1

Virtual Connect Enterprise Manager Quick Start

Implementation Guide

Technical white paper Last Updated: 1/10/2012

Feedback: vcemqs-feedback@hp.com

Table of Contents

Introduction ...................................................................................................................................... 3

VCEM Operation Model and Key Concepts .................................................................................... 4

VCEM Installation Walk-Through (Release 6.3.1) ........................................................................... 6

Testing Setup Topology .............................................................................................. 6

Prepare Management Server to Install VCEM Software ............................................ 7

Download VCEM ISO File and Evaluation Licenses from HP.com ............................ 8

Install VCEM 6.3 Software from DVD ISO ................................................................ 13

Install VCEM 6.3.1 Update Patch ............................................................................. 28

Launch HP VCEM 6.3.1 after Installation ................................................................. 34

Discover HP BladeSystem Enclosures in HP Systems Insight Manager (SIM) ....... 37

Use Case 1: Import the First VC Domain into VCEM .................................................................... 42

Use Case 2: Import the Second VC Domain into VCEM and have LAN/SAN Configuration Replicated ................................................................................................................. 49

Use Case 3: Using Network Access Groups (NAG) ...................................................................... 61

Use Case 4: VLAN Change Automatic Replication Across Enclosures ........................................ 71

Use Case 5: Profile Failover .......................................................................................................... 76

Appendix 1: Install .Net 3.5 SP1 on Windows 2008 R2 server ...................................................... 86

Appendix 2: Change DEP setting on Windows2008 R2 server ..................................................... 88

Appendix 3: Install SNMP service on Windows2008 R2 server .................................................... 90

2

Revision History

Date Revision Changes 12/6/2011 1.0 Initial Edition

1/10/2012 1.1 Some grammar modifications

3

Introduction

HP Virtual Connect Enterprise Manager (VCEM) provides a centralized management console for Virtual Connect server profiles across multiple HP BladeSystem enclosures. This technical white paper is intended to help readers familiarize themselves with the VCEM installation and setup process. It also covers several VCEM use cases to showcase VCEM operation model and how it interacts with individual Virtual Connect Manager (VCM) domains as well as the limitation of stacking enclosures, and VCEM’s ability to provide networking, management and maintenance. It’s important that readers already understand the concept of HP Virtual Connect and server profiles to fully comprehend how VCEM works with individual VC domains and the benefit of deploying VCEM. For more information on HP VCEM documentation, please check HP VCEM Manual Page: http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en&cc=us&taskId=101&prodClassId=10008&contentType=SupportManual&docIndexId=64255&prodTypeId=18964&prodSeriesId=3601866 HP Insight Software Information Library: http://h18004.www1.hp.com/products/servers/management/unified/infolibraryis.html

4

VCEM Operation Model and Key Concepts

VCEM provides a central point of server profile management for HP BladeSystem Virtual Connect domains. Virtual Connect (VC) technology offers substantial benefits to System/LAN/SAN Administrators by providing unique features like server profile and FlexNIC. Virtual Connect configures LAN/SAN connectivity of the server blades inside HP BladeSystem enclosures. A Virtual Connect server profile is a logical grouping of server connection attributes that can be assigned to any bay within a BladeSystem enclosure. When assigned to an enclosure bay, the server in that bay assumes the attributes of the server profile. Each HP BladeSystem enclosure equipped with Virtual Connect is managed by VC’s embedded Virtual Connect Manager (VCM). VCM allows IT Administrators to stack up to 4 enclosures to form a single VC Domain. VCM and VC stacking technology can have some operation overhead when more enclosures are deployed. VCEM is the product to address these overheads. You can leverage VCEM benefit when you want to deploy two and more enclosures. The demo setup of this white paper uses two HP c7000 enclosures. The following table is a comparison of managing multiple Virtual Connect enclosures using VCM vs. VCEM

Using VCM Using VCEM Need to access individual VC domain to configure and manage server profiles

Manage server profiles from multiple domains with a centralized VCEM console.

Server Profile mobility is contained in a Virtual Connect domain, which is 1 HP BladeSystem enclosure without VC stacking and up to 4 enclosures with VC stacking

Server profile can be applied, moved and copied across multiple enclosures. VCEM can control up to 250 Virtual Connect Domains, 1000 BladeSystem Enclosures. VCEM allows profile movement from one VC domain to another VC domain within the same or different domain group

Without a central pool allocation, Administrators must plan accordingly to ensure each VC domain has a unique range of MAC/WWN address pool assignment so we don’t have duplicate addresses when deploying more VC domains.

