server from the IMC Sup console

Cisco IMC Supervisor managing UCS E-seriesImaging a server across the WAN – Host Image Mapping -

- All Cisco UCS servers support vKVM with virtual CD/DVD mounting to install OS

- But using vKVM with virtual CD/DVD takes a compressed OS iso file and decompresses it and runs an active install across the WAN link

- Using Host Image Mapping you can upload the compressed OS iso image directly to the UCS E-series SD flash and once copied map the image to the x86 systems as a virtual CD/DVD

- Advantage of Host Image Mapping is you can download and initiate install of the OS image at off peak hours

- You save on WAN BW utilization

- You don’t have to be always connected to the system during the installation process

- The OS iso file is now available locally in case of DR situation

Cisco IMC Supervisor managing UCS E-seriesImaging a server across the WAN – Host Image Mapping - continued

- Only one type of virtual mount can be active “don’t have vKVM CD/DVD mount at the same time as HIM”

- Make sure your BIOS boot order is set to boot from virtual CD/DVD drive first

- Before a reboot after a OS is installed make sure you unmap the boot image from HIM and that your install drive (RAID, SD flash) is set as second option boot

Microsoft SCCM IMC Plugin

Unified Virtualization ManagementCentral Management with VMware vCenter or Microsoft System Center

Branch Office

UCS E-Series

Branch Office

UCS E-Series

Branch Office

UCS E-Series

Data Center

UCSSystem Center

or

vCenter

Single console for all VMs and hypervisor administration

Extend virtualization management from the data center to the branch

Centralize control and visibility at every level of virtual infrastructure

Simplify, standardize, and automate remote server infrastructure

Cisco End-to-End SolutionUCS B-Series and C-Series for Data Center; UCS E-Series for Branch

Cisco UCS B/C Series

Unified compute platform for infrastructure consolidation in the data center. Offers innovative virtualization, memory, provisioning, I/O, and management capabilities.

Cisco UCS E-Series Servers

Residual compute platform with all-in-one device convergence that facilitates centralization of branch applications into the

data center.

Data Center/Cloud

Branch Office

WAN/Internet

Address WAN-induced performance, availability, compliance challenges

Consolidate Infrastructure

Centralize Applications

Support User experience

Location-Suitable Form Factors, Consistent Device Management

UCS E-Series networking intergration

Cisco UCS E-Series Server Components Simplifying Lean Branch Office Infrastructure

Platform for WAN Edge Applications

• Host applications locally either bare metal or virtualized

Server Virtualization and Bare Metal OS

• Certified for vSphere, Hyper-V and Xen Server

• Bare metal OS: Certified for Windows Server, RHEL, SUSE Linux, Oracle Enterprise Linux

Dedicated Blade Management

• Cisco® Integrated Management Controller per module

• Consistent stand-alone management with UCS C-Series family

Multipurpose x86 Blades

• Intel Xeon E3 or E5-2400 Quad Core or better CPU, up to 48 GB RAM and 3 TB Storage

• House up to four server blades in ISR G2

Single-Device Network Integration

• House all devices in ISR G2 chassis

• Multigigabit fabric backplane switch

IOS, MGF Backplane Switch

UCS E-SeriesServer

Hypervisor

OS

App

OS

App

CIMCUCS E-Series

Server

Hypervisor

OS

App

OS

App

CIMC

x86 Processor

Hypervisor

VNF

VNFApp

vSwitch

MGF

(Internal)

IOS-XE Data

Plane

IOS-XE Control

Plane

x86 Processor

3x1GE

WAN

interfaces

UCS-E Module

2x1GE

Linux

10GE

NIM/SM ModuleNIM/SM Module

NIM/SM Module

2x1GE

1GE

Route/Forwarding Processor

BMC

CIMC

App

Cisco ISR4000 with UCS-E Module

Cis

co

ISR

Ch

assis

Mo

the

rbo

ard

To WAN

vWAAS

UC

S-E

Se

rve

r Mo

du

le vASA

vWLC

vWSA ES

X H

ost

To LAN Switch

vSwitch0 vSwitch1 vSwitch2

vNIC

vmnic0

UCSE1/0/0

(BDI 10)

UCSE1/0/1

(BDI 20)

