Upgrading the CIMC for your APICs

Screen Shot 2018-08-25 at 9.55.14 AM.png

There are certain times when CIMC access to your APIC is absolutely critical, for example, when you are troubleshooting a problem, upgrading your APICs, or performing a factory reset. During these times, you can access your APIC via CIMC by using the KVM console, which requires Java (or HTTP with CIMC 3.0), or by enabling Serial-over-Lan (SOL) support on your CIMC and using an SSH client.

Why should I upgrade the CIMC?

  • Upgrading your APIC – For ACI Fabric upgrades, there are CIMC version requirements attached to those upgrades. In general CIMC versions are supported for quite a while across ACI Fabric upgrades, meaning you do not have to upgrade the CIMC on your APICs for every ACI Fabric upgrade, but you’ll want to check the release notes to ensure you are running at least a supported version.
  • Get rid of Java – For anyone that has used Java to access the KVM console, you’ve all experienced some level of frustration with incorrect versions of Java, or security mechanisms blocking access, usually during the most critical times. If you don’t want to be stuck with the Java-based version of the KVM, you’ll need to perform an upgrade of your CIMC to at least 3.0(1) < Please note, do NOT use 3.0(1) for your APIC CIMCs; use the recommended versions in the release notes for your version of APIC Code; not every version of CIMC code is supported for APICs.

Which CIMC version should I use for my APIC?

Check out either the Recommended Cisco APIC and Cisco Nexus 9000 Series ACI-Mode Switches Releases guide, or find the Miscellaneous Compatibility Information Section in the Release notes for your intended version of ACI Code.

Notice in the example below for APIC 3.2(3i), there are several support CIMC code versions, and a recommended section as well. When you decide to upgrade your CIMC, MAKE SURE AND RUN ONLY SUPPORTED/RECOMMENDED VERSIONS OF CODE! If you run a different version of code, you could disable key functionality for your APICs!

An example of supported CIMC code from the Miscellaneous Compatibility Information section of the Release Notes for APIC 3.2(3i)

Screen Shot 2018-08-25 at 8.28.30 AM.png

Do you need help selecting a version of software? Check out our ACI Software Guidance article here. If you need help upgrading your fabric, check out our Upgrading your ACI Fabric article here!

Upgrading the CIMC

Before you get started on upgrading your CIMC, a few things to remember:

  1. Make sure you have backed up your ACI Fabric Configuration prior to performing any changes or upgrades.
  2. Only upgrade one APIC/CIMC at a time! Do not attempt to upgrade all APIC/CIMCs at the same time.
  3. The CIMC Upgrade process will take between 45-90 minutes depending on your network connectivity from your computer to the APIC/CIMC.

Now, let’s upgrade your CIMC! The following high-level steps are required in order to upgrade your CIMC:

  1. Determine the model of your UCS-C220 server that houses the APIC (this will be important to know when you select your CIMC software)
  2. Download the HUU (Host Upgrade Utility) Software for your CIMC from CCO for your specific C220 server
  3. Access the KVM from the CIMC
  4. Activate and Map the HUU ISO to your CIMC KVM-DVD
  5. Reboot your server from the KVM
  6. Enter the Boot Menu and re-direct the server to boot from KVM-DVD
  7. Use the HUU to update all components of your Server
  8. Verify the installation of the CIMC Software

1 – Determine the model of your UCS-C220

In order to determine which model of UCS-C220 that you have, you’ll first need to determine which model of APIC you have. To determine your APIC model, login to the CIMC and find the PID for your APIC Server, located on the Server > Summary Tab (This should be the main page you encounter on logging into your CIMC).

  • APIC-SERVER S1/M1/L1 = UCS-C220 M3
  • APIC-SERVER S2/M2/L2 = UCS-C220 M4
1 - M3 or M4.png
SERVER > SUMMARY

2 – Download the HUU (Host Upgrade Utility) Software for your CIMC from CCO

Based on which UCS-C220 server you have (i.e., M3 or M4), you will login to CCO and download the appropriate HUU (Host Upgrade Utility Image) for your Server. Go to  https://software.cisco.com/download, and search for “C220”.

Screen Shot 2018-08-25 at 8.55.04 AM.png
https://software.cisco.com/download

3 – Access the KVM from the CIMC

Note – This CIMC screen is based on 2.0(9c)

From the Server > Summary page, click on the “Launch KVM Console” button. This will launch a Java-based KVM Console for your APIC. If you run into problems with Java, please consult the Release Notes for your specific version of CIMC Code.

2 - Launch KVM.png
Server > Summary > Launch KVM Console

4 – Activate and map the HUU ISO to your CIMC KVM session

Once your KVM has launched successfully, click on the “Virtual Media” and “Activate Virtual Devices”. You will be prompted to “Accept this session”, which you should do.

