Cisco Global Site Selector Licensing and Ordering Guide [Cisco ACE GSS 4400 Series Global Site Selector Appliances]

Overview

The Cisco® GSS 4492R Global Site Selector along with the Cisco ACE Application Control Engine Module and Cisco ACE appliances comprise the next generation of application switches and Domain Name System (DNS) appliances. These devices form an application-fluent networking solution that maximizes availability, acceleration, and security for data center applications. The Cisco GSS 4492R allows enterprises and service providers to accomplish four primary IT objectives for application delivery:

• Maximize application availability

• Accelerate application performance

• Secure the data center and critical business applications

• Facilitate data center consolidation through the use of fewer servers, load balancers, and data center firewalls

Highlights of Cisco Global Site Selector Software Release 2.0 include the following:

• Full DNS and Dynamic Host Configuration Protocol (DHCP) support

• Unique, integrated distributed-denial-of-service (DDoS) mitigation software

• Complete business continuance and traffic management support for several DNS record types

• Universal Simple Network Management Protocol (SNMP) load and health monitoring

This document includes step-by-step instructions for ordering, downloading, and installing Cisco GSS licenses and software. It also provides detailed information about individual Cisco GSS SKUs, product authorization key (PAK) certificates, software compatibility, service support, and licensing alarms.

Standard Software

The base Cisco GSS Software (Cisco GSS Software Release 2.0) supports standard Cisco GSS global server load-balancing (GSLB) capabilities. The standard shipping software supports the following features:

• DNS address record support (A-record)

• Name Server (NS) forwarding

• Proximity database

• DNS sticky database

• All global load-balancing algorithms

• All Keepalive types

• Disaster recovery

• Active-active traffic management

• Network proximity

• Data center persistence: DNS sticky database

Optional Software Licenses

Two optional Cisco GSS Software licenses are available: a DDoS software license and a DNS software license.

The Cisco GSS DDoS software is acquired technology. Cisco has integrated DNS-focused DDoS protection software into the Cisco GSS 4492R. This software uses a subset of the unique Cisco Multiverification Process (MVP) architecture found on Cisco Guard DDoS Mitigation Appliances. This optional software handles DNS-related attacks and delivers the following DDoS mitigation capabilities:

• Filters

• Rate limitation per DNS server proxy, with "peace time" learning during normal operation

• Spoofing prevention

The Cisco GSS DNS software license allows you to load Cisco Network Registrar software onto your Cisco GSS 4492R, which transforms the Cisco GSS 4492R into a standards-compliant DNS and DHCP appliance that offers a very advanced feature set, including support for incremental zone transfers, dynamic updates, and notification. The Cisco Network Registrar DHCP server supports DHCP Safe Failover (redundant DHCP servers), dynamic DNS updates, DOCSIS cable modems, and integration with directory services using Lightweight Directory Access Protocol Version 3 (LDAPv3).

Note:

• Cisco Network Registrar software must be acquired separately. You must load Cisco Network Registrar Release 6.3 or higher on the Cisco GSS device to get the additional DNS and DHCP capabilities

• Cisco GSS Software Release 2.0(2) or higher must be loaded on the Cisco GSS device.

Table 1 lists Cisco GSS deployment scenarios and the Cisco GSS licenses required.

Table 1. Cisco GSS Deployment Scenarios and Required Software Licenses

Cisco GSS Deployment Scenario	Cisco GSS Base Software (SF-GSS-V2.0-K9)	Cisco GSS DNS License (SF-GSS-DNSLIC) plus Cisco Network Registrar Software (CNR-6.3-BASE1K)	Cisco GSS DDoS License (SF-GSS-DDOSLIC)
Disaster Recovery: DNS A-Record Support Only	Required	Not required	Not required
Global traffic Management: DNS A-Record Support Only	Required	Not required	Not required
Persistence (sticky database)	Required	Not required	Not required
Proximity	Required	Not required	Not required
DNS Appliance	Required	Required	Not required
Disaster Recovery: All DNS Records	Required	Required	Not required
Global traffic Management: All DNS Records	Required	Required	Not required
DHCP	Required	Required	Not required
DDoS mitigation: Used for Internet-facing Cisco GSS devices	Required	Not required	Required

Table 2 lists Cisco GSS features and the Cisco GSS licenses required.

Table 2. Cisco GSS Features and Required Software Licenses

GSS Features	Cisco GSS Base Software (SF-GSS-V2.0-K9)	Cisco GSS DNS License (SF-GSS-DNSLIC) plus Cisco Network Registrar Software (CNR-6.3-BASE1K)	Cisco GSS DDoS License (SF-GSS-DDOSLIC)
Keepalives	Required	Not required	Not required
Director Response Protocol (DRP) Proximity	Required	Not required	Not required
DNS Rules	Required	Not required	Not required
Sticky Database	Required	Not required	Not required
DNS Race	Required	Not required	Not required
Zone Transfers	Required	Required	Not required
Address Records	Required	Required	Not required
IPv6 (AAAA) Records	Required	Required	Not required
Mail Exchanger (MX) Records	Required	Required	Not required
Service Records(SRV)	Required	Required	Not required
DHCP	Required	Required	Not required
TFTP	Required	Required	Not required
DDoS Mitigation and Rate Limiting	Required	Not required¹	Required

¹The DDoS feature should be used for Internet-facing deployments.

Ordering Steps

New Order

1. Determine the customer requirements and required software license from Tables 1 and 2.

2. Order the Cisco GSS appliance (GSS-4492R-K9).

3. If the customer wants full DNS appliance or DHCP support or GSLB for other DNS record types, order the Cisco GSS DNS license (SF-GSS-DNSLIC) plus the Cisco Network Registrar software (CNR-6.3-BASE1K is the recommended base Cisco Network Registrar software for the Cisco GSS).

4. If DDoS protection is needed, order SF-GSS-DDOSLIC.

Upgrading an Existing Cisco GSS Deployment

1. First upgrade to Cisco GSS Software Release 2.0(2) or higher.

2. If you want to add DDoS protection, order SF-GSS-DDOSLIC=.

3. If you want to add full DNS and DHCP support, order SF-GSS-DNSLIC= and CNR-6.3-BASE1K.

Activating Cisco GSS Licenses Using the PAK Certificate

After the customer completes the PAK registration, the Cisco GSS license files are e-mailed to the customer. Customers will receive an e-mail message from licensing@cisco.com within an hour after they have completed their PAK registration. All customers must go to the licensing Website listed on their PAK certificate to complete their Cisco GSS registration. The PAK certificate provides clear instructions about how to complete the Cisco GSS licensing process.

Note: If you do not receive an e-mail message from licensing@cisco.com within an hour after you have completed your PAK registration, please check your junk e-mail folder. Some e-mail servers may filter this e-mail message and place it in your junk e-mail folder. If you cannot find or did not receive your license file, please contact the Cisco Technical Assistance Center (TAC) at (800) 553-2447 or tac@cisco.com.

Failure to properly register the Cisco GSS license will lead to deregistration of Cisco GSS for the Cisco GSS cluster.

Hierarchical Navigation

Cisco ACE GSS 4400 Series Global Site Selector Appliances

Cisco Global Site Selector Licensing and Ordering Guide

Downloads