I remember having read somewhere that there is no way to grant a user access to ONLY organization X in UCS Manager while restricting the rest of organizations (even READ-ONLY mode) due to the way UCS Manager database is programmed. I'd like to confirm whether this is true and, in such a case, what are alternatives in order to implement a REAL multitenancy scenario with UCS? I do NOT want Tenant A to be able to even SEE stuff from Tenant B.
RBAC was not designed for what you are looking for where Multiple tennants cannot see anything at all about each other.
Please let your sales representives know about this and give them this bug ID to make sure this enhancement is given the proper priority, and let them know how important this is to you. Also open a TAC case if this is impacting you right now so your specific problem can be attached to the bug.
Then you're saying that UCS is not a multitenant solution, ¿or don't you? My idea of multitenancy is that Tenant A must NOT even know the existance of Tenant B...any tenant at any moment should have the perception that infrastructure is 100% dedicated to him...am I wrong?
How could we get this illusion in UCS? Maybe other tools or suites?
Could you be a little more specific with what you are looking for?
For example if you want to provide each tennant with unconfigured physical hardware in UCSM, and then let them set everything up themselves without being able to know about other tennants, that is not yet possible. If you are looking to provide VMs to the tennants, here is a whitepaper that walks you through one example of how to get this working:
With VMs you can even provide direct access to hardware with Intel VT-d (VMdirectpath). Just about anything short of installing a hypervisor is possible in a VM.
If your tenenats would be okay to just have KVM access to a per-configured physical blade where they could install their own OS, I suppose you could setup something to block their access to the UCS CLI, GUI, main KVM webpage, and the IPs of all the other CIMCs, and give the customers each a webpage with a bunch of direct links to only their KVMs. This may not work for what you want since it would not allow your tennants configure their own VLANs, boot order, vSANs, WWNNs, WWPNs, MAC addresses, hard disk RAID config, failover options, BIOS settings, Number of vNICs/vHBAs, vNIC/vHBA Settings, vNIC.vHBA palcement, or anything else. Also, depending on how much control you would like to give the tennants, alloing them to provision their own SAN based storage would present more challenges.
Also the ability to limit read-only access based on each org in UCSM should be added eventually. If you need this feature, the best way to ensure you get it in time is to work with your sales people who can help ensure the feature is added in the next UCSM release.
UCSM has an XML API that allows you to do anything that you can do with the UCSM GUI. There are 3rd party tools that can control a UCS, and there is no reason what you are looking for would be impossible to create as a 3rd party tool. I am sorry but I wouldn't know weather or not one already exists that does what you need.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...