Check out the new Cisco UCS Hardening Guide white paper which is now released and available on the Cisco Security Portal. The paper outlines and highlights security best practices for Cisco UCS.
This paper provides information to help users secure Cisco Unified Computing System (Cisco UCS) platform and provides guidance on how to harden Cisco UCS Software features. The paper provides references to lots of related documentation.
It’s been a couple of weeks since the Cisco data center and partner teams wrapped up a terrific Oracle OpenWorld 2014. We had a great week of conversations with customers and partners on how Cisco UCS provides a superior platform for Oracle Data Base and applications. We also announced three record-setting benchmarks for Oracle E-Business Suite and Java operations (SPECjbb2013).
This year, we placed a greater emphasis on communicating beyond our booth via video, digital and social streams. We staged a studio in the Cisco booth that enabled us to stream live video interviews with industry luminaries and Cisco experts hosted by theCUBE, the leading interview format show in enterprise tech. We were honored to host Intel CIO Kim Stevenson immediately following her main stage keynote presentation. Other featured guest included Jim McHugh, Cisco VP of UCS Marketing; Intel VP, Shannon Poulin; Cisco VP of Global Partner Marketing; Sherri Liebo; and Red Hat VP, Mike Evans. The videos are now available for replay here.
The Cisco booth was a hub of non-stop action in our theater where we hosted a terrific line-up of presentations by Cisco experts, customers and partners. We took advantage of this opportunity to record video summaries of these sessions and are pleased to present this video library from Oracle OpenWorld 2014.
House of Brick Technologies on the Advantages of Cisco UCS for Oracle Workloads
Why is Cisco UCS everywhere? Dave Welch, CTO of House of Brick Technologies, highlights the many advantages of UCS for Oracle workloads in this discussion with Jim McHugh, Cisco VP of UCS Marketing.
Five years ago, VCE was created with the goal of providing a simple, efficient solution to deploy and run IT infrastructure. VCE’s Vblock Systems have enabled customers to focus on business innovation instead of integrating, validating, and managing IT infrastructure. It would be an understatement to say VCE has been successful. Last year, Vblock Systems, built on Cisco UCS integrated infrastructure, surpassed their 2013 goal of $1 billion in annual sales and was recognized as a leader inthe integrated infrastructure market. In fact, in Gartner’s inaugural Magic Quadrant for integrated systems, VCE Vblock Systems is rated in the Leaders Quadrant, based on the tight integration of industry and market leading technologies from Cisco and EMC.
Today, VCE announced a major update and expansion to their Vblock Systems portfolio using the latest Cisco UCS servers and Cisco ACI-Ready switches. The new Cisco M4 model servers recently celebrated four world-records benchmarks, offering performance improvements up to 145 percent since the last processor generation. Customers can be confident that Cisco UCS servers will deliver outstanding application performance as part of a Vblock System. IT leaders want to accelerate infrastructure and application deployment and these new ACI-Ready Vblock Systems are an extension of Cisco’s application-centric data center strategy. We feel our application-centric approach, where the automated configuration of IT infrastructure in sync with the needs of the application, is essential to keeping pace with todays dynamic business priorities.
VCE also announced a cloud management solution with Cisco UCS Director. VCE’s Integrated Solution for Cloud Management with Cisco pre-integrates UCS Director with a Vblock System, providing the capability to quickly instantiate an initial private cloud foundation for customer environments. UCS Director enables the automation and provisioning of compute, network, and storage resources, both physical and virtual. This automation of integrated infrastructure can further expedite the deployment of application-ready infrastructure.
Cisco is excited that our new products and technologies have been integrated into the Vblock portfolio and congratulate the VCE team on today’s announcement. We believe these new Vblock Systems and solutions will make it easier for customers to deliver the performance, agility, and availability for the most demanding applications.
It almost feels like this blog entry should start with: Once upon a time…. Because it captures a journey of a young emerging technology and the powerful infrastructure tool it has become. The Cisco UCS journey starts with the tale of Unified Fabric and the Converged Network Adapter (CNA).
Most people think of Unified Fabric as the ability to put both Fiber Channel and Ethernet on the same wire between the server and the Fabric Interconnect or upstream FCoE switchs. That is part of the story, but that part is as simple as putting a Fiber Channel frame inside of an Ethernet frame. What is the magic that makes this happen at the server level? Doesn’t FCoE imply that the Operating System itself would have to know how to present a Fiber Channel device in software and then encapsulate and send the frame across the Ethernet port? Possibly, but that would require OS FCoE software support which would also require CPU overhead and require end users to qualify these new software drivers and compare the performance of software against existing hardware FC HBAs.
For UCS the key to the success of converged infrastructure was due greatly to the very first Converged Network Adapters that were released. These adapters presented existing PCIe Fiber Channel and Ethernet endpoints to the operating system. This required no new drivers or new qualification from the perspective of the operating system and users. However at the heart of this adapter was a Cisco ASIC that provided two key functions:
1.) Present the physical functions for existing PCIe devices to the operating system without the penalty of PCIe switching.
2.) Encapsulate Fiber Channel frames into an Ethernet frame as they are sent to the northbound switch.
