Send Us Your Feedback

  • We'd love to hear from you. Let us know how we're doing and how we can make your experience here more enjoyable! We are always looking for ways to improve.
  • [blogs-support@cisco]

August 19, 2009

Roles Based Access on the CIsco Unified Computing System


While we are getting a great deal of traction on the vision behind the Cisco Unified Computing System and the idea of an integrated system that combines network, compute, and virtualization in a single platform, folks sometimes wonder if they will have to play “Mother, May I?” with the network team to access the system.  So, before we bust that particular myth, let’s step back a bit.  One of our design goals is to be operationally non-distuptive.  What that means is our goal is to not mess with you existing operational practices and procedures—our ideal is to allow you to manage your new infrastructure the same way your existing infrastructure.  The most recent example of this is the Cisco Nexus 1000V.  While it delivers an immense amount of new functionality, server admins still use vCenter to manage their virtual machines and network admins manage the Nexus 1000V exactly like their other Cisco switches.  This is also one of the reasons we see FCoE continuing to gain traction in the enterprise—when all is said and done, its still Fibre Channel.  The other design goal, which I covered in my last post, is that we see the data center staff of the future being loosely coupled—working collaboratively and as peers, but still maintaining distinct responsibilities.  Which brings us to the Cisco UCS.

In this video, Brian Schwarz, from the UCS team, takes us through the roles based access control features on the platform.  One of the cooler aspects of this is the granularity of the controls—to the point that privileges are not just tied to to your log-in, but also to the profile running on a particular server.  The other aspect of this, which I think is cool is how flexible the approach is—Brian talks about how our access control model does not force you to adapt to a certain framework, but rather is design to adapt to you how you currently assign roles in you company.


For more info on managing the Cisco UCS, check out some of my previous posts on the topic:

Cisco Unified Computing System Manager and Firmware Profiles
Unified Computing System Manager Revealed (Part 1)
Unified Computing System Manager Revealed (Part 2)

Omar Sultan Posted by Omar Sultan at 02:26PM PST

Permalink, Comments (3), Trackbacks (0)

Tags: data center 3.0 unified computing system

3 Comments

Rodos Aug 19, 2009

Omar, the RBAC in UCSM is a great feature. One thing I have noticed is that if you don’t give people access to an area they can still SEE it, they just can’t do anything.

It would be great to be able to give a person access to a particular area, and not let them see the details of others. Thinking multi-tenancy here.

Rodos

Brian Schwarz Aug 24, 2009

Rodos,

We made add capabilities to do this in the future.

Given that our XML API gives complete access to the system, and our current GUI uses this interface it is quite straight-forward to build.

In addition to Cisco providing capabilities in this area you should expect some of our ISV partners to add value in this area. Some of our partners are more server centric, some network, some storage, sot hey gravitate to areas that make sense to them and our mutual customers.

Currently, the intent is to provide good line of sight visibility into the system configuration, which will aid troubleshooting, and reduce the “blamestorm” when something goes wrong. In today’s non-Unified systems troubleshooting can take on a personal/political dimension which is inefficient and unfortunate. We believe the UCS Manager can provide hard data to focus everyone on driving to resolution with facts.

If you want to discuss more please contact you local Cisco rep. They can provide more information, or broker a discussion with the UCS team.

Regards,

-Brian

CentricsIT Sep 1, 2009

A great post. The ability to define roles in the system makes sense and has great functionality for our clients. Very applicable to clients who have multiple people managing departments in the company independent of each other.

Thanks!

Post a comment

Join the conversation!

We encourage your comments, questions and suggestions. All comments are moderated and will appear as soon as they are approved by the moderator.

Please increase the validity of your comment by providing a valid first and last name. Spam, off-topic or offensive comments will not be posted.

Name:
Email:
URL:

Comments:

Notify me of follow-up comments?

Submit the word you see below:


Post a trackback

Ping this URL to post a trackback:
http://blogs.cisco.com/trackback/7740/bnkBnCvG/

More blog posts

Previous post:
Are You Getting the WAN Advantage to Your Branch Office?

Next post:
Will Virtualization Kill Networking?

Recent posts:
November 2009 Archive

Search

DataCenter Radio

Data Center TechMinute Podcast

What We're Reading

Subscribe By Email (info)

What's on the Cisco Tube?

Video

Archives