UCP 4.x Pre-Installation Requirements and Configuration

Unified Compute Platform 4.xUCP Pre-Installation Requirements and Configuration Guide

MK-92UCP049-10

© 2014 - 2016 Hitachi Data Systems. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic ormechanical, including photocopying and recording, or stored in a database or retrieval system forcommercial purposes without the express written permission of Hitachi, Ltd., or Hitachi Data SystemsCorporation (collectively, “Hitachi”). Licensee may make copies of the Materials provided that any suchcopy is: (i) created as an essential step in utilization of the Software as licensed and is used in no othermanner; or (ii) used for archival purposes. Licensee may not make any other copies of the Materials."Materials" mean text, data, photographs, graphics, audio, video and documents.

Hitachi reserves the right to make changes to this Material at any time without notice and assumes noresponsibility for its use. The Materials contain the most current information available at the time ofpublication.

Some of the features described in the Materials might not be currently available. Refer to the most recentproduct announcement for information about feature and product availability, or contact Hitachi DataSystems Corporation at https://support.hds.com/en_us/contact-us.html.

Notice: Hitachi products and services can be ordered only under the terms and conditions of the applicableHitachi agreements. The use of Hitachi products is governed by the terms of your agreements with HitachiData Systems Corporation.

By using this software, you agree that you are responsible for:

1) Acquiring the relevant consents as may be required under local privacy laws or otherwise fromauthorized employees and other individuals to access relevant data; and

2) Verifying that data continues to be held, retrieved, deleted, or otherwise processed in accordance withrelevant laws.

Notice on Export Controls. The technical data and technology inherent in this Document may besubject to U.S. export control laws, including the U.S. Export Administration Act and its associatedregulations, andmay be subject to export or import regulations in other countries. Reader agrees tocomply strictly with all such regulations and acknowledges that Reader has the responsibility to obtainlicenses to export, re-export, or import the Document and any Compliant Products.

Hitachi is a registered trademark of Hitachi, Ltd., in the United States and other countries.

AIX, AS/400e, DB2, Domino, DS6000, DS8000, Enterprise Storage Server, eServer, FICON, FlashCopy,IBM, Lotus, MVS, OS/390, PowerPC, RS6000, S/390, System z9, System z10, Tivoli, z/OS, z9, z10, z13,z/VM, and z/VSE are registered trademarks or trademarks of International Business Machines Corporation.

Active Directory, ActiveX, Bing, Excel, Hyper-V, Internet Explorer, the Internet Explorer logo, Microsoft,the Microsoft Corporate Logo, MS-DOS, Outlook, PowerPoint, SharePoint, Silverlight, SmartScreen, SQLServer, Visual Basic, Visual C++, Visual Studio, Windows, the Windows logo, Windows Azure, WindowsPowerShell, Windows Server, the Windows start button, andWindows Vista are registered trademarks ortrademarks of Microsoft Corporation. Microsoft product screen shots are reprinted with permission fromMicrosoft Corporation.

All other trademarks, service marks, and company names in this document or web site are properties oftheir respective owners.

https://support.hds.com/en_us/contact-us.html

Contents

Preface viiIntended audience viiProduct version viiRelated document viiComments viiiGetting help ix

Chapter 1: Installation process overview 1Plan 1

Responsibilities 2Build 3

Responsibilities 3Deploy 4

Responsibilities 4Operate 4

Responsibilities 5

Appendix A: Safety requirements 7General safety guidelines 7Work safety guidelines 8

Warning about moving parts 9Electrical safety guidelines 9

Appendix B: Physical installation requirements 11Equipment clearances 11Environment 12Mechanical specifications 13

Contents iiiUCP Pre-Installation Requirements and Configuration Guide

Equipment weight 13UCP 4000 with Brocade Ethernet configuration rack weight 13UCP 4000 with Cisco Ethernet configuration rack weight 13UCP 4000E Cisco converged configuration rack weight 14

Environmental specifications 14Electrical specifications 15

UCP 4000 base & expansion rack power requirements 15UCP 4000 with Brocade Ethernet power consumption 16UCP 4000 with Cisco Ethernet power consumption 16UCP 4000E rack power requirements 16UCP 4000E single rack power consumption 17Grounding 18Power connection 18

Heat output and air flow 18

Appendix C: User accounts 19

Appendix D: Hardware accounts 23

Appendix E: UCPDisaster Recovery requirements 25Planning and sizing 25Site connectivity 26

Appendix F: Active Directory configuration 27New Active Directory deployment 27Existing Active Directory deployment 28

AD Environment 28Defining the OU structure 29Creating AD user accounts 29

29Creating AD user accounts for vCenter 30Creating AD user accounts for SCVMM 30

Creating service accounts 31Creating service accounts for vCenter 31Creating service accounts for SCVMM 32

Creating AD groups 32Creating AD groups for vCenter 32Creating AD groups for SCVMM 33

iv Contents

UCP Pre-Installation Requirements and Configuration Guide

Creating Machine Accounts for UCP 33Machine accounts for vCenter 34Optional machine accounts for vCenter 34Machine Accounts for SCVMM 34

Appendix G: Storage system requirements 37

Appendix H: Shared storage system requirements 41

Appendix I: Networking VLAN configuration 45Management network IP requirements 46Calculating IP requirements for the Management Network 47IP Requirements for the VMotion/Live Migration Network 48IP Requirements for the SCVMM Cluster Network 48

Layer 3 IP Requirements 48Required firewall port exemptions 49Optional firewall port exemptions 50

Contents vUCP Pre-Installation Requirements and Configuration Guide

vi Contents


Preface

This guide provides specifications and requirements that are needed to planand prepare for a Hitachi Unified Compute Platform (UCP) installation.

Intended audienceThis guide is intended for UCP system administrators and Hitachi DataSystems (HDS) representatives who are involved in installing andconfiguring UCP. It assumes that you are familiar with the hypervisormanager you are using (vCenter or SCVMM), managing an Active Directory(AD) domain, and the hardware and software components of UCP.

Product versionThis guide applies to release 4.x of UCP.

Related documentThe following documents contain additional information about UCP:

• UCP Pre-Installation Requirements and Configuration Guide —Contains information and procedures you need to be aware of for asuccessful UCP installation.

• UCP Network Architecture and Configuration Guide — Containstechnical reference information about the networking architecture ofUCP systems and provides procedures to help you configure the systemto work in your network environment.

• UCP Director Administrator's Guide — Contains technical and usageinformation for UCP and UCP Director. Describes how to administer UCP

Preface viiUCP Pre-Installation Requirements and Configuration Guide

Director through UCP Director web interface with both VMware vCenterand Microsoft SCVMM.

• UCP Director API Reference Guide — Describes how to use the UCPDirector API.

• UCP Director CLI Reference Guide — Describes how to use the UCPDirector CLI.

• UCP Director Third-Party Copyrights and Licenses — Containscopyright and license information for the third-party softwaredistributed with or embedded in UCP Director.

• UCP DOC Administrator's Guide — Contains technical and usageinformation for Unified Compute Platform Director Operations Center(UCP DOC). Describes how to administer UCP DOC through UCP DOCConsole.

• UCP DOC API Reference Guide — Describes how to use the UCP DOCAPI.

• UCP DOC CLI Reference Guide — Describes how to use the UCP DOCCLI.

CommentsPlease send us your comments on this document:

[email protected]

Include the document title and number, including the revision (forexample, -01), and refer to specific sections and paragraphs wheneverpossible. All comments become the property of Hitachi Data Systems.

Thank you!

