UCS KVM

hi,
I am developing firewall rules for UCS KVM console connection.The firewall is deployed between end-user and UCS mgmt 0.
but i am not sure that the destination should be for the firewall rules. (source (end user) ->destination tcp 2068)
destination: ucs mgmt IPs + cluster ip or ucs manager blades ext-mgmt ip pool?
please help to confirm.
thank you very much!

Destination IP = mgmt IP pool range indeed.

Similar Messages

  • UCS KVM Launch Manager failing

    Hello folks,
    I currently have a problem with the KVM Launch Manager on UCS Manager 1.4.1i. When I press the KVM Launch Manager link, I get an errorcode #2032. However, I can't figure out, what this errorcode means and I can't get the KVM to work at all.
    Hope to hear from anyone with experience in this problem,
    Regards,
    Lars Christensen

    If changing the domain on the UCS system to match what is on your workstation does not work. You can try the following:
    Uninstall Flash via the Adobe uninstall tool - Found here (http://kb2.adobe.com/cps/141/tn_14157.html),        this tool is the only way to completely remove Macromedia Flash        from your system.  Choose the       version that is appropriate for  your operating system, download, and then       run the program.
    Once the program has run it will have completely removed Flash  from your       computer.  You can verify this by       trying to visit  any Flash-enabled website.
    Reinstall Flash - Once Flash has       been completely uninstalled, reinstall Flash by visiting the Adobe Flash       website (http://www.adobe.com/products/flashplayer/).  Be sure to download the latest version       (as of this writing it was version 10).

  • URL to connect directly to UCS KVM

    Can a KVM be directly connected to?
    I know there is the nice "Launch KVM Manager" setup.
    But have a client would just like to give URL's to their KVM's and keep their awareness of UCS "limited". URL's to their KVM's would be ideal.
    I tried the below and it didn't work, along with just the IP.
    http://<ucs-ip-address>/ucsm/kvm.html
    Craig

    Craig,
    I have tried something like that also and does not work either.
    I have even tried with CIMC for the C series in standalone mode but no luck, let me see if I can find a way to do something like that and get back to you later on.
    -Kenny

  • UCS KVM Manger Security Prompt

    Since setting our UCS Manager to use HTTPS, we get security prompts when opening the KVM manager.
    After doing some traces, it looks like the KVM manager makes the following HTTP calls:
    http://fpdownload.adobe.com/pub/swz/crossdomain.xml
    http://fpdownload.adobe.com/crossdomain.xml
    As a result, the HTTPS verion of the KVM manager prompts saying there is unsecured content (the HTTP calls) on the page.
    It's not a huge deal to hit yes or no to get past it, but it seems like some lazy programming.
    Any ideas on if this will get fixed?  The fpdownload.adobe.com pages are available in HTTPS which would fix the issue.
    We are running 1.4.1j.

    OK...here's a link to the Cisco Bug Toolkit:
    http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
    I just opened CSCtn08512.  Might be a bit until it is viewable.  Of course, I could have missed an existing bug and it might be scrapped.
    Hope that helps!
    --Justin

  • Cisco UCS KVM not launching

    I have inherited a Cisco UCS C220 M3 in the lab at work and am trying to get it working.  I'm logged in to CIMC but when I launch the KVM my browser just downloads a file:
    viewer.jnlp(10.10.10.1@0@141x7x5x7x2x1)
    Following advice in other threads I have update Java and cleared the cache etc.  and reset CIMC and rebooted the server, 
    I have Java Version 8 Update 25 and have associated .jnlp file extension with Java Web Start Launcher, all with no success.
    Any suggestions for what I can do?
    Further tinkering, ( http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-c220-m3-rack-server/116034-ucsrack-resolve-kvm-00.html ) I now get the message in the attached image.
    and the following exception:
    com.sun.deploy.net.FailedDownloadException: Unable to load resource: https://10.10.10.1:443/software/avctNuova.jar
    at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
    at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Many thanks.

    It is a standalone server, and the version is :
    Cisco Integrated Management Controller
    ucs-c220-m3
     Version: 1.5(1b)

  • VM Tab unavailable on UCS KVM Console

    Hello,
    I'm facing an issue on a UCS C220.
    When I launch a VKM session, the VM tab doesn't appear.
    I've already checked if the Console Base vMedia properties was enabled and it is.
    I've already tried to Disable KVM and enable it again with no further results.
    From there, I can't run the huu tool...
    Is there anyone here who has a solution ??
    Best Regards,

    What Java version is your PC running?
    -Kenny

  • Unable to open KVM's from UCS Console

    Unable to open KVM's from UCS KVM Console, Windows 2008 R2 with Java installed try in IE and Firefox, I am able see all KVM's but when I click on KVM it will ask for save or open, saving to disk and opening from disk, directly open not working. Any configuration for IE and Java

    Try to Attach the Screenshot here....

