The Cisco® MDS 9222i Multiservice Modular Switch (Figure 1), the next generation of the highly
flexible, industry-leading, proven Cisco MDS 9200 Series Multilayer Switches, is an optimized
platform for deploying high-performance storage area network (SAN) extension solutions,
distributed intelligent fabric services, and cost-effective multiprotocol connectivity for both open
and mainframe environments. With a compact form factor, modularity, and advanced capabilities
normally available only on director-class switches, the Cisco MDS 9222i is an ideal solution for
departmental and remote branch-office SANs.
Sharing a consistent architecture with the Cisco MDS 9500 Series Multilayer Directors, the Cisco
MDS 9222i offers 18 4-Gbps Fibre Channel ports and 4 Gigabit Ethernet IP storage services ports
and a modular expansion slot to host Cisco MDS 9000 Family switching and services modules.
As the storage network continues to expand, the Cisco MDS 9000 Family switching modules can
be removed from the Cisco MDS 9222i modular switches and migrated to Cisco MDS 9500 Series
directors, providing high flexibility, smooth migration, common sparing, and outstanding investment
protection.
The Cisco MDS 9222i provides unique multilayer and multiprotocol functions in a compact form
factor:
High-density Fibre Channel switch with integrated multiprotocol support: The Cisco MDS
9222i offers 18 4-Gbps Fibre Channel interfaces for high-performance SAN connectivity
and 4 Gigabit Ethernet ports for Fibre Channel over IP (FCIP) and Small Computer System
Interface over IP (iSCSI) storage services. The Cisco MDS 9222i has the flexibility to scale
up to a 66-port Fibre Channel switch with the Cisco 48-Port 4-Gbps Fibre Channel
Switching Module for both open and IBM Fibre Connection (FICON) environments.
Integrated hardware-based virtual fabric isolation with Virtual SANs (VSANs) and Fibre
Channel routing with Inter-VSAN Routing (IVR): VSANs and IVR enable deployment of
large-scale multisite and heterogeneous SAN topologies. Integration into port-level
hardware allows any port in a system or in a fabric to be partitioned into any VSAN.
Integrated IVR provides line-rate routing between any of the ports in a system or in a fabric
without the need for external routing appliances.
Simplifies data protection and business continuance strategies by enabling backup,
remote replication, and other disaster recovery services over WAN distances using
open-standard FCIP tunneling.
Optimizes utilization of WAN resources for backup and replication by enabling hardware-
based compression, hardware-based encryption, FCIP Write Acceleration, and FCIP
Tape Read and Write acceleration; up to 16 virtual Inter-Switch Link (ISL) connections
are provided on the 4 Gigabit Ethernet port through tunneling.
Preserves Cisco MDS 9000 Family enhanced capabilities, including VSANs, IVR,
advanced traffic management, and network security across remote connections
Cost-effective iSCSI connectivity to Ethernet-attached servers
Extends the benefits of Fibre Channel SAN-based storage to Ethernet-attached servers
at a lower cost than is possible using Fibre Channel interconnect alone.
Increases storage utilization and availability through consolidation of IP and Fibre
Channel block storage.
Through transparent operation, preserves the capability of existing storage management
applications.
Advanced FICON services: The Cisco MDS 9222i supports FICON environments, including
cascaded FICON fabrics, VSAN-enabled intermix of mainframe and open systems
environments, and N_Port ID virtualization for mainframe Linux partitions. IBM Control Unit
Port (CUP) support enables in-band management of Cisco MDS 9200 Series switches from
the mainframe management console.
Integrated Cisco MDS Storage Media Encryption (SME) as distributed fabric service:
Natively supported on the Cisco MDS 9222i, Cisco MDS SME encrypts data at rest on
heterogeneous tape drives and virtual tape libraries (VTLs) in a SAN environment using
secure IEEE standard Advanced Encryption Standard (AES) 256-bit algorithms. Cisco MDS
9222i helps ensure ease of deployment, scalability, and high availability by using innovative
technology to transparently offer Cisco MDS SME capabilities to any device connected to
the fabric without the need for reconfiguration or rewiring. Cisco MDS SME provisioning and
key management are both integrated into the Cisco Fabric Manager; no additional software
is required.
Platform for Intelligent Fabric Applications: Cisco MDS 9222i provides hosting and
acceleration of storage applications such as network-hosted volume management, data
migration, and backup with the Cisco MDS 9000 Family Storage Services Module (SSM)
installed in the expansion slot. Cisco MDS SSMs use the SANTap protocol to assist thirdparty applications in the fabric.
In Service Software Upgrade (ISSU) for Fibre Channel interfaces: Cisco MDS 9222i
promotes high serviceability by allowing Cisco MDS 9000 SAN-OS Software to be
upgraded while the Fibre Channel ports are carrying traffic.