Comments

viii Preface


mailto:[email protected]

Getting helpHitachi Data Systems Support Portal is the destination for technicalsupport of products and solutions sold by Hitachi Data Systems. To contacttechnical support, log on to Hitachi Data Systems Support Connect forcontact information: https://support.hds.com/en_us/contact-us.html.

Hitachi Data Systems Community is a global online community for HDScustomers, partners, independent software vendors, employees, andprospects. It is the destination to get answers, discover insights, and makeconnections. Join the conversation today! Go to community.hds.com,register, and complete your profile.

Getting help

Preface ixUCP Pre-Installation Requirements and Configuration Guide



https://community.hds.com/

http://community.hds.com/

x Preface


Installation process overview

The UCP installation process is divided into four distinct phases. Thisdocument describes what takes place during each phase. It also includesthe supplemental information that you can use to help ensure that your siteis ready for a UCP installation.

The four phases of installation are:

1. "Plan"

2. "Build"

3. "Deploy"

4. "Operate"

PlanConfiguration planning starts when you purchase a UCP system. At thispoint, HDS personnel will work with you to select the hardwareconfiguration that is right for your immediate use and future needs. Theseconsiderations include the:

• Type of system that will be installed, whether default or production

• Number of racks that will be installed

• Number of chassis in each rack

• Number of blades in each chassis and the configuration of eachindividual blade (CPU type and amount of RAM)

Chapter 1: Installation process overview 1UCP Pre-Installation Requirements and Configuration Guide

1

• Type of storage system that will be used and the configuration of thestorage system

• Type of network used, whether Cisco or Brocade

In configurations with more than one UCP site, Unified Compute PlatformDirector Operations Center (UCP DOC) can be used to monitor all sitessimultaneously. In addition, when managing more than one site in UCPDOC, you can select to use UCP Disaster Recovery to support volumereplication between the two sites. Using UCP Disaster Recovery to automatestorage replication simplifies the configuration of site failovers in VMwareSite Recovery Manager (SRM).

To use Disaster Recovery, work with HDS personnel to address theconfiguration parameters. These parameters include:

• Distance between the two UCP sites

• Choice of array replication technology (asynchronous or synchronous)

• Choice of site-to-site connectivity

• Replication workload and site sizing

The information collected during this phase is used to configure the site orsites during the Build phase.

By the end of the Plan phase, you will have all of the necessary informationto ensure that your environment is ready for the upcoming UCPdeployment. Additional information will be provided upon order placementthat will clearly communicate:

• Build time and location

• Howmuch of the system will be preassembled by HDS

• How involved the on-site system installation will be

Responsibilities

It is the responsibility of HDS personnel to work with you in determining thesystem configuration for each site and to provide information that you willuse to setup your datacenter before deploying UCP for VMware vCenter.

It is your responsibility to work with HDS personnel to:

2 Chapter 1: Installation process overview


Plan

• Specify the configuration of the system that will be assembled duringthe Build phase

• Confirm that the environment meets the physical requirements(including adequate power and cooling) of UCP

• Provide information that will be used during the later phases

• Ensure that all sites have connectivity to UCP DOC if using UCP DOC tomanage more than one site

• Ensure that a replication link with adequate bandwidth is availablebetween the sites if you will be using UCP Disaster Recovery to managevolume replication between two or more sites

BuildDuring this phase, HDS will:

• Fully assemble all system hardware

• Prepare the management block for deployment to your site

• Validate all component connectivity to ensure rapid on-site deployment

• Prepare and ship the system to your site

While HDS is preparing your UCP system, HDS personnel will work with youto define a number of environment variables that will be used during theDeploy phase.

Responsibilities

It is the responsibility of HDS to build your system and work with you todetermine the environment variables that will be used during the Deployphase.

It is your responsibility to work with HDS personnel to specify and configurethe environment variables needed to deploy UCP.


Build

DeployWhen the preconfigured UCP system arrives, HDS personnel will be ready toperform the following:

• Reassemble the system from the shipped containers

• Validate all component connectivity

• If existing storage is being used, HDS personnel will prepare, integrate,and validate UCP with the existing storage

• Configure system network settings

• Deploy and configure UCP Director

• Add all components to UCP Director inventory

• Connect UCP to the production network

Note: UCP must be installed by trained Hitachi Data Systems personnel orqualified partners. UCP is not a product that can be installed withouttrained assistance.

Responsibilities

It is the responsibility of HDS personnel to build, configure, and ensure thatUCP works with your environment.

It is your responsibility to assist HDS personnel as needed to ensure afunctional deployment.

OperateAfter deployment, HDS personnel will assist in training you on how to useUCP. This includes:

• A demonstration of UCP Director Console

• An overview of the features of UCP Director

• Answering questions that you may have regarding the system

Additional services may be available depending on your needs



Deploy

Responsibilities

It is the responsibility of HDS personnel to assist you in understanding thecomponents and use of UCP.


Operate

Safety requirements

Install Hitachi equipment in accordance with the local safety codes andregulations that apply to the facility. This chapter contains additional safetyinformation that may apply to your facility. Read and follow the safetyguidelines in this chapter before installing the equipment.

The key sections in this chapter are:

• "General safety guidelines"

• "Work safety guidelines"

• "Electrical safety guidelines"

General safety guidelinesObserve the following general site guidelines:

• General requirements — The data center must comply with allapplicable safety regulations, standards, and requirements for installingand operating industrial computer equipment similar to UCP.

• Fire protection — The data center must have an operational fireprotection system appropriate for use with computer and electricalequipment.

• Hazards — The data center must be free of hazards (for example, cableson the floor that block access or that can cause people to trip).

• Equipment modifications — Do not make mechanical or electricalmodifications to the equipment. Hitachi Data Systems is not responsiblefor regulatory compliance of a modified Hitachi Data Systems product.

Appendix A: Safety requirements 7UCP Pre-Installation Requirements and Configuration Guide

A

• Earthquake safety — To minimize personal injury in the event of anearthquake, securely fasten the base server rack and the optionalexpansion server rack to a rigid structure that extends from the floor tothe ceiling or from the walls of the room.

• Cabling — Do not block walkways when routing cables. Do not placeheavy materials on cables. Do not place cables near any possible sourceof heat.

• Warning and safety labels — Safety warnings, cautions, and instructionsin various languages are attached to UCP components. The safetywarnings provide guidelines to follow when working with any equipment.Hitachi Data Systems recommends that you read all warning labels onthe hardware. If warning labels become dirty, damaged, unreadable, orpeel off, contact the Hitachi Data Systems support center.

• Authorized personnel — Allow only qualified and authorized personnel(such as a certified electrician) to perform hazardous tasks.

Work safety guidelinesObserve the following site guidelines:

• Do not wear loose clothing that could get caught in the equipment ormounting hardware. Fasten your tie or scarf and roll up your sleeves.

• Wear safety glasses when working under conditions that are hazardousto your eyes.

• Do not perform any action that creates a potential hazard to people ormakes the equipment unsafe.

• Keep walkways clear of tools, power cables, and parts to prevent themfrom being stepped on or causing people to trip and fall over them.

• Do not work on the equipment or disconnect cables during athunderstorm, when wearing a wool sweater or other heavy woolclothing, or when power is applied.

• Keep floors dry to prevent slips and falls.

• Do not use ungrounded power cables.

• Keep the area clear and dust-free during and after installation.

8 Appendix A: Safety requirements


Work safety guidelines

• Do not block or cover equipment openings. Ensure that all equipmenthas adequate airflow. Failure to follow these guidelines can causeoverheating and affect the system reliability.