  • Third party IPMI/SOL KVM Tools

    Hello,
    Is there any IPMI /SOL based  third party KVM tools available to logon to UCS blades? 
    I am not planning to use inbuilt UCS KVM tools since I don't want to create UCS user for KVM access to certain users- Who also gets readonly access to UCS environment.  I am planning to give certain users only rights to reboot server and no read only access to UCS.
    Thanks
    Hetal Soni              

  • Linux + KVM on UCS C220

    Hello!
         I am trying to use a UCS C220 M3L that we just purchased as a host for Virtual Machines. Here are the hardware specs of the server:
    UCSC-C220-M3L
    UCS C220 M3 LFF w/o CPU mem   HDD PCIe PSU   w/ rail kit
    UCSC-PSU-650W
    650W power supply for C-series   rack servers
    UCS-CPU-E5-2665
    2.40 GHz E5-2665/115W 8C/20MB   Cache/DDR3 1600MHz
    UCS-MR-1X162RY-A
    16GB DDR3-1600-MHz   RDIMM/PC3-12800/dual rank/1.35v
    UCS-HDD500GI1F211
    500GB SATA 7.2K RPM 3.5 inch   HDD/hot plug/drive sled mounted
    CAB-9K12A-NA
    Power Cord 125VAC 13A NEMA 5-15   Plug North America
    UCSC-PCIE-CSC-02
    Cisco VIC 1225 Dual Port 10Gb   SFP+ CNA
    UCSC-BBLKD-L
    3.5-inch HDD Blanking Panel
    UCSC-HS-C220M3
    Heat Sink for UCS C220 M3 Rack   Server
    UCSC-PCIF-01H
    Half height PCIe filler for UCS
    UCSC-RAIL1
    Rail Kit for C220 C22 C24 rack   servers
    SFP-10G-SR=
    10GBASE-SR SFP Module
    I had orignally thought of using Ubuntu 12.0.4 LTS as the OS and KVM for virtualization. As I read through the supplied docs and attempt to do just that I have some concerns. First is the Embedded RAID controller. According the quick start guide:
    "VMware ESX/ESXi or any other virtualized environments are not supported for use with the embedded MegaRAID controller. Hypervisors such as Hyper-V, Xen, or KVM are also not supported for use with the embedded MegaRAID controller. "
    I went into BIOS and checked the settings for the Embedded RAID controller and saw that there were two options: MegaRAID and Intel RSTe.  I could not find any thing in the documentation about the difference between these two settings and what would happen if I selected one over the other. I tried both controllers with the two installed drives as a RAID 1 pair and as non-RAID disks with the same results.
    The second issue I ran into was that the Ubuntu installer did not recognize either of these two controllers and failed to install. Based on the published documentation, I saw that RHEL 6.4 was supported, so I downloaded and installed CENTOS 6.4 . The installer did detect the Intel RSTe controller as a "Firmware RAID" and installed what I believe is OS level RAID configuration. I say that because when I check the Intel RSTe bios, is still shows two non-raid disks.
    So with this background, I am re-grouping to see what is the best way to proceed and have the following questions:
    1) Will I be able to run a virtualized environment at all with my current hardware config?
    2) What is the difference between the embedded RAID options: MegaRAID and Intel RSTe?
    3) Can I just ran both my drives as bare drives without any RAID? Will that deal with the virtualization issue of not being supported with the embedded MegaRAID controller?
    4) Do I have to order hardware RAID controller?
    5) I have read about the Flexi-Flash disks having the ability to slip-stream Linux drivers during the install but no procedures on how to do that. Where can I find them?
    6) Has anyone had any luck installing Ubuntu with this hardware configuration? Is it supported? Or should I just press on with CENTOS?
    7) Related to CENTOS, I installed the basic server option and added GNOME desktop with X-Windows to get some GUI Admin tools. When I trying using startx to initiate a session, it appears that the X-Windows server attempts to start, the screen goes black into Graphical mode and drops back to the CLI with a message that server terminated successfully. Anyone know what is going on here?
    Sorry for the long message and I appreciate any help that you can provide!
    Thanks!
    Dave

