Cisco Virtual Security Gateway for Nexus 1000V Series Switch License Configuration Guide, Release 4.2(1)VSG1(3.1)
Overview
Downloads: This chapterpdf (PDF - 99.0KB) The complete bookPDF (PDF - 747.0KB) | Feedback

Overview

Table Of Contents

Overview

Information About Licenses

Types of Licenses

Permanent Licenses

Default Licenses

Evaluation Licenses

Overdraft Licenses

Pool of Available Licenses

Licensing and High Availability

License Volatility


Overview


This chapter describes licensing for the Cisco Virtual Security Gateway for Nexus 1000V Series switch, Release 4.2(1)VSG1(3.1) software.

This chapter includes the following sections:

Information About Licenses

Pool of Available Licenses

Licensing and High Availability

License Volatility

Information About Licenses

Cisco VSG licenses are delivered in a Software License Claim Certificate by e-mail. The number of licenses that you request depends on the number of Virtual Ethernet Modules (VEMs) and the number of CPU sockets on each VEM that are using Cisco VSG services.

One license is needed for each installed server CPU on every VEM, and the Cisco VSG license packages are installed and configured on the Cisco Nexus 1000V Virtual Supervisor Module (VSM).

To understand more fully the terms associated with the Cisco VSG and licensing, see Licensing Terminology.

Types of Licenses

This section includes the following topics:

Permanent Licenses

Default Licenses

Evaluation Licenses

Overdraft Licenses

Permanent Licenses

You can purchase permanent licenses for a fixed number of VEM CPU sockets. Permanent licenses do not expire. The number of licenses is specified in the license file that you have purchased.

When you subsequently upgrade to a new software release, all previously installed permanent licenses remain in effect.

When you purchase permanent licenses, make sure to request enough licenses to cover all of your installed CPUs in all of your VEMs. Before licenses are applied to a VEM, enough licenses must be available to cover all of the CPUs in that VEM. If you are lacking one CPU, then no licenses are applied to the VEM.


Note If your license does not have the capacity to cover all CPUs in a particular VEM, then any licenses that could have been applied to that VEM are, instead, placed into a pool of available licenses on the VSM to be used as needed. The VEM remains unlicensed until enough licenses are available to cover all CPUs in the VEM. For more information about the this pool, see Pool of Available Licenses.


After you purchase a license package, you then install the package on your VSM. The license package shown in Table 1 shows the license package names.

Table 1 License Package 

License Package
Description

NEXUS1000V_LAN_SERVICES_PKG

Virtual Ethernet Module (VEM)

NEXUS_VSG_SERVICES_PKG

VEM to use Cisco VSG services


For more information, see Chapter 2 "Installing and Configuring Licenses."

After installing permanent licenses, if your evaluation licenses are no longer used, you can remove the evaluation license file from the pool. For more information, see the "Uninstalling a License" section.

Default Licenses

Sixteen Cisco VSG default licenses (NEXUS_VSG_SERVICES_PKG) are preinstalled in your Cisco Nexus 1000V software and are good for 60 days from the date of installation. These default licenses enable you to use the Cisco VSG for a 60-day trial period before you must purchase permanent licenses.

Default licenses are invalidated when one of the following occurs:

You install a permanent license file or an evaluation license file.

Because permanent licenses invalidate default licenses, make sure that your license file has enough capacity for all VEMs that are covered by your VSM.

60 days have passed since the installation of the VSM.


Caution The vEthernet interfaces on unlicensed VEMs cannot use Cisco VSG services. If you need additional licenses to cover all VEM CPU sockets, then you must obtain either permanent licenses or evaluation licenses from Cisco.com. For more information, see the "Evaluation Licenses" section.

Evaluation Licenses

Evaluation licenses are available from Cisco.com in packages of 16 licenses that are valid for 60 days to enable you to evaluate the Cisco VSG before you purchase permanent licenses.

The 60-day evaluation period starts when you install the evaluation license file. Unlike default licenses, an evaluation license is not invalidated when you install a permanent license.

Evaluation licenses expire when the license file reaches its expiration date.


Caution If your evaluation licenses expire, your VEMs are unlicensed. The vEthernet interfaces on unlicensed VEMs cannot use Cisco VSG services.

After installing permanent licenses, if your evaluation licenses are no longer used, you can remove them from the pool. For more information, see the "Uninstalling a License" section.

Overdraft Licenses

Overdraft licenses can prevent losing Cisco VSG security services if you exceed the number of permanent or evaluation licenses that are specified in your license file. The number of overdraft licenses provided is based on the number of licenses that you ordered.

Pool of Available Licenses

If you have licenses that are unused, the VSM stores these licenses in a pool of available licenses. If your license does not have the capacity to cover all CPUs in a particular VEM, then any licenses that could have been applied to that VEM are, instead, placed into the pool to be used as needed. If a VEM is no longer using Cisco VSG services, its licenses are returned to the pool. Before you can uninstall a license, you must first return all licenses from their VEMs to the pool.

If any licensed VEM is offline during a renegotiation of licenses, its licenses are returned to the VSM license pool. Once the VEM comes back online, it acquires its licenses from the VSM if any virtual machine on the VEM has Cisco VSG service enabled.

The following events trigger a renegotiation and synchronization of licenses between the VSM and its VEMs:

Clock change in the VSM system clock

HA switchover

VSM reload

Installing a new license file

Clearing an existing license file

During the license renegotiation process, system messages alert you if licenses are returned to the VSM pool for a VEM that is offline. This process requires no action on your part because the licenses are returned to the VEM as needed when it comes back online.

Licensing and High Availability

Licensing in a high-availability environment has the following configuration guidelines and limitations:

License installation is a nondisruptive process.

The license file is shared by both VSMs in an HA pair.

If your system has dual supervisors, the licensed software runs on both supervisor modules and provides failover protection.

Uninstalling a license file results in a loss of Cisco VSG security service. For more information, see the "Uninstalling a License" section.

License Volatility

The volatile license feature automatically captures unused licenses when a VEM is taken out of service or when there are no VMs using any Cisco VSG services on the VEM and adds them to the VSM license pool so that they can be reused by another VEM. When you enable this feature, any time a VEM is taken out of service, either automatically or manually, its licenses are returned to the VSM license pool.

If its licenses are nonvolatile, the VEM does not release them when you take the VEM out of service.


Note For the Cisco VSG, the licenses are by default volatile. We recommend that you leave the Cisco VSG license configuration to be volatile by default.



Note The volatile licenses feature is disabled by default for the Cisco Nexus 1000V Series Switch. That is, the licenses in VEMs are nonvolatile and are not released when a VEM is removed from service.


For more details, see Chapter 2 "Installing and Configuring Licenses."