Cisco Smart Licensing Using Policy on MDS 9000 Switches
Smart Licensing Using Policy for Cisco MDS 9000 Switches
This article provides information about the Smart Licensing Using Policy (SLP) solution, which is an enhanced version of Smart Licensing. SLP doesn't interrupt with the operations of your network and enables a compliance relationship to account for the hardware and software licenses that you purchase and use.
Simplify Licensing with Smart Licensing Using Policy
In the fast-paced network operations environment, there’s an increasing need for a simple and streamlined licensing process. Furthermore, license reporting is crucial for your devices to ensure network compliance.
Smart Licensing Using Policy (SLP) is a policy-based, flexible software licensing model built on the existing Cisco Smart Licensing model. SLP simplifies the licensing process for Cisco MDS 9000 products by offering a more adaptable and automated method of licensing. It enables network administrators to easily activate and manage licenses as well as monitor usage patterns.
Comparison of Traditional, Smart Licensing, and Smart Licensing Using Policy
Comparison of Supported Deployments in Traditional or PAK-based Licensing with SLP
Few concepts and terminologies have evolved with the evolution of licensing from Traditional or PAK based to SL and then to SLP. This table compares the deployment types per the license scheme and can be used as a reference to check especially the SL and SLP documentation.
Supported Deployments |
Traditional Licensing (PAK) |
Smart Licensing |
Smart Licensing Using Policy |
---|---|---|---|
Direct Internet access |
Hardware local license install |
Communication directly with CSSM |
Communication directly with CSSM |
On-Premises |
Hardware local license install |
Communication with CSSM On-Prem |
Communication with CSSM On-Prem or Cisco Smart Licensing Utility (CSLU) |
Offline or air-gapped networks |
Hardware local license install |
CSSM On-Prem, Specific License Reservation, Permanent License Reservation |
SSM On-Prem, CSLU, or Disconnected (from switch where transport mode is off) |
Supported Deployments |
Traditional Licensing (PAK) |
Smart Licensing |
Smart Licensing Using Policy |
---|---|---|---|
Product Instance |
No CSSM |
Hostname displayed in CSSM |
Hostname is no longer displayed in CSSM and License UDI is displayed instead. |
Relationship with CSSM |
No CSSM |
Registers with CSSM |
Creates a trust relationship with CSSM |
Day 0 (Licensing deployment) |
If no license is installed, features are not available |
No licensing is available without registration. Enforced license features cannot be used until licenses are authorized after registration with CSSM. Some features permit evaluation period. |
Licenses are enabled by default. Compliance is still required but not mandatory for the initial deployment. |
Report to CSSM |
Does not communicate with CSSM |
SL does not report license usage to CSSM. Instead, it authorizes license requests sent by the device. |
RUM reports are used as proof of license usage and uploaded to CSSM either automatically or manually. |
Communication method |
Does not communicate with CSSM |
Call Home |
Call Home or SmartReceiver |
Comparison of Smart Licensing with Smart Licensing Using Policy
Smart Licensing (SL) |
Smart Licensing Using Policy (SLP) |
---|---|
The default license communication transport mode is callhome. The device initiates a Call Home and requests the licenses.
|
The license communication transport modes for SLP are as follows:
|
Register devices with SSM On-Prem or CSSM (after device installation or bring-up of devices) in the network to meet software compliance. |
Devices must establish trust with SSM On-Prem, CSLU, or CSSM within 90 days to meet software compliance. |
License states available are Evaluation, Evaluation Expired Registered, Authorized, Out of Compliance, Authorization Expired. |
License states available are Pending, Out-of-Compliance, and Authorized. |
License reporting is every 30 days. |
License reporting (Cisco default policy) is 90 days. |
License States in SL and SLP
License states indicate the actual status of the license of a device. Both Smart Licensing (SL) and Smart Licensing Using Policy (SLP) solutions use license states to indicate the status of a license.
When you upgrade or downgrade your devices between the solutions, the license states change accordingly. The table describes the mapping of license states during migration.
License States in SL |
LicenseStates in SLP |
---|---|
Evaluation |
Pending |
Evaluation Expired |
|
Authorized(Registered) |
Authorized |
Out-of-Compliance |
Out-of-Compliance |
Authorization Expired. |
Smart Licensing Using Policy Support on Cisco MDS 9000 Switches
Starting with Cisco NX-OS Release 9.2(2), Smart Licensing Using Policy is enabled by default on all Cisco MDS 9000 Switches. The default communication transport mode is cslu transport.
