Cisco UCS Central 1.x User guide

Category
Networking
Type
User guide

This manual is also suitable for

Cisco UCS Central Authentication Guide, Release 1.5
First Published: 2016-07-29
Last Modified: 2016-08-11
Last Modified: 2017-04-05
Last Modified: 2017-04-17
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright ©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
©2016-2017 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
Preface v
Audience v
Conventions v
Related Cisco UCS Documentation vii
Documentation Feedback vii
CHAPTER 1
Overview 1
Overview 1
Cisco UCS Central User Documentation Reference 1
CHAPTER 2
Users and Roles 3
Role-Based Access Control Overview 3
Cisco UCS Central User Accounts 3
Guidelines for Creating Usernames 4
Reserved Words: Locally Authenticated User Accounts 5
User Roles 6
Default User Roles 6
Reserved Words: User Roles 7
Privileges 8
Managing UCS Central Roles 10
Managing UCS Central Local Users 11
Managing UCS Central Remote Users 11
User Locales 12
User Organizations 12
Managing UCS Central Locales 13
Managing Domain Group Users 13
Cisco UCS Central Authentication Guide, Release 1.5
iii
CHAPTER 3
Authentication Services 15
Authentication Services 15
Guidelines for Creating Passwords 15
Password Profile for Locally Authenticated Users 16
Managing UCS Central Authentication 17
Windows Passthrough Authentication 19
Managing Domain Group Authentication 20
CHAPTER 4
Remote Authentication 23
Guidelines and Recommendations for Remote Authentication Providers 23
User Attributes in Remote Authentication Providers 24
CHAPTER 5
LDAP Authentication 27
LDAP Providers 27
Provider Groups 27
LDAP Group Maps 28
Supported LDAP Group Maps 28
Nested LDAP Groups 29
Managing UCS Central LDAP Configuration 29
CHAPTER 6
SNMP Authentication 33
SNMP Policies 33
SNMP Functional Overview 33
SNMP Notifications 34
SNMP Security Features 34
SNMP Security Levels and Privileges 35
SNMP Security Models and Levels 35
SNMP Support in Cisco UCS Central 37
Enabling SNMP 39
Creating and Editing an SNMP Trap or Inform 39
Creating and Editing an SNMP User 40
Cisco UCS Central Authentication Guide, Release 1.5
iv
Contents
Preface
Audience, page v
Conventions, page v
Related Cisco UCS Documentation, page vii
Documentation Feedback, page vii
Audience
This guide is intended primarily for data center administrators with responsibilities and expertise in one or
more of the following:
Server administration
Storage administration
Network administration
Network security
Conventions
IndicationText Type
GUI elements such as tab titles, area names, and field labels appear in this font.
Main titles such as window, dialog box, and wizard titles appear in this font.
GUI elements
Document titles appear in this font.
Document titles
In a Text-based User Interface, text the system displays appears in this font.TUI elements
Terminal sessions and information that the system displays appear in this
font.
System output
Cisco UCS Central Authentication Guide, Release 1.5
v
IndicationText Type
CLI command keywords appear in this font.
Variables in a CLI command appear in this font.
CLI commands
Elements in square brackets are optional.[ ]
Required alternative keywords are grouped in braces and separated by vertical
bars.
{x | y | z}
Optional alternative keywords are grouped in brackets and separated by vertical
bars.
[x | y | z]
A nonquoted set of characters. Do not use quotation marks around the string or
the string will include the quotation marks.
string
Nonprinting characters such as passwords are in angle brackets.< >
Default responses to system prompts are in square brackets.[ ]
An exclamation point (!) or a pound sign (#) at the beginning of a line of code
indicates a comment line.
!, #
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
document.
Note
Means the following information will help you solve a problem. The tips information might not be
troubleshooting or even an action, but could be useful information, similar to a Timesaver.
Tip
Means the described action saves time. You can save time by performing the action described in the
paragraph.
Timesaver
Means reader be careful. In this situation, you might perform an action that could result in equipment
damage or loss of data.
Caution
Cisco UCS Central Authentication Guide, Release 1.5
vi
Preface
Conventions
IMPORTANT SAFETY INSTRUCTIONS
This warning symbol means danger. You are in a situation that could cause bodily injury. Before you
work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with
standard practices for preventing accidents. Use the statement number provided at the end of each warning
to locate its translation in the translated safety warnings that accompanied this device.
