unified computing system hints and tips from the...

BRKCOM-2007

Unified Computing System Hints and Tips from the field

Follow us on Twitter for real time updates of the event:

@ciscoliveeurope, #CLEUR

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCOM-2007 2

Housekeeping

We value your feedback- don't forget to complete your online session evaluations after each session & the Overall Conference Evaluation which will be available online from Thursday

Visit the World of Solutions and Meet the Engineer

Visit the Cisco Store to purchase your recommended readings

Please switch off your mobile phones

After the event don‟t forget to visit Cisco Live Virtual: www.ciscolivevirtual.com

Follow us on Twitter for real time updates of the event: @ciscoliveeurope, #CLEUR

http://www.ciscolivevirtual.com/

http://www.ciscolivevirtual.com/

Agenda


What is this session about?

A collection of hints and tips gathered from over two years of UCS deployments

Specifically, we‟re going to cover:

- A few words of introduction

- Windows Boot From SAN

- Windows NIC/HBA ordering

- The Native VLAN checkbox

- Recommended Service Profile designs for ESXi and Hyper-V

- Mass-deployment of Profiles using Templates and UCSM shortcuts

- SAN address pools: what works, what doesn‟t

- Mass-deployment of Operating Systems (Windows and ESXi)

- Automation essentials (vSphere CLI, UCS Powershell toolkit)

A few words of introduction


What do we see on site?

We = Cisco Advanced Services UCS practice for EMEAR

- Yours truly has personally implemented 34 sites

Majority of deployments (80%+) run a mix of Hypervisors and bare-metal

- Around 20% run with no bare-metal at all

Hypervisor is for the large part (80%) VMware‟s vSphere ESXi

- ESXi 4.1 Update 2 primarily, a little bit of ESXi 5.0

- Microsoft‟s Hyper-V comes second

- Xenserver comes third

Bare-metal deployments consist mostly of Windows 2008 R2 server

- Either bare-metal deployment imposed by application vendor

- Or virtualization isn‟t fully trusted yet (or misunderstood?)


Recurring patterns, questions and concerns

Boot from SAN has literally exploded … but can be tricky to implement

- From virtually non-existent in mid-2008 to 90% today

- Valid for all OS: Windows, ESXi and Linux

Fairly limited expertise in “advanced” OS deployments

- ESXi HA cluster design options, Nexus 1000V, how many vNICs per blade, etc.

Misunderstanding of certain networking options in UCS

- The infamous Native VLAN checkbox anyone?

Customers love automation of repetitive tasks … but often don‟t know how

- OS deployments, configuration of networking in ESXi

Which sensors and objects should I be monitoring?

UCS Building Blocks: A Quick Recap


Service Profiles and Templates

Physical blades inherit a desired configuration through a Service Profile (SP)

- One SP can be either unassociated or associated to one blade

Service Profiles specify

- desired boot order

- number of vNICs with VLANs and vHBAs

- where to get addresses for those vNICs/vHBAs

- various policies (BIOS configuration, IPMI, etc.)

SP Templates are master templates from which SPs can be spawned

- either manually (from 1 to N with auto-naming)

- associated to a pool of servers

Address Pools: best practices


UUID: global ID that is unique to a given server

- Composed of Prefix and Suffix

- Best practice: don‟t modify the prefix

Recommendations:

• Use root “default” pool as the global default pool for all Service Profiles

• Populate the default pool with a block of 512 IDs

• Don‟t alter original Prefix, this is unique to this UCS

• Optional: choose a “Domain ID” for this UCS - used later in other ID pools

UUID Pools


Assigning addresses to adapters

Prefer pools to burnt-in values whenever possible

- Pools let you control the exact allocation following your naming convention

- Makes it easy to identify a given blade or OS type on switches

On the M81KR adapter (aka “Palo”) this is a must

- M81KR can instantiate N interfaces there are no burnt-in addresses

Best practice

- MAC pools: create pools that are multiple of 64

- Optionally encode Domain/Site ID and OS Type

MAC Address Pools

MAC Pool 256 MACs

OUI Extension ID

00 25 B5 Domain ID OS Type ##


Assigning addresses to adapters

Using pools lets you communicate WWNs to SAN team ahead of deployment

- pre-provision LUNs for boot-from-SAN

- proactively perform zoning and LUN masking configuration

One blade uses one Node WWN and as many Port WWN as there are vHBAs

Node pool best practice: create one large pool that‟s a multiple of 16

- Create the pool at the Root organization (you can use the default pool)