VCEM assigns MAC/WWN addresses to various VC domains from a central pool so duplicate MAC/WWN addresses won’t occur.

The same LAN/SAN configuration must repetitively be provisioned when trying to set up a new enclosure.

The existing LAN/SAN VC configuration will be automatically synched to new enclosures when they are imported into the same VCEM domain group.

If there is a change to VC LAN/SAN configuration, such as adding a new VLAN into an existing VC network trunk, the same configuration has to be applied to each enclosure separately by logging into each VC domain.

Any change to the LAN/SAN VC configuration needs to be only done once at an enclosure and the change will be synched to all the enclosures in the same VCEM domain group.

It’s also important that readers understand the implementation model of VCEM when it controls multiple VC domains and there are some important concepts associated with VCEM deployment.

Concepts Notes

VC Domain A VC domain defines a BladeSystem LAN/SAN connections and server profiles created for the servers inside the enclosure.

5

VCEM Server Location

It’s recommended to have a dedicated server deployed for VCEM outside the VC domains it manages.

Import VC Domain

In order for VCEM to manage a VC domain, the domain needs to be imported into VCEM first

Domain Group and Domain

Each VC domain will belong to one VCEM Domain Group when doing the import, a minimum of one Domain Group needs to be created on the VCEM server to manage all VC domains. In many cases, one domain group will be sufficient to manage all VC domains. Please see the next row describing when multiple domain groups can be created.

Enclosure H/W Requirement

VCEM requires that each enclosure in the same domain group have the same VC H/W model setup. VCEM does NOT require that front side server models have the same setup across enclosures in the same domain group. Each enclosure can have its own blade server setup. For example, all enclosures in one domain group can have VC FlexFabric modules in I/O Bay 1 and Bay 2. However, under one domain group, you can’t have one enclosure with VC FlexFabric modules in I/O Bay 1 and 2 while the other enclosure has VC Flex-10 modules in I/O Bay 1 and 2. The reason for this is that VCEM will sync all LAN/SAN configuration across all enclosures under one domain group, so it’s critical that all enclosures under one domain group have the same VC H/W setup so that when users move server profile across different enclosures, LAN and SAN topology and connectivity are consistent. In this case, users can create two VCEM domain groups and put enclosures with VC FlexFabric modules in one domain group and put enclosures with VC Flex-10 modules in another domain group.

Maintenance Mode and

Lock/unlock Individual VC Domains

VCEM will lock individual VC domains to prevent any change at the individual VC domain level to ensure configuration consistency across multiple enclosures. A user needs to unlock individual VC domains on the VCEM console to make any changes to that VC domain. The lock/unlock process is done by putting the VC domain in “Maintenance Mode”.

Server Profile Operation

Any server profile operations are centrally accomplished with the VCEM console.

LAN/SAN Configuration and

Change

All VC domain LAN/SAN configuration change needs to be at the VC domain level while it’s in maintenance mode. The change will be replicated to the other enclosures inside the same domain group after the VC domain maintenance is completed.

6

VCEM Installation Walk-Through (Release 6.3.1)

Testing Setup Topology

The testing setup consists of two HP c7000 BladeSystem enclosures. Each enclosure has a pair of Virtual Connect FlexFabric modules in I/O slot bays 1 and 2. The VCEM server is on a rack mount server (In fact, it’s a VCEM windows virtual machine running on a rack mount server). Each enclosure has LAN and SAN connectivity through Virtual Connect modules. The details of the connectivity are not in the scope of this white paper as the intent is to show two enclosures connecting with the same LAN/SAN environment for our VCEM demo.

7

Prepare Management Server to Install VCEM Software

VCEM is based on HP System Insight Manager (SIM) on Windows. HP SIM is the central management solution for HP servers and storage arrays. The white paper won’t cover SIM details. SIM information can

be accessed at http://www.hp.com/go/sim .

VCEM installation requires the following windows components. It’s recommended that users meet these requirements before installing VCEM. Otherwise there will be some error messages along the installation path prompting users that the required components have not been installed.

Component Comments

Host Operating System

VCEM is supported on Windows Server 2003/2008/2008 R2. For detailed compatibility matrix, please check Page 11 of “HP Insight Software 6.3 Support Matrix” doc.