Intelligent network services: Cisco MDS 9222i uses VSAN technology for hardwareenforced, isolated environments within a single physical fabric, access control lists (ACLs)
for hardware-based intelligent frame processing, and advanced traffic management
features such as Fibre Channel Congestion Control and fabric-wide quality of service (QoS)
to facilitate migration from SAN islands to enterprise-wide storage networks.
High-performance ISLs: Cisco MDS 9222i supports up to 16 Fibre Channel links in a single
PortChannel. Links can span any port on any module in a chassis for added scalability and
resilience. Up to 4095 buffer-to-buffer credits can be assigned to a single Fibre Channel
port to extend storage networks over very long distances.
Comprehensive network security framework: The Cisco MDS 9222i supports RADIUS and
TACACS+, Fibre Channel Security Protocol (FC-SP), Secure File Transfer Protocol (SFTP),
Secure Shell (SSH) Protocol, and Simple Network Management Protocol Version 3
(SNMPv3) implementing AES, VSANs, hardware-enforced zoning, ACLs, and per-VSAN
Role-Based Access Control (RBAC). Additionally, the Gigabit Ethernet ports offer IP
Security (IPsec) authentication, data integrity, and hardware-assisted data encryption for
FCIP and iSCSI.
IP Version 6 (IPv6) capable: The Cisco MDS 9222i supports IPv6 as mandated by the U.S.
Department of Defense (DoD), Japan, and China. IPv6 support is provided for FCIP, iSCSI,
and management traffic routed in-band and out-of-band.
Sophisticated diagnostics: The Cisco MDS 9222i provides intelligent diagnostics, protocol
decoding, and network analysis tools as well as integrated Call Home capability for added
reliability, faster problem resolution, and reduced service costs.
Data Sheet
VSANs
Ideal for efficient, secure SAN consolidation, VSANs enable more efficient storage network
utilization by creating hardware-based isolated environments with a single physical SAN fabric or
switch. Each VSAN can be zoned as a typical SAN and maintains its own fabric services for added
scalability and resilience. VSANs allow the cost of SAN infrastructure to be shared among more
users, while helping ensure complete segregation of traffic and retaining independent control of
configuration on a VSAN-by-VSAN basis.
IVR
In another step toward deploying efficient, cost-effective, consolidated storage networks, the Cisco
MDS 9222i supports IVR, the industry's first routing function for Fibre Channel. IVR allows
selective transfer of data between specific initiators and targets on different VSANs while
maintaining isolation of control traffic within each VSAN. With IVR, data can transit VSAN
boundaries while maintaining control plane isolation, thereby maintaining fabric stability and
availability. Integrated IVR eliminates the need for external routing appliances, greatly increasing
routing scalability while delivering line-rate routing performance, simplifying management, and
eliminating the challenges associated with maintaining separate systems. Integrated IVR means
lower total cost of SAN ownership.
FCIP for Remote SAN Extension
Data distribution, data protection, and business continuance services are significant components
of today's information-centric businesses. The capability to efficiently replicate critical data on a
global scale not only ensures a higher level of data protection for valuable corporate information,
but also increases utilization of backup resources and lowers total cost of storage ownership.
Building on Cisco expertise and knowledge of IP networks, the Cisco MDS 9222i switch uses
open-standard FCIP to break the distance barrier of current Fibre Channel solutions, enabling
interconnection of SAN islands over extended distances.
The Cisco MDS 9222i dramatically enhances hardware-based FCIP compression performance for
both high-bandwidth and low-bandwidth links, providing immediate cost savings for expensive
WAN infrastructure. The Cisco MDS 9222i achieves up to a 43:1 compression ratio, with typical
ratios of 4:1 over a wide variety of data sources.
The Cisco MDS 9222i supports hardware-based IPsec encryption for secure transmission of
sensitive data over extended distances. Hardware enablement of IPsec helps ensure high
throughput. Used together, hardware-based compression and hardware-based encryption provide
high-performance, highly secure SAN extension capabilities.
Additionally, the Cisco MDS 9222i supports FCIP Write Acceleration, a feature that can
significantly improve application performance when storage traffic is extended across long
distances. When FCIP Write Acceleration is enabled, WAN throughput is optimized by reducing
the latency of command acknowledgments. Similarly, the Cisco MDS 9222i supports FCIP Tape
acceleration, which allows operation at nearly full throughput over WAN links for remote tape
backup and restore operations. FCIP Tape Write Acceleration is supported in mainframe
environments.