- Zoning and masking does not use Node WWN

Ensure node pools and port pools do not overlap

World Wide Name Pools


Overlapping Node and Port WWN Pools

If you use overlapping node and port pools you end up with SPs that look like this one:

Something to avoid


Overlapping Node and Port WWN Pools

If you look at the Port pool you‟ll see the “foreign” node entry listed:

Something to avoid

Use FF or

F<Domain

ID> instead!


Port WWN Pools

Always create pools that are multiple of 16 and contain less than 128 entries

- This ensures vHBA0 (SAN A) and vHBA1 (SAN B) have the same low-order byte

Counter-example using 233-entries pools

Much better for both vHBAs to have the same low-order byte and a unique SAN Fabric identifier

- Presence of “0A” or “0B” in the port WWN indicates SAN Fabric

Best Practices


Port WWN Pools

At the very minimum, create pools that identify the SAN Fabric

For deployments with several OS types and multiple UCS, you could do this:

Suggested Design Patterns


Port WWN pools

Use Expert setting when creating vHBAs

Boot from SAN


Tune your BIOS policy

Boot from SAN involves several key components working hand in hand

- Correct UCSM boot-from-SAN policy with the right target port WWNs

- Correct SAN zoning and LUN masking are imperative

- SAN array must present a LUN (storage groups, initiator groups, etc.)

During your first trial a component won‟t work the way it‟s supposed to

UCSM lets you create BIOS policies that you can attach to the Service Profile

Best Practice: for Boot-from-SAN you always want Quiet Boot disabled

Let the server speak up


Physical topology

SAN network designers always want SAN A / SAN B isolation

What yours should look like

Write down the array‟s port

WWNs before configuring

your Service Profile!


Finding the target’s port WWN

All SAN arrays have a CLI or GUI that shows the port WWNs to use in boot policies

- Here‟s an EMC Unisphere example

Example using EMC Unisphere


Build your boot policy

UCS can boot from 4 different paths

- You can boot with just a single target boot policy, but not ideal for resiliency

Typically, you‟ll want a boot policy that goes like this:

That policy says:

- First try vHBA fc0 pWWN “63” via fc0 Storage Processor A, port A3

- Then try vHBA fc0 pWWN “6B” via fc0 Storage Processor B, port B3

- If those fail, then try fc1 (first pWWN “64” on SP A; then pWWN “6C” on SP B)

Don‟t forget to append CD-ROM or PXE after the SAN boot targets

One path works, but if resiliency matters ..


Let’s boot the server

Associate the boot policy you just defined then boot the server

With a M81KR adapter, this is what you‟ll see for each vHBA

Keep an eye out

If you do not see the array

show up here, there‟s

probably a zoning or

masking error

Note: the 4th byte here is “60” because we are booting from a different array than slide 21


Microsoft Windows Boot from SAN

Best practice: ask the SAN team to present a single target pWWN for now

Don‟t proceed unless you‟ve seen the target‟s port WWN on the previous screen!

- Teach your SAN team to pre-register hosts; you know the server‟s pWWN!

Make sure you have the latest Cisco drivers iso image handy!

Your boot policy must have the SAN targets first before PXE or CD-ROM

- If you put PXE or CD-ROM first, the installer will refuse to install on the LUN!

Mount the virtual media (or ensure PXE is working) and boot the server

Do not press F6 to force select boot options, UCSM has taken care of that

After a few click-next (accept EULA; select Custom Installation), you‟ll see a screen asking you where to install Windows

Checklist


Windows: nowhere to install!

You should now see this:

Windows does not ship with built-in drivers for Cisco CNAs

- Unmap the installation ISO image and map the Cisco drivers image

- Then click “Load Driver”

Drivers to the rescue


Drivers loaded

Load the driver then wait a bit and the LUN will appear

If the LUN does not appear, check FLOGI database on SAN switches

If FLOGI is present, check zoning

- If it is not present, double check the VSAN membership of the vHBA

- Don‟t forget to activate the new zoning configuration

If zoning is correct, verify the host pWWN is/are registered on the array

- Present a boot LUN (for Windows 2008 R2 typically 40GB) only to that host

LUN appears


I am getting an error!

