Web-based Entitlement Verification Routine A Secure Portal for Software Distribution

Table of Contents

1. Overview
2. Logic
   1. Files
      1. Classifications
      2. Rules
   2. Accounts
      1. New
      2. Registered
3. Operations
   1. Product Registration
      1. Serial Numbers
      2. License Keys
   2. Logic
      1. For a New User
      2. Returning User
4. Finding Your Serial Number
   1. Via Physical Inspection
   2. Via CLI
   3. Via SNMP
   4. New Tool Coming

Overview top

As BLADE moves to a different software distribution model, checking the entitlement status of a particular switch before loading new firmware containing Upgrades is an important element in the business process changes being undertaken. One step in these process changes is implementing an Entitlement Verification Routine to validate a switches provenance before allowing a download to continue. To ensure customer satisfaction, keeping the switch alive and working is considered paramount to this new process.

This Entitlement Verification will be done using a Web-based secure portal which will intercept the re-direction of partner and BLADE customers to the Blade Network Technologies Internet for software downloads. This secure portal will be called the Web-based Entitlement Verification Routine, or WEVR.

Verification will be done using a rule set that is implemented at the file level. These rules will serve to restrict access to files according to the warranty status of the switch, the presence of a valid license certificate for the requested software, or a combination of the two.

Logic top

Software, in the form of binary images for BLADE switches (whether embedded or RackSwitch™) represents Intellectual Property of Blade Network Technologies. While switches are a one-time purchase, the software image on the switch may undergo many revisions over the life of the switch.

It is logical, then, that checking for entitlement be done at the software image level prior to any download of new functionality for a switch. It is at the file level that BLADE will implement their entitlement checking, through the imposition of a set of rules governing access to each file.

Files top

Classifications top

The software offerings from BLADE will fall into two main classes:

• pre-installed software will be that software installed on a BLADE switch during the manufacturing process and is available to all users of that particular switch, and will be commonly referred to as ‘Base’ software;

• optional software will be that software that is available from BLADE or its partners via some additional process, will be referred to as ‘Premium’ software, and which will be only available to users of that particular switch that have contracted for that software; functionality that is determined to be related and offered as a

• bundled ‘Premium’ release, or;

• multiple ‘Premium’ releases for a particular switch [over time] for which the customer has a contractual agreement with BLADE or its partners, and is delivered as a ‘Software Upgrade’ package.

Software releases from BLADE are numbered to differentiate them from each other. Releases may also be referred to by names (e.g.: IPv6 Host Management) but the numbering will be the key to differentiation and software package selection.

The numbering of the software releases will take the following format:

F.f.m.p
where the following convention is used:

1. “F” to indicate a major functional release
2. “f” to indicate a minor functional release
3. “m” to indicate a maintenance release, and
4. “p” to indicate a patch, or individual fix, release

Further, functional releases will be known as ‘Upgrades’, or releases that have new features and/or functions and which have undergone full SQA cycle and regression testing; ‘Major Upgrade’ means many new features/functions are included in such a release, designated with the 1st digit incremented and ‘Minor Upgrade’ means one to two features/functions are included, designated with the 2nd digit incremented.

Major Upgrade

A Major Upgrade [F] contains a significant software functional implementation, or an inter-related group of software features that represent a large incremental change in the operation of the target switch.

Minor Upgrade

A Minor Upgrade [f] contains a new software functional implementation that represents an incremental change in the operation of the target switch.

Maintenance build

A Maintenance build [m] contains a group of software modifications designed to change the operation of the switch, in response to perceived limitations or shortcomings in the switch operations reported by users or others testing the switch.

Patch (fix) build

A Patch build [p] contains a modification designed to change the operation of the switch, in response to perceived limitations or shortcomings in the switch operations reported by users or others testing the switch.

Rules top

The rule set will be applied at the file level. The rule set will consist of combinations of the following:

1. A switch that is within the defined ‘support period’ period;
2. A license key that is within the defined ‘entitlement’ period;
3. A switch that is covered by a Premium Services contract;
4. A switch that is out of the defined ‘support period’ period but that is covered by a valid license key.

Base

Base-level images are those images that are pre-loaded on the switch during the manufacturing period, and are available to all purchasers of that switch. Base-level images by extension will include maintenance and patch builds to that same image.

Base-level images will be available through WEVR to owners of the specific switch for the duration of the defined ‘support period’ period.

Premium

Premium-level images are those images that are placed on the switch following purchase, which replace the base-level image, and contain significant new functionality. These images are only available to purchasers of the switch at an additional cost. In the case of IBM Layer 2-3 switches, the Premium-level image for SmartConnect (OFM Nortel-Extension) is available at no additional cost.

Premium-level images will be available through WEVR to owners of the specific switch for the duration of the defined ‘support period’ period, or while covered by a valid license key.

Accounts top

The fundamental identification in WEVR will be the account. Transactions recorded by WEVR will be recorded against the account, as will success and failure events. The account will consist of a User Name (and associated Password) that will be connected to:

1. First and last name
2. Email address
3. Telephone number
4. Company name
5. Switch serial numbers
6. Software license keys
7. Image downloads (name of image)
8. Event logs (success/failure)

New top

With exceptions documented below, all users will arrive at the WEVR portal as new users. Once there, they are presented with a ‘Sign In’ page where they will see in the top half of the screen a representation of the image they are trying to download, and the notification that they must sign in to continue the download process. Returning users sign in and are immediately put into the download process.