Cisco MDS SME
The services provided by Cisco MDS SME are mandatory in today’s storage area networks as a
result of enactment of recent regulations that require companies to store and protect data at rest
for a specified number of years while publicly disclosing security breeches. Cisco MDS SME
enables data on tapes and VTLs to be compressed, encrypted, and authenticated for centralized
security management and data management and recovery. Cisco MDS SME is supported in the
fixed slot of the Cisco MDS 9222i, and its performance can be scaled up with either a Cisco MDS
18/4-port Multiservice Module or 18/4-port Multiservice Federal Information Processing Standards
(FIPS) Module. Cisco MDS SME services employ clustering technology to create a highly available
solution. The cryptographic cluster formed enhances reliability and availability, provides automated
load balancing and failover capabilities, and simplifies provisioning as a single SAN fabric service
rather than as individual switches or modules. The Cisco Key Management Center (KMC) provides
comprehensive key management for Cisco MDS SME, with support for single- and multiple-site
deployments. Cisco KMC provides essential features such as key archival, secure export and
import and translation for distribution, and key shredding.
Platform for Intelligent Fabric Applications
The Cisco MDS 9222i provides an open platform that delivers the intelligence and advanced
features required to make multilayer intelligent SANs a reality, including hardware-enabled
innovations to host or accelerate applications for data migration, data replication, serverless
backup, and network-hosted volume management. Hosting or accelerating these applications in
the network can dramatically improve scalability, availability, security, and manageability of the
storage environment, resulting in increased utility and lower total cost of ownership (TCO).
Integrated Mainframe Support
The Cisco MDS 9222i is mainframe-ready, with full support for IBM zSeries FICON and Linux
environments. Qualified by IBM for attachment to all FICON-enabled devices in an IBM zSeries
operating environment, Cisco MDS 9222i switches support transport of the FICON protocol in both
cascaded and noncascaded fabrics, as well as an intermix of FICON and open systems Fibre
Channel Protocol traffic on the same switch. VSANs simplify intermixing of SAN resources among
z/OS, mainframe Linux, and open systems environments, enabling increased SAN utilization and
simplified SAN management. VSAN-based intermix mode eliminates the uncertainty and instability
often associated with zoning-based intermix techniques. VSANs also eliminate the possibility that
a misconfiguration or component failure in one VSAN will affect operation in other VSANs. VSANbased management access controls simplify partitioning of SAN management responsibilities
between mainframe and open systems environments, enhancing security. FICON VSANs can be
managed using the integrated Cisco Fabric Manager; the Cisco command-line interface (CLI); or
IBM CUP-enabled management tools, including SA/390, Resource Measurement Facility (RMF),
and Dynamic Channel Path Management (DCM).
Advanced Traffic Management
The following advanced traffic-management capabilities are integrated into the Cisco MDS 9222i
to simplify deployment and optimization of large-scale fabrics:
Virtual Output Queuing: Helps ensure line-rate performance on each port, independent of
traffic pattern, by eliminating head-of-line blocking.
Up to 4095 buffer-to-buffer credits: Can be assigned to an individual port for optimal
bandwidth utilization across long distances.
PortChannels: Allow users to aggregate up to 16 physical ISLs into a single logical bundle,
providing optimized bandwidth utilization across all links; the bundle can consist of any
speed-matched ports from any module in the chassis, helping ensure that the bundle can
remain active even in the event of a module failure.
Fabric Shortest Path First (FSPF)–based multipathing: Provides the intelligence to load
balance across up to 16 equal-cost paths and, in the event of a switch failure, dynamically
reroute traffic.
QoS: Can be used to manage bandwidth and control latency, to prioritize critical traffic
Fibre Channel Congestion Control: Provides an end-to-end, feedback-based congestion
control mechanism that augments the Fibre Channel buffer-to-buffer credit mechanism to
provide enhanced traffic management.
Comprehensive Solution for Robust Network Security
To address the need for failure-proof security in storage networks, the Cisco MDS 9222i offers an
extensive security framework to protect highly sensitive data crossing today's enterprise networks:
Intelligent packet inspection is provided at the port level, including the application of ACLs
for hardware enforcement of zones, VSANs, and advanced port security features.
Extended zoning capabilities are provided to help ensure that logical unit numbers (LUNs)
can be accessed only by specific hosts (LUN zoning), to limit SCSI read commands for a
certain zone (read-only zoning), and to restrict broadcasts to only selected zones
(broadcast zones).
VSANs offer higher security and greater stability by providing complete isolation among
devices that are connected to the same physical SAN.
FC-SP provides switch-switch and host-switch Diffie-Hellman Challenge Handshake
Authentication Protocol (DH-CHAP) authentication supporting RADIUS or TACACS+ to
help ensure that only authorized devices access protected storage networks.
Comprehensive IPsec protocol suite delivers secure authentication, data integrity, and
hardware-based encryption for both FCIP and iSCSI deployments.