• Use enough personnel when moving a rack, especially on sloping loadingdocks and ramps to a raised computer room floor. Move the cabinetslowly and deliberately and make sure that the floor is free from foreignobjects and cables. UCP racks are equipped with casters so that you canmove them short distances to position them for final installation.

WARNING: To avoid injury, wear protective footwear when movingequipment.

Warning about moving parts

Even though customers do not install or maintain equipment, theseguidelines are provided to prevent possible injury when working withauthorized service personnel. Observe the following warnings related tomoving parts:

• Tuck in any loose clothing so that it cannot be caught by moving orrotating parts, such as a fan.

• Tie back long hair.

• Unless specifically instructed to the contrary, do not supply power to anydevice that contains rotating or moving parts that are not properlycovered.

Electrical safety guidelinesEven though customers do not install or maintain equipment, theseguidelines are provided to prevent possible injury when working withauthorized service personnel in the area where equipment is installed.Observe the following electrical safety guidelines:

• Disconnect all power before installing, uninstalling, or movingequipment.

• Ensure that the voltage and frequency of your power source match thevoltage and frequency required by the system.

Appendix A: Safety requirements 9UCP Pre-Installation Requirements and Configuration Guide

Electrical safety guidelines

• Follow proper grounding procedures to reduce the risk of electric shockor damage to equipment. All equipment should be properly groundedfor proper operation and safety.

10 Appendix A: Safety requirements


Electrical safety guidelines

Physical installation requirements

This chapter provides physical site and system requirements andspecifications that are needed to plan a UCP installation and prepare the sitewhere the system will be installed so that the equipment installation isefficient and trouble-free.

Because each UCP installation is different, based on what compute andstorage options are chosen, this chapter does not provide all of theinformation that is needed for every installation. Hitachi Data Systemspersonnel will assist in planning the requirements for your individualinstallation.

The key sections in this chapter are:

• Equipment clearances

• Environment

• Mechanical specifications

• Environmental specifications

• Environmental specifications

• Electrical specifications

• Heat output and air flow

Equipment clearancesReceiving areaThe receiving dock, storage area, and receiving area must be large enoughto allow movement of, and access to, crated or packed equipment. Thedimensions of a shipping crate for a single rack are shown in the following

Appendix B: Physical installation requirements 11UCP Pre-Installation Requirements and Configuration Guide

B

table.

Height Width Depth

86 in. / 2184 mm 42 in. / 1067 mm 54 in. / 1372 mm

Other areasThe hallways, doorways, ramps, and elevators must be large enough toallow UCP racks to be moved to the installation location. Unless the distancebetween the receiving dock and the data center is very long, UCP systemsare typically unpacked in the receiving area and the individual racks withpreinstalled equipment are rolled on their casters to the data center.

EnvironmentThe following table lists general requirements that the data center mustmeet:

Item Description

General The data center must provide appropriate power, airconditioning, cabling, and fire protection.

ESD The data center must provide adequate protectionfrom electrostatic discharge (ESD).

Electrical interference The data center must provide adequate protectionfrom electrical/radio frequency interference.

Contamination The data center must provide adequate protectionfrom dust, pollution, and particulate contamination.

Acoustics The data center must provide adequate acousticinsulation for operating the system.

User-supplied hardware This includes cables, connectors, and receptacles thatmust be available and ready when the system isinstalled.

12 Appendix B: Physical installation requirements


Environment

Mechanical specificationsThe following table lists the mechanical specifications of a UCP rack.

Dimension Value

Height (in /mm) 79.1 / 2009

Width (in /mm) 23.6 / 600

Depth (in /mm) 47.25 / 1200

Equipment weightThe floors, elevators, and ramps must be able to support the weight of thedelivered equipment as it is moved to the installation location. Spreaderplates may be required to distribute the load and protect the floor as theequipment is moved from the receiving area to the installation location.

Note: The values listed below have been rounded up to the nearest tenpounds, then converted to Kilograms.

UCP 4000 with Brocade Ethernet configuration rack weight

The following table lists the weight specifications of a UCP 4000 rack in aBrocade Ethernet configuration.

Description Value (Approx)

Base compute rack weight (with 1 chassis, lbs / kg) 870 / 394

Expansion compute rack weight (with 1 chassis, lbs / kg) 740 / 335

CB500 with 8 blades (lbs / kg) 270 / 122

UCP 4000 with Cisco Ethernet configuration rack weight

The following table lists the weight specifications of a UCP 4000 rack in aCisco Ethernet configuration.


Base compute rack weight (with 1 chassis, lbs / kg) 980 / 444

Expansion compute rack weight (with 1 chassis, lbs / kg) 820 / 372



Mechanical specifications

UCP 4000E Cisco converged configuration rack weight

The following table lists the weight specifications of a UCP 4000E rack.


4000E w/ VSP G200 & 1 fully populated SFF trays (with 1 fullypopulated chassis, lbs / kg)

1110 / 503

4000E w/ VSP G400/600/800 & 1 fully populated SFF trays(with 1 fully populated chassis, lbs / kg)

1200 / 544

4000E w/ VSP 800 & 1 fully populated SFF trays with 1 fullypopulated chassis, lbs / kg)

1300 / 589


VSP Gx00 SFF drive tray with 24 SFF HDDs 60 / 27

Environmental specificationsThe following table provides the environmental specifications andrequirements of a UCP rack.

Item Operating Not operating In storage

Temperature (ºF /ºC)2

60.8 - 80.9 / 16to 32

-18 - 109.4 / -10 to 43 -45 - 140 / -25 to 60

Relative Humidity(%)

20 to 80 8 to 90 5 to 95

Max.Wet Bulb (ºF/ ºC)5

78.8 / 26 80.6 / 27 84.2 / 29

TemperatureDeviation perHour (ºF / ºC)

50 / 10 50 / 10 68 / 20

Vibration to 10Hz:0.25 mm

10 to 300 Hz 0.49m/s

5 to 10 Hz: 2.5 mm10 to 70 Hz: 4.9 m/s70 to 99 Hz: 0.05 mm99 to 300 Hz: 9.8 m/s

Sine Vibration: 4.9 m/s, 5 min.At the resonant frequency withthe highest displacement foundbetween 3 to 100 Hz6

Random Vibration: 0.147 m/s7

30 min, 5 to 100 Hz

EarthquakeResistance (m/s)

Up to 2.510 - -



Environmental specifications

Item Operating Not operating In storage

Shock - 78.4 m/s, 15 ms Horizontal: Incline Impact 1.22m/s8

Vertical: Rotational Edge 0.15 m9

Altitude -60x to 3,000m -60x to 3,000m -

Notes:

1. - Environmental specification for operating condition should be satisfied before the storagesystem is powered on. Maximum temperature of 32°C should be strictly satisfied at air inlet portion.2. - Recommended temperature range is 21 to 24°C.3. - Non-operating condition includes both packing and unpacking conditions unless otherwisespecified.4. - On shipping/storage condition, the product should be packedwith factory packing.5. - No condensation in and around the drive should be observed under any conditions.6. - The above specifications of vibration are applied to all three axes.7. - See ASTM D999-01 The Methods for Vibration Testing of Shipping Containers.8. - See ASTM D5277-92 Test Method for Performing ProgrammedHorizontal Impacts Using anInclined Impact Tester.9. - See ASTM D6055-96 Test Methods for Mechanical Handling of Unitized Loads and LargeShipping Cases and Crates.10. - Time is 5 seconds or less in case of the testing with device resonance point (6 to 7Hz).

Electrical specificationsThe following table lists the electrical specifications of UCP, including powerrequirements and power consumption.

