Configure KVM Role Access to UCSM Domain from UCS Central

Available Languages

Download Options

  • PDF     (763.9 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (915.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (489.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 8, 2023
Document ID:220444

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to configure roles in UCS Central and UCSM in order to allow KVM access to an UCS domain that is launched via UCS Central.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Unified Compute System (UCS)
    • UCS Central

    Components Used

    The information in this document is based on these software and hardware versions:

    • UCS-FI-6248UP, Firmware 4.0(1c)
    • UCS Central, Firmware 2.0(1p)

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Configuration

    1. UCS Central Roles

    Step 1.1 Create UCS Central Users Administration Role

    • In UCS Central, Navigate to System Configuration Button >  User Settings and select Roles.
    • Create a new role named 'ucs-kvm'
    • For the newly created role 'ucs-kvm' Under Operations tab add the KVM Privilege

    Role Configuration on UCS CentralRole configuration on UCS Central

    Step 1.2 Configure Local User

    • Navigate to System Configuration Button >  User Settings and select  Local User.
    • Select the corresponding user and then under  Roles  tab add the next 3 roles for the select user:
      1. Administrators
      2. Read-Only
      3. ucs-kvm (same role created in previous step)

    Local Users ConfigurationLocal Users configuration

    Role Assignment for Local Users in UCS CentralRole assignment for Local Users in UCS Central

    2. UCS Domain Roles

    Step 2.1 Create a role in UCSM Domain.

    On each UCSM Domain that is desired to access via KVM from Central perform these steps:

    • Navigate to  All  >  User Management  >  User Services  >  Roles and click  Add.
    • Create the role  ucs-kvm  and select only the  Service Profile Ext Access  privilege.

    New Role Creation on UCS ManagerNew Role creation on UCS Manager

    3. Validate KVM access to UCSM Domain 

    Step 3.1 Launch KVM from UCS Central

    • Log into UCS Central with the corresponding credentials of local user in Step 1.2

    • Navigate to the  System tools  button > Unified KVM Launcher

    • Mark the check box of a domain where a role has been already created as described in Step 2.1 and KVM must work now.

      Launching KVM from Selected UCS Domain from UCS CentralLaunching KVM from selected UCS Domain from UCS Central

    LDAP Authentication

    Note: If LDAP authentication is use this instructions instead of Local User method.

    • Navigate to  System Configuration Button >  User Settings  and select Authentication  and assign the same 3 Roles for the desired  Group Maps  option as in step 1.2 under the LDAP Section
      Role Assignment for LDAP Group in UCS CentralRole assignment for LDAP group in UCS Central

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    08-May-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Francisco Zeron
      Cisco Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco