Solved: Cisco Umbrella License Consumption

Luciferisme · ‎11-16-2022

Let 's say we have Cisco DNS Advantage license for 100 users.

Scenario 1:

NO VA appliance is deployed. NO AD Integration .All DNS queries are forwared by Organisation DNS server to CISCO umbrella and there is PAT device at the edge.

Querry is , how Cisco Umbrella consumed the license .

Does Umbrella even know about the Users.

Scenario 2:

VA are deployed with AD Connector install..All DNS queries are forwared by Organisation DNS server to CISCO umbrella and there is PAT device at the edge.

Querry is , how Cisco Umbrella consumed the license .

Scenario 3:

VA are deployed with AD Connector install.Roaming Client also install .All DNS queries are forwared by Organisation DNS server to CISCO umbrella and there is PAT device at the edge.

Querry is , how Cisco Umbrella consumed the license .

Thanks.

Milos_Jovanovic · ‎11-17-2022

Hi @Luciferisme,

In either of these cases, Cisco is monitoring number of DNS queries per user. You can see see more details here.

Having this said, for scenario #1, above will apply.

Scenario #2 is bit unclear. If you have deployed VA, then DNS queries are forwarded via VA as well, not only internal DNS servers. VA will report number of unique users. In either case, total number will be count by Cisco as per above monitoring.

Scenario #3 is similar as #2, with addition that Roaming clients will report user as well.

Kind regards,

Milos

View solution in original post

Milos_Jovanovic · ‎11-17-2022

Yes, if VA is deployed and in use, Umbrella portal can see uniquie hosts/IP addresses/users.

If there is no VA deployed, Umbrella can't differentiate unique users, and all queries will come from one (or group of) public IP, which is your DNS server. In this case, Umbrella is counting total number of DNS queries as per formula above, where it will have knowledge of total number of DNS queries arrived and expected count.

Umbrella will still continue to process total amount of DNS queries (there is no hard limit based on your license count), but if you are overutilizing it, some red flag will be raised in Cisco, and you will be contacted and notified that they have detected you are using more than you payed for.

Kind regards,

Milos

View solution in original post

Milos_Jovanovic · ‎11-17-2022

Hi @Luciferisme,

In either of these cases, Cisco is monitoring number of DNS queries per user. You can see see more details here.

Having this said, for scenario #1, above will apply.

Scenario #2 is bit unclear. If you have deployed VA, then DNS queries are forwarded via VA as well, not only internal DNS servers. VA will report number of unique users. In either case, total number will be count by Cisco as per above monitoring.

Scenario #3 is similar as #2, with addition that Roaming clients will report user as well.

Kind regards,

Milos

Luciferisme · ‎11-17-2022

Thanks @Milos_Jovanovic

To clear my understanding, In case of VA is deployed,VA will differentiate the DNS querries.

Still in Scenario 1 , where VA is not deployed, How actually Umbrella Differentiate DNS querries of different user.

Due to Monthly DNS query Average, Cisco Umbrella will handle only certain amount of DNS queries which depends on Licensed.

Thanks.

Milos_Jovanovic · ‎11-17-2022

Yes, if VA is deployed and in use, Umbrella portal can see uniquie hosts/IP addresses/users.

If there is no VA deployed, Umbrella can't differentiate unique users, and all queries will come from one (or group of) public IP, which is your DNS server. In this case, Umbrella is counting total number of DNS queries as per formula above, where it will have knowledge of total number of DNS queries arrived and expected count.

Umbrella will still continue to process total amount of DNS queries (there is no hard limit based on your license count), but if you are overutilizing it, some red flag will be raised in Cisco, and you will be contacted and notified that they have detected you are using more than you payed for.

Kind regards,

Milos

Luciferisme · ‎11-17-2022

Thanks @Milos_Jovanovic.