Cisco UCS components and Heartbleed bug

I was reading about Cisco products affected by heartbleed vulnerability at following Cisco security advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed#@ID
I couldn't find whether below products/components are affected by this vulnerability.. can someone confirm if these products/components are vulnerable to heartbleed?
Cisco UCS Manager
Cisco Integrated Management Controller (CIMC)
Cisco UCS Blade Chassis
tia

I agree that phrasing is a bit off, note that the notice is talking about _products_ affected (or not), not particular _components_ of a product. 
UCS seems to be off the hook. Not affected are: 
Cisco UCS B-Series (Blade) Servers
Cisco UCS C-Series (Stand alone Rack) Servers
Cisco UCS Central
Cisco UCS Fabric Interconnects
Cisco UCS Invicta Series Solid State Systems
CIMC and UCSM would be part of FI or B-or-C-series, etc.

Similar Messages

  • Cisco UCS Blades and vSphere DPM

    I followed this guide:
    https://supportforums.cisco.com/docs/DOC-8582
    And it worked, but I have 2 problems.
    1) The blade being put into Standby starts back up immediately - almost like a reboot -
    and doesn't stay in Standby mode
    2) The Blade being put into Standby mode has Faults on all vFabric's etc because it is
    "off"
    Any suggestions?
    Jim

    Hi Rob and Jim,
    How did you guys progress with this one?  I am having the same issue and be interested to know the solution.
    My environment is vSphere 5.0 with B230 M2 and DPM is not yet enabled.  UCS Manager and CIMC are running 2.0(1s).
    On testing for Standby from the vSphere client, the blade reboots automatically (no power down).  A shutdown command gives the same result (which is a reboot) with a host connection failure alert.
    Any help is appreciated.
    Thanks,
    Noli

  • Cisco UCS 6248 and Dell EQ 6510x

            We have a Dell EQ 6510x we have in production and we are about to power on a Cisco UCS B series chassis and a pair of 6248UP FIs. I'm planning to connect the 4 6510x 10G ports directly to the 6248 FIs and set them as Applicance Ports.
    My question is would be be better to connect the 6510x Primary controller's two 10G ports directly to FI-A and the standby controller 10G ports directly to FI-B, or stagger them? Stagger meaning Primary Controller one10G to FI-A and one 10G to FI-B then Standby controller one 10G to FI-A and one10G to FI-B. Thanks!

    Hello there,
    In your design always keep in mind that both UCS FI are separate switches, they always will talk each other by the upstream switch. The best pratice is connect anything that have to talk with UCS domain in the upstream switch.
    If there is no option to do so, you can connect through the FIs, using a appliance port. In your case I believe that connect stagger mode is the best option, but I'm not sure, depends how your vnics are configured and if your Dell EQ can do port-channel in active-standby mode.

  • Cisco UCS Vmware and HDS

    We about to build a new data center with a Hitachi VSP disk array,  Cisco UCS and Vmware.   I have some information from the Hitachi side but it really says nothing about the UCS. Is there a "best practices" , "configuration guide" for the UCS side of this? 

    see
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/UCS_CVDs/ucs_hds.html
    Cisco Solution for Hitachi Unified Compute Platform Select with VMware vSphere

  • Nexus 1000v UCS Manager and Cisco UCS M81KR

    Hello everyone
    I am confused about how works the integration between N1K and UCS Manager:
    First question:
    If two VMs on different ESXi and different VEM but in the same VLAN,would like to talk each other, the data flow between them is managed from the upstream switch( in this case UCS Fabric Inteconnect), isn'it?
    I created a Ethernet uplink port-profile on N1K in switch port mode access(100), I created a vEthernet port-profile for the VM in switchport mode access(100) as well. In the Fabric Interconnect I created a vNIC profile for the physical NICs of ESXi(where there are the VMs). Also I created the vlan 100(the same in N1K)
    Second question: With the configuration above, if I include in the vNIC profile the vlan 100 (not as native vlan) only, the two VMs can not ping each other. Instead if I include in the vNIC profile only the defaul vlan(I think it is the vlan 1) as native vlan evereything works fine. WHY????
    Third question: How it works the tagging vlan on Fabric interconnectr and also in N1K.
    I tried to read differnt documents, but I did not understand.
    Thanks                 