    Hello David,
    If you're going to load ESXi on these servers, there are a few things you need to consider when  ordering them. For instance, you cannot boot from ESXi using a software  RAID controller. So, even if you have some local/internal hard drives  and even if you can install the ESXi OS on those hard drives, you will  not be able to boot from them if you have the software RAID controller.  "VMware ESX/ESXi or any other virtualized environments are not supported  for use with the embedded MegaRAID controller. Hypervisors such as  Hyper-V, Xen, or KVM are also not supported for use with the embedded  MegaRAID controller" (source: Cisco USC C220 Server Installation and Service Guide).  If you're going to use a SAN and you don't even need the internal hard  drives, I recommend using what Cisco calls the Flexible Flash Card. This  card is basically an SD card that comes pre-configured with four  virtual drives. The first drive is the Cisco UCS Server Configuration  Utility, the second is the HV or Hypervisor, the third contains the  Cisco Drivers, and the fourth is the Cisco Host Upgrade Utility. The HV  drive is where you can install your ESXi server and can be made bootable  from within the CIMC. This is much easier than worrying about which  kind of RAID controller to get, and I believe it is a little less  expensive than getting local drives with a hardware RAID controller.
    Here is a high level  overview of the steps to follow from racking to booting ESXi.
    To configure the CIMC:
    Install the Flexible Flash Card in the server.
    Rack the UCS server and plug a network cable into the management port.
    Power it on.
    Press F8 to configure the CIMC information (IP address, password, etc.).
    From a computer on the same network, open a browser and connect to the CIMC using the IP address assigned in step 3.
    Go to Servers | Inventor | Storage to see the Flex Flash Storage Adapters.
    Click Configure Operational Profile and then put a check next to the virtual drives you'd like to enable (i.e., the HV drive).
    To install ESXi:
    Click Launch The KVM from the CIMC.
    In the KVM window, click Virtual Media.
    Click Add and browse to where you've downloaded your Cisco Custom  ESXi .iso file and then put a checkmark next to it so it's mapped as the  Virtual CD/DVD.
    Click back to the Monitor tab and then click Macros. Select the Ctrl-Alt-Del macro to reboot the server.
    Press F6 as the server is rebooting to change the boot device to the Virtual CD/DVD.
    Install ESXi as you normally would, but make sure to install it to the HV drive (not to the local drives).
    When the install is complete, unmap the Virtual CD/DVD and reboot the server using the macro again.
    Press F6 to change the boot device to the HV drive, and it should now boot to the familiar yellow and gray ESXi screen.
    Regards,
    Shahzad

  • UCS direct KVM access - CIMC ip address - DNS name

    Hello community,
    I have a little problem. We are using UCS 2.2(3d) and 32 B200 M3. Now I want to use KVM direct access.
    For all 32 Blade Server, we have created DNS entries for their CIMC IP addresses.
    example: ESXserver1.rc (servername + ".rc") <-- --> 192.168.0.1 (CIMC IP address)
    If I enter the CIMC IP address in browser, KVM direct access works fine.
    If I enter the DNS name in Browser, KVM direct access page loads, I log in and get the following error message:
    GetKVMLaunchUrl: Invalid or zero CIMC IP Address passed
    Can someone help me? Do I have to configure something?
    Regards
    Hugo

    User will get portal server access if it has portal desktop service. The only way to enable ip address conditions in Access Manager is using AM Policy Service, i. e. via policy agents.
    If Portal server is installed in the same appserver domain than Access manager you won't be able to install a policy agent, that's a known issue.
    If Portal server is installed in another appserver domain, perhaps you can use a policy agent, however, I'm not completely sure about it because Portal server needs AM SDK installed and Policy Agent also configure some AM clientSDK stuff... probably you will find some compatibility issues regarding such override of libraries.
    Indeed, the Access manager issue that don't permit use a policy agent in the same domain where Am is installed is because some libraries are overriden and classpath loader do nasty things.
    So what I could suggest you is search a bit about compatibilities and if you don't find any issue, you could test.
    I don't see other way to enforce such a rule :(.
    regards

  • UCS-E140S KVM

    Looking for the part number for the Single-Wide E-Series Server (UCS-E140S) KVM.