GE 0 GE 1

GE 2

GE 0/0/0

outside vNIC inside vNIC

WCCP IN

Use standard routing to

route traffic from vWAAS

to BDI/VLAN 20 to the

UCS-E blade

vWAAS will redirect traffic

back to the ISR router

1

1

2

3

4

5

2

3

4

5

6

6

7

Ingress WAN traffic from

the ISR WAN port is

redirected to vWAAS

running on the UCS-E

Traffic will be routed to

the vASA outside

interface set to its own

internal switch

vWSA and miscellaneous

LAN apps are installed

behind the firewall such

that they are accessible

to LAN devices

All LAN traffic accesses

the LAN apps via the

physical external GE 2

port on the UCS-E

module

Traffic is filtered and only

authorized traffic is

allowed out to the vASA

inside network

vmnic1

vmnic2

vN

ICvN

IC

Service Chaining Applications

7

WAN

Ge0/0/0 ucse 1/0/0.10

wccpredirects traffic for optimization

ucse 1/0/0.200

Traffic LAN to WAN/WAN to LAN

ucse 1/0/1.100

outside

inside

LAN

Ge0/0/2

Logical Diagram of vWAAS+ASAv Configuration:

Configuration Example: vWAAS+ASAvUsing ISR on-board interfaces

VMware vswitch config:

Maps to ucse 1/0/0.200 sub-intfcvlan200 (outside asav intfc)

Maps to ucse 1/0/0.10 sub-intfcvlan10 (vwaas optimization)

Maps to ucse 1/0/0 native intfc

Maps to ucse 1/0/1.100 sub-intfcvlan100 inside vrf (inside asavintfc)

ip wccp 61 redirect-list WAAS-Traffic_BranchtoDC

ip wccp 62 redirect-list WAAS-Traffic_BranchtoDC

!

interface GigabitEthernet0/0/0

description WAN intfc

ip address 172.19.153.210 255.255.255.0

ip nat outside

ip wccp 62 redirect in

negotiation auto

!

interface ucse1/0/0

description native vlan for mngmnt

ip unnumbered GigabitEthernet0/0/0

no negotiation auto

switchport mode trunk

!

interface ucse1/0/0.10

description vlan10 dedicated to vwaas

encapsulation dot1Q 10

ip address 176.19.153.1 255.255.255.0

ip nat inside

ip wccp redirect exclude in

ip virtual-reassembly

!

interface ucse1/0/0.200

description vlan200 outside of asav

encapsulation dot1Q 200

ip address 192.168.24.1 255.255.255.0

ip nat inside

ip wccp 61 redirect in

ip virtual-reassembly

WAN facing configuration:Enable wccpredirect to vwaas

WAN facing interface

UCSE 1/0/0 native vlan for mngmnt(esxi, vwaas, asav)

ucse1/0/0 sub-intfcvlan10 for vwaasopt traffic

UCSE1/0/0 sub-intfc vlan200 for outside intfc asav(LANtoWAN/WANtoLANtraffic)

ip route 0.0.0.0 0.0.0.0 172.19.153.117

ip route 172.19.153.17 255.255.255.255 ucse1/0/0

ip route 172.19.153.213 255.255.255.255 ucse1/0/0

ip route 172.19.153.214 255.255.255.255 ucse1/0/0

Default-gateway and static routes to mgmnt console:

ip route 192.168.25.0 255.255.255.0 192.168.24.2

Static route to LAN network:

WAN default-gateway

ASAv mngmnt

CIMC mngmnt

ESXi host mngmnt

Static route to LAN device subnet

LAN facing configuration:ip vrf inside

!

interface GigabitEthernet0/0/2

description intfc to LAN access switch

ip vrf forwarding inside

ip address 192.168.25.1 255.255.255.0

negotiation auto

!

interface ucse1/0/1

no ip address

no negotiation auto

switchport mode trunk

!

interface ucse1/0/1.100

description to inside intfc of asav

encapsulation dot1Q 100

ip vrf forwarding inside

ip address 192.168.24.2 255.255.255.252

ip route vrf inside 0.0.0.0 0.0.0.0 192.168.24.1

LAN static route default-gateway:

interface GigabitEthernet0/8

description connect to Ge0/0/2 of router

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet0/9

description connect to JoeS-windows7

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet0/10

description connect to MarieW-Windows7

switchport access vlan 100

switchport mode access

LAN access switch configuration (C3560c):