    This document may help...
    Best Practices in Deploying Cisco Nexus 1000V Series Switches on Cisco UCS B and C Series Cisco UCS Manager Servers
    http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/white_paper_c11-558242.html
    If two VMs on different ESXi and different VEM but in the same  VLAN,would like to talk each other, the data flow between them is  managed from the upstream switch( in this case UCS Fabric Inteconnect),  isn'it?
    -Yes.  Each ESX host with the VEM will have one or more dedicated NICs for the VEMs to communicate with the upstream network.  These would be your 'type ethernet' port-profiles.  The ustream network would need to bridge the vlan between the two physicall nics.
    Second question: With the configuration above, if I include in the vNIC  profile the vlan 100 (not as native vlan) only, the two VMs can not ping  each other. Instead if I include in the vNIC profile only the defaul  vlan(I think it is the vlan 1) as native vlan evereything works fine.  WHY????
    -  The N1K port profiles are switchport access making them untagged.  This would be the native vlan in ucs.  If there is no native vlan in the UCS configuration, we do not have the upstream networking bridging the vlan.
    Third question: How it works the tagging vlan on Fabric interconnectr and also in N1K.
    -  All ports on the UCS are effectively trunks and you can define what vlans are allowed on the trunk as well as what vlan is passed natively or untagged.  In N1K, you will want to leave your vEthernet port profiles as 'switchport mode access'.  For your Ethernet profiles, you will want them to be 'switchport mode trunk'.  Use an used used vlan as the native vlan.  All production vlans will be passed from N1K to UCS as tagged vlans.
    Thank You,
    Dan Laden
    PDI Helpdesk
    http://www.cisco.com/go/pdihelpdesk

  • Monitoring Cisco UCS Devices

    Hello,
    We have 2 setup of Cisco UCS Setup in our Company and both are located in different geographical location. (4 Fabric interconnect and 6 Chassis and 48 Blade servers)
    We want to monitor whole Cisco UCS Components like Fabric Interconnect which include all ports and Expansion Module, Port utilization, Chassis with IOMs and Blade Servers, Bandwidth utilization, and power utilization so and so forth.
    Please let me know if there is any tool, plugin, application is available to monitor all these components and get the reports out of them.
    Regards,
    Amit Vyas

    Hi Craig,
    I have installed Solarwinds NPM 10.1.3 Evaluation version and I am able to add Fabric Interconnect but this only give me date of following things
    Average Response Time & Packet Loss
    Last 10 Errors & Failures
    Current Percent Utilization of Each Interface
    List of VSANs
    Connectivity Unit Status
    However it doesn’t show the power utilization status of Fabric Interconnect
    Another thing is when I was trying to add Blade Server into monitoring I was unable to do it manually hence I tried thru discovery wizard and it went successfully and blade servers got added into monitoring but it only give Average Response Time & Packet Loss nothing apart from this. Do I have to do anything else to get all relevant data for blade or I will only this much data in this in Evaluation version.
    Thanks,
    Amit Vyas

  • Oracle 11g - Solaris 10 on cisco UCS server

    I would like to know if anyone has experience with installing Oracle databases on cisco UCS servers.  I recently took over a dba shop and my client has purchased a cisco UCS server and is planning on migrating some databases currently on dedicated servers running on Solaris 10 and others running on Linux RH 5.4 platforms.  I need to find out if Oracle 11g and Solaris 10 is compatible and covered by Oracle licenses.  Does anyone have any specs and/or information on this topic?  Thanks in advance.
    Jonathan Begazo-Leon