You‟re very likely going to run into this error:

What did I do wrong?

At this point, unmap the Cisco drivers ISO image and remap the Windows installation media

You may need to click Refresh

The installer should now proceed

After the installation, enable

MPIO (register your array with

the MPIO driver) then present all

available SAN paths


A handy UCSM tab

In the Service Profile, there‟s a Server Details tab

At the bottom of that screen there is a window with Configured Boot / Actual Boot

Compare both and ensure the BIOS agrees with the boot policy you configured

Configured boot order vs actual boot order


VMware ESXi Boot from SAN

All ESXi versions ship with Cisco CNA drivers built-in

The installer is more forgiving than with Windows

- You could place the virtual CD-ROM or PXE before the SAN targets and it will work

The installer is multipath-aware

- It is okay to present all available paths at installation time

Best practice: through LUN masking only present the boot LUN while installing

- If you data is important, do not present VMFS datastores just yet!

Before ESXi 5.0 you only get one chance

- If LUN masking is incorrect, the installer won‟t refresh and you‟ll have to reboot

- The ESXi 5.0 installer introduces a proper refresh function which will save you a lot of time

Easy as pie

Recommended Service Profile Designs


What’s a Service Profile design?

Question: “how many vHBAs and vNICs should I assign to my Windows profile? How about ESXi?”

- If you don‟t have a Cisco M81KR adapter, the answer is simple: 2 plus 2!

- We‟re going to focus on M81KR use cases

For bare-metal deployments: the answer is “it depends”

- Consult the application owner(s)

- Empirical observation: typically 4 to 6 vNICs; 0 to 2 vHBas

For ESXi: most of the times 8 vNICs and 2 vHBAs

- Details in the next slides

For Hyper-V: most of the times 6 vNICs and 2 vHBAs

- Details in the next slides


Before we move on …

When defining VLANs on a given vNIC inside a SP, there‟s a Native VLAN column

When are you supposed to check that box?

The Native VLAN checkbox


Native VLAN on a vNIC

The Native VLAN checkbox here is link-local only

- It has zero impact on network uplinks or other SPs

Behind the scenes vNICs are trunk (802.1Q) ports

- FCoE VLAN + classical Ethernet VLAN(s)

A vNIC can have one to N VLANs defined on it but only one can be Native

Native VLAN checked means traffic is sent to the OS with no tag on that VLAN

- Typical with single VLAN vNICs

- The OS just receives traffic on the corresponding interface, no need to define VLAN-based sub-interfaces

Native VLAN unchecked means the OS must be able to handle 802.1Q tags

- With the M81KR adapter and a Windows bare-metal host, no connectivity!

- At the time of writing (Jan 2012) there are no Windows 802.1Q drivers for M81KR

When to check it


Native VLAN examples

Will this work?

This SP is associated to a blade running ESXi

(vNIC e0 assigned to mgmt)

This won‟t work! All

traffic is sent tagged

to ESXi. A VLAN

must be defined to

handle management

traffic!


Native VLAN examples

This SP is associated to a blade running Windows 2008 R2 (not a VM!)

How about this one?

vNIC e0 vNIC e1

This will work. Traffic

on the “backbone”

VLAN arrives

untagged and is

handled by “Cisco

VIC Ethernet

Interface”


Typical SP Design for VMware ESXi

Nexus 1000V for VM data, no NFS or iSCSI


vSphere Service Profiles

Do not use “route based on ip hash” on vSwitches with UCS

- That setting requires an Etherchannel upstream which UCS Fabrics do not support

Use either explicit failover order or originating virtual port-ID load balancing

If you have IP storage (NFS or iSCSI) you can create a new vSwitch

- With originating virtual port ID each vmkernel NIC uses a single network uplink

- You‟ll need multiple vmkernel adapters to load balance traffic

- Set Jumbo frames end-to-end and try to keep the path L2 if possible

Best Practices

run „esxtop‟ then

press N to see

virtual port-ID


vSphere NFS timeout

Set those for all hosts:

- NFS.HeartbeatFrequency(NFS.HeartbeatDelta in vSphere) = 12

- NFS.HeartbeatTimeout = 5

- NFS.HeartbeatMaxFailures = 10

This says:

- Every 12 seconds verify that NFS datastore is alive

- Heartbeats expire after 5 seconds after which another heartbeat is sent

- If 10 heartbeats in a row fail mark the datastore unavailable (VMs crash)

With those setting a NFS datastore can be unavailable for a maximum of 125 second

During that time a VM sees a non-responsive SCSI disk. Tweak the Windows registry to match the 125 seconds value

- HKLM System CurrentControlSet Services Disk Timeout

Recommended values


Isn’t that too many 10G NICs?

If you browse the vSphere configuration maximums, you‟ll come across this:

This is fine. Keep in mind the M81KR adapter is physically 2 x 10G Base KR.

My VMware consultant says …


Recommended BIOS settings

VMware ESXi Maximum Performance

If power savings

prime over

performance, then

enable these


Typical SP Design for Microsoft Hyper-V

With CSV Clustering enabled and iSCSI

vNIC failover

configured on all

vNICs


A few words on Hyper-V and 802.1Q VLANs

There are currently no M81KR VLAN drivers under Windows 2008 R2

- Remember Hyper-V is a “just” a role of Windows 2008 R2 server

How do you provide connectivity to VMs that require says 20 different VLANs?

You could do one vNIC per VLAN and use the Native VLAN checkbox

- Not very easy to manage 20+ NICs under Windows

Fortunately there is a much easier alternative


External vSwitches can perform VLAN tagging “behind” the physical NIC

- Even if the physical adapter in Windows isn‟t configured with VLANs, the Hyper-V network manager can add or pop VLAN tags as traffic enters or leaves the virtual switch

With that in mind, all you need to do is configure one vNIC in UCS with failover enabled (there is no NIC teaming driver for Windows) and enable the VLANs you want your VMs to get access to:

A few words on Hyper-V and 802.1Q VLANs


VM-level tagging within Hyper-V

Here is an example with a VM placed in VLAN 666


Windows 2008 R2 knows nothing about VLANs in use by VMs

- Neither does the Virtual Network Manager!

It knows about a NIC called “External” which corresponds to “e2” in our UCS Service Profile

- UCS is extending VLANs 27 (backbone) and 666 (testing) on the vNIC as shown in slide 4 – this is all transparent to Windows:

Hyper-V external virtual switch configuration


With SC VMM this view shows the VM is configured with two VLANs

View from Microsoft SC Virtual Machine Monitor


With SC VMM you can select the VLANs that should be carried on the external switch‟s physical vNIC:

Selecting VLANs using SC VMM

Service Profiles: OS view versus UCSM view


SP view vs UCSM view

Problem statement

- an SP instantiates 6 vNICs and 2 vHBAs

- Windows 2008 R2 is installed on the blade

- NIC ordering at the OS level does not match what the SP shows

Typically encountered with Microsoft Windows OS, usually not an issue with ESXi

Do they disagree?


What’s specific to Microsoft Windows and UCS

Two variables come in the picture:

- Windows does not ship with built-in drivers for M81KR

- Once you load the driver the OS decides in which order to bring up the devices

- That order does not have a direct relation with PCI-bus addressing

You often end up with this:


How to reconcile the OS and SP view

First make sure the vNICs have a sequential order in the SP

Install Windows then launch the Device Manager

When order matters

vHBAs can appear before vNICs, it doesn‟t really matter

Just ensure your vNIC order column follow the correct sequence


Device Manager View

Before installing the device drivers, right-click on each vNIC one by one

Install the drivers sequentially following the PCI bus order you discovered

Identify PCI bus order of each vNIC

Write down the PCI address of each vNIC

This is where the device order in the UCS SP comes into play – the first vNIC or vHBA is usually at PCI 06


One-click device driver update

Avoid using the Scan for Hardware Changes method if order matters

- It is quick but it pretty much guarantees shuffling of the devices

Don‟t do it if order matters


Powershell script

Quickly list adapter MACs and OS device ID

Use this PS script to obtain a two-column table with MAC address and device descriptions:

Get-WmiObject Win32_NetworkAdapterConfiguration –computer localhost –filter “IPEnabled = „true‟” | select MacAddress,Description

Service Profiles: tips and tricks


Organizations are not just for RBAC, use them like VM Folders

UCSM Organizations

Actual

example


Pool inheritance concept – consider this hierarchy:

Children SPs can use resources higher up in the hierarchy

- Very interesting property that allows cloning of profiles

Organizations

Inheritance concepts

SPs created under Top or Level 1 orgs cannot use the Level 2 CiscoLive_MACs pool

A Level 2 SP can use pools in its parent L1 pool and Top-level pools. It cannot use resources in sibling orgs.


Rapid deployment of SPs

If you have many like-servers then SP Templates is the way to go

- If physical location does not matter, bind the template to a server pool

- This allows you to quickly provision tens of servers

If you are dealing with many Orgs and physical location (chassis/slot) matters

- Use SP Cloning

SP Templates and SP Cloning


SP Cloning

When Cloning, you get to choose a new name for the SP

- Not prefix-derived unlike when creating SPs from Templates

You also get to choose any Org for the cloned SP

If the original SP uses a resource that isn‟t available to the target Org then ..


SP Cloning

If you create pools with similar names under different Orgs, the cloning process automatically borrows resources from the target pool

Corresponding Pools across Orgs

If source SP “foo” in Org CiscoLive is referring to MAC pool CiscoLive_MACs, then its clone in the CiscoPie Org automatically uses the CiscoLive_MACs under that Org


SP Cloning

This hierarchy was created in less than 10 minutes using the Cloning “trick” explained previously

Example

Create SAN Node WWN pools at the root level – using “default” pool is fine

When Cloning SPs, use either pools with similar names under each sub-Org, or place all your port WWN pools at the parent Org level

Operating Systems: weapons of mass deployment


Manual mass deployment

When number of OS to deploy exceeds 5 or 6, provisioning tools come in handy

You can use a simple trick for 5 to 6 deployments:

- Copy the master ISO installation image 5 to 6 times locally

- Open all 5 or 6 KVM sessions

- Mount the ISO image through Virtual Media in each session using a unique ISO

- Start the installers in parallel, click Next 20 times and watch the paint dry

While you can work off a single ISO image for multiple parallel installations, it can lead to unpleasant surprises at the end of the installation procedure

- The copy method works well and has been tested many times with success

For small numbers of installations


Automated mass deployment

As soon as the number of OS to deploy exceed 6 or 7, PXE to the rescue!

PXE requires a (simple) DHCP and TFTP infrastructure

Deploying ESXi 4.0 / 4.1 / 5.0 is straightforward

- Recommendation: Ultimate Deployment Appliance VM (2.0 build 17 upgd pack 20)

- Ships as an OVA – deploys in minutes

- Installation through a simple Setup Wizard

- Easy to use Web console, comes with DHCP and TFTP services

- Doesn‟t contain the ISO image, you need to supply it to the tool

UDA ships with Templates which are kickstart files

- Kickstart files can auto-populate any install-time options

Because clicking is boring

http://www.rtfm-ed.co.uk/2011/08/25/uda-2-0-build-20-available-esx5i-support/

It‟s demo time!



















Ultimate Deployment Appliance

This is the list of supported OS

Supported OS

UDA doesn‟t require much storage – it can mount NFS or CIFS shares that contain the ISO images and just extract files necessary for PXE booting


Kickstart files

A first step toward automation


Deploying ESXi 5.0

As of ESXi 5.0 VMware supports stateless installations

A stateless installation does not install to disk, it runs from RAM

Image is fetched from the network using PXE and executed

- Zero state preserved locally and across reboots

The Autodeploy alternative

6

8

VMware Auto Deploy server ships with vCenter Server media

Installation requires a vCenter Server and external DHCP/TFTP services (not true if you‟re using the vCenter Server virtual appliance)


Autodeploy with UCS

When a UCS blade boots, it passes these values to Auto Deploy‟s PXE server through these oemstring variables:

You can quite easily auto-add UCS blades into specific HA clusters based on UCSM properties