UCP 4000 base & expansion rack power requirements

PDU options

Requirement US single phase US three phaseEMEA/APACsingle phase

EMEA/APAC threephase

Phase AC, single phase 2wire + ground

AC, three phase 3wire + ground

AC, single phase 2wire + ground

AC, three phase 3wire + ground

Voltage, frequency,and amps

208 V +/-5%, 60Hz, 50A

208 V +/-5%, 60Hz, 50A

230 V +/-6%, 50Hz, 60A

400 V +/-6%, 50Hz, 32A

PDU plug type CS8265P CS8365P IEC60309 IEC60309


Electrical specifications

Quantity of required PDU dropsThe following table shows the quantity of required PDUs. PDU placement isdesigned so that half of the installed PDUs are attached to the primarypower system and the other half to the secondary for a fully redundantconfiguration.

Qty of Chassisin Rack

US singlephase

US threephase

EMEA/APACsingle phase

EMEA/APACthree phase

EMEA/APACthree phase

All Racks All Racks All Racks Rack 1 Only Rack2/3/4

1 Chassis 2 2 2 2 2

2 Chassis 4 4 4 2 2

3 Chassis 6 6 6 4 2

4 Chassis 6 6 6 4 4

UCP 4000 with Brocade Ethernet power consumption

Requirement Rack #1 (with 1 chassis) Rack #2-#4 (with 1 chassis)CB500 with 8

blades

Typical 5276 KW 4.832 KW 4.142 KW

Maximum 6.543 KW 6.099 KW 5.291 KW

UCP 4000 with Cisco Ethernet power consumption

Requirement Rack #1 (with 1 chassis) Rack #2-#4 (with 1 chassis)CB500 with 8

blades

Typical 6.283 KW 5.263 KW 4.153 KW

Maximum 8.098 KW 6.650 KW 5.32 KW

UCP 4000E rack power requirements

PDU Options




Requirement US single phaseEMEA / APAC single

phase

Phase AC, single phase 2 wire + ground AC, single phase 2wire + ground

Voltage,frequency andamps

208V +/-5%, 60 Hz, 30A 230V +/-6%, 50 Hz,32A

PDU plug type NEMA L6-30 IEC60309P

Quantity of required PDU dropsThe following table shows the quantity of required PDUs. PDU placement isdesigned so that half of the installed PDUs are attached to the primarypower system and the other half to the secondary for a fully redundantconfiguration.

Qty of Chassis in Rack US single phase EMEA/APAC single phase

1 Chassis 4 4

2 Chassis 6 6

3 Chassis 8 8

A minimum of two 0RU vertical PDUs are needed, and will provide power to;the management servers, converged Ethernet switches, the storage arraycontroller (VSP G200, G400, G600, or G800), and up to six fully populatedSFF drive trays (with spinning disks). Two, four, or six 1RU PDUs will beneeded based on the quantity of chassis installed in the 4000E solution.

UCP 4000E single rack power consumption

Requirement

4000E (with 1 chassis & 1 SFF Drive trayand either of the models below)

CB500with 8blades

SFF Drivetray w/ 24HDDVSP G200 w/ SVP

VSP G400/G600w/ SVP

Typical 7.014 KW 7.614 KW 4.064 KW 600

Maximum 8.699 KW 9.299 KW 5.211 KW N/A



Grounding

The site and equipment must meet all of the following conditions ofinstallation for grounding.

• An insulated grounding conductor that is identical in size and insulationmaterial and thickness to the grounded and ungrounded branch-circuitsupply conductors. It must be green, with or without yellow stripes, andmust be installed as a part of the branch circuit that supplies the unit orsystem.

• The grounding conductor described above should be grounded to earthground at the service equipment or other acceptable building earthground. In the case of a high rise steel-frame structure, this can be thesteel frame.

• The attachment-plug receptacles in the vicinity of the unit or systemmust include a ground connection. The grounding conductors servingthese receptacles must be connected to earth ground at the serviceequipment or other acceptable building earth ground such as thebuilding frame in the case of a high-rise steel-frame structure.

Power connection

The AC power input for UCP has a single PDU structure, but power can beremoved from one of the PDUs for servicing without having to shut downthe entire system.

Note: Site power can be connected to the PDUs at either the top orbottom of the racks.

Heat output and air flowThe server chassis, the disk chassis, and the Ethernet switch contain frontand/or rear fans to circulate air through the units from front to back. Airflows in through the front bezel to the rear of the component and exitsthrough the perforations in the rear door. Either the front fans or the rearfans can cool the chassis by themselves. The racks do not contain fans.Airflow is from front to back.



Heat output and air flow

User accounts

The following table describes the default account names associated withyour UCP system.

Type Account Details

AD account - SQL Serverservice account

ucp\svc_sql Domain user, local admin on SQL server

AD account - UCP Directorservice account

ucp\svc_ucp UCP user, sysadmin role on SQL Server, localadmin on vCenter Server, local admin on UCPmanagement server

AD account - UCP local domainadmin account

ucp\administrator Domain admin

AD account - UCP local domainaccount

ucp\ucpadmin Domain user admin for the UCPManagement VM

AD account - vCenter Serverservice account when usingVMware vCenter

ucp\svc_vcntr Domain user, local admin on vCenter Server

AD account - SCVMM Serverservice account when usingSCVMM

ucp\svc_scvmm Domain user, local admin on vCenter Server

HCSM, HDvM - Built-in adminaccount

system HDvM/HCSM Administrator

HCSM, HDvM - UCP Directoruser account

ucpadmin HDvM Administrator

Microsoft SQL Server - Built-inadmin account

sa

Appendix C: User accounts 19UCP Pre-Installation Requirements and Configuration Guide

C


Microsoft SQL Server - SQLsyslogin account when usingVMware vCenter

svc_sso DB owner for VMware RSA database

Microsoft SQL Server - SQLsyslogin account when usingVMware vCenter

svc_updatemgr DB owner for VMware Update Manager database

SRM service account whenusing VMware vCenter

ucp\svc_srm

UCP DOC service account ucp\svc_ucpdcntr Domain User, Service Account for UCP DOC

UCPManagement VM RabbitMQaccount

ucp Used for UCPManagement VM internal AMQPservices

UCPUtility Linux built-inaccount

root

UCPUtility Linux SVP serveraccount

ucpscp

Windows Deployment Servicesaccount

ucp\ucp_wdsdeploy

AD Account - Used by thedeployment process to join anexisting domain

ucpjoin Not created when AD is internal to the UCPAppliance. Needs “Managed by” permission onManagement Stack computer objects.

Windows VM built-in adminaccount

administrator

The following accounts are created by our automated AD installation andare optional in an External AD environment:


AD account – UCPNetwork administrator

UCP\ucpNetworkAdmin Default account for networkadministrative functions only

AD account – UCP Serveradministrator

UCP\ucpServerAdmin Default account for Serveradministrative functions only

AD account – UCPStorage administrator

UCP\ucpStorageAdmin Default account for Storageadministrative functions only

AD account – UCP DOCadministrator

UCP\ucpdcntr Default account for DOCadministrative functions only

20 Appendix C: User accounts


For more information on how to setup and configure the Active Directoryelements, see Appendix F: "Active Directory configuration".

Appendix C: User accounts 21UCP Pre-Installation Requirements and Configuration Guide

22 Appendix C: User accounts


Hardware accounts

The following table describes the default account names for the varioushardware elements within your UCP system.