Benefits of Smart Licensing Using Policy
With SLP, you no longer need to register your device during installation, and there is no evaluation license period. SLP uses policies to report license usage and consumption from devices to Cisco Smart Software Manager (CSSM).
The primary benefits of SLP are:
-
Seamless day-0 operations
After a license is ordered, preliminary steps, such as registration or generation of keys, are not required and product features can be configured on the device right-away.
Subscription based licenses are provided with Cisco MDS 9000 Switches.
-
Visibility and manageability
Tools, telemetry, and product tagging.
-
Flexible, time series reporting remaining compliant
Easy reporting options are available, whether you are directly or indirectly connected to Cisco Smart Software Manager (CSSM) or are in an air-gapped network.
Policy-Driven Licensing
A policy is a set of predefined rules that are associated with a smart account and is automatically installed on new Cisco devices. These rules determine how often and under what conditions devices report their software license usage. The policy sets the initial reporting requirements for new licenses, the ongoing report acknowledgment protocols, and the regular intervals at which these reports must be submitted to maintain license compliance.
CSSM determines the policy that is applied to a switch. Only one policy is in use at a given point in time. The policy and its values are based on several factors, including the licenses being used.
A policy provides the switch with these reporting instructions:
-
License usages report acknowledgment requirement (Reporting ACK required): The license usage report is known as a Resource Utilization Measurement (RUM) Report and the acknowledgment is referred to as an ACK. This is a yes or no value that specifies if the report for this product instance requires CSSM acknowledgment. The default policy is always set to yes.
-
Cisco specifies the default duration in days for uploading of RUM report while using the Smart Licensing Using Policy. The RUM reports must be sent within the specified duration, even when there is a change in license usage.
Cisco Default Policy for Cisco NX-OS
Cisco default is the default policy that is always available in the product instance. If no other policy is applied, the product instance applies this default policy. New Cisco MDS 9000 switches come preinstalled with the Cisco default policy for Cisco MDS 9000. This table displays the Cisco default policy values for Cisco MDS 9000 switches.
Policy: Cisco default |
Policy Requirements |
---|---|
Unenforced |
Reporting ACK required: Yes Unenforced/Non-Export: First report requirement (days): 90 (CISCO default) Ongoing reporting frequency (days): 365 (CISCO default) On change reporting (days): 90 (CISCO default) |
Enforced |
Reporting ACK required: Yes Enforced (Pepertual/Subscription): First report requirement (days): 0 (CISCO default) Ongoing reporting frequency (days): 0 (CISCO default) On change reporting (days): 0 (CISCO default) |
Key Concepts of Smart Licensing Using Policy
This section explains the key components that you need to understand before implementing SLP.
License Enforcement Types and Duration
The two license enforcement types are:
-
Enforced - The terms of use for such licenses are as per the end user license agreement (EULA).
-
Unenforced – These do not require authorization before use in air-gapped networks or in connected networks.
License duration is the duration or term for which a purchased license is valid. A license enforcement type is either Enforced or Unenforced and is valid for these two durations:
-
Perpetual: A perpetual license enables you to make a one-time purchase of a license that does not expire.
-
Subscription: A subscription-based license enables you to purchase a license for a specific period of time based on your requirement.
Product Instance or Switch
A Product Instance (PI), for example, a switch, is a single instance of a Cisco product, which is identified by a Unique Device Identifier (UDI).
A PI records and reports license usage (Resource Utilization Measurement reports) and provides alerts and system messages about issues such as overdue reports and communication failures. Resource Utilization Measurement (RUM) reports and usage data are securely stored in the product instance.
Throughout this document, the term product instance refers to all supported physical and virtual product instances, unless noted otherwise.
CSSM
Cisco Smart Software Manager (CSSM) is a portal that enables you to manage all your Cisco software licenses from a centralized location. CSSM helps you manage current requirements and review usage trends to plan for future license requirements.
You can access the CSSM Web UI at https://software.cisco.com/software/smart-licensing/alerts. Navigate to Manage licenses link. See the Supported Topologies section to know about the different ways in which you can connect to CSSM.
In CSSM you can perform the following:
-
Create, manage, or view virtual accounts.
-
Create and manage Product Instance Registration Tokens.