SAVE THESE INSTRUCTIONS
Warning
Related Cisco UCS Documentation
Documentation Roadmaps
For a complete list of all B-Series documentation, see the Cisco UCS B-Series Servers Documentation Roadmap
available at the following URL: http://www.cisco.com/go/unifiedcomputing/b-series-doc.
For a complete list of all C-Series documentation, see the Cisco UCS C-Series Servers Documentation Roadmap
available at the following URL: http://www.cisco.com/go/unifiedcomputing/c-series-doc.
For information on supported firmware versions and supported UCS Manager versions for the rack servers
that are integrated with the UCS Manager for management, refer to Release Bundle Contents for Cisco UCS
Software.
Other Documentation Resources
Follow Cisco UCS Docs on Twitter to receive document update notifications.
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, please send your comments
to [email protected]. We appreciate your feedback.
Cisco UCS Central Authentication Guide, Release 1.5
vii
Preface
Related Cisco UCS Documentation
Cisco UCS Central Authentication Guide, Release 1.5
viii
Preface
Documentation Feedback
CHAPTER 1
Overview
Overview, page 1
Cisco UCS Central User Documentation Reference, page 1
Overview
The Cisco UCS Central Authentication Guide provides guidelines and tasks related to managing and maintaining
remote and locally authenticated user accounts.
Cisco UCS Central User Documentation Reference
The Cisco UCS Central following use case-based documents to understand and configure Cisco UCS Central:
DescriptionGuide
Provides a brief introduction to the Cisco UCS
infrastructure, Cisco UCS Manager, and Cisco UCS
Central. Includes an overview of the HTML5 UI, how
to register Cisco UCS domains in Cisco UCS Central,
and how to activate licenses.
Cisco UCS Central Getting Started Guide
Provides information on administrative tasks, such
as user management, communication, firmware
management, backup management, and Smart Call
Home.
Cisco UCS Central Administration Guide
Provides information on authentication tasks, such as
passwords, users and roles, RBAC, TACACS+,
RADIUS, LDAP, and SNMP.
Cisco UCS Central Authentication Guide
Provides information on server management, such as
equipment policies, physical inventory, service
profiles and templates, server pools, server boot, and
server policies.
Cisco UCS Central Server Management Guide
Cisco UCS Central Authentication Guide, Release 1.5
1
DescriptionGuide
Provides information on storage management, such
as ports and port channels, VSAN and vHBA
management, storage pools, storage policies, storage
profiles, disk groups, and disk group configuration.
Cisco UCS Central Storage Management Guide
Provides information on network management, such
as ports and port channels, VLAN and vNIC
management, network pools, and network policies.
Cisco UCS Central Network Management Guide
Best practices for setting up, configuring, and
managing domain groups for small, medium and large
deployments.
Cisco UCS Central Operations Guide
Provides help for common issues in Cisco UCS
Central.
Cisco UCS Central Troubleshooting Guide
Cisco UCS Central Authentication Guide, Release 1.5
2
Overview
Cisco UCS Central User Documentation Reference
CHAPTER 2
Users and Roles
Role-Based Access Control Overview, page 3
Cisco UCS Central User Accounts, page 3
User Roles, page 6
Managing UCS Central Roles, page 10
Managing UCS Central Local Users, page 11
Managing UCS Central Remote Users, page 11
User Locales, page 12
Managing Domain Group Users, page 13
Role-Based Access Control Overview
Role-Based Access Control (RBAC) is a method of restricting or authorizing system access for users based
on user roles and locales. A role defines the privileges of a user in the system and a locale defines the
organizations (domains) that a user is allowed access. Because users are not directly assigned privileges, you
can manage individual user privileges by assigning the appropriate roles and locales.
A user is granted write access to the required system resources only if the assigned role grants the access
privileges and the assigned locale allows access. For example, a user with the Server Administrator role in
the engineering organization can update server configurations in the Engineering organization. They cannot,
however, update server configurations in the Finance organization, unless the locales assigned to the user
include the Finance organization.
Cisco UCS Central User Accounts
Access the system with user accounts. You can configure up to 128 user accounts in each Cisco UCS Central
domain. Each user account must have a unique username and password.
You can setup a user account with an SSH public key, in either of the two formats: OpenSSH or SECSH.
Cisco UCS Central Authentication Guide, Release 1.5
3
Admin Account
The Cisco UCS Central admin account is the default user account. You cannot modify or delete it. This account
is the system administrator, or superuser account, and has full privileges. There is no default password assigned
to the admin account. You must choose the password during the initial system setup.
The admin account is always active and does not expire. You cannot configure the admin account as inactive.
