Domain Policies

As discussed in the “Intersight Managed Mode” section of Chapter 4, Intersight can configure both servers and the Fabric Interconnect switches that serve as the network infrastructure for the servers.

A UCS domain is a logical representation of the compute fabric. UCS domains contain many different types of policies that represent different reusable portions of configuration. Examples of such policies include those addressing BIOS settings, boot order, RAID configuration, firmware, QoS, VLAN trunking, and MTU.

In previously deployed or brownfield UCS environments, all these configuration policies for a UCS domain are housed in a tool known as UCS Manager (UCSM), which runs locally on the Fabric Interconnect switches. For these brownfield environments, the domain policies remain in UCSM and are not migrated or transferred to Intersight. Under this traditional management model, Intersight does not replace UCS Manager but instead enhances it by consolidating the day-to-day operations such as firmware updates, remote console access, and technical assistance integration.

For greenfield UCS deployments, Intersight supports a more modern approach to managing a compute domain by hosting all the policies and tools required to configure the infrastructure to match those policies directly within Intersight. This approach brings a new type of Intersight policy to support the network infrastructure for the servers.

Figure 5-1 shows an example of a port policy that is used to configure Fabric Interconnect port roles within an Intersight domain.

Intersight avoids reinventing the wheel by allowing policies to be defined once, applied across multiple resource types, and consumed many times by the desired resources. Instead of clicking on individual ports in a UI to configure them, administrators can reuse previously configured port policies. Instead of looking up and entering the IP addresses for NTP servers each time a new domain is created, administrators can reuse the same NTP policy for every UCS domain profile at a given site. This promotes consistency, prevents duplicate work, and eliminates unnecessary/unwanted operational overhead.

Some examples of policies that are usable across both a server and a domain profile include:

• Ethernet network control

• Ethernet network group

• Network connectivity

• NTP

• SNMP

• Syslog

Domain Profiles

Because Intersight mode supports both server and domain infrastructure (among others), multiple types of profiles are supported. A profile specific to UCS domain infrastructure is referred to as a domain profile and defines the network configuration policies for a given domain. This profile consists of one or more domain policies that define the desired domain network configuration settings.

Some common examples of policies specific to domain profiles include:

• Port configurations:

  • Unified port selection (FCoE, Ethernet)

  • Port role (traditional, port channel, VPC)

• VLAN/VSAN configuration

• NTP service

• Network connectivity (DNS, IPv6)

• QoS

Domain profiles provide an easy and consistent method to simplify network configuration for servers across domains. Because most organizations define standards for configuring the networking for servers (specifically uplink ports, downlink ports, VLAN settings, and so on), the use of domain policies and profiles can significantly streamline this effort. Network connectivity policy, Ethernet network group policy, and port policy are examples of commonly used domain policies for defining the domain network configuration.

Domain profiles are created much like other profiles: You select Configure > Profiles and browse to the UCS Domain Profiles tab. From there, you can clone an existing domain profile or create a new one.

A UCS domain profile consists of policies that can either be defined in advance or created inline while building a new profile. The types of policies that make up a UCS domain profile continue to evolve as the Intersight platform is enhanced. These are some of the most important domain policies:

• VLAN policy: Defines the name and VLAN ID of each VLAN that will exist within the domain. Each VLAN can be assigned a different multicast policy. Each Fabric Interconnect can have a different VLAN policy.

• VSAN policy: Defines the name, VSAN ID, and FCoE VLAN ID of each VSAN that will exist within the domain. Each Fabric Interconnect can have a different VSAN policy.

• Port policy: Defines the role (Ethernet uplink, FC uplink, server port, or unconfigured) and type (Ethernet or FC) of each FI port. Fabric Interconnects A and B can have different port profiles.

• Network connectivity policy: Defines the IP addresses of DNS servers.

• System QoS policy: Defines the properties of different QoS classes.

• Ethernet network group policy: Defines allowed VLANs and native VLAN.

A single domain profile may be used to configure all the uplink and downlink ports, provision all required VLANs and VSANs, and configure other networking settings (such as NTP, DNS domain, QoS, and multicast policy), using reusable policies.

Figure 5-2 shows one of the three tabs of a domain profile applied to a Fabric Interconnect pair. The figure shows three previously defined policies, which ensure consistent network connectivity, as well as the details of one of them (the NTP policy).

To apply the configuration for the domain, simply deploy the domain profile to the desired Fabric Interconnects for the domain. Administrators looking to standardize the network infrastructure for the servers can realize huge time savings by employing thoughtfully designed profiles.

Nexus Dashboard

Cisco Nexus Dashboard brings together real-time insights and automation services to operate multicloud data center networks and integrates with the Intersight cloud operating platform for a consistent and holistic view of all infrastructure components, including network, storage, compute, virtualization, containers, and Kubernetes.

Nexus Dashboard is a platform designed for network operations that provides a single launch point to manage, monitor, and troubleshoot both LAN and SAN fabrics. It integrates operational services that allow NetOps teams to navigate seamlessly through all aspects of network infrastructure lifecycle tasks, from initial configuration and capacity planning to running and troubleshooting.

Nexus Dashboard works together with Intersight and provides a unified view into proactive operations with continuous assurance and actionable insights across data center fabrics for seamless management.

The integration of Nexus Dashboard to Intersight is formally referred to as Cisco Intersight Nexus Dashboard (ND) Base. This capability in Intersight enables organizations to view basic data center network assets, inventory, and status information in the Intersight portal. It also provides immediate access to a high-level view of data center platforms such as Cisco APIC or Cisco DCNM in their network.

Nexus Dashboard, network controllers (such as APIC and DCNM controllers), and individual switches (such as MDS and Nexus switches) are connected to Intersight through Device Connector software embedded in each system. Upon startup, Device Connector attempts to connect to Intersight automatically. However, it may be necessary to manually configure Device Connector with proxy and DNS settings.

Once Device Connector can successfully communicate with Intersight, the network device or controller can be claimed just like any other target device from Intersight. (Refer to Chapter 1, “Intersight Foundations,” for a refresher on this process.)

Within Intersight, once a network device is claimed, a Networking menu is added in the left pane, under the Operate tab. From here, you can view the entire data center networking inventory, including SAN switches, Ethernet switches, and controllers.

On the General tab, the details table displays information about the platform, such as name, status, device type, device IP, firmware version, nodes, and organization (see Figure 5-3).

The Inventory tab shows a summary view and detailed information about the controllers, spine switches, leaf switches, licenses, and features associated with the platform in the network. For example, Figure 5-4 shows details about the spine switches.

You can use the search functionality to find specific attributes such as name, status, type, device IP, and organization, and you can export the search results to a CSV file.