Roles Based Access on the CIsco Unified Computing System

August 19, 2009 - 3 Comments

While we are getting a great deal of traction on the vision behind the Cisco Unified Computing System and the idea of an integrated system that combines network, compute, and virtualization in a single platform, folks sometimes wonder if they will have to play “Mother, May I?” with the network team to access the system. So, before we bust that particular myth, let’s step back a bit. One of our design goals is to be operationally non-distuptive. What that means is our goal is to not mess with you existing operational practices and procedures–our ideal is to allow you to manage your new infrastructure the same way your existing infrastructure. The most recent example of this is the Cisco Nexus 1000V. While it delivers an immense amount of new functionality, server admins still use vCenter to manage their virtual machines and network admins manage the Nexus 1000V exactly like their other Cisco switches. This is also one of the reasons we see FCoE continuing to gain traction in the enterprise–when all is said and done, its still Fibre Channel. The other design goal, which I covered in my last post, is that we see the data center staff of the future being loosely coupled–working collaboratively and as peers, but still maintaining distinct responsibilities. Which brings us to the Cisco UCS.In this video, Brian Schwarz, from the UCS team, takes us through the roles based access control features on the platform. One of the cooler aspects of this is the granularity of the controls–to the point that privileges are not just tied to to your log-in, but also to the profile running on a particular server. The other aspect of this, which I think is cool is how flexible the approach is–Brian talks about how our access control model does not force you to adapt to a certain framework, but rather is design to adapt to you how you currently assign roles in you company.

For more info on managing the Cisco UCS, check out some of my previous posts on the topic:Cisco Unified Computing System Manager and Firmware ProfilesUnified Computing System Manager Revealed (Part 1)Unified Computing System Manager Revealed (Part 2)

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. A great post. The ability to define roles in the system makes sense and has great functionality for our clients. Very applicable to clients who have multiple people managing departments in the company independent of each other.Thanks!

  2. Rodos,We made add capabilities to do this in the future. Given that our XML API gives complete access to the system, and our current GUI uses this interface it is quite straight-forward to build. In addition to Cisco providing capabilities in this area you should expect some of our ISV partners to add value in this area. Some of our partners are more server centric, some network, some storage, sot hey gravitate to areas that make sense to them and our mutual customers. Currently, the intent is to provide good line of sight visibility into the system configuration, which will aid troubleshooting, and reduce the lamestorm”” when something goes wrong. In today’s non-Unified systems troubleshooting can take on a personal/political dimension which is inefficient and unfortunate. We believe the UCS Manager can provide hard data to focus everyone on driving to resolution with facts. If you want to discuss more please contact you local Cisco rep. They can provide more information, or broker a discussion with the UCS team.Regards,-Brian”

  3. Omar, the RBAC in UCSM is a great feature. One thing I have noticed is that if you don’t give people access to an area they can still SEE it, they just can’t do anything. It would be great to be able to give a person access to a particular area, and not let them see the details of others. Thinking multi-tenancy here. Rodos