cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Smart Licensing using Policy - Licensing simplified.

3356
Views
0
Helpful
0
Comments
ndiwakar
Cisco Employee

Introduction to Smart Licensing

Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure – you control what users can access. With Smart Licensing you get: 

Easy Activation: Smart Licensing establishes a pool of software licenses that can be used across the entire organization—no more PAKs (Product Activation Keys). 

Unified Management: My Cisco Entitlements (MCE) provides a complete view into all of your Cisco products and services in an easy-to-use portal, so you always know what you have and what you are using. 

License Flexibility: Your software is not node-locked to your hardware, so you can easily use and transfer licenses as needed. 

To use Smart Licensing, you must first set up a Smart Account on Cisco Software Central (software.cisco.com).

For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide

 

 

Based on feedback from customers and partners, Cisco has redesigned the ‘Smart Licensing’ model by drastically simplifying and reducing the number of operations. The new model is called “Smart Licensing using Policy”. Based on the changes customers only need to provide report and reconcile the changes on CSSM. Cisco has also delivered a variety of tools to create the report with a few clicks. If reporting is missed or not complete, is important to keep in mind that the device will NEVER stop any functionality, throttle (except Routers) or generate excessive syslog messages. It simply ALWAYS works.

 

‘Smart Licensing’ using Policy has been introduced in releases IOS-XE 17.4.1 and 17.3.2 for Router, Switches and Wireless products. This replaces existing Smart Licensing model. The primary goal is to provide a solution where customer can simply take out the switch from the box and do not need to perform any additional tasks with regard for ‘Smart Licensing’ to get the switch operational. When device is powered up, the license status will be set to “In-use”. Additionally, changes have been made to the ordering process to ensure that prior to a new device reaching the customer, reporting to the CSSM on Cloud is performed by Cisco thus eliminating any day 0 operational overheads on the customer side. Finally, an easy reporting tool has been provided called CSLU ‘Cisco Smart License Utility’. CSLU can operate using direct or proxied Connection to CSSM on Cloud or in air-gapped network.

 

 

The policy:

The policy determines the behavior of the Catalyst Device with respect to licensing. It is primarily used to determine reporting frequency. It also instructs device if return ack is needed from the CSSM. All Catalyst devices come with a default policy which requires reporting for subscription licenses every 90 days and a return ack from the CSSM. A custom defined policy can be allowed for customers who want to tweak the reporting parameters.

 

Output of the policy from a Catalyst device is shown below.

 

Policy:

  Policy in use: Merged from multiple sources.

  Reporting ACK required: yes (CISCO default)

  Perpetual Attributes:

    First report requirement (days): 365 (CISCO default)

    Reporting frequency (days): 0 (CISCO default)

    Report on change (days): 90 (CISCO default)

  Subscription Attributes:

    First report requirement (days): 90 (CISCO default)

    Reporting frequency (days): 90 (CISCO default)

    Report on change (days): 90 (CISCO default)

  Enforced License Attributes:

    First report requirement (days): 90 (CISCO default)

    Reporting frequency (days): 90 (CISCO default)

    Report on change (days): 90 (CISCO default)

  Export License Attributes:

    First report requirement (days): 90 (CISCO default)

    Reporting frequency (days): 90 (CISCO default)

    Report on change (days): 90 (CISCO default)

Screen Shot 2021-02-04 at 8.38.05 AM.png

 

License states:

Smart Licensing using Policy eliminates confusion on the customer side by removing all license states and replaced with one “In-use” state. Additionally, Eval modes have been removed. The table below shows the contrasting license states for various scenarios.

Screen Shot 2021-02-04 at 8.55.48 AM.png

 

License reservation:

License reservation has been removed with Smart Licensing using Policy. The Catalyst Device still honors previously made reservations made on older releases prior to upgrade but reservations after 17.3.2 and 17.4.1 are not allowed.

 

 

RUM Reports:

Each Catalyst Device generates RUM reports. RUM reports store the license usage information along with timestamps of the license usage. The reports are signed by the Catalyst device and sent to the CSSM on Cloud either directly online or using other reporting methods including offline manual upload. When CSSM on cloud receives the report, it validates the report and updates its Consumed license count accordingly. If there is a license package change on a Catalyst device, a new RUM report is generated and stored on the device. 

Screen Shot 2021-02-04 at 8.38.52 AM.png

 

Greenfield Deployment changes:

Smart Licensing provided an option on the CSSM on Cloud to allow customers to enable license reservation for factory orders. This shipped device would have licenses reserved and the customer could enable this by running a couple of commands eliminating the need for immediate reporting. This has been changed to accommodate for changes to the licensing model.