The local admin user can login for fail over, even when authentication is set to remote.
Locally Authenticated User Accounts
A locally authenticated user account is authenticated through the Cisco UCS Central user database. Anyone
with admin or aaa privileges can enable or disable it. Once you disable a local user account, the user cannot
log in.
Cisco UCS Central does not delete configuration details for disabled local user accounts from the database.
If you re-enable a disabled local user account, the account becomes active again with the existing
configuration, including username and password.
Note
Remotely Authenticated User Accounts
A remotely authenticated user account is any Cisco UCS Central user account that is authenticated through
LDAP. Cisco UCS domains support LDAP, RADIUS and TACACS+.
If a user maintains a local user account and a remote user account simultaneously, the roles defined in the
local user account override those maintained in the remote user account.
Expiration of User Accounts
You can configure user accounts to expire at a predefined time. When the user account reaches the expiration
time, the account disables.
By default, user accounts do not expire.
After you configure a user account with an expiration date, you cannot reconfigure the account to not
expire. You can, however, configure the account to expire with the farthest expiration date available.
Note
Guidelines for Creating Usernames
The username is also used as the login ID for Cisco UCS Central. When you assign login IDs to Cisco UCS
Central user accounts, consider the following guidelines and restrictions:
The login ID can contain between 1 and 32 characters, including the following:
Any alphabetic character
Any digit
_ (underscore)
- (dash)
Cisco UCS Central Authentication Guide, Release 1.5
4
Users and Roles
Guidelines for Creating Usernames
. (dot)
The login ID must be unique within Cisco UCS Central.
The login ID must start with an alphabetic character. It cannot start with a number or a special character,
such as an underscore.
The login ID is case-sensitive.
You cannot create an all-numeric login ID.
After you create a user account, you cannot change the login ID. You must delete the user account and
create a new one.
Reserved Words: Locally Authenticated User Accounts
You cannot use the following words when creating a local user account in Cisco UCS.
root
bin
daemon
adm
lp
sync
shutdown
halt
news
uucp
operator
games
gopher
nobody
nscd
mailnull
mail
rpcuser
rpc
mtsuser
ftpuser
ftp
Cisco UCS Central Authentication Guide, Release 1.5
5
Users and Roles
Reserved Words: Locally Authenticated User Accounts
man
sys
samdme
debug
User Roles
User roles contain one or more privileges that define the operations that are allowed for a user. You can assign
one or more roles to each user. Users with multiple roles have the combined privileges of all assigned roles.
For example, if Role1 has storage-related privileges, and Role 2 has server-related privileges, users with Role1
and Role 2 have both storage-related and server-related privileges.
A Cisco UCS domain can contain up to 48 user roles, including the default user roles. Any user roles configured
after the first 48 are accepted, but they are inactive with faults raised. Each domain group in Cisco UCS Central
can also contain 48 user roles, including the user roles that are inherited from the parent domain group. When
user roles are pushed to Cisco UCS Manager from Cisco UCS Central, only the first 48 roles are active. Any
user roles after the first 48 are inactive with faults raised.
All roles include read access to all configuration settings in the Cisco UCS domain. Users with read-only
roles cannot modify the system state.
You can create, modify or remove existing privileges, and delete roles. When you modify a role, the new
privileges apply to all users with that role. Privilege assignment is not restricted to the privileges defined for
the default roles. Meaning, you can use a custom set of privileges to create a unique role. For example, the
default Server Administrator and Storage Administrator roles have a different set of privileges. However, you
can create a Server and Storage Administrator role that combines the privileges of both roles.
If you delete a role after it was assigned to users, it is also deleted from those user accounts.Note
Modify the user profiles on AAA servers (RADIUS or TACACS+) to add the roles corresponding to the
privileges granted to that user. The attribute stores the role information. The AAA servers return this attribute
with the request and parse it to obtain the roles. LDAP servers return the roles in the user profile attributes.
Default User Roles
The system contains the following default user roles:
AAA Administrator
Read-and-write access to users, roles, and AAA configuration. Read access to the remaining system.
Administrator
Complete read-and-write access to the entire system. Assigns this role to the default administrator
account by default. You cannot change it.
Cisco UCS Central Authentication Guide, Release 1.5
6
Users and Roles
User Roles
Facility Manager
Read-and-write access to power management operations through the power management privilege.
Read access to the remaining system.
Network Administrator
Read-and-write access to fabric interconnect infrastructure and network security operations. Read access
to the remaining system.
Operations
Read-and-write access to systems logs, including the syslog servers, and faults. Read access to the
remaining system.