Interface in VRF inside connects to LAN access switch, segregated from native routing table. 192.168.25.1 is the LAN default-gateway

UCSE1/0/1 sub-interface vlan100 and VRF inside connects to inside intfc of asav

Static default route for LAN to WAN traffic. LAN to WAN and WAN to LAN traffic traverse asav in transparent mode (bump in the wire)

ASAv QSG: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/asav/quick-start/asav-quick.html

ASAv mngmnt 0/0 intfc

ASAv gig0/0 intfc

ASAv gig0/1 intfc

Cisco ASAv VM Settings

interception-method wccp

!

primary-interface Virtual 1/0

!

interface Virtual 1/0

ip address 176.19.153.10 255.255.255.0

exit

interface Virtual 2/0

shutdown

exit

!

ip default-gateway 176.19.153.1

!

wccp router-list 7 176.19.153.1

wccp tcp-promiscuous service-pair 61 62

router-list-num 7

enable

exit

!

central-manager address 172.19.153.110

cms enable

Cisco vWAAS VM settings:

Maps to ucse1/0/0.10 sub-

intfc vlan10

Cisco Converged Branch InfrastructureUse Case 1: Video Application, Storage System, and IP Cameras

MGF Fabric

Router

CPU

Hypervisor

OS

App

Hypervisor

OS

App

Video Management System

(10.1.30.10)

Storage

Application

(10.1.30.20)

C44(config)# interface BDI 1

C44(config-if)# ip address 10.1.30.1

255.255.255.0

UCS-E 2/0/0service instance 1 ethernet

encapsulation untagged

bridge-domain 1

UCS-E 1/0/0service instance 1 ethernet

encapsulation untagged

bridge-domain 1

Cisco Converged Branch Infrastructure Use Case 2: Multiple VMs in Different VLANs

MGF Fabric

Router

CPUEtherSwitch

Module / EHWIC

Card

Hypervisor

OS

App

OS

App

OS

App

UCS-EC44(config)# interface g0/0/XC44(config-if)# service instance ethernet 40

C44(config)# interface BDI 40

C44(config-if)# ip address 10.1.40.1 255.255.255.0

Cisco ISR+UCS E+Etherswitch moduleAll-in-one network integration

Cisco converged branch platform configuration:

Logical solution topology:

UCS E-series Performance

CPU Utilization on UCS E-140S

CPU Utilization on UCS E-140D

CPU Utilization on UCS E-160D

http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-e-series-servers/guide-c07-731139.html

High Availability

UCS E-Series and ISR

• The UCS E-Series depends on the ISR platform for power only

• Soft reload of ISR router does not have any effect on the UCS E-Series Compute Blades

• Power to slots will not be disrupted and will continue to power E-Series

• Hard Reset/Power down of the router will cause the E-Series to power down

• Equivalent of removing power supply to an external server

• ISR routers have the option for Dual Power supplies

• ISR 3900s and 4451, 4431 have option for inbuilt dual power supply

• ISR 2900s has the option for external RPS 2300 power supply

• ISR 4300s have no power supply redundancy

UCS E-Series and ISR

• Online Insertion and Removal supported on ISR 3900 and ISR 4000 platforms

• UCS E-series can be installed or removed without powering down the router

• OIR not supported on the ISR 2900s

• Hard drives on the UCS E-Series can be removed and installed without powering down the blade or the router.

• Note: RAID disks would have to be rebuilt.

• Two UCS E-Series can be installed in two ISRs with HSRP running between them

• Provides additional resiliency in terms of power to the E-Series

Providing Data Protection on the E-Series

• Consistency of data is key between E-Series and Data Center

• Protection of data is vital for disaster recovery

• Use technologies like VMware vSphere replication to set up automatic backup of data between E-Series and Data Center

• Data backup is asynchronous

• Data protection and high availability requires synchronous mirroring of data between E-Series servers at the branch. By clustering Direct Attached Storage (DAS) across multiple UCS E-series servers mirroring storage pool can be created.

