cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16523
Views
7
Helpful
7
Replies

ISE & Smart Licensing

rshehov
Cisco Employee
Cisco Employee

Customer currently got  ISE v1.4, they plan to upgrade probably to latest 2.3. They have 6000 traditional endpoint base licenses. How do we migrate these to be available via smart? Is this one just a PAK migration?

·         What is the “correct” process to migrate a system (Prime/ISE) from Traditional to Smart? Do we switch to smart first, or migrate the PAKs first (assuming we can)?

·         In the Smart Licensing portal there is a section about “Device-led migration” which implies that if we switch over to smart the device will automatically migrate its licenses. I can’t find any documentation on this – is it possible? Basically I want to know the process!

·         We wanted to use a satellite instead of giving network core kit access to Internet. It looks like this is not supported in ISE, though the TAC Bug relating to this is listed as “fixed”. Are there any plans to add this support – it will influence whether we use a satellite or not.

·         General question: Are smart licenses “pooled” – for example, if I wanted to have a second ISE system for testing purposes (for example), could I add this to the Smart portal (assuming I own the RTU needed) and it will only grab the count of endpoints that I need – or do you physically allocate licenses to a specified device? I am a little unclear from the guides I have read.

1 Accepted Solution

Accepted Solutions

Thomas Wall
Cisco Employee
Cisco Employee

Ruslan,

I wanted to clarify one of your questions. In the last line, you asked if smart licenses were pooled. The answer to this is Yes. You can generate a registration key for your primary deployment and lab deployment and join both to the CSSM portal. When you do this, the license count you have is shared between the two deployments. You will be able to track which deployment is consuming a license under the Licenses tab by clicking the linked number in the "in USE" field. Once the link is clicked, a new dialog will open which shows which product instance is using the license. 

-Thomas

View solution in original post

7 Replies 7

Charlie Moreton
Cisco Employee
Cisco Employee

Ruslan Shehov wrote:

Customer currently got  ISE v1.4, they plan to upgrade probably to latest 2.3. They have 6000 traditional endpoint base licenses. How do we migrate these to be available via smart? Is this one just a PAK migration?

Once upgraded to a version of ISE that supports Smart Licensing, you can switch from Traditional Licensing to Smart Licensing in the ISE GUI.  TO do this you will need to be registered with the Cisco Smart Software Manager (SSM).

Smart Licensing1.PNG

What is the “correct” process to migrate a system (Prime/ISE) from Traditional to Smart? Do we switch to smart first, or migrate the PAKs first (assuming we can)?

Register with the SSM and then Enable Smart Licensing in the ISE GUI at Administration > System > Licensing, or vice versa.  The licenses will be in Smart Evaluation Mode until you register with SSM.

Smart Licensing2.PNG

In the Smart Licensing portal there is a section about “Device-led migration” which implies that if we switch over to smart the device will automatically migrate its licenses. I can’t find any documentation on this – is it possible? Basically I want to know the process!

Smart Software Manager - Cisco

We wanted to use a satellite instead of giving network core kit access to Internet. It looks like this is not supported in ISE, though the TAC Bug relating to this is listed as “fixed”. Are there any plans to add this support – it will influence whether we use a satellite or not.

Smart Software Manager satellite - Cisco

Smart Licensing3.PNG

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Configure Smart Licensing and Smart Call Home Service…

Since we do not discuss Roadmap Items here, this is all that can be stated.

However, you can use an HTTPS Proxy or a Transport Gateway to eliminate the need for direct access.

Smart Licensing4.PNG

General question: Are smart licenses “pooled” – for example, if I wanted to have a second ISE system for testing purposes (for example), could I add this to the Smart portal (assuming I own the RTU needed) and it will only grab the count of endpoints that I need – or do you physically allocate licenses to a specified device? I am a little unclear from the guides I have read.

The licenses are pooled for a single ISE Deployment.  The scenario you described would be two separate deployments.  The ISE Licenses are still ties to the UDI of the Admin Nodes.

Thomas Wall
Cisco Employee
Cisco Employee

Ruslan,

I wanted to clarify one of your questions. In the last line, you asked if smart licenses were pooled. The answer to this is Yes. You can generate a registration key for your primary deployment and lab deployment and join both to the CSSM portal. When you do this, the license count you have is shared between the two deployments. You will be able to track which deployment is consuming a license under the Licenses tab by clicking the linked number in the "in USE" field. Once the link is clicked, a new dialog will open which shows which product instance is using the license. 

-Thomas

One clarifying question regarding  Smart Account and Smart Licensing with ISE:

Let's say a Managed Service provider wants to provide "ISE as a Service", and to do that they deploy multiple ISE cubes, one for each end customer organization. By ISE cube I mean an autonomous ISE environment consisting of one or more virtual ISE appliances, that provide PAN, PSN and MnT functions to required scale.

Question: Can the MSP (who would own all the ISE licenses) use one master Smart Account to hold all ISE licenses, and then these separate ISE cubes would consume licenses from this Smart Account, via Smart Licensing mechanism? So there could be significant number (10-50) of these per end-customer ISE cubes, all of which would be linked to the same Smart Account.

Point of all this would obviously be that the MSP would not need to manage licenses separately for each ISE cube, and license consumption could be made much more efficient and dynamic, instead of per end-customer node-locked licenses.

Yes.

All ISE deployments will share the same pool of licenses. One drawback is that no way to limit consumptions per deployment.

Thanks for the clarification.

So there would not be a way to limit license consumption per deployment, which I think is a minor limitation. From MSP perspective, what would be the best way to track license usage per deployment (=customer)? Would it bring any advantage to create a virtual account per end customer?

Please work with our PM and Cisco smart licensing team on these two questions.

Please see other posts in community asking same questions

https://communities.cisco.com/thread/89917