UCS Central Upgrade Version 1.3 & Overview

While off on annual leave recently I had a few minutes to spare to look through twitter and came across a tweet from Adam J Bergh (@ajbergh) about a remote code execution vulnerability in Cisco UCS Central. You can read more about the threat over on threatpost.com but the synopsis is that “an exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user”. UCS Central version 1.2 and earlier are affected by this so it’s time to upgrade. Particularly since the vulnerability score is at the highest severity of 10. So before I go on I want to thank Adam for his tweet and highlighting the issue in the first place.

Pre-Requisites:

There are different steps to perform during the upgrade depending of whether UCS Central is in standalone mode or is part of a cluster. You can find more information about both methods over on the UCS Central Install and Upgrade Guide. Some of the key things to keep in mind are the supported upgrade paths and the pre-requisites before beginning the upgrade.

Important:

  • UCS Central 1.3 requires a minimum of 12Gb RAM and 40GB storage space (otherwise the upgrade will fail)
  • Use the ISO image for an upgrade to UCS Central
  • After the upgrade clear the browser cache before logging into the Cisco UCS Central GUI
  • Make sure UCS Manager is 2.1(2) or newer
  • Make sure to take a full state backup before starting the Upgrade Process

Upgrade Paths:

  • From 1.1(2a) to 1.3(1a)
  • From 1.2 to 1.3(1a)

Note: I’m running version 1.1(2a)

New Features:

Some of the new features in version 1.3 include:

  • HTML5 UI: New task based HTML5 user interface.
  • KVM Hypervisor Support: Ability to install Cisco UCS Central in KVM Hypervisor
  • Scheduled backup: Ability to schedule domain backup time. Provides you flexibility to schedule different backup times for different domain groups.
  • Domain specific ID pools: The domain specific ID pools are now available to global service profiles.
  • NFS shared storage: Support for NFS instead of RDM for the shared storage is required for Cisco UCS Central cluster installation for high availability.
  • vLAN consumption for Local Service Profiles: Ability to push vLANs to the UCS Manager instance through Cisco UCS Central CLI only without having to deploy a service profile that pulls the vLANs.
  • Support for Cisco M-Series Servers.
  • Connecting to SQL server that uses dynamic port.
  • Support for SQL 2014 database and Oracle 12c Database.

I’m really looking forward to seeing what the new HTML 5 UI is like. The initial screenshots I’ve seen are awesome. There’s a nice little introduction from Cisco over on their support site. Also, Jacob Van Ewyk has written a really informative article over on Cisco Communities with details about the UCS Central User Interface Reworked with UCS Central 1.3.

Upgrade Steps:

Step 1. – Download software:

So the first thing to do is to download UCS Central version 1.3 and log in with your Cisco ID. In most cases you’ll need the ISO to do the upgrade as you’ll already have UCS Central installed and will be looking for an upgrade. Select Cisco UCS Central ISO Installer and click Download.

2015-05-20_14h24_36 Click Accept License Agreement

2015-05-20_14h25_24

Download will begin

2015-05-20_14h26_11

Step 2. – Take a full state backup:

Go to UCS Central and log in using your administrator account. This is most likely the same as your UCS Manager login.

2015-05-20_14h27_17

Go to Operations Management -> Backup and Import -> UCS Central and click on Create System Backup

2015-05-20_14h30_23

You can take a remote backup

2015-05-20_14h31_22

2015-05-20_14h38_13

Or a local backup. If you take the local backup you’ll need to later Download the file to your local system

2015-05-20_14h34_00

2015-05-20_14h37_24

As I’m a bit of a stickler for making sure I have a get out of jail card to play I also ran a Tech Support Files creation and downloaded it locally to have, just in case I ever need it.

Step 3 – Upgrade Process:

Attach the downloaded ISO to your instance of UCS Central.

upgrade1

Reboot the UCS Central VM and on reboot select Upgrade existing Cisco UCS Central

upgrade2 The install process will begin

upgrade3

upgrade4

upgrade5

After a few minutes you’ll be requested to reboot the appliance

upgrade6

Next you can access the normal console by using the existing link from before the upgrade. This will show that the version is indeed 1.3. you can also click on Switch to Next Generation User Interface. The legacy UI will look pretty much the same as the previous versions of UCS Central.

upgrade7

The real difference is in the HTML 5 Interface which can be accessed by using the URL https://<UCSCentralName>/ui. 

upgrade8

HTML 5 Interface Overview:

When you initially launch and log into the new interface you’ll be greeted by a message to advise of a brief tour to get a better understanding of the interface. The menu is completely different in the HTML 5 version than the legacy browser version. Click Next to work your way through the tour.

interface1

interface2

interface3

interface4

interface5

Once the tour is completed you can then have a bit of a play around with the new menu and how it works and get a feel for how you can be use it. The first thing I went to was the Domains from the Drop-down menu.

interface6One view I found interested and is a great one to who your manager is the ID universe which quickly shows the current status of the various pools and address ranges.

interface7Another really sweet feature in the new interface is the inclusion of information on how to define policies. All Policies from the menu shows this, if you have any globally related policies they will appear here.

interface8

To get information about a specific domain I went for the tree-structure menu and selected one site. From there I selected Servers which opened the details about all the servers in a new tab. The break-out of the information in the new interface is really nice and something I’m looking forward to playing around with a bit more.

You can then click on each server to drill down further to get more information.

interface10

In the drop down menu in the top right corner you have the ability to modify the power settings or toggle the LED locator of the server

interface11

In the second menu icon, the arrow, you can launch a KVM connection to the server or launch the UCS Manager for the domain

interface12

As mentioned earlier the menus are very different to the previous interface so things like firmware, backup, licenses etc are now contained within the toolbox icon at the top of the page.

interface13

With the new backups you are provided with the steps to create backups of both the UCS domains and UCS Central. It’s a really handy bit of information and a nice touch.

interface14

You can then access any alarm, fault, event or log information from the bell icon.

interface15

I think the new interface is really well designed and Cisco have made a massive jump ahead in their interface accessibility. I’ll be spending the next few days playing around with the backups and seeing what else it can surprise me with. It’s funny as I had no intention of upgrading and hadn’t even heard of the new release until I saw the tweet by Adam. So now I’ve a nice swish new management console and the security vulnerability is also taken care of. If only all security vulnerability fixes has such a nice outcome! I’m delighted to have upgraded and if you get a quick few minutes to spare I’d recommend doing the same. Enjoy!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s