-
Transfer licenses between virtual accounts or view licenses
-
Transfer, remove, or view Product Instance.
-
Run reports against your virtual accounts.
-
Modify your email notification settings.
-
View overall account information
CSLU
Cisco Smart License Utility (CSLU) is a Windows-based reporting utility that provides aggregate licensing workflows. This utility performs the following key functions:
-
Provides options relating to how workflows are triggered. The workflows can be triggered by CSLU or by the product instance.
-
Collects usage reports from the product instance and uploads these usage reports to the corresponding Smart Account or Virtual Account, online or offline, using files. Similarly, the RUM report ACK is collected online or offline and sent back to the product instance.
-
Sends authorization code requests to CSSM and receives authorization codes from CSSM, if applicable.
CSLU can be part of your implementation in the following ways:
-
Install the Windows application to use CSLU as a standalone tool that is connected to CSSM.
-
Install the Windows application to use CSLU as a standalone tool that is disconnected from CSSM. With this option, the required usage information is downloaded to a file and then uploaded to CSSM. This is suited for air-gapped networks.
SSM On-Prem
Smart Software Manager On-Prem (SSM On-Prem) is an asset manager, which works in conjunction with CSSM. It enables you to administer products and licenses on your premises instead of having to directly connect to CSSM.
Information about the required software versions to implement SLP with SSM On-Prem, is provided below:
MinimumRequired SSM On-Prem Version for SLP1 |
MinimumRequired Cisco NX-OS Version2 |
---|---|
Version 1.1 |
Cisco MDS 9000 NX-OS Release 9.2(2) |
1 The minimum required SSM On-Prem version. This means support continues on all subsequent releases - unless noted otherwise.
2 The minimum required software version on the product instance. This means support continues on all subsequent releases - unless noted otherwise.
Resource Utilization Measurement Reports
A RUM report is a license usage report, which fulfills the reporting requirements as specified by the policy. It is an ISO 19770–4 report that is delivered in the JSON format and signed as per the trust model.
The RUM report contains information such as:
-
license usage filtered by ID
-
license name, and
-
Summary of the license information.
The devices record license usage information and any modifications to license usage in an open RUM report. At specific intervals, open RUM reports are closed, and new RUM reports are opened to record license usage. The closed RUM reports are sent to CSSM.
Trust Code
Trust code is a UDI-tied public key with which the product instance signs a RUM report. This prevents tampering and ensures data authenticity.
Key Features of Smart Licensing Using Policy
-
Policy-Based Management: The Cisco default policy, which is enabled by default, automates license management, streamlining operations and ensuring compliance.
-
Streamlined Activation: SLP automates the device registration at the time of installation, which allows for immediate use of the network devices
-
License Pooling: Licenses can be pooled across the entire network, allowing for more flexible and efficient use of software entitlements.
-
Seamless Integration with CSSM: SLP integrates with CSSM for easy license management and visibility, enabling self-service for license deployments and maintenance.
-
No Evaluation License Period: Devices with SLP can boot up and operate with full feature sets immediately.
-
Trust Establishment: Devices must establish trust with CSSM or SSM using a trust code within 90 days to report license consumption. This ensures a secure and verified licensing environment.
-
Automated Usage Reports: The Resource Utilization Measurement (RUM) reports automate the recording of license usage. Data can be securely stored on the device and synced automatically or manually for compliance.
SLP as a Software License Management Solution
SLP as a software license management solution provides a seamless experience with four aspects of licensing.
-
Purchase: Purchase licenses through the existing channels and use the Cisco Smart Software Manager (CSSM) portal to view product instances and licenses.
To simplify the implementation of SLP, provide your Smart Account and Virtual Account information when placing an order for a new hardware or software. This allows Cisco to install applicable policies at the time of buying the product.
-
License Type: All licenses on Cisco MDS 9000 Switches are enforced.
-
Report: License usage should be reported to CSSM. Multiple options are available for license usage reporting. You can use the Cisco Smart Licensing Utility (CSLU), or report usage information directly to CSSM. For air-gapped networks, a provision for offline reporting where you download usage information and upload it to CSSM, is also available. The usage report is in plaintext XML format.
-
Reconcile: Reconciliation is available for situations where delta billing applies (between purchased and consumed).