3 - Activate Virtual Device

Next, you’ll Map the HUU/ISO image from your computer to the KVM-based DVD. You’ll browse your computer to find the ISO you previously downloaded from CCO. Once you select the file, click on the “Map Device” button to proceed.

4 - Map KVM DVD

Finally, lets verify that the appropriate HUU/ISO image was successfully mapped to the KVM-DVD.

6 - Verify HUU KVM DVD Selection

5 – Reboot your server from the KVM

Once you’ve mapped the HUU/ISO to your KVM-DVD, you’ll need to reboot your server in order to be able re-direct your server to boot from the KVM-DVD (HUU/ISO image).

7 - Power Cycle

6 – Enter the Boot Menu and re-direct the server to boot from KVM-DVD

Once the server gets to the boot screen, you’ll want to hit the F6 button to enter the boot menu. You may need to create a MACRO in order to do this. Before you get to the boot menu, you will be prompted to enter the password (by default the password is “password”).

8 - F6 Boot menu.png

Once the boot process completes, you’ll be prompted to select the boot device. You will want to select the “Cisco vKVM-Mapped vDVD”

9 - KVM DVD Selection.png

7 – Use the HUU to update all components of your Server

The installation process will take anywhere from 30-45 minutes (maybe longer, depending on the speed of the connection from where you are uploading the HUU/ISO to the CIMC).

Once you’ve kicked off the upgrade, resist the urge to do anything other than wait.

10 - Cisco UCS HUU.png

About half-way into the upgrade, the screen will change and you will eventually see a message that states the firmware and tools are being copied.

11 - Copying UCS HUU

Once the firmware has completed copying to your server, you’ll have the option to update the firmware on some or all of your CIMC components. It is recommended to select the “UPDATE ALL” option.

Note – If you are prompted for “Secure Boot”, select NO. For a detailed understanding of CIMC Secure Boot, refer to the Cisco IMC Secure Boot document on CCO.

Once you click the “UPDATE ALL” option, wait until ALL components have successfully PASSED (or SKIPPED). This process will take 15-20 minutes.

Finally, once the upgrade process is complete, select the EXIT button to reboot the CIMC and conclude the installation process.

12 - Update All.png

8 – Verify the installation of the CIMC Software

Point your browser to the address of your CIMC. Upon login, you’ll be able to verify your current firmware in a couple of places.

On the main summary page (Chassis > Summary), you’ll see that we are running 3.0(3f) firmware.

In addition, we can view all of the firmware by selecting the menu icon (top left) and then Admin.

13 - Ver1.png
Chassis > Summary

From Admin, we’ll select Firmware Management. This will give us a complete listing of all CIMC components and their current version.

14 - Ver2.png
Admin > Firmware Management

Finally – back on the main Summary page (Chassis > Summary), you’ll notice a welcomed addition to the option for our Launch KVM! HTML-based KVM!! The only caveat for HTML-based KVM is that you will need to remember to disable the pop-up blocker functionality for your browser.

15 - HTML-based KVM.png


10 thoughts on “Upgrading the CIMC for your APICs

  1. If we need to upgrade the CIMC to a certain version because that is the recommended version for the APIC software, is it really needed to choose the “UPGRADE ALL” option? Is this what Cisco expects with regard to APIC software and the mentioned (recommended or supported) CIMC version in the release notes? I would expect that just upgrading the CIMC firmware to the recommended (or supported) version is enough.

    1. Arjan – I didn’t understand your question – are you referring to the “update all” option during the CIMC HUU?

      1. Yes. The ‘update all’ option would update all hardware components in the APIC server. That would result in updating more than just the CIMC version.

  2. Hi Jody,

    We’re not using the CIMC access, so we’d need to send an engineer to know the CIMC firmware version.
    If we upgrade the ACI fabric, should we upgrade the CIMC too?
    If we don’t upgrade CIMC, what issues we’ll face?

    Thanks,
    Regards

  3. Hi on your instructions you indicate the following :
    Note – If you are prompted for “Secure Boot”, select NO.

    The document ion indicate that yes.

    Step 8  

    Read the content on the confirmation box carefully and click Yes, if you want to go ahead and update the firmware and enable Cisco Secure Boot.
    Note    • If you are updating from a version below 2.0 (x) to 2.0(x), when you click YES both the active and the backup versions of Cisco IMC will be updated to 2.0(x).
    • During update the KVM connection will be lost, you have to reconnect to view the progress of the updates.
    For more information on Cisco IMC secure boot, refer to the Introduction to Cisco IMC Secure Boot section in the Cisco UCS C-Series Servers Integrated Management Controller GUI Configuration Guide, Release 2.0(1).

    https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/lomug/2-0-x/b_huu_2_0_3/b_huu_2_0_3_chapter_011.html&gt;

    Could you please elaborate on your recommendation?

  4. Fantastic guide. Upgraded 3 APICs with this. No issues. The password really is password 😉 lol
    Used this iso ucs-c220m4-huu-4.1.1f.iso

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.