Hardwareelement

Applicableconfigurations

Default accountname Permission Description

Brocade VDX6746 andVDX 6740 orEthernetswitches

Brocade Ethernet admin Administrator Factory defaultadministrator account

user User Factory default useraccount

ucpadmin Administrator Account used by UCP

ucpsnmpuser User (monitoringonly)

Account used for SNMPnotifications

Cisco NX5548Ethernetswitches

Cisco convergedCisco Ethernet

admin Administrator Factory defaultadministrator account





BrocadeFCX648

Brocade Ethernet admin Administrator Factory defaultadministrator account

ucpadmin Administrator Account used for UCP

Cisco NX3048

Cisco Ethernet admin Administrator Factory defaultadministrator account

ucpadmin Administrator Account used for UCP

Appendix D: Hardware accounts 23UCP Pre-Installation Requirements and Configuration Guide

D

Hardwareelement

Applicableconfigurations

Default accountname Permission Description

Brocade 5460and 6510Fibre Channelswitches

Brocade EthernetCisco Ethernet

root Root Factory default rootaccount

admin Administrator Factory defaultadministrator account

factory Factory Factory default factoryaccount



ucpmgmt Administrator Account used forvFab1 management(Brocade 6510A &6510B only)



HitachiCB500 bladechassis

Cisco convergedBrocade EthernetCisco Ethernet


Hitachi 520Hblade serverBMC

Cisco convergedBrocade EthernetCisco Ethernet


CR210HM Cisco convergedBrocade EthernetCisco Ethernet

ucpadmin Administrator Default remotemanagement consoleaccount

24 Appendix D: Hardware accounts


UCP Disaster Recovery requirements

UCP Disaster Recovery is an optional add on that is used to automatevolume replication between two UCP installations. With UCP 4000 VMwarevSphere model, it enables you to use VMware SRM to set up a recovery planand perform site failovers. With UCP 4000 Microsoft Private Cloud model,you can use UCP Disaster Recovery when using SCVMM.

This chapter explains the UCP Disaster Recovery configuration andrequirements.

Planning and sizingIf you select to install UCP Disaster Recovery and automated storage-basedreplication, HDS personnel will work with you to define remote copyplanning and design (RCP and D). This is needed to determine the resourceand hardware requirements for your configuration.

At this time, HDS personnel will help you determine the compute andstorage requirements of the replication site, as well as the replicationtechnology that you can use. At the end of this engagement, you should beable to identify the:

• Compute and storage requirements of recovery site

• Distance between the 2 sites

• Choice of Replication technology

Appendix E: UCP Disaster Recovery requirements 25UCP Pre-Installation Requirements and Configuration Guide

E

Site connectivityUCP Disaster Recovery is an add-on to UCP DOC. HDS personnel willconfigure each identified UCP site for disaster recovery. Each site also needsto have connectivity to the UCP DOC installation.

Before UCP sites can be installed and configured for UCP Disaster Recovery,you need to setup and configure the Fibre Channel connectivity betweenthem that was identified during planning and sizing. The Fibre Channelconnectivity is then used for replication.

A dedicated replication link is recommended to support low latencyconnectivity and close to zero recovery point objective (RPO) for replication.

26 Appendix E: UCP Disaster Recovery requirements


Site connectivity

Active Directory configuration

This chapter explains the AD configuration that UCP needs in order tofunction. This can be used to assist you in preparing your existing ADinfrastructure if you decide to use it, or will explain how the ADinfrastructure is setup if you decide to use the AD server that is included inthe management block.

The key sections of this chapter are:

• "New Active Directory deployment"

• "Existing Active Directory deployment"

New Active Directory deploymentUsing the AD server that is included in the management block ensures thatthe AD infrastructure is setup correctly and will function with UCP. It alsohelps ensure that changes to your existing AD infrastructure do notnegatively impact the operation of UCP. Using the AD server that is includedin the management block also means that the need for an informationtechnology infrastructure library (ITIL) or other change managementprocess will not be required.

The AD that is included with UCP can be integrated into your existinginfrastructure either through DNS forwarding or through an AD externaltrust relationship.

When integrating the UCP AD server into your AD infrastructure through anexternal trust, you can establish a one-way outgoing trust to yourproduction AD. This enables you to configure the groups that canadminister or use the UCP system without needing to make changes to, andpotentially interfere with the operation of, UCP Director.

Appendix F: Active Directory configuration 27UCP Pre-Installation Requirements and Configuration Guide

F

Existing Active Directory deploymentTo use your existing AD infrastructure, changes will need to be made toaccommodate UCP. This is because UCP will be fully integrated into yourproduction AD infrastructure and will be dependent on it to functioncorrectly.

Because of this, using an existing AD infrastructure is more complex thanusing the AD server that is included in the UCP management block. Toensure changes are not made that negatively impact the performance ofUCP Director, using an existing AD infrastructure requires strong changemanagement controls to be in place. If you decide to use your existing ADinfrastructure, consult with HDS personnel to ensure that your changemanagement controls are sufficient.

If you decide to use your existing AD infrastructure, you will need to makethe configuration changes specified in the following sections to ensure thatthe operating systems, groups, and accounts that UCP Director relies on arein place before UCP is installed.

• "AD Environment"

• "Defining the OU structure"

• ""

• "Creating service accounts"

• "Creating AD groups for vCenter"

• "Creating Machine Accounts for UCP"

AD Environment

In order to properly integrate the UCP management block into yourenvironment, we will need the following information:

• IP address and FQDN of an AD domain controller on the domain youwant to integrate into

• DNS and NETBIOS (if a disjointed domain) domain names of yourAD environment

28 Appendix F: Active Directory configuration


Existing Active Directory deployment

• The IP addresses of the primary and secondary DNS servers in yourenvironment

Defining the OU structure

Because UCP is heavily dependent on your Active Directory, it isrecommended that UCP be isolated in a separate OU structure, in a top levelOU called HDS_UCP. Computer accounts, groups, and service accountsneed to be created in the UCP OU structure. Specifically, this OU structure isused for the groups, computer accounts, user accounts, and serviceaccounts used to manage UCP and not the VMs that UCP supports. Thefollowing are the child OU entities that should be created in the parent UCPOU:

• UCP Computers

• UCP Groups

• UCP Users

• UCP Service Accounts

Important: For installation, it is recommended that Group PolicyInheritance be turned off on the parent UCP OU. This is because theinstallation of the management stack may require operations that may beblocked by Group Policy Objects inherited from the UCP OU’s parent object.Additionally it is recommended that you check for any policies that mayoverride the “Block Inheritance” option on the UCP OU by setting the“Enforced” option on a GPO.

Creating AD user accounts

This section lists the AD user accounts that need to be created based on thehypervisor manager that you use:

• ""

• "Creating AD user accounts for SCVMM"

Note: Document the user accounts and passwords created, as these will beasked for and used during the UCP deployment process.



Creating AD user accounts for vCenter

Use an account with domain administrator rights to the infrastructuredomain to add the following user accounts in Microsoft Active Directory:

• ucpadmin — The UCP system administrator account. This account needsto be added to the UCP_Admins group and the password should be setto never expire.

• ucpnetworkadmin — The UCP network administrator account. Thisaccount needs to be added to the UCP_NetworkAdmins group and thepassword should be set to never expire.

• ucpserveradmin — The UCP server administrator account. This accountneeds to be added to the UCP_ServerAdmins group and the passwordshould be set to never expire.

• ucpstorageadmin — The UCP storage administrator account. Thisaccount needs to be added to the UCP_StorageAdmins group and thepassword should be set to never expire.

• ucp_wdsdeploy — The UCP WDS image deployment account. Thisaccount is an administrator of the WDS VM. This account is not part ofany AD group, and its password is set to never expire.

• ucpjoin — The user used to join your domain. This account will needpermissions to manage the computer objects created for themanagement stack.

The actual names of these accounts are specified in Appendix C: "Useraccounts".