New users create their User Name and Password, then are directed to create a user profile that contains the following mandatory information:

• User Name
• Password
• First Name
• Last Name
• Email
• Phone Number
• Company Name

When the above information is entered, the user selects the ‘REGISTER’ button, and their registration is complete. They are directed to return to the ‘Sign In’ page, where they login as a ‘Returning Member’ and complete the download process.

Registered top

Registered users have contact information on file. They may or may not have registered products on file. Registered users have the ability to modify their associated information as needed, and add products to their account.

Operations top

WEVR will serve as the main portal for download requests of BLADE switch software. The requester will arrive at the portal either through re-direction from a partner site, through a URL embedded in an email, or other electronic correspondence. They may also receive the URL in printed form, and enter it directly into a Web browser.

Once connected to the site, there are four main actions that can take place:

• Account maintenance
• Switch product registration
• License key registration
• Image file download

Product Registration top

Product registration is done by selecting the “Register Products” function from the Profile Management page. The result is the page (below) that provides two methods for submitting product information: manual (or cut and paste) entry into the upper data entry field, or; upload of a file (in Text File format) that contains the product numbers that are being registered, one per line, with no other content.

The serial number is an integral part of the switch as delivered, represented on the outside of the switch (e.g.: the backplate) as well as embedded within the switching software in a product-specific MIB. [See Finding your Serial Number]

Serial Numbers top

The serial number of the switch is what is primarily used to determine the entitlement of the platform to software downloads via WEVR. The serial number contains embedded information that represents the date of manufacture of the switch, and can therefore be used to determine whether the hardware warranty period is still in force, or has expired.

A switch with a serial number outside the defined hardware warranty period will generally not be a candidate for an upgrade, and therefore will be rejected by the WEVR system. There are instances, though, in which the switch, while in an ‘expired’ state, will still be a candidate for software download through WEVR.

License Keys top

License keys will represent the entitlement of the bearer, and by extension, the switch(es) covered by that key, a software download. License keys may take several forms, among them:

• License keys purchased to extend entitlement to switches not covered by other agreements with a particular distribution partner;
• License keys purchased to extend entitlement to switches outside the warranty period, or;
• License keys representing switches covered under a BladeHarmony Manager Premium Services contract.

Logic top

The logic of WEVR is that the user registers as an administrator of a BLADE switch, then follows download links provided by either partner website or electronic communication to obtain the desired switch image.

The download of switch software images requires that the target switch be entitled to the software, and that entitlement is determined via either the switch serial number, a valid license key, or a combination of the two.

In general terms, the process is as follows:

For a New User top

1. Select URL for file desired.
2. Get redirected to BLADE site.
3. Select “Create Account.”
4. Enter required information [Profile Information]
5. Login.
6. Enter switch serial numbers on Profile Management page [Register Products]
7. Logout.
8. Return to URL for file desired.
9. Get redirected to BLADE site.
10. Sign in as Returning Member
11. Follow selection to download file.

Returning User top

1. Select URL for file desired.
2. Get redirected to BLADE site.
3. Follow selection to download a file.

Finding Your Serial Number top

There are three ways to find your serial numbers. One involves physical inspection of the device to read the labels which is often inconvenient because it interrupts use. But there are two other ways that one can obtain serial numbers centrally/remotely from our devices without physically reading them from the labels on the device: via CLI or via SNMP. Both require connectivity to your switches and knowledge of their IP addresses.

Via Physical Inspection top

The serial number is located on a small sticker usually on the bottom of the switch. It will look something like: WQ1WDX4BM7921

Via CLI top

Telnet/SSH to the device and issue the command: /info/sys/general

Output similar to following will be displayed. The serial number has been highlighted.

Via SNMP top

Using an off-the-shelf SNMP freeware tool such as iReasoning MIB browser, one can query devices via SNMP.

Some caveats are:

1. One needs to know a little bit about SNMP, MIBs, etc in order to use this method. Most network admistrators have this knowledge already.
2. One needs to know the read community name of your switch (‘public’ is the default) in order to query the device.

Below is a table that has all that one needs to know to retrieve the serial numbers with an MIB browser tool.

Info for Retrieving Serial Numbers with an MIB Browser Tool

Device	MIB filename	Name	OID
GbESM L2/3	GbESM-1G-L2L3.mib	hwSerialNumber	1.3.6.1.4.1.1872.2.5.1.3.1.18.0
GbESM L2/3 OFM	GbESM-1G-L2-SM.mib	hwSerialNumber	1.3.6.1.4.1.1872.2.5.1.3.1.18.0
1:10 GbESM	GbESM-10U-L2L3.mib	hwSerialNumber	1.3.6.1.4.1.1872.2.5.1.3.1.18.0
1:10 GbESM OFM	GbESM-10U-SC.mib	hwSerialNumber	1.3.6.1.4.1.1872.2.5.1.3.1.18.0
GbESM L2/7	aosswitch.mib	hwSerialNumber	1.3.6.1.4.1.1872.2.5.1.3.1.18.0
10G ESM	GbESM-10G-L2L3.mib	hwSerialNumber	1.3.6.1.4.1.26543.2.5.1.3.1.18.0
10G ESM OFM	GbESM-10G-SC.mib	hwSerialNumber	1.3.6.1.4.1.26543.2.5.1.3.1.18.0

New Tool Coming top

In about a month we expect to deliver a a free, simple, easy-to-use tool, that will discover your BNT switches and report their serial numbers automatically (using SNMP). The serial number output of this tool will be able to be imported directly into Blade’s product number registration system.