Linkages

6

9


External information and reference material

VMware documentation:

- http://bit.ly/pguML3

Duncan Epping‟s blog entry:

- http://www.yellow-bricks.com/2011/08/25/using-vsphere-5-auto-deploy-in-your-home-lab/

Another blog:

- http://www.gabesvirtualworld.com/vsphere-5-how-to-run-esxi-stateless-with-vsphere-auto-deploy/

7

0

http://bit.ly/pguML3

http://www.yellow-bricks.com/2011/08/25/using-vsphere-5-auto-deploy-in-your-home-lab/



















http://www.gabesvirtualworld.com/vsphere-5-how-to-run-esxi-stateless-with-vsphere-auto-deploy/






















What about Windows deployments?

UDA can deploy Windows 2000, 2003, XP and 7

- Those are not very frequent OS for bare-metal deployments

How about Windows 2008 R2 on bare-metal?

Windows 2008 R2 VM with the Windows Deployment Services role

WAIK up!

In a nutshell: W2K8 VM joins AD domain with DHCP and WDS roles

Configure DHCP options

Install WAIK to add M81KR driver to images

Point WDS to patched install.wim and boot.wim images


WDS Prerequisites

Make sure you have an AD domain controller up and running

Make sure you have an operational DNS server

Create a clean Windows 2008 R2 installation on a VM with 2 NICs (mgmt / data)

- Have the new VM (let‟s call it the WDS server) join the domain

Once that‟s done, download the following files:


Extract the files

Obtain MagicISO or any other software capable of inspecting ISO files

Extract the three files on the data disk in specific folders

- One folder for Windows

- One folder for UCS drivers

- One folder for WAIK

Create two empty directories on the same disk such as

- E:\MOUNT

- E:\WIM


Add the DHCP role

PXE booting involves two protocols:

- DHCP exchange followed by TFTP file transfer

Add the DHCP role to the WDS Server and create a simple scope

- The scope needs to match the 2nd adapter‟s IP subnet


Add the WDS role

Using Server Manager, right-click on Roles and add the WDS role


Configuring WDS

The WDS installation wizard will ask you about DHCP options

- With the DHCP server installed locally, select both checkboxes

- This automatically configures option 60 on the scope you defined earlier


Configuring WDS continued

Leave everything to their default values except for this:

Click Next until WDS asks if you‟d like to add images

- Say yes

Note: you can always return to these configuration options later by right-clicking the WDS server under Server Manager Roles WDS


Adding Windows images to WDS

Point WDS to the folder where you extracted the Windows installation ISO

After a few minutes, WDS will have imported all available Windows flavors

- Typically, you‟ll see 6 to 8 images

Standard, Entreprise, Data Center, Web in GUI and Core modes

- WDS also imports the Windows Setup image

What WDS just did is import the install.wim and boot.wim files located in the \sources directory of the Windows folder

Copy those files in the WIM directory you created on the data disk


Time to test!

You are actually ready to PXE boot a VM

- Create a standard VM (Windows 2008 R2 64-bit type)

- Make sure its Ethernet adapter matches the port-group of the WDS Server interface where DHCP is active

- Power on the new VM, it will automatically boot from the network

Your VM should receive an IP address and download WDSNBP.COM

- You‟ll be asked to press F12 to continue the PXE boot process

- Do that to verify the VM is able to retrieve the boot image

If that does not work, you have a DHCP and/or network problem


What about bare metal blades?

If you attempt to boot a UCS blade with the current WDS setup, you‟ll see this:


Time to customize the Windows images

Install WAIK by clicking on StartCD in the directory you extracted KB3AIK_EN.iso

- Select Windows AIK Setup

Time to WAIK up


Setting up WAIK

Setting up WAIK is a click next – click next story

Once it‟s done, you‟ll see new options under Programs


WAIK command prompt

Start the WAIK command prompt (Run as Administrator)

You now have access to three new commands:

- Dism (Deployment Image Servicing and Management)

- Imagex (creates WIM images)

- Oscdimg (creates ISO images of WinPE)

You also have access to a new GUI-based tool

- Windows System Image Manager (creates answer files)

We‟ll only use DISM

DISM works with offline WIM images that it mounts

- That‟s why we copied the WIM images in a specific folder before

- That‟s also why we created a MOUNT directory


Mounting a WIM image with DISM

WIM images typically contain multiple Windows images

- Each image corresponds to an index

- You can view the contents of a WIM image as follows:

Always make sure you‟re patching the correct image

- We‟ll customize boot.wim first with index number 2


How does a PXE client boot into Windows?

