Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco MDS 9000 Software Licensing

Cisco MDS 9000 Family Enterprise Package Fact Sheet

Downloads

Package Description

The SAN-OS software for the Cisco MDS 9000 Family includes a base set of features that are required by most customers for building a storage area network (SAN). This base set of features is bundled with MDS 9000 platforms at no charge. The Cisco MDS 9000 Family also has a set of advanced traffic engineering and advanced security features that are recommended for all Enterprise SANs. These optional features are bundled together in the Cisco MDS 9000 Enterprise package.

Advanced Traffic-Engineering Features

The Cisco MDS 9000 Family Enterprise Package includes the following advanced traffic-engineering features:

• Inter-VSAN Routing-Inter-VSAN Routing allows selective transfer of data traffic between specific initiators and targets on different virtual SANs (VSANs) without merging VSANs into a single logical fabric. Fibre Channel control traffic does not flow between VSANs, nor can initiators access resources except for the ones designated with Inter-VSAN Routing. In this way, Inter-VSAN Routing facilitates sharing of resources across VSANs without compromising the VSAN benefits of scalability, reliability, availability, and network security.

Inter-VSAN Routing also works across WANs over the Fibre Channel Interface Protocol (FCIP). Inter-VSAN Routing can be used in conjunction with FCIP to create more efficient business-continuity and disaster-recovery solutions. With the introduction of Inter-VSAN Routing, Cisco has become the first vendor to provide routing capability for Fibre Channel networks in SAN switches.

• Quality of Service (QoS)-The QoS feature in Cisco MDS 9000 Family SAN-OS allows traffic to be classified into four distinct levels for service differentiation. QoS can be applied to help ensure that Fibre Channel data traffic for latency-sensitive applications receives higher priority over throughput-intensive applications such as data warehousing.

– Zone-based QoS is included in the Cisco MDS 9000 Family Enterprise Package, and complements the standard QoS data-traffic classification by VSAN ID, N-Port worldwide name, or Fibre Channel identifier (FC-ID). Zone-based QoS helps simplify configuration and administration by using the familiar zoning concept.

• Extended Credits-The Extended Credits feature allows up to 3500 credits to be assigned to a single Fibre Channel port within a group of 4 Fibre Channel ports. Adding credits extends distances for Fibre Channel SAN extension. This feature is only available on the Cisco MDS 9000 Family Multiprotocol Services Module and Cisco MDS 9216i Multilayer Fabric Switch.

• Fibre Channel Write Acceleration-Fibre Channel Write Acceleration reduces I/O latency and extends the distance for disaster-recovery and business-continuity applications. This feature is only available on Cisco MDS 9000 Family Storage Services Modules or Advanced Services Modules connected together on each end of the metropolitan-area network.

• SCSI Flow Statistics-Logical Unit Number (LUN)-level Small Computer System Interface (SCSI) Flow Statistics are collected for any combination of initiator and target. The scope of these statistics includes read, write, and error statistics. This feature is only available on Storage Services Modules or Advanced Services Modules.

Enhanced Network Security Features

The Cisco MDS 9000 Family Enterprise Package includes the following enhanced network security features:

• Switch-Switch and Host-Switch Authentication-Fibre Channel Security Protocol (FC-SP) capabilities in Cisco MDS 9000 Family SAN-OS provide Switch-Switch and Host-Switch Authentication. This helps to eliminate disruptions that may occur because of unauthorized devices connecting to a large enterprise fabric.

• Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP)-This protocol is used to perform authentication locally in the Cisco MDS 9000 Family switch or remotely through RADIUS or TACACS+. If authentication fails, a switch or host cannot join the fabric.

• Logical Unit Number (LUN) Zoning-Hardware-enforced LUN Zoning helps ensure LUNs are accessible only by specific hosts. LUN Zoning provides a single point of control for managing access to LUNs across heterogeneous storage subsystems.

• Read-Only Zones-The Cisco MDS 9000 Family supports a type of SCSI command as a zoning attribute. In conjunction with other zoning attributes, when a SCSI command-type attribute is restricted to SCSI read commands, read-only zones can be created. This feature is especially useful for sharing volumes across servers for read-only operations for backup, data warehousing, etc.