Creating AD user accounts for SCVMM

Use an account with domain administrator rights to the infrastructuredomain to add the following user accounts in Microsoft Active Directory:

• ucpadmin — The UCP system administrator account. This account needsto be added to the UCP_Admins group and the password should be setto never expire.

• ucp_wdsdeploy — The UCP WDS image deployment account. Thisaccount is an administrator of the WDS VM. This account is not part ofany AD group, and its password is set to never expire.




• ucpjoin — The user used to join your domain. This account will needpermissions to manage the computer objects created for themanagement stack.


When the UCP AD is integrated with your AD, you can crate additional useraccounts in these security groups to control access to the resources in UCPDirector.

Creating service accounts

This section lists the service accounts that need to be created based on thehypervisor manager that you use, as follows:

• "Creating service accounts for vCenter"

• "Creating service accounts for SCVMM"

Creating service accounts for vCenter

The following accounts are added to the Service_Accounts OU in AD:

• svc_vcntr — The account that the vCenter server service runs under.This account needs local administrator access on the vCenter server.

• svc_sql — The account that the SQL server service runs under. Thisaccount needs local administrator access on the SQL server.

• svc_ucp — The account that the UCP server service runs under. Thisaccount needs the system administrator role on SQL VM and localadministrator on the UCPManagement VM.

• svc_ucpdcntr — The UCP Datacenter service account. This account is anadministrator of the UCPDatacenter VM including the local SQL Expressinstance. This account runs the internal Datacenter Director services.Optional for customers who have not purchased the disaster recoveryoption.

• svc_srm — The UCP SRM account. This account is an administrator ofthe SRM VM.




Creating service accounts for SCVMM

The following accounts are added to the Service_Accounts OU in AD:

• svc_sql — The account that the SQL server service runs under. Thisaccount needs local administrator access on the SQL server.

• svc_ucp — The account that the UCP server service runs under. Thisaccount needs the system administrator role on SQL VM and localadministrator on the UCPManagement VM.

• svc_ucpdcntr — The UCP Datacenter service account. This account is anadministrator of the UCPDatacenter VM including the local SQL Expressinstance. This account runs the internal Datacenter Director services.This account is optional for an SCVMM environment.

• svc_scvmm — The account that the SCVMM server service runs under.This account needs local administrator access on the SCVMM server.


Creating AD groups

This section lists the groups that need to be created based on thehypervisor manager that you use, as follows:

• "Creating AD groups for vCenter"

• "Creating AD groups for SCVMM"

Creating AD groups for vCenter

UCP tightly integrates itself into the vSphere infrastructure and we give youthe option to control access to the various UCP operations by defining rolesto different types of operations. In order for you to best control access tothose roles, it is recommended that security groups be created in the ADstructure.

In order to manage these roles, the following groups need to be added tothe UCP Groups OU in AD:




• UCP_Admins — A security group used to grant full administrative accessto users in UCP. Users that are added to this group will have network,server, and storage administrator access. This group needs to be addedto the vCenter UCP System Administrator role.

• UCP_NetworkAdmins — A security group used to grant networkadministration access to users in UCP. This group needs to be added tothe vCenter UCP Network Administrator role.

• UCP_ServerAdmins admin group — A security group used to grantserver administration access to users in UCP. This group needs to beadded to the vCenter UCP Server Administrator role.

• UCP_StorageAdmins admin group — A security group used to grantstorage administration access to users in UCP. This group needs to beadded to the vCenter UCP Storage Administrator role.

• UCP_AmqpConsumers — The account specified when registering a UCPsite into UCP DOC must be a member of this group. ucpadmin and svc_ucpdcntr are members of this group. This group is also used by UCPDOC to read monitor data from UCP Director.

Creating AD groups for SCVMM

The following groups are added to the UCP OU in AD:

• UCP_Admins — A security group used to grant full administrative accessto users in UCP. Users that are added to this group will have network,server, and storage administrator access.

• UCP_AmqpConsumers — The account specified when registering a UCPsite into UCP DOC must be a member of this group. ucpadmin and svc_ucpdcntr are members of this group. This group is also used by UCPDOC to read monitor data from UCP Director.

Creating Machine Accounts for UCP

Because of the complicated nature of AD, it is recommended that you pre-create Active Directory computer objects for all the UCP Managementvirtual machines. In addition to creating these objects, their “Managed By”attribute should be set to the domain join user listed in Appendix C: "Useraccounts".



The actual names of the UCP Management virtual machines can becustomized to fit your organizations requirements, however, there areMicrosoft imposed limitations on name length as well as a restriction on thename of the SCVMM virtual machine that is explained in that section.

Machine accounts for vCenter

The following computer accounts need to be created:

• WSUS

• vCenter

• UCPUtility

• UCPManagement

• SQL

• HCS

• WDS

• HTnM

• Workstation

All computer accounts may not be longer than 15 characters as per aMicrosoft limitation on naming.

Optional machine accounts for vCenter

The following computer accounts are required only if you have purchasedSRM for Disaster Recovery:

• UCPDatacenter

• REPL


Machine Accounts for SCVMM

The following computer accounts need to be created:




• WSUS

• SCVMM *

• UCPUtility

• UCPManagement

• SQL

• HCS

• WDS

• HTnM

• Workstation


Note: The name of the SCVMM virtual machine may not have the string “-SCVMM-“ in its name, due to a Microsoft restriction on the SCVMM service.



Storage system requirements

This appendix covers the different requirements for a UCP storage system.

The following is a list of the base components that are delivered with astorage system that is part of UCP. Additional storage resources should beadded to the order based on storage capacity and performancerequirements.

• Front End Director (FED) port requirements

¡ UCP requires a minimum of eight dedicated Fibre Channel ports.

¡ The Fibre Channel ports are dedicated to the UCP system and mustbe connected to the UCP Fibre Channel switches as an isolated SANin a predetermined cabling configuration for optimal availability andworkload distribution. Additional ports, up to sixty-four total, can beconnected to UCP.

¡ Four of these ports will be used by the UCP management servers andall eight can be used by the compute blade resources (Dedicatedports for management are no longer required, but is an optionalconfiguration).

¡ If UCP will be used with the Disaster Recovery Option, additionalports (above and beyond the minimum of 8) must be accounted foron the storage array.

• Storage capacity requirements

¡ The storage system will have one 3.6TB parity group of 600GB SAS10K rpm disks arranged in a RAID 6 (6D+2P) configuration. Thisstorage space is used exclusively by the UCP management block.

Appendix G: Storage system requirements 37UCP Pre-Installation Requirements and Configuration Guide

G

¡ There will be at least one spare disk available in the storage systemfor the management parity group.

¡ Virtual volumes will be carved out to support SAN datastores for themanagement block. A pool ID will need to be allocated for themanagement pool. Host groups (HGs) assigned to the managementports will be created to allow the management block access to thestorage with LUN security.

¡ Additional capacity needs to be added to the UCP order for use in thedeployment of VMs and related data storage requirements. Thiscapacity will be in the form of additional disks, parity groups, andpools. Compute resources consume pools of storage, which can bemade up of any combination of internal or external storage. Pools caneither HDP or HDT. All storage used by UCP management andcompute resources should be installed and configured prior to UCPinstallation.

• Configuration requirements

¡ An administrator-level user account is provided for UCPmanagement to enable UCP Director to provision and monitorstorage on the storage system.

¡ The storage system must be managed by an element manager suchas HDvM. An instance of HDvM on the management block is createdduring UCP deployment and is used to manage the storage system.

¡ Resource groups are used for managing storage resources.