The BIOS or EFI request a network boot

PXE ROM gets an IP address from DHCP and locates a boot server

PXE ROM downloads a network boot program (NBP) by using TFTP

The NBP get the OS loader via TFTP, using the UDP stack of the PXE ROM

The loader TFTPs the associated files needed to boot into Windows PE from RAMDISK. These files are:

- A Boot Configuration Data (BCD) store. It tells the loader how to boot the OS

- An .sdi disk image

- The boot image in .wim format (boot.wim)

- Font files for the boot menu

The RAMDISK is produced by creating the disk image in memory and appending the .wim file to the disk

Windows PE boots by using the image in the .wim file

http://technet.microsoft.com/en-us/library/cc771845%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc771845(WS.10).aspx




The RAMDISK needs the M81KR driver

To add the M81KR driver to boot.wim, mount the boot.wim file you copied


Commit changes and replace boot.wim

Don‟t forget to append /commit to the dism /unmount-wim command

You now have a new boot.wim file in the WIM directory you created in slide 5

Go back to the WDS configuration menu, select boot image, right-click the Windows Setup image and choose Replace Image…


Replacing boot.wim

Choose the new boot.wim image

- WDS will work for 30 seconds or so

- PXE boot your test VM again to make sure boot.wim is valid

You could PXE boot a UCS blade right now, but you‟d end up with a Windows image that knows nothing about the M81KR adapters

- That‟s because there is a boot image and an install image

- Boot.wim eventually fetches install.wim which is the full-blown Windows image

- That image does not contain the M81KR drivers

- We need to patch it


Adding drivers to install.wim

Follow the same process as with boot.wim

- First, determine the index of the Windows flavor you want to patch


Mount install.wim, add drivers, un-mount and commit

• We‟re patching the Data Center edition (index 5)


Replace install.wim

Just like we did with boot.wim, replace the Windows image with the new install.wim

This new image now contains the Ethernet and HBA drivers for the M81KR adapter

You are now ready to PXE boot a UCS blade

- Create a new SP that‟s configured to boot from LAN

- Make sure you‟ve configured the vNIC with the correct VLAN


PXE booting a UCS blade into WinPE

If all is configured correctly you‟ll see this


WinPE booting on UCS blade

A few seconds later, you‟ll see this:


Windows setup as usual

Two or three minutes later, the all familiar Windows Setup dialog will appear


That’s it!

Within roughly 15 minutes you‟ll have a fully functional Windows image up and running

- The computer will auto-register with AD

- Its IP address is the one it received when issuing the DHCP request

If you bring up the Device Manager (under Diagnostics in Server Manager) you‟ll see that the Ethernet (and HBA, if any) adapters are recognized – no need to provide the drivers through a Virtual Media session

This is much faster and much more scalable than a manual installation


Further customization

If you wish to perform more customization (automatically creating user accounts, specifying default password, enabling|disabling features, etc.) you can create Unattended Answer Files using the SIM GUI

- The SIM GUI is part of the WAIK installation

Explaining how SIM works using slides is little tedious, I recommend you watch this video http://technet.microsoft.com/en-us/windows/dd179859 instead

Once you‟ve created an answer file, right-click the install image in the WDS configuration and bring up its properties

- Choose unattended install and point WDS to the XML configuration file

http://technet.microsoft.com/en-us/windows/dd179859



Essential automation elements


Automation essentials

What are we automating?

- Typically vSphere network configuration tasks (create vSwitches, add vMotion, etc.)

Why automate?

- Accessing each host individually through KVM console is tedious (no copy/paste)

- Repetitive tasks are not only a chore but they are error-prone

Using a tried and tested simple automation script:

- Saves tons of time

- Minimizes the risk of human error

- Ensure a uniform configuration is applied across all ESXi hosts

- Is guaranteed to impress the customer

What about Host Profiles?