Smart Licensing Using Policy Workflow
Smart Licensing Using Policy solution makes it easier for you to procure, deploy, and manage your license. Cisco Smart Software Manager (CSSM) is your primary licensing server and portal where you can create your smart accounts and manage licenses.
Smart Software Manager On-Prem and Cisco Smart Licensing Utility are your locally installed on-premises user portals that work with CSSM.
After purchasing licenses, activate your licenses on your devices in your deployments. As the devices establish trust and report license usage, you can manage your licenses through continuous reporting.
Smart Licensing Using Policy Workflow In a Nutshell
These are the stages for deploying Smart Licensing Using Policy:
-
Order licenses
-
Access CSSM and create the smart account and virtual accounts to organize your licenses.
-
Order your license from Cisco Commerce Workspace (CCW).
-
-
Activate licenses.
-
Select the deployment methods.
-
Online Deployments
-
Offline or Air-gapped Deployments
-
-
Configure the smart license transport mode and establish trust with CSSM.
-
-
Manage licenses.
-
Generate your Resource Utilization Measurement (RUM) report from the device. Synchronize the report with CSSM either automatically or manually.
-
Monitor the license usage and compliance status through the CSSM portal.
-
Deployment Models for Smart Licensing Using Policy
Smart Licensing Using Policy offers the following deployments:
Online Deployments
-
Direct Deployments (with transport mode as Smart or Call Home)
-
Direct Cloud Access (CSSM)
-
Direct Cloud Access (CSSM) through a proxy server
-
-
On-premises Deployments
-
Smart Software Manager (SSM) On-Prem (recommended)
-
Smart Software Manager (SSM) On-Prem through a proxy server
-
Cisco Smart License Utility (CSLU)
-
Cisco Smart License Utility (CSLU) through a proxy server
-
Offline or Air-gapped Deployments
-
Disconnected (from the switch where transport is off) or Air-gapped deployment from the switch
-
SSM On-Prem Disconnected (remote deployment)
-
CSLU Offline (remote deployment)
Supported Deployment Models and Topologies
This section describes the various ways in which you can implement a smart licensing policy. For each topology, refer to the accompanying overview to know how the setup is designed to work, and refer to the considerations and recommendations, if any.
Choosing a Topology
The following table allows you to choose a topology depending on your network deployment.
Deployment Model |
Topology |
Recommendations |
---|---|---|
Online Deployment > Direct (Smart transport/call home) |
Topology 2: Connected Directly to CSSM |
Use this topology when you have switches that are already registered to CSSM and need to continue in the same mode. If you need to continue using this topology after upgrading to SLP, then Smart Transport is the preferred transport method. See Topology 2: Connected Directly to CSSM. |
Online Deployment > On-Prem > Smart Software Manager (SSM) On-Prem (Recommended) |
Topology 4: Connected to CSSM through SSM On-Prem |
Use this topology when you want to collect licensing information from each switch in the network and when there is no connectivity to CSSM. See Connected Mode in Topology 4: CSLU Disconnected from CSSM. |
Online Deployment > On-Prem > CSLU |
Topology 1: Connected to CSSM through CSLU |
Use this topology when you do not want the switches to be directly connected to CSSM. This topology supports only one SA/VA combination. See Online Mode in Topology 1: Connected to CSSM Through CSLU. |
Offline Deployment > from the switch |
Topology 6: No Connectivity to CSSM and No CSLU (Offline mode) |
Use this topology when you want to collect licensing information from a single source and when there is no connectivity to CSSM. You cannot view license consumption locally. Also, only a single VA can be used. See Topology 6: SSM On-Prem Disconnected from CSSM. |
Offline Deployment > SSM On-Prem Disconnected |
Topology 5: SSM On-Prem Disconnected from CSSM |
Use this topology when you want to manage or view licenses from a single source. You can view license consumption locally. You can also use multiple SA/VA combinations. See SSM On-Prem in Disconnected Mode in Topology 5: No Connectivity to CSSM and No CSLU. |
Offline Deployment > CSLU Offline |
Topology 3: CSLU Disconnected from CSSM |
Use this topology when you need to manage or view license consumption locally. You can also use multiple VA. See CSLU in Offline Mode in Topology 3: Connected to CSSM Through SSM On-Prem. |
Topology 1: Connected to CSSM Through CSLU
Here, switches in the network are connected to CSLU, and CSLU becomes the single point of interface with CSSM. A switch can be configured