    Jonathan,
    there's a dedicated Oracle database forum (Database) where you can post your issue. In this forum here only 3rd party to Oracle migrations using the Oracle tools migration workbench or SQL Developer will be covered. As I can't move your thread, please close this one here and post your issue again in the database forum.
    Thanks,
    Klaus

  • Cisco UCS Director UCS Manager/Central Comparison

    Hello Community,
    Can someone please tell me what are the fundamental differences between Cisco UCS Director and UCS Manager/Central?
    Cheers
    Carlton

    Carlton,
    I am pretty sure this post (3 in total) from Jeremy Waldrop's blog (Jeremy usually visits this community too) will help explain UCS Director:  http://jeremywaldrop.wordpress.com/2014/04/01/cisco-ucs-director-part-1/
    Besides what you can see in the above link... UCS Manager is usually used for a single domain while UCS Central is used to integrate more than domain into a unique central point...
    HTH,
    -Kenny

  • Ask the Expert: Cisco UCS Troubleshooting Boot from SAN with FC and iSCSI

    Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco UCS Troubleshooting Boot from SAN with FC and iSCSI with Vishal Mehta and Manuel Velasco.
    The current industry trend is to use SAN (FC/FCoE/iSCSI) for booting operating systems instead of using local storage.
    Boot from SAN offers many benefits, including:
    Server without local storage can run cooler and use the extra space for other components.
    Redeployment of servers caused by hardware failures becomes easier with boot from SAN servers.
    SAN storage allows the administrator to use storage more efficiently.
    Boot from SAN offers reliability because the user can access the boot disk through multiple paths, which protects the disk from being a single point of failure.
    Cisco UCS takes away much of the complexity with its service profiles and associated boot policies to make boot from SAN deployment an easy task.
    Vishal Mehta is a customer support engineer for Cisco’s Data Center Server Virtualization TAC team based in San Jose, California. He has been working in the TAC for the past three years with a primary focus on data center technologies such as Cisco Nexus 5000, Cisco UCS, Cisco Nexus 1000v, and virtualization. He has presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE certification (number 37139) in routing and switching and service provider.
    Manuel Velasco is a customer support engineer for Cisco’s Data Center Server Virtualization TAC team based in San Jose, California. He has been working in the TAC for the past three years with a primary focus on data center technologies such as Cisco UCS, Cisco Nexus 1000v, and virtualization. Manuel holds a master’s degree in electrical engineering from California Polytechnic State University (Cal Poly) and VMware VCP and CCNA certifications.
    Remember to use the rating system to let Vishal and Manuel know if you have received an adequate response. 
    Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation in the Data Center community, under subcommunity Unified Computing, shortly after the event. This event lasts through April 25, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