• Software-defined-storage technologies from VMware and StorMagic create shared storage using DAS on E-series servers

• The clustered storage is presented as an iSCSI target where VMs requiring HA can run.

• Allows for synchronous mirroring across participating server nodes

In Box Server Redundancy

- Stormagic VC plugin installs on Windows server running vCenter

- Stormagic running in vCenter allows for full management directly from vCenter console

Before deploying a VSA configure networking

- Configure networking interfaces for each cluster storage traffic type

- Used UCSE X/0/0 to access management interface (makes it easy to reach across WAN)

- Used UCSE X/0/1 to create vlan192 and assign a 192.168.24.X target IP address for my iSCSI storage target

- Used external GE2 on UCS E-series server to connect back-to-back and provide dedicated data path for synchronous data mirroring

- Networking settings (port-group name, interface mapping, vswitch settings) must match between each participating server

Configuring VMware networking:

Before deploying a VSA configure networking – cont’d

Configuring ISR 2900/3900Management access:interface GigabitEthernet0/0description WAN interfaceip address 172.19.153.131 255.255.255.0

!interface ucse1/0ip unnumbered GigabitEthernet0/0imc ip address 172.19.153.119 255.255.255.0imc access-port shared-lom console

!interface ucse2/0ip unnumbered GigabitEthernet0/0imc ip address 172.19.153.120 255.255.255.0

imc access-port shared-lom console

!

ip route 172.19.153.123 255.255.255.255 ucse1/0

ip route 172.19.153.140 255.255.255.255 ucse2/0

!

interface ucse1/1

description Internal switch interface connected to Service

Module

switchport mode trunk

no ip address

!

interface ucse2/1

description Internal switch interface connected to Service

Module

switchport mode trunk

no ip address

!

interface Vlan192

ip address 192.168.20.1 255.255.255.0

Static routes to

VSA management

GUIt

Interface to access

iSCSI target

Configuring ISR 4000 seriesManagement access:bridge-domain 192!interface GigabitEthernet0/0/0description WAN intfcip address 172.19.153.210 255.255.255.0

!interface ucse1/0/0ip unnumbered GigabitEthernet0/0/0no negotiation autoswitchport mode trunk

!interface ucse2/0/0ip unnumbered GigabitEthernet0/0/0no negotiation autoswitchport mode trunk

!

ip route 172.19.153.123 255.255.255.255 ucse1/0/0

ip route 172.19.153.140 255.255.255.255 ucse2/0/0

!

interface ucse1/0/1

no ip address

switchport mode trunk

service instance 192 ethernet

encapsulation dot1q 192

rewrite egress tag push dot1q 192

bridge-domain 192

!

interface ucse2/0/1

no ip address

switchport mode trunk

service instance 192 ethernet

encapsulation dot1q 192

rewrite egress tag push dot1q 192

bridge-domain 192

!

interface BDI192

ip address 192.168.20.1 255.255.255.0

Static routes to

VSA management

GUIt

Interface to access

iSCSI target

Note: mirroring traffic is a wire between each GE2 on the servers

Creating shared storage for data mirroring

- Deploy a VSA (Virtual Storage Adapter) on each UCS E-series host (simple OVA deployment)

- Assign equal amount of storage on each server to each VSA using deployment tool GUI

- Create the iSCSI target (shared storage cluster) where VM data replication will run

Fully deployed shared storage solution with mirroring data replication

- Shared storage across two or more E-series servers enables VM live migration

- Full support for HA and FT features

- Fully redundant system from L2 through L7

- Solves the issue of all eggs in one basket

Box 2 Box Redundancy

• Network redundancy across two Cisco ISR using HSRP• Two physical routers provide one logical IP address and MAC address as subnet default gateway.

• HSRP works in an active/standby scheme where if the active router fails the standby router continues to processing network requests

• Each Cisco ISR houses a Cisco UCS E-series.• Network connectivity between UCS E-series is done using the front-panel GE interfaces for data replication (mirror) traffic

• Each UCS E-series runs the SDS application with data mirroring capability to synchronously replicate VM files across

• Network access to iSCSI target and application VMs must match exactly in each router config (be sure to use the virtual router IP address as the default-gateway)

Case Studies

Customer Success - Finance(Retail Banking)Commercial bank headquartered in Anchorage, Alaska, Northrim Bank employs 250 people in 11 branches across 350 miles in southern Alaska.