Converged Network Adapter
It is the second function that we often focus on because that’s the cool networking portion that many of us at Cisco like to talk about. But how exactly do we convince the operating system that it is communicating with an Intel Dual port Ethernet NIC and a Dual port 4GB Qlogic Fiber Channel HBA? I mean these are the exact same drivers that we use for the actual Intel and Qlogic card, there’s got to be some magic there right?
Well, yes and no. Lets start with the no. Presenting different physical functions (PCIe endpoints) on a physical PCIe card is nothing new. It’s as simple as putting a PCIe switch between the bus and the endpoints. But like all switching technologies a PCIe switch incurs latency and it cannot encapsulate a FC frame into an Ethernet frame. So that’s where the magic comes into play. The original Converged Network Adapater contained a Cisco ASIC that sits on the PCIe bus between the Intel and Qlogic physical functions. From the operating system perspective the ASIC “looks” like a PCIe switch providing direct access to the the Ethernet and Fiber Channel endpoints, but in reality it has the ability to move I/O in and out of the physical functions without incurring the latency of a switch. The ASIC also provides a mechanism for encapsulating the FC Frames into a specific Ethernet frame type to provide FCoE connectivity upstream.
The pure beauty of this ASIC is that we have evolved it from the CNA to the Virtual Interface Card (VIC). These traditional CNAs have a limited number of Ethernet and FC ports available to they system (2 each) based on the chipsets installed on the card. The Cisco VIC provides a variety of vNICs and vHBAs to be created on the card. The VIC not only virtualizes the PCIe switch, it virtualizes the I/O endpoint.
Cisco Virtual Interface Card
So in essence what we have created with the Cisco ASIC, that drives the VIC, is a device that can provide a standard PCIe mechanism to present an end device directly to the operating system. This ASIC also provides a hardware mechanism designed to receive native I/O from the operating system and encapsulate and translate where necessary without the need for OS stack dependencies, for example native Fiber Channel encapsulated into Ethernet.
At the heart of the UCS M-Series servers is the System Link Technology. It is this specific component that provides access to the shared I/O resources in the chassis to the compute nodes. System Link Technology is the 3rd Generation technology behind the VIC and the 4th Generation technology for Unified Fabric within the construct of Unified Computing. The key function of the System Link Technology is the creation of a new PCIe physical function called the SCSI NIC (sNIC) that presents a virtual storage controller to the operating system and maps drive resources to a specific service profile within Cisco UCS.
System Link Technology
It is this innovative technology that provides a mechanism for each compute node within UCS M-Series to have it’s own specific virtual drive carved out of the available physical drives within the chassis. This is accomplished using standard PCIe and not MR-IOV. Therefore it does not require any special knowledge of a change in the PCIe frame format by the operating system.
For a more detailed look at System Link Technology in the M-Series check out the following white paper.
The important thing to remember is that hardware infrastructure is only part of the overall architectural design for UCS M-Series. The other component that is key to UCS is the ability to manage the virtual instantiations of the system components. In the next segment on UCS M-Series Mahesh will discuss how UCS Manager rounds out the architectural design.
Guest post by Aaron Newcomb, Solutions Marketing Manager, NetApp
No one wants the 2:00 am distressed phone call disturbing a good night’s sleep. For IT Managers and Database Administrators that 2:00 am call is typically bad news regarding the systems they support. Users in another region are not able to access an application. Customers are not placing orders because the system is responding too slowly. Nightly reporting is taking too long and impacting performance during peak business hours. When your business critical applications running on Oracle Database are not performing at the speed of business that creates barriers to customer satisfaction and remaining competitive. NetApp wants to help break down those barriers and help our customers get a good night sleep instead of worrying about the performance of their Oracle Database.
NetApp today unveiled a solution designed to address the need for extreme performance for Oracle Databases with FlexPod Select for High Performance Oracle RAC. This integrated infrastructure solution offers a complete data center infrastructure including networking, servers, storage, and the management software you need to run your business 24x7 365 days a year. Since NetApp and Cisco validate the architecture you can deploy your Oracle Databases with confidence and in much less time than traditional approaches. Built with industry-leading NetApp EF-550 flash storage arrays and Cisco UCS B200 M3 Blade Servers this solution can deliver the highest levels of performance for the most demanding Oracle Database workloads on the planet.
The system will deliver more than one million IOPS of read performance for Oracle Database workloads at sub-millisecond latencies. This means faster response times for end users, improved database application performance, and more overhead to run additional workload or consolidate databases. Not only that, but this pre-validated and pre-tested solution is based on a balanced configuration so that the infrastructure components you need to run your business are working in harmony instead of competing for resources. The solution is built with redundancy in mind to eliminate risk and allow for flexibility in deployment options. The architecture scales linearly so that you can start with a smaller configuration and grow as your business needs change optimizing a return on investment. If something goes wrong the solution is backed by our collaborative support agreement so there is no finger pointing and only swift problem resolution.
So what would you do with one million IOPS? Build a new application that will respond to a competitive threat? Deliver faster results for your company? Increase the number of users and transactions your application can support without having to worry about missing critical service level agreements? If nothing else, imagine how great you will sleep knowing that your business is running with the performance needed for success.