    Hello Evan
    Thank you for asking this question. Most common TAC cases that we have seen on Boot-from-SAN failures are due to misconfiguration.
    So our methodology is to verify configuration and troubleshoot from server to storage switches to storage array.
    Before diving into troubleshooting, make sure there is clear understanding of this topology. This is very vital with any troubleshooting scenario. Know what devices you have and how they are connected, how many paths are connected, Switch/NPV mode and so on.
    Always try to troubleshoot one path at a time and verify that the setup is in complaint with the SW/HW interop matrix tested by Cisco.
    Step 1: Check at server
    a. make sure to have uniform firmware version across all components of UCS
    b. Verify if VSAN is created and FC uplinks are configured correctly. VSANs/FCoE-vlan should be unique per fabric
    c. Verify at service profile level for configuration of vHBAs - vHBA per Fabric should have unique VSAN number
    Note down the WWPN of your vhba. This will be needed in step 2 for zoning on the SAN switch and step 3 for LUN masking on the storage array.
    d. verify if Boot Policy of the service profile is configured to Boot From SAN - the Boot Order and its parameters such as Lun ID and WWN are extremely important
    e. finally at UCS CLI - verify the flogi of vHBAs (for NPV mode, command is (from nxos) – show npv flogi-table)
    Step 2: Check at Storage Switch
    a. Verify the mode (by default UCS is in FC end-host mode, so storage switch has to be in NPIV mode; unless UCS is in FC Switch mode)
    b. Verify the switch port connecting to UCS is UP as an F-Port and is configured for correct VSAN
    c. Check if both the initiator (Server) and the target (Storage) are logged into the fabric switch (command for MDS/N5k - show flogi database vsan X)
    d. Once confirmed that initiator and target devices are logged into the fabric, query the name server to see if they have registered themselves correctly. (command - show fcns database vsan X)
    e. Most important configuration to check on Storage Switch is the zoning
    Zoning is basically access control for our initiator to  targets. Most common design is to configure one zone per initiator and target.
    Zoning will require you to configure a zone, put that zone into your current zonset, then ACTIVATE it. (command - show zoneset active vsan X)
    Step 3: Check at Storage Array
    When the Storage array logs into the SAN fabric, it queries the name server to see which devices it can communicate.
    LUN masking is crucial step on Storage Array which gives particular host (server) access to specific LUN
    Assuming that both the storage and initiator have FLOGI’d into the fabric and the zoning is correct (as per Step 1 & 2)
    Following needs to be verified at Storage Array level
    a. Are the wwpn of the initiators (vhba of the hosts) visible on the storage array?
    b. If above is yes then Is LUN Masking applied?
    c. What LUN number is presented to the host - this is the number that we see in Lun ID on the 'Boot Order' of Step 1
    Below document has details and troubleshooting outputs:
    http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-b-series-blade-servers/115764-ucs-san-tshoot-00.html
    Hope this answers your question.
    Thanks,
    Vishal 

  • Ask the Expert : Initial Set Up and LAN Connectivity for Cisco UCS Servers

    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about related to the initial setup of UCS C & B Series which include LAN connectivity from the UCS perspective with Cisco subject matter expert Kenny Perez.
    In particularly, Kenny will cover topics such as: ESXi/Windows  installations, RAID configurations (best practices for good performance and configuration), VLAN/Jumbo Frames configuration for B series and C series servers, Pools/Policies/Upgrades/Templates/Troubleshooting Tips for blade and rack servers, Fabric Interconnects configuration, general compatibility of Hardware/Software/drivers amongst other topics
    Kenny Perez is a technical leader in Cisco Technical Assistance Center, where he works in Server Virtualization support team. His main job consists of supporting customers to implement and manage Cisco UCS B series and C series. He has background in computing, networking, and Vmware ESXi and has 3+ years of experience support UCS servers and is VCP certified.
    Remember to use the rating system to let Kenny know if he has given you an adequate response. 
    This event lasts through October 10th, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

    Hi,
    Actually  we have UCS 6248 fabric interconnect - first twelve ports are enabled  and same in Cisco UCS Manager.
    But when more port will be active by expansion module  then UCSM can manage that too or need any other licence  for UCSM too?

  • FCoE options for Cisco UCS and Compellent SAN

    Hi,
    We have a Dell Compellent SAN storage with iSCSI and FCoE module in pre-production environment.
    It is connected to new Cisco UCS infrastructure (5108 Chassis with 2208IOM + B200 M2 Blades + 6248 Fabric Interconnect) via 10G iSCSI module (FCoE module isn't being used at th is moment).
    I reviewed compatibility matrix on interconnect but Compellent (Dell) SAN is only supported on FI NXOS 1.3(1), 1.4(1) without using 6248 and 2208 IOM which is what we have. I'm sure some of you have similar hardware configuration as ours and I'd like to see if there's any supportive Cisco FC/FCoE deployment option for the Compellent. We're pretty tight on budget at this moment so purchasing couple of Nexus 5K switches or something equipvalent for such a small number of chassis (only only have one) is not a preferred option. If additional hardware acquisition is inevitable, what would be the most cost effective solution to be able to support FCoE implementation?
    Thank you in advance for your help on this.