Read-Only
Read-only access to system configuration with no privileges to modify the system state.
Server Compute
Read and write access to most aspects of service profiles. However, the user cannot create, modify or
delete vNICs or vHBAs.
Server Equipment Administrator
Read-and-write access to physical server-related operations. Read access to the remaining system.
Server Profile Administrator
Read-and-write access to logical server-related operations. Read access to the remaining system.
Server Security Administrator
Read-and-write access to server security-related operations. Read access to the remaining system.
Storage Administrator
Read-and-write access to storage operations. Read access to the remaining system.
Reserved Words: User Roles
You cannot use the following words when creating custom roles in Cisco UCS.
network-admin
network-operator
vdc-admin
vdc-operator
server-admin
Cisco UCS Central Authentication Guide, Release 1.5
7
Users and Roles
Reserved Words: User Roles
Privileges
Privileges give users, assigned to user roles, access to specific system resources and permission to perform
specific tasks. The following table lists each privilege and the user role given that privilege by default.
Detailed information about these privileges and the tasks that they enable users to perform is available in
Privileges in Cisco UCS available at the following URL: http://www.cisco.com/en/US/products/ps10281/
prod_technical_reference_list.html.
Tip
Table 1: System Defined Roles
Role to Configure in
LDAP/RADIUS/TACACS Server
PrivilegesRole
aaaaaaAAA Administrator
adminadminAdministrator
power-mgmtfacility-managerFacility Manager
kvmkvmKVM Administrator
networkpod-qos,pod-config,pod-policy,ext-lan-qos,pod-security,
ext-lan-config,ext-lan-policy,ext-lan-security,service-profile-qos,service-profile-network,service-profile-qos-policy,service-profile-network-policy
Network
fault, operationsfault, operationsOperations
read-onlyread-onlyRead-Only
server-computeservice-profile-compute,service-profile-server-oper,service-profile-server-policyServer-Compute Administrator
server-equipmentserver-policy,server-equipment,server-maintenanceServer-Equipment Administrator
server-profileservice-profile-config,service-profile-server,service-profile-ext-access,service-profile-server-oper,service-profile-server-policy,service-profile-config-policyServer Profile Administrator
server-securityserver-security,service-profile-security,service-profile-security-policyServer Security Administrator
stats-managementstatsStatistics Administrator
storageext-san-qos,ext-san-config,ext-san-policy,ext-san-security,service-profile-storage,service-profile-storage-policyStorage Administrator
Table 2: User Privileges
Default Role AssignmentDescriptionPrivilege
AAA AdministratorSystem security and AAAaaa
Cisco UCS Central Authentication Guide, Release 1.5
8
Users and Roles
Privileges
Default Role AssignmentDescriptionPrivilege
AdministratorSystem administrationadmin
Domain Group AdministratorDomain Group Managementdomain-group-management
Network AdministratorExternal LAN configurationext-lan-config
Network AdministratorExternal LAN policyext-lan-policy
Network AdministratorExternal LAN QoSext-lan-qos
Network AdministratorExternal LAN securityext-lan-security
Storage AdministratorExternal SAN configurationext-san-config
Storage AdministratorExternal SAN policyext-san-policy
Storage AdministratorExternal SAN QoSext-san-qos
Storage AdministratorExternal SAN securityext-san-security
OperationsAlarms and alarm policiesfault
OperationsLaunch KVMkvm
OperationsLogs and Smart Call Homeoperations
OperationsOrganization managementorg-management
Network AdministratorPod configurationpod-config
Network AdministratorPod policypod-policy
Network AdministratorPod QoSpod-qos
Network AdministratorPod securitypod-security
Facility ManagerRead-and-write access to power
management operations
power-mgmt
Read-OnlyRead-only access
Read-only cannot be selected as a
privilege; it is assigned to every
user role.