• Port Security-This feature locks down the mapping of an entity to a switch port. The entity can be a host, target, or switch and is identified by its worldwide name. This helps to ensure that SAN security is not compromised by unauthorized devices connecting to a switch port.

• VSAN-Based Access Control-This feature allows customers to define roles where the scope of the roles is limited to certain VSANs. For example, a network administrator role can be set up to allow configuration of all platform-specific capabilities, while VSAN-administrator roles can be set up to only allow configuration and management of specific VSANs. VSAN-Based Access Control reduces SAN disruptions by localizing the effects of user errors to the VSANs for which the user has administrative privileges.

• IPsec-IP Security (IPsec) is available for FCIP and Small Computer System Interface over IP (iSCSI) over Gigabit Ethernet ports on the Multiprotocol Services modules and the Cisco MDS 9216i. The proven IETF standard IPsec capabilities offer secure authentication, data encryption for privacy, and data integrity. Internet Key Exchange Version 1 (IKEv1) and IKEv2 protocols are used for dynamically setting up the security associations for IPsec using preshared keys for remote-side authentication.

• Digital Certificates- Digital certificates are issued by a trusted third party and are used as an electronic passport to prove identity of certificate owners. Once the owner's identity is verified by the trusted third party, the certificate uses the owner's public encryption key to protect identity data contained in the certificate. On the Cisco MDS 9000 platform, digital certificates apply to IKE as well as Secure Shell (SSH).

• Fabric Binding for Open Systems-Fabric Binding helps ensure that Inter-Switch Links (ISLs) are only enabled between switches that have been authorized in the fabric binding configuration. This feature helps prevent unauthorized switches from joining the fabric or disrupting current fabric operations.

Software Release

To use the Cisco MDS 9000 Family Enterprise Package features, Cisco MDS 9000 SAN-OS Release 1.2(1) or later must be installed on a Cisco MDS 9000 Family Switch. Use of Inter-VSAN Routing, QoS, and FC-SP Switch-Switch and Host-Switch Authentication requires the use of SAN-OS Release 1.3(x) or later. Zone-based QoS, Extended Credits, and IPsec features require SAN-OS Release 2.0(1). Fibre Channel Write Acceleration and SCSI Flow Statistics features require SAN-OS Release 2.0(2b).

License Information

The Cisco MDS 9000 Family Enterprise Package is licensed per switch for all the ports in the switch. Some package features can be used only if all the switches in the fabric have licenses for this package. Customers who buy the Cisco MDS 9000 Family Enterprise Package with SAN-OS Release 1.2(x) qualify for a no-charge upgrade to the package features of SAN-OS Release 1.3(x) or later.

Additional Information About The Cisco MDS 9100 Series Switches

The following features from the Cisco MDS Enterprise License are not supported on certain Cisco MDS 9100 Series Multilayer Fabric Switches:

• Inter-VSAN Routing (Supported on MDS 9120/9140. Not supported on MDS 9124.)

• IP Security (IPsec)

• Extended Credits

• Fibre Channel Write Acceleration

• SCSI Flow Statistics

The following Cisco MDS 9100 switches do not support the above features from the Cisco MDS Enterprise License:

DS-C9124-K9

Cisco MDS 9000 24-port 1/2/4/ Gbps FC Module

DS-HP-FC-K9

DS-HP-FC-K9=
• HP Cisco MDS blade switch
• HP Cisco MDS blade switch (spare)

DS-IBM-FC-K9=

IBM MDS blade switch

Ordering Information

The product identification numbers associated with this package are as follows:

M9500ENT1K9

M9500ENT1K9=
• Enterprise Package for one Cisco MDS 9500 Series Multilayer Director
• Spare

M9200ENT1K9

M9200ENT1K9=
• Enterprise Package for one Cisco MDS 9200 Series Multilayer Fabric Switch
• Spare

M9100ENT1K9

M9100ENT1K9=
• Enterprise Package for one Cisco MDS 9500 Series Multilayer Director
• Spare

Additional References

For more information on the Cisco MDS 9000 SAN-OS, view the data sheet at: http://www.cisco.com/en/US/products/hw/ps4159/ps4358/products_data_sheet09186a00801bcfd8.html.