    Unfortunatly there isn't really one - with direct attach storage there is still the requirement that an upstream MDS/N5k pushes the zoning to it.  Without a MDS to push the zoning the system it's recommended for production.
    http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_0101.html#concept_05717B723C2746E1A9F6AB3A3FFA2C72
    Even if you had a MDS/N5K the 6248/2208's wouldn't support the Compellent SAN - see note 9.
    http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/interoperability/matrix/Matrix8.pdf
    That's not to say that it won't work, it's just that we haven't tested it and don't know what it will do and thus TAC cannot troubleshoot SAN errors on the UCS.
    On the plus side iSCSI if setup correctly can be very solid and can give you a great amount of throughput - just make sure to configure the QoS correctly and if you need more throughput then just add some additional links

  • Cisco Unity Connection 8.X and Cisco UCS

    Hi
    We are in a planning phase for Unity Connection 8.X on Cisco UCS C-Series. The Cisco Unified Communications SRND 8.0 states that requires reserving one physical core per physical server.
    what does it really mean?

    See sample depiction below of applications and physical core usage on a server with 2 CPUs and 8 total physical cores. In white is the reservation of one physical core.
    Regards.

  • Does the SCCM updates manager use OpenSSL, and is it vulnerable to the Heartbleed bug?

    I'm 99.99% positive I know the answer, but my boss wants to know for SURE. Does the SCCM updates manager use OpenSSL, and is it vulnerable to the Heartbleed bug?
    Thank you for appeasing him.

    I must be misunderstanding something here. Would you please help me understand why this isn't answerable here? How does this have anything to do w/ our TAM? SCCM is SCCM regardless of where we got it, right? I'm quite perplexed, so thank you for
    clearing this up.
    My guess is liability. What if we're wrong? Very few people who frequent these forums are actual Microsoft employees.
    If you want a 'for sure' answer, you're best off contacting Microsoft directly IMHO.
    Don't retire TechNet! -
    (Don't give up yet - 12,830+ strong and growing)

  • PI and the Heartbleed bug

    Hi all PI experts.
    Does anyone know if we (using SAP PI) are affected by the heartbleed bug for openSSL? Or where to find information about which versions of PI that can be affected by this?
    Regards,
    /Anna

    Just got a reply from SAP that their Product Security Response Team are currently working on the issue and that they will publish information when they have any to give.
    /Anna

  • Heartbleed bug and Mavrick

    Are there vulnerabilities from the Heartbleed bug using Mavrick?

    charliefrommi wrote:
    How can one know whether or not a server is secure?
    There are a number of testing tools available and websites that list the current status of the major websites. C|net is one of them. Security experts say you should change your password for any affected site only AFTER they have patched their servers. Doing so before the site is updated doesn't prevent anything.
    http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

Maybe you are looking for

  • Do I have to pay to reinstall an app on my iPod touch?

    The app is called DuoMatic. It was free when I got it but then I deleted it. Big mistake because I wanted the app again but it said it was .99. There is no free version of the app just the .99 version. I am wondering what I have to pay. Would I pay .

  • New Mac Mini won't open DVD Player, I get an error

    This is a brand new mac mini (latest model bought two days ago), just opened and tried to open DVD player without any media on the DVD drive and the DVD Player doesn't open and I get this error: There was an initialization error. A valid video device

  • SORT ITAB BY VARIABLE_NAME

    hi, i want to sort the int table with variable parameters, like VKBUR, BUDAT, VKORG, MATNR, etc. for that ive created a char variable of 5 length (say CRIT) and assigned value based on selection criteria by the user. Then, im using SORT ITAB BY CRIT.

  • By Material Invice Split

    Hi Exp. Help required customer has requirement of having invoice split per material, (Header data is same) Eg. Single Delivery: 10 Material A   10 Qty 20 Material B   15 Qty Single Billing Documents 10 Material A    10 Qty Single Billing Document 10

  • Copa  for mobile

    hi, i have one doubt, in fi/co in mobile (like bsnl, airtel) will use co-pa for these clients or not?