    Hi carmenanderson ,
    So, I checked with the Product manager and he said that unfortunately this is not an orderable part. Hence the lack of a PID.
    Thanks.
    -Bruce

  • KVM Virtualization support on UCS C-Series

    We have a few UCS-C220-M3 servers, for some reason we don't see that KVM Virtualization running on it.
    UCS-C220-M3S, CIMC FW: 1.5(1b), BIOS: 1.5.1c.0 (Build Date: 01/31/2013)
    I tried to start manually and following error shows up:
    root@QvPC-SI:~# modprobe kvm_intel
    ERROR: could not insert 'kvm_intel': Operation not supported
    Looks like the module is loaded properly:
    root@QvPC-SI:~# lsmod | grep kvm
    kvm                     431315  0
    Then check dmesg output to see if there was any problem:
    root@QvPC-SI:~# dmesg | grep kvm
    [84496.551175] kvm: no hardware support

    Hi Ahmed
    The 2TB limit is due to a VMware 5.0 limitation. If you are deploying a VSM 7.2 ova, then you should be following the below guide as it uses Redhat for the OS as apposed to Suse for VSM 6.3:
    http://www.cisco.com/en/US/docs/security/physical_security/video_surveillance/network/vsm/7_0_1/vm/VSM_7_0_1_Deploy_vm_UCS.pdf
    Cheers,
    Edward

  • Right role/privileges for KVM Access only in UCS

    Hi
    I am making some locally Authenticated Users for some people at work.
    They only need to access KVM and do things there.
    What role/privileges do I need to set on the user?

    Thank you for your answer.
    I have looked into the thread, and was thinking about method #4.
    I have created a user under Locally Authenticated Users and if I set the role Operations I get this message after pressing launch under KVM launch manager.
    If I type the same username and password, I get login failed.
    If I add the role Server-profile to the user, I can login with no issue. But then I am afraid that I give to much privileges to the user.
    I'm using a Management IP Pool, so I don't know if the other methods works better. I think it is difficult to know the IP address, and maybe the adress can change.
    The best is, when I add a server to UCS, the user can find the server KVM by himself, and I don't need to find the IP address and give it to him.
    Maybe I am way off here, so please help me:)

  • Linux 2.6 kernel VM problem on UCS SP with linux KVM

                       Hi,
    IHAC who configured  3 service profiles running the Linux-KVM virtualisation solution (ubuntu serveur 12.04 LTS).
    He migrated Linux VMs from HP servers running the same Linux-KVM version to the service profiles.
    Everything is OK with all linux VMs running a kernel version 3 (Freebsd 9.0 ou Ubuntu 12.04).
    All VMs with a linux kernel version 2.6 (Freebsd 9.0 ou Ubuntu 12.04) have network problem on the Service Profiles (but work OK as-it on HP servers).
    These VMs can only ping the VMs on the same Srvice Profile and the Linux-KVM server they are tied to.
    They cannot ping the VMs on other SPs or machines out of the UCS solution (arp resolution problem)
    If the customer updates a such VM to a kernel version 3 it works fine.
    Unfortunatly he cannot do this update for all the VMs he's got.
    Any idea ?

    I assume since you mentioned 'SP', you are using Service Profiles and this is some UCS B-Series or C-Series integrated solution.  Advise your customer they are implementing unsupported OSes and most likely denied supported from TAC.
    http://www.cisco.com/en/US/docs/unified_computing/ucs/interoperability/matrix/r_hcl_B_rel2.04.pdf
    Operating System Interoperability Matrix
    Novell, Oracle, Redhat are the supported linux variants in the current release.
    Ubuntu claims not to support 12.04 on cisco hardware at this time.
    http://www.ubuntu.com/certification/server/make/Cisco%20UCS/?csrfmiddlewaretoken=2bad1e15c5be00d90385920e85177fa6&query=&release=12.04+LTS&level=Any
    It seems that earlier versions of Unbuntu is stated to be supported on Cisco hardware but not listed on Cisco support docs.  We can review that further if needed.
    Feel free to check out the PDI Helpdesk and what services we can offer qualified Cisco partners.
    http://www.cisco.com/go/pdihelpdesk
    Thank You,
    Dan Laden

  • How To Disable UCS Direct KVM

    We are having an issue with our IPs of our Direct KVM being flagged with an Apache web server vulnerabilities. We do not even use the IP KVM and wanted to know if there is a way to disable the IP KVM all together. Is this possible? If so how can i do this? TAC has been zero help on this matter and our management is getting  impatient. 

    Only way I can think of is by deleting the "ext-mgmt" pool or the "Inband" pool in case you are using inband management, but I am not sure of all the consequences of leaving CIMC without an IP but one important consequence I want to warn you about is that if you lose remote access, KVM is just best friend for troubleshooting, otherwise you need to go to the lab and console directly... if that is not a concern, I hope deleting the pool helps you accomplish your goal.
    -Kenny

Maybe you are looking for