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c02786379/c0

2786379.pdf

.Net 3.5 SP1 (reboot needed)

This is required by MS SQL Database 2008 R2 Express, which is the default database HP SIM and VCEM will use. For installation process, please refer: Appendix 1: Install .Net 3.5 SP1 on Windows 2008 R2 server

Data Execution Prevention (DEP)

setting (reboot needed)

DEP is a security feature for MS Windows. VCEM installation needs the DEP setting to be changed to “opt-in” from default “opt-out” mode. For detailed description of this setting, please see http://support.microsoft.com/kb/875352 For installation process, please refer: Appendix 2: Change DEP setting on Windows2008 R2 server

SNMP

SNMP service must be enabled on the VCEM server and a minimum Public community with READ-ONLY right needs to be defined. For installation process, please refer: Appendix 3: Install SNMP service on Windows2008 R2 server

Adobe Flash Player Both HP SIM/VCEM and VCM requires flash player.

DNS

It’s strongly recommended that the DNS and reverse DNS is setup in your environment so that NSLOOKUP either by name or by IP has the right results returned. HP SIM is tightly based on DNS lookup for many operations. Without DNS, a VCEM POC should be able to run but it’s not recommended for any production environment.

8

Download VCEM ISO File and Evaluation Licenses from HP.com

Users can try VCEM free for 60 days. The installation ISO file and licenses can be downloaded at

http://www.hp.com/go/vcem

The following screen capture will demonstrate the download process. This is how the above URL page looks like

9

10

11

12

13

Install VCEM 6.3 Software from DVD ISO

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

Install VCEM 6.3.1 Update Patch

VCEM 6.3.1 requires VCEM 6.3 ISO to be installed first (which we did in previous section) and then apply VCEM 6.3.1 update patch.

29

30

31

32

33

34

Launch HP VCEM 6.3.1 after Installation

After VCEM 6.3 ISO and VCEM 6.3.1 update patch are installed, look for an icon on windows desktop named” HP Systems Insight Manager” and double click it.

35

36

37

Discover HP BladeSystem Enclosures in HP Systems Insight Manager (SIM)

Although HP SIM and VCEM are installed, they have no knowledge of which enclosures to manage until the user allows HP SIM and VCEM to discover these systems either by IP or DNS names. In order for VCEM to work, it needs to verify the individual VC domains and import them into its database. Please remember VCEM is based on HP SIM. SIM provides security, logging, discovery, licensing, event framework, etc. for plug-ins like VCEM. VCEM will leverage HP SIM to do the basic enclosure discovery so it can see VC domains after the discovery. So let’s do a HP SIM discovery now.

38

39

40

41

42

Use Case 1: Import the First VC Domain into VCEM

After HP SIM initiates the device discovery, we can now focus on VCEM to manage the individual VC domains. First, let’s import the first c7000 enclosure VC domain into VCEM. This VC domain has an existing LAN/SAN configuration and a server profile already defined. VCEM will import all these configurations into its domain group. It is important to note that it is not necessary to have any server profiles defined in VCM. VCEM can configure all server profiles from its centralized console. If you do have existing server profiles defined currently, VCEM will import them. For LAN/SAN configuration, VCEM depends on VCM level to manage it and will replicate all LAN/SAN configurations to the enclosures in the same domain group.

43

44

45

46

47

48

49

Use Case 2: Import the Second VC Domain into VCEM and have LAN/SAN Configuration Replicated

The benefit of VCEM will show up when you start to manage multiple enclosures, starting from the second enclosure. Assuming you have configured your LAN/SAN for the first enclosure of the VC domain, and the additional enclosures are all connected to the same LAN/SAN environment, you will not be required to configure these enclosures. Simply import the enclosure(s) into the same VCEM domain group, LAN/SAN configuration will be automatically synced into this enclosure.

50

51

52

Now it’s time to verify if all LAN/SAN configuration information from enclosure 1 VC domain ENC1-VC-Domain has been synched to enclosure 2 VC domain ENC2-VC-Domain without the user having to manually configuring them again.

53

54

Next we will create a server profile for a server in enclosure2 and leverage the LAN/SAN configurations synched from enclosure1.

55

56

57

58

59

60

61

Use Case 3: Using Network Access Groups (NAG)

One of new features introduced in Virtual Connect 3.30 and VCEM 6.3.1 is Network Access Groups (NAG). Within VCM, you can define Network Access Groups (NAG) to manage groups of networks. Assigning networks to a server profile prevents the use of networks outside of an assigned group, or NAG (for example, in the case of Intranets and Extranets). You associate each server profile with one NAG, but you can assign multiple server profiles to the same NAG. As a result, you cannot assign a network to a server profile unless that network is a member of the NAG associated with that server profile.

