UCS BIOS Policies

So when I first considered the idea of working for Cisco, I wasn’t really looking for a job. Cisco had not officially announced UCS yet, so I couldn’t get the deep level technical info I wanted about the project. Call it fate, but we announced UCS the same day I left to join the team. I can’t say it was totally blind faith though, because the one thing I did get during our interviews was that they were not “just building blade servers”. They were doing something different and they were approaching problems in ways that other vendors weren’t and they had creative solutions bubbling over. This article is intended to illustrate how that type of thinking is being productized in just one small way.

Here at Cisco where we’re building UCS (a business unit known as SAVBU), there is a big focus on making administrative tasks easier and keeping server admins from repeating steps over and over. Yes, we’re actually thinking about you san/lan/server admins out there, and we understand your pain. In my previous post, Boot from SAN 101, we discussed how Cisco is doing this in regards to HBA logins. But the picture is really so much larger than that. Today, I want to discuss UCS BIOS policies to further show how Cisco is committed to making your life easier.

I think it’s always best if we talk about where we have been (as an industry) and where Cisco is going with it. So let’s dive right in and talk BIOS for a minute. If you’ve been around servers for any length of time, you are familiar with the BIOS setup utility which allows you to change various aspects of the system. Some common features that server admins are concerned with in regards to the BIOS would be:

  • Boot Order (or IPL)
  • Intel Virtualization Technology features (including VTd)
  • Hyperthreading
  • Memory Configuration Features
  • Turbo Boost (new to Intel 5500/5600)

Another example would be that most vendors put a “splash” screen up when power is applied. It’s pretty, and seeing graphics in the screen before anything else is cool and all, but it often hides POST messages that might be important. There is a setting in almost all BIOS that allows for the disabling of this “Quiet Boot” screen, but you have to enter setup to disable it and then reboot again to see the POST messages. That’s not cool. What about Hyperthreading (HT) from the list above? For example, some apps don’t perform as well with HT enabled and like Quiet Boot, HT is enabled by default. That’s not cool either. While most server vendors out there are hard at work implementing features in their BIOS, Cisco is taking a higher level approach to systems management. There is no doubt that the actual BIOS option needs to be present, but that doesn’t mean you need to enter the BIOS manually on each and every server to toggle it. It also means that you shouldn’t need to reboot a server to verify what the current BIOS settings are. If you’re on a support call with a software vendor and the question of Intel VT state comes up, you should not have to reboot the server to find out if VT is on or off. Cisco delivers this functionality (and a whole lot more) in UCS today.

Like many features in UCS, BIOS settings are implemented as a policy. This is significant because a best practice approach to building your Service Profiles would be to have them rely on various policies. Doing so allows an admin to change a single policy and have it flow to update all servers relying on the policy. Pretty cool stuff and it shows me that Cisco understands the pain points in the datacenter as well as any server vendor. So let’s start with the easy stuff – verification of current settings. Click any blade in the server list of the equipment tab. Then click Inventory->Motherboard. Here you will see the BIOS Settings screens similar to the following:

As you can see, almost every essential BIOS setting is exposed in the GUI and these reflect the actual settings currently in use on the server. This feature impressed me so much when we released it. But released in tandem was the ability to not only see the settings, but control them too. Which brings us to BIOS Policies. A server admin can create a BIOS policy that will enable or disable any of the settings you see above. Today, we allow you to control 15 BIOS settings via a single policy. The policy can then be applied to any number of blades. Need to disable HT on 25 servers? Here’s how.

  1. On the Servers tab, expand Policies and locate the BIOS Policies (if you are using sub-orgs, locate the BIOS Policies inside your sub-org). Click the green plus sign () to create a new BIOS Policy. You will be greeted by a wizard that will walk you through each controllable BIOS setting. The second screen will allow you to disable HT, like this:

2. Click Finish to skip to the end of the policy creation.

3. Now apply the policy to the actual hardware by selecting the Service Profile (or                     Service Profile Template if your profiles are linked to an updating template) and                   clicking the Policies tab. As you might suspect, you will find “BIOS Policy” in the                     list. From here, you simply select the policy you created in Step 1. Like this:

That’s pretty much it. Simple as that, the server or servers will need to reboot to apply the policy and record the new BIOS settings into UCS Manager’s inventory. How cool is that? So, you’ve heard what I have to say, now I’d like to know where we’re missing the mark. Is there a BIOS setting that you have to enable/disable often that isn’t included in the BIOS policy? Let me know and I’ll see what we can do.

Thanks for stopping by.

-Jeff Allen

Update: Because we never sit still, you can look forward to a bunch more controllable BIOS settings in the near future! I’ll update this article when we do.

Update 2: Here is a list of all the current Platform Default BIOS settings for all of our shipping blade servers:

4 thoughts on “UCS BIOS Policies

  1. Jeff,

    Since you have the “connection”, would it be possible to publish a list of the platform-default settings? We are pretty much set that way and are hearing some grumblings from our DB team about the Turbo Boost feature and how it has some negative affects when drawing down a core. Seems to be a known issue that HP has posted a workaround (disable it) until Intel comes out with a fix. It would be nice to know if we are affected.


  2. Hey Adam – Turbo boost is enabled by default on all blade servers we ship (currently the B200 M1/M2, B250 M1/M2, and the B440). I will also update the article to include the list of “Platform Defaults” as of UCS Manager 1.3.1x in just a minute.

  3. Jeff – what BIOS Policy settings would you recommend when using B230 M2’s and ESXi 5.1? I ask because the table above doesn’t include the B230 and is a bit dated.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.