• Networking requirements

¡ When deployed as a UCP dedicated resource, the UCP storage systemis connected directly to the 1GbE management network.

¡ Routing from the UCP Element management network and thecustomer network is only required if the customer desires storagesystem management access, or SNMP messaging and alertingoutside of UCP.

• Third-party backup

¡ Third party backup environments are supported as long as they areconnected directly to the storage system or the Fibre Channelmanagement switches.

38 Appendix G: Storage system requirements


¡ Additional FED ports would be required to support the additionalSAN workload.

Appendix G: Storage system requirements 39UCP Pre-Installation Requirements and Configuration Guide

40 Appendix G: Storage system requirements


Shared storage system requirements

This appendix covers the different requirements needed to use a sharedstorage system. The following is a list of the requirements to use an existingVSP or HUS-VM storage system with UCP.

• Front End Director (FED) port requirements

¡ UCP requires eight available dedicated Fibre Channel ports.

¡ The dedicated Fibre Channel ports must be connected to the UCPFibre Channel switches as an isolated SAN, and can not be connectedto the production SAN.

¡ Four of the dedicated ports must come from the primarycluster/controller on the storage system and Fourof the dedicatedports must come from the secondary cluster/controller on thestorage system.

¡ Additional ports, up to sixty-four total, can be connected to UCP. Thefirst sixteen dedicated ports are connected to the Compute Rack #1,and an additional sixteen can be connected. Up to thirty-twodedicated ports can be connected to the Compute Rack #3, based onIO requirements. Additional ports must be added four at a time, withone pair on the primary cluster/controller and one pair on thesecondary cluster/controller of the storage system.

• Fibre Channel cabling requirements

¡ Use the 10M Fibre Optic cable harnesses to connect the FED ports tothe Fibre Channel switches if the compute Rack are colocated withthe storage system (within approximately seven meters). One cableharness per set of sixteen FED ports is needed.

Appendix H: Shared storage system requirements 41UCP Pre-Installation Requirements and Configuration Guide

H

¡ Individual Fibre Optic cable jumpers of an appropriate length tosupport a direct connection between the storage system and theFibre Channel switches will need to be ordered if the Compute Racksare not colocated with the storage system. The number of cablejumpers used should match the number of ports used.

• Storage capacity requirements

¡ The storage system must have one parity group of 600GB SAS 10Kdisks arranged in a RAID 6D+2P configuration. This storage spaceneeds to be available for exclusive use by the UCP managementservers.

¡ There should be at least one spare 600GB SAS 10K disk available inthe storage system for the management parity group.

¡ The two management group LDEVs will be placed into an HDP pooland virtual volumes will be carved out to support SAN datastores forthe management block. A pool ID will need to be allocated for themanagement pool. Host storage groups (HGs) assigned to themanagement ports will be created to allow the management blockaccess to the storage with WWPN security.

¡ Additional capacity needs to be made available for use in thedeployment of VMs and related data storage requirements. Thiscapacity will be in the form of additional disks, parity groups, andpools. Compute resources consume pools of storage, which can bemade up of any combination of internal or external storage. Pools caneither HDP or HDT. All storage used by UCP management andcompute resources should be installed and configured prior to UCPinstallation.

• Configuration requirements

¡ An administrator-level user account is required for UCP managementto enable UCP Director to provision and monitor storage on thestorage system.

¡ The storage system must be managed by HDvM, and HDvM must beconfigured to relay SNMP traps to UCP Director for alerts to properlyfunction. An existing instance of HDvM can be used or, if there is nopre-existing HDvM instance, the HDvM VM on the managementblock can be used. If a pre-existing HDvM instance is used, it mustbe upgraded to the appropriate version.

42 Appendix H: Shared storage system requirements


¡ A resource group is used for management resources and needs to bedefined in HDvM.

¡ The resource group must contain the non-management computeports on the storage system, the parity groups and LDEVs allocatedto the compute capacity, the pre-defined compute pools, a pre-allocated range of LDEV IDs so UCP Director can allocate virtualvolumes from the compute pools and pre-allocated host groupentries on the compute ports. No other manually defined customerconfiguration should be created on any dedicated UCP resource onthe storage system.

• Networking requirements

¡ If an existing instance of HDvM is used, then routing needs to beenabled between the HDvM subnet and the UCP managementsubnet.

¡ If HDvM is used on the management block in UCP is used, thenrouting needs to be enabled between the storage systemmanagement subnet and the UCP element management subnet.

¡ For firewall port exceptions, see "Required firewall portexemptions"

• Third-party backup

¡ Third party backup environments are supported as long as they areconnected directly to the storage system or the Fibre Channelmanagement switches.

¡ Additional FED ports would be required to support the additionalSAN workload.

Appendix H: Shared storage system requirements 43UCP Pre-Installation Requirements and Configuration Guide

44 Appendix H: Shared storage system requirements


Networking VLAN configuration

UCP for VMware vSphere and Microsoft Private Cloud require the followingsubnets for operation of the compute and management components. Basedon standard datacenter best practices each subnet requires a dedicatedVLAN for traffic isolation:

• Management subnet – This subnet is used for all managementcommunication in the UCP system. This includes IPs for all hardwareelements including switches, blade server out-of-band connections andchassis SVP connections. This also includes IP ranges for the serverprofiles that are used to deploy and manage hypervisor and bare-metaloperating systems on physical blade servers by UCP Director. Dependingon the size of the system this subnet can be as large as a /23 subnet.The size of the subnet should be determined based on the planned finalsize of the system including future hardware upgrades rather than thesize of the current order. The default IPs for the management elementsas assigned in Hitachi Distribution Centers are listed in the table below.These IPs are changed based on the datacenter network scheme duringdeployment of the UCP system

• VMotion/Live Migration subnet – This subnet is used for performingVMotion (for VMware ESXi based hypervisors) or Live Migration ( forMicrosoft Hyper-V based hypervisors) of virtual machines betweendifferent physical servers. This is typically a /24 subnet.

• Cluster network subnet – This subnet is only used in Microsoft Hyper-Vbased deployments for communication of the dedicated cluster networkused for creating Hyper-V failover clusters. This is typically a /24 subnet.

• Compute VLANs and subnets – UCP Director can be used to dynamicallyconfigure VLANs based on the workload and virtual networkingrequirements of the UCP deployed hypervisor and bare-metal servers.

Appendix I: Networking VLAN configuration 45UCP Pre-Installation Requirements and Configuration Guide

I

Management network IP requirements

The following tables show the number of IPs required for each part of thesystem, including the optional components. Additionally, theIP requirements are only for UCP Layer 2 networks, where you define theVLAN the appliance will use for the management network.

Base System

Component IP requirements

Number of IPs required

Management Stack VMs 10

Management Server (Per Server) 2

Disaster Recovery VMs (Optional) 2

SCVMM Cluster IP (Hyper-V Model Only) 1

Top of Rack Switches on Compute Rack #1 UCP 4000 Brocade: 5UCP 4000 Cisco : 8

UCP 4000E : 2

Top of Rack Switches on Compute Rack #2 UCP 4000 Brocade : 0

UCP 4000 Cisco : 2

Top of Rack Switches on Compute Rack #3 UCP 4000 Cisco : 4

Top of Rack Switches on Compute Rack #4 UCP 4000 Cisco : 2

VLAN range

Cisco 5548 switches 2-3967, 4048-4093

Cisco 9372/9332 switches 2-3967

Brocade switches 2-3962

The requirement for Management Server includes the server BMC and thehost Hypervisor/OS IP addresses.

The requirement for Top of Rack Switches include the 1G Ethernet / 10GEthernet / FC / Converged switches.