 

There is now no need for the customer to opt-in. The default behavior for all new purchases via CCW is to have the customer choose the SA and VA information on the tool during ordering. Once manufacturing receives the order, the following is performed prior to shipping the device.

  • Licenses are configured and first reporting to CSSM is done.
  • CSSM marks the relevant licenses as consumed.
  • If the customer has a custom policy applied to the VA, custom policy is applied to the PI.

 

Once the device is received by the customer, no immediate reporting is required. Device works with the configured licenses out of the box from the first boot.

Screen Shot 2021-02-04 at 8.40.34 AM.png

 

 

Enforcement:

On Catalyst 9k switches, there is no enforcement of any sort if reports are not sent to the CSSM per the policy. All configured features will continue to function even post reload.

 

 

CSLU:

CSLU (Cisco Smart Licensing Utility) is a report tool that can assist to collect reports from large scale of devices. CSLU runs on Windows 10 OS and can connect internally to Catalyst devices to collect reports and can connect externally to CSSM on cloud to upload the report. CSLU collected reports can be uploaded Manually to CSSM on cloud as well. CSLU does not maintain information about SA/VA or license counts locally. CSLU is not intended to replace CSSM on Prem

 

The CSLU only displays the Catalyst Device info using its UDI. It does not maintain any information on the HA stack if applicable.

 

The CSLU can work in either online mode where the CSLU is able to communicate with the CSSM on Cloud or in offline mode where the CSLU is air-gapped and cannot reach the CSSM on Cloud. In offline mode, the CSLU helps to automate report collection from large number of PI devices which can then be downloaded from the CSLU as a single consolidated to be uploaded manually to the CSSM on Cloud.

 

A single windows machine running CSLU can manage up to 10,000 Catalyst devices.

Screen Shot 2021-02-04 at 8.41.22 AM.png

Screen Shot 2021-02-04 at 8.41.33 AM.png

 

Transport modes and reporting options:

Transport modes are used to instruct the Catalyst Device connectivity method to connect to the CSSM on Cloud. The following transport modes are supported.

  • Smart Callhome – Sends reports to the configured Smart Callhome server. Planned to be deprecated soon. Smart Transport replaces Smart Callhome.
  • Smart Transport - Sends reports directly to CSSM on Cloud.
  • CSLU – Sends reports either to DNS resolution of “cslu-local” or directly to cslu IP address, if configured. For DNS resolution, Catalyst device should specify an address to a DNS name server.
  • Off – Does not send any reports. Useful for air-gapped networks without CSLU

 

 

Brownfield deployments – Upgrade Scenarios:

For brownfield deployments, upgrading from an image with Smart Licensing to one which supports Smart Licensing using Policy is seamless and fully backwards compatible. Any existing configuration is honored. The follow table covers all upgrade scenarios from Smart Licensing to Smart Licensing using Policy.

Screen Shot 2021-02-04 at 8.43.53 AM.png

Upgrades and downgrades are seamless and there is no loss of configs.

 

 

Reporting to the CSSM:

With the introduction of the CSLU we support the following options to get the RUM report from the Catalyst device over to the CSSM on Cloud.

  • Direct connect to the CSSM on Cloud using either the Smart Call-Home or the Smart transport. Devices push the reports to the CSSM on Cloud. CSSM on Cloud cannot request the report to be sent.
  • Using the CSLU to collect reports from the Catalyst Devices and communicate with the CSSM on Cloud in the backend. CSLU can either pull the report from the Catalyst Device or the Catalyst device can push the report to the CSLU.
  • Using DNAC to manage the Catalyst Devices and communicate with CSSM on Cloud in the backend.
  • Using CSSM on-prem (Roadmap – Feb 2021)
  • Air gapped networks using either the CSLU or full manual upload.

Screen Shot 2021-02-04 at 8.46.13 AM.png

The following table should help in deciding the reporting method which works best for your network.

Screen Shot 2021-02-04 at 8.47.28 AM.png

 

Terminology:

CSSM/SSM - Cisco Smart Software Manager

SA – Smart Account

VA – Virtual Account

SL – Smart Licensing

SLR – Smart License Reservation

PIDs – Product IDs

UDI – Unique Device Identification

PI – Product Instances

CSLU – Cisco Smart Licensing Utility

RUM – Resource Utilization Measurement

ACK – Acknowledgement

 

 

Links and References:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-3/configuration_guide/sys_mgmt/b_173_sys_mgmt_9300_cg/sl_using_policy.html