With NAG, the user can group some networks into a logical Network Access Group (NAG). After that, when the user assigns a network in the server profile, the user can first pick a NAG already defined in the LAN settings and then he can only see networks under this NAG and can pick the network from this range to assign to server port. This feature introduces another layer of security and improves virtual connect profile security. This improves usability in reducing the chance a system administrator will assign the wrong networks to server port. To create a NAG, we need to do it at the individual domain VC manager level, not the VCEM level. Remember that VCEM will only control server profile operation. For any LAN/SAN configuration change (including NAG), changes need to be made in VCM. In order to be able to edit in VCM, we need to first pick a VC domain and put it into “Maintenance” mode. After making the change in VCM, we’ll “complete” the maintenance mode on the VCEM console. All LAN/SAN configuration will be synched to all enclosures under the same VCEM domain group. In this test, we’ll

From VCEM, put VC domain 1 into maintenance mode.

Create two NAGs in VC domain 1 called ESX and Linux. ESX NAG will include all networks related with ESX deployment and Linux will include all networks related with Linux deployment.

Complete VC domain 1 maintenance mode

Create a server profile in VCEM leveraging the newly created Linux NAG and assign the profile to a server in enclosure 2

Verify in enclosure 2 VC domain, the profile is rightly defined and applied to the local blade server.

62

63

64

65

66

67

68

69

70

71

Use Case 4: VLAN Change Automatic Replication Across Enclosures

Another benefit of VCEM is that users can make changes to LAN/SAN configurations across multiple enclosures, like adding a new VLAN under network trunks. Instead of implementing the same changes in VCMs one by one, users can make changes once in VCM and VCEM will replicate those changes to other enclosures in the same domain group. In this test, we’ll:

In VCEM, put VC domain 1 into maintenance mode. (skip the screen capture as this is the same procedure as the previous test)

Add some VLANs under network trunks (SUS) in VC domain 1.

Complete VCM maintenance mode (skip the screen capture as this is the same procedure as the previous test)

View the newly added VLAN is available in VCEM for the server profile, and view the newly added VLAN under VC domain 2 to verify VCEM replication.

First let’s verify the existing LAN configuration in VC domain 1.

72

73

74

After completing VC domain 1 maintenance at VCEM console, we will try to create a new server profile to see if we can see new vlans added.

75

76

Use Case 5: Profile Failover

VCEM Profile Failover provides a way to quickly move a VC Profile from one system to another. VCEM profile failover may be triggered by three ways:

Option Trigger method Automation

VCEM GUI The Profiles Tab. The Bays Tab.

Manually by the system administrator

VCEM CLI

The failed system’s hostname.

The failed system’s IP address. The failed system’s enclosure and bay number.

Manually by the system administrator

HP System Insight Manager(SIM) event

monitoring

HP SIM event handler issues script to VCEM CLI

Automatically by HP SIM service on the same server

This section isn’t intended to discuss profile failover options in detail. For more information, please check the following technical white paper:

VCEM Profile Failover and Profile Moves: http://h10032.www1.hp.com/ctg/Manual/c01469068.pdf

77

In this test, we assume that enclosure 1 has H/W issues and we want to move the server configuration from enclosure 1 to enclosure 2. We will use VCEM GUI to manually trigger a server profile failover from enclosure 1 bay 1 server to enclosure 2 bay 3 server. By doing this, users can quickly boot up a new server in another enclosure with the same LAN/SAN connectivity and OS contents. In our case, we have a Windows 2008 R2 server running in enclosure 1 bay 1 and it is set up as boot from SAN, we’ll verify after profile failure if the same image is loaded through SAN.

Please note, there are several conditions to meet before profile failover happens:

In the VCEM domain group, users need to select idle servers as SPARE servers so VCEM has a pool of idle servers to choose when users want to issue a profile failover

Spare servers need to be powered off to be ready for server profile assignment

Boot from SAN from the server is required if users want the spare server boots up with the same OS image source server was using. VCEM will only move server identity like VLAN/MAC/WWN from the source server to the spare server using the server profile concept. It’s the admin job to make sure the source and spare servers have the same LAN/SAN connectivity and that they have set up BFS correctly.

During profile failover, the following events will happen

78

VCEM power off the source server

VCEM unassigns server profile from source server

VCEM assigns the same server profile to the spare server selected (Again, the spare server needs to be powered off initially)

VCEM power on the spare server

79

80

81

82

83

84

85

86

Appendix 1: Install .Net 3.5 SP1 on Windows 2008 R2 server

87

88

Appendix 2: Change DEP setting on Windows2008 R2 server

89

The pop up message will show.

90

Appendix 3: Install SNMP service on Windows2008 R2 server

91

92

93

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is

subject to change without notice. The only warranties for HP products and services are set forth in the

express warranty statements accompanying such products and services. Nothing herein should be

construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors

or omissions contained herein.

c03115781, Updated January 2012