read-only
Server Equipment AdministratorServer hardware managementserver-equipment
Server Equipment AdministratorServer maintenanceserver-maintenance
Cisco UCS Central Authentication Guide, Release 1.5
9
Users and Roles
Privileges
Default Role AssignmentDescriptionPrivilege
Server Equipment AdministratorServer policyserver-policy
Server Security AdministratorServer securityserver-security
Server Compute AdministratorService profile computeservice-profile-compute
Server Profile AdministratorService profile configurationservice-profile-config
Server Profile AdministratorService profile configuration policyservice-profile-config-policy
Server Profile AdministratorService profile endpoint accessservice-profile-ext-access
Network AdministratorService profile networkservice-profile-network
Network AdministratorService profile network policyservice-profile-network-policy
Network AdministratorService profile QoSservice-profile-qos
Network AdministratorService profile QoS policyservice-profile-qos-policy
Server Security AdministratorService profile securityservice-profile-security
Server Security AdministratorService profile security policyservice-profile-security-policy
Server Profile AdministratorService profile server managementservice-profile-server
Server Profile AdministratorService profile consumerservice-profile-server-oper
Server Security AdministratorService profile pool policyservice-profile-server-policy
Storage AdministratorService profile storageservice-profile-storage
Storage AdministratorService profile storage policyservice-profile-storage-policy
Statistics AdministratorStatistics Managementstats
Managing UCS Central Roles
Procedure
Step 1 In the Actions bar, type Manage UCS Central Roles and press Enter.
This launches the UCS Central Roles Manage dialog box.
Cisco UCS Central Authentication Guide, Release 1.5
10
Users and Roles
Managing UCS Central Roles
Step 2 In Roles, click Add to create a new role, or select an existing role.
Step 3 In the Network tab, click Add to update and add privileges.
Step 4 Select relevant privileges for the role.
Step 5 Click Apply to apply the new privileges.
Step 6 Update the Storage,Server, and Operations privileges for the role, in the same manner.
Step 7 Click Save.
Managing UCS Central Local Users
Procedure
Step 1 In the Actions bar, type Manage UCS Central Local Users and press Enter.
This launches the UCS Central Local Users Manage dialog box.
Step 2 In Local Users, click Add to create a new local user, or select an existing one.
Step 3 In the Basic tab, complete the necessary information for the user.
Step 4 In the Roles tab, add or remove the roles assigned to the user.
a) Click Add to display the roles.
b) Select a role or roles.
c) Click Apply to apply the new privileges.
Step 5 In the Locales tab, add or remove the locales assigned to the user.
a) Click Add to display the roles.
b) Select a role or roles.
c) Click Apply to apply the new privileges.
Step 6 In the SSH tab, select the Authentication Type.
Step 7 Click Save.
Managing UCS Central Remote Users
Procedure
Step 1 In the Actions bar, type Manage UCS Central Remote Users and press Enter.
This launches the UCS Central Remote Users Manage dialog box.
Step 2 In Remote Users, review the remote LDAP users, roles, and locales.
This section is
read-only.
Note
Cisco UCS Central Authentication Guide, Release 1.5
11
Users and Roles
Managing UCS Central Local Users
Step 3 Click Cancel to close the window, or Save to save any changes made in other sections.
User Locales
You can assign a user to one or more locales. Each locale defines one or more organizations (domains) to
which a user can access. Access is usually limited to the organizations specified in the locale. An exception
is a locale without any organizations. It provides unrestricted access to system resources in all organizations.
A Cisco UCS domain can contain up to 48 user locales. Any user locales configured after the first 48 are
accepted, but are inactive with faults raised. Each domain group in Cisco UCS Central can contain 48 user
locales, including the user locales that are inherited from the parent domain group. When user locales are
pushed to Cisco UCS Manager from Cisco UCS Central, only the first 48 locales are active. Any user locales
after the first 48 are inactive with faults raised.
Users with admin or aaaadmin, aaa, or domain-group-management privileges can assign organizations to the
locale of other users. The assignment of organizations is restricted to only those in the locale of the user
assigning the organizations. For example, if a locale contains only the Engineering organization, a user assigned
to that locale can only assign the Engineering organization to other users.
You cannot assign a locale to users with the admin privilege.Note
You cannot assign a locale to users with one or more of the following privileges:Note
aaa
admin
fault
operations
You can hierarchically manage organizations. A user who is assigned to a top-level organization has automatic
access to all organizations below it. For example, an Engineering organization can contain a Software
Engineering organization and a Hardware Engineering organization. A locale containing only the Software
Engineering organization has access to system resources only within that organization. However, a locale that
contains the Engineering organization has access to the resources for both the Software Engineering and
Hardware Engineering organizations.
User Organizations
A user can create one or more organizations. Each organization defines sub-organizations, faults, events,
UUID suffix pools and blocks of UUIDs.
Cisco UCS organizations are hierarchically managed by users. A user that is assigned at the root level
organization has automatic access to all organizations and domain groups under it.
Cisco UCS Central Authentication Guide, Release 1.5
12
Users and Roles
User Locales
1 / 1

Cisco UCS Central 1.x User guide

Category
Networking
Type
User guide
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Ask the document