46 Appendix I: Networking VLAN configuration


Storage

Storage SystemNumber of

IPs

G1000 1

Gx00 3

Compute

Reason Number of IPs

Per Chassis UCP 4000 Brocade : 5

UCP 4000 Cisco : 3

UCP 4000E : 1

Per Blade 2

The requirement for chassis includes the Chassis SVP, the management forthe two FC switches and two Ethernet switches.

The requirement for the blades includes the blade BMC and the HypervisorOS.

Calculating IP requirements for the Management Network

The basic equation for figuring out the IP requirements is as follows:

(Base System) + (Storage Requirement) + (Chassis requirement) + (Bladerequirement)

Below are some examples of calculations based on some exampleenvironments.

Brocade 3 Chassis, 15 blades, 2 management servers system without DRsupport on a G400 using VMWare(17) + (3) + (5x3) + (2x15) = 65

Cisco 10 Chassis, 60 blades, , 2 management servers system with DR, on aG1000 using VMWare(28) + (1) + (3x10) + (2x60) = 179

Appendix I: Networking VLAN configuration 47UCP Pre-Installation Requirements and Configuration Guide

IP Requirements for the VMotion/Live Migration Network

In the VMotion/Live Migration network each blade will need one IP address.If the network will not be routed out of the appliance, you can use private IPaddresses and not use up space on your main network.

IP Requirements for the SCVMM Cluster Network

In the SCVMM Cluster network each blade will need one IP address. If thenetwork will not be routed out of the appliance, you can use private IPaddresses and not use up space on your main network.

Layer 3 IP Requirements

Layer 3 IP requirements are much more complicated, and will need to bemore carefully laid out, there is a separate document covering therequirements for this type of installation. For more information, see theUCP Network Architecture and Configuration Guide.

48 Appendix I: Networking VLAN configuration


Security administrators use firewalls to protect the network or selectedcomponents in the network from intrusion. A firewall might lie between UCPand your management environment, depending on your deployment.

For a comprehensive list of TCP and UDP ports, see the following tables.

Required firewall port exemptionsThe ports in the table below are used for UCP Director management traffic.To access UCP from the production network, exceptions for these ports arenecessary.

Scenario Source Destination Direction Protocol / port

vCenter access vSphere Client /Webbrowser

vCenter VM Inbound TCP / 80 & 443

vCenter VM Inbound TCP / 9443 (WebClient)

UCPManagementVM

Inbound TCP / 443

VM Console access vSphere Client vCenter VM Inbound TCP / 902 & 903

ESXi on ComputeBlades

Inbound TCP / 902 & 903

ESXi on QuantaT41S

Inbound TCP / 902 & 903

VMMManagementServer access

VMM AdministratorConsole

SCVMM VM Inbound TCP / 8100,8101 (HTTPS),8102 (NET.TCP),8103 (HTTP)

49UCP Pre-Installation Requirements and Configuration Guide

J


VM Console access VMM AdministratorConsole

Hyper-V onCompute Blades

Inbound TCP / 2179 (RDPusingVMConnect)

Hyper-V onQuanta T41S

Inbound TCP / 2179 (RDPusingVMConnect)

Optional firewall port exemptionsThe ports in the table below are used for UCP Director management traffic,element management traffic and system integration traffic (Ex. DNS, NTPand Active Directory). The security administrator can configure firewall portexemptions.


ElementManager GUIaccess

Web browser Quanta T41S BMC Inbound TCP / 443 for Serveradministration

TCP / 7582, 5124,5126, 5127 forserver console

CB500 SVP Inbound TCP / 443 for Chassisadministration

CB520H and CB520XBMC

Inbound TCP / 443

TCP / 5001 (default)for Blade console

HCS VM Inbound TCP / 22015(default) for HCSHTTP

Direct SSHaccess tohardwarecomponents

SSH Client CB500 SVP Inbound TCP / 22 for Chassisadministration

Ethernet/FibreChannelSwitches

Inbound TCP / 22 for Switchadministration

RDP access toUCPmgmt.VMs

RDP Client UCPmgmt. VMs Inbound TCP / 3389 for RDP


Optional firewall port exemptions


External emailserverintegration

vCenter VM,UCPManagementVM, HCS VM,UCP Utility VM

External Mail Server Outbound TCP / 25 for SMPT

External NTPserverintegration

All UCPelements

External NTP Server Outbound UDP / 123 for Synctime

ExternalSNMPmonitoringsystemintegration

SNMP Client All elements Inbound UDP / 161 for SNMPPoll

All UCPelements

External MonitoringSystem

Outbound UDP / 162 for SNMPTrap

ExternalSyslog serverintegration

UCP Utility VM External Syslog Server Outbound UDP / 514 for Syslog

External ADserverintegration

vCenter VM,UCPManagementVM, HCS VM,SQL VM

External AD Server For a list of ports refer tohttp://support.microsoft.com/kb/179442

Note: 137/udp, 138/udp, 139/tcp fordomain trust (NetBIOS) are tested by HDS.


External AD Server Inbound UDP / 389, 636 forLDAP


External AD Server Outbound UDP / 389, 636 forLDAP

UCPDatacenterOperationsCenter (DOC)integration

UCP DOC UCP Management VM Inbound TCP / 5671 for AMQP



http://support.microsoft.com/kb/179442


VMware SRMintegration

SRM VM SRM VM

(Remote Site)

Outbound UDP / 10000,UDP / 10001 for CCI

SRM VM

(Remote Site)

SRM VM Inbound UDP / 10000,UDP / 10001 for CCI

SRM VM vCenter VM

(Remote Site)

Outbound TCP / 80, 443, 902for SRM

SRM VM

(Remote Site)

vCenter VM Inbound TCP / 80, 443, 902for SRM

External DNS UCPmgmt.VMs

External DNS server Outbound UDP / 53 for DNSLookups

vCenter SingleSign-On

Web browser vCenter VM Inbound TCP / 7444 forvSphere Web ClientHTTPS

When UCP is configured to use an existing storage system, HDvM is likelyalready installed. HTnM is also required and may be installed either in theproduction environment or within the UCP management stack. Forintegration with UCP, the ports in the table below must be opened.


External HDvM andHTnM serverintegration with UCP

UCP ManagementVM

External HDvMserver

Outbound TCP /2001 forHCS HTTP

UCP ManagementVM

External HTnMServer

Outbound TCP / 5985, 5986for RemotePowerShell




External HDvMintegration withinternal HTnM

UCP ManagementVM

External HDvMServer

Outbound TCP /2001 forHCS HTTP

HTnM VM insideUCP

External HDvMserver

Outbound TCP / 22015 forHTTP, 22016(default) forHTTPS

HTnM VM insideUCP

External HDvMserver

Outbound TCP /24230(default) for HCSHTTP

External HDvMserver

HTnM VM insideUCP

Inbound TCP /22286,22900-22999

Existing storage External(existing) storagesystem

UCP ManagementVM

Inbound UDP / 162 forSNMP Traps

External(existing) storagesystem

UCP ManagementVM

Inbound UDP / 514 forSyslog



Hitachi Data Systems

Corporate Headquarters2845 Lafayette StreetSanta Clara, California 95050-2627U.S.A.www.hds.com

Regional Contact Information

Americas+1 408 970 [email protected]

Europe, Middle East, and Africa+44 (0) 1753 [email protected]

Asia Pacific+852 3189 [email protected]

MK-92UCP049-10

http://www.hds.com/

http://[email protected]/



UCP 4.x Pre-Installation Requirements and Configuration

Documents

Transcript of UCP 4.x Pre-Installation Requirements and Configuration