Challenge :

• Northrim wanted to upgrade the bank's legacy infrastructure to dramatically increase the speed of service at the bank's teller stations.

• A slow circuit-based network created high latency problems that affected expensive third-party banking software applications that were very sensitive to bandwidth delay.

• Several times a day, users encountered sluggish application response or program errors that required re-login or even rebooting the system, a frustrating and time-consuming occurrence.

Next Gen Branch Architecture

• VMware Horizon View running on VMware ESXi , Microsoft AD, DNS,DHCP on the Double Wide UCS E-Series Server Blade

• Plans to add Unified Communications , FXS/FXO voice interfaces and Security

Customer Success – RetailColumbia Sportswear

Columbia Sportswear stores use compact Integrated Services Routers, which combine routing, switching, compute and voice services.

Challenge :

The company has retail stores and branch offices across North America and is expanding globally.

• Need to Shrink IT footprint in its stores.

• Central management.

• Stores need to accept payment cards and receive phone calls even in spite of WAN outage to the HQ network.

Next Gen Store Architecture:

Cisco Store-in-a-box provided the perfect solution for a Smaller IT Footprint while lowering Costs using the Cisco® 3945 Series Integrated Services Router (ISR), Cisco UCS E-Series Blade Server and a 48-port integrated switch.

“The POS application is now a virtual machine on the blade server,”

Simplified Management - “We chose the Cisco ISR partly because it’s easy to set up and manage,” says Spiegel. “For example, technicians no longer have to rack, stack, and power four separate systems, or install the operating system and applications on a physical server.

Before, deploying or replacing store infrastructure took days. Now the IT team just ships the router to the store, and any employee can connect it in minutes.”

Cisco UCS E-Series in Summary

• Application hosting platform for the lean branch office

• Bare metal OS, certified for Windows Server, RHEL, SUSE Linux, Oracle Enterprise Linux

• Virtualization powered by Microsoft Hyper–V, VMware vSphere, Citrix XenServer or Linux KVM

• The Converged branch solution (ISR+UCS E-series) – Allows intelligent consolidation of services

• Enables instantiation of applications and VNFs on demand, avoiding network infrastructure refreshes

• Extremely reliable - > 200K hour MTBF, Easy to manage one box solution

ResourcesCustomer resources:http://www.cisco.com/go/ucse

Contacts

Tony Banuelos - tbanuelo@cisco.com

Kishan Ramaswamy - kiramasw@cisco.com

VideoNorthrim Deployment - http://www.youtube.com/watch?v=SY_4exRDPK4

Cisco Office-in-a-box - http://www.youtube.com/watch?v=jZtNH1nUF1I&list=PL2C2B4E34EE649245

UCS E-Series - http://www.youtube.com/watch?v=jkTekMg3YDo

Participate in the “My Favorite Speaker” Contest

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include

• Your favorite speaker’s Twitter handle

• Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could Be a Winner

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys through the Cisco Live mobile app or your computer on Cisco Live Connect.

Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

• Related sessions

Thank you

Internet of Things (IoT) Cisco Education OfferingsCourse Description Cisco Certification

NEW! CCNA Industrial An associate level instructor led training course designed to prepare you

for the CCNA Industrial certification

CCNA® Industrial

Managing Industrial Networks with

Cisco Networking Technologies (IMINS)

This curriculum addresses foundational skills needed to manage and

administer networked industrial control systems. It provides plant

administrators, control system engineers and traditional network engineers

with an understanding of the networking technologies needed in today's

connected plants and enterprises

Cisco Industrial

Networking Specialist

Control Systems Fundamentals

for Industrial Networking (ICINS)

For IT and Network Engineers, covers basic concepts in Industrial Control

systems including an introduction to automation industry verticals,

automation environment and an overview of industrial control networks

Networking Fundamentals

for Industrial Control Systems (INICS)

For Industrial Engineers and Control System Technicians, covers basic IP

and networking concepts, and introductory overview of Automation

industry Protocols.

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com