- Not everyone runs Entreprise Plus

- Basic vSphere CLI provide more control (personal opinion; disclaimers apply )

vSphere network configuration


Tools of the trade

The vSphere CLI is a Windows executable that comes bundled with Active Perl

Ships with 20+ ready to use CLI commands to configure most aspects of ESXi

vSphere CLI and the VMA


vSphere CLI scripts

Place multiple CLI commands in a .bat file and watch the automation happen

Simple example that links vmnic1 to vSwitch0, creates vSwitch1 with vmnic2 and 3, creates a vMotion port-group and enables vMotion on it:

You can save credentials in session files (or config files, or variables, or SSPI)

vicfg-vswitch.pl -L vmnic1 vSwitch0 -server 172.16.17.11 -username root -password foo

vicfg-vswitch.pl -add vSwitch1 -server 172.16.17.11 -username root -password foo

vicfg-vswitch.pl -L vmnic2 vSwitch1 -server 172.16.17.11 -username root -password foo

vicfg-vswitch.pl -L vmnic3 vSwitch1 -server 172.16.17.11 -username root –password foo

vicfg-vswitch.pl -A vMotion vSwitch1 -server 172.16.17.11 -username root -password foo

vicfg-vmknic.pl --add --enable-vmotion --ip 10.1.0.31 -n 255.255.255.0 --portgroup vMotion

-server 172.16.17.11 -username root –password foo

C:\Program Files (x86)\VMware\VMware vSphere CLI\Perl\apps\session>save_session.

pl --savesessionfile "c:\Program Files (x86)\VMware\VMware vSphere CLI\bin\bruse

ssion" --server 10.48.58.15

Enter username: root

Enter password:

Session information saved.


Credentials in a session file

Output of the esxcfg-vswitch command using a session file:

vSphere CLI

C:\Program Files (x86)\VMware\VMware vSphere CLI\bin>esxcfg-vswitch.pl --sessionfile

brusession -l

Switch Name Num Ports Used Ports Configured Ports MTU Uplinks

vSwitch0 128 4 128 1500 vmnic1,vmnic0

PortGroup Name VLAN ID Used Ports Uplinks

Management Network 27 1 vmnic0

Switch Name Num Ports Used Ports Configured Ports MTU Uplinks

vSwitch1 128 4 128 1500 vmnic3,vmnic2


The vSphere Management Assistant

What‟s the VMA?

What‟s wrong with installing vSphere CLI locally on my PC?

- VMA is available no matter what

- VMA supports vCenter targets

- Central location for all scripts and 3rd party add-ons

- Fastpass feature: authenticate once to vCenter and get a pass against all ESXi hosts

It‟s demo time!

Conclusion


Key take-aways

Use a form of naming convention in SAN address pools

Boot from SAN for Windows: place SAN targets first in the list, have driver CD

Native VLAN checkbox: checked means no tags, unchecked means 802.1Q

Rapid deployment of templates: concept of cloning and pool inheritance

Typical designs for ESXi and Hyper-V: 8 vNICs and 2 vHBAs

Mass OS deployment: provisioning tools (UDA, Autodeploy, WDS + WAIK)

Essential automation elements: vSphere CLI and VMA

Recommended Reading

Please visit the Cisco Store for suitable reading.


Please complete your Session Survey

Don't forget to complete your online session evaluations after each session.

Complete 4 session evaluations & the Overall Conference Evaluation

(available from Thursday) to receive your Cisco Live T-shirt

Surveys can be found on the Attendee Website at www.ciscolivelondon.com/onsite

which can also be accessed through the screens at the Communication Stations

Or use the Cisco Live Mobile App to complete the

surveys from your phone, download the app at

www.ciscolivelondon.com/connect/mobile/app.html

We value your feedback

http://m.cisco.com/mat/cleu12/

1. Scan the QR code

(Go to http://tinyurl.com/qrmelist for QR code reader

software, alternatively type in the access URL above)

2. Download the app or access the mobile site

3. Log in to complete and submit the evaluations

http://www.ciscolivelondon.com/onsite

http://www.ciscolivelondon.com/connect/mobile/app.html

http://tinyurl.com/qrmelist


Thank you.

unified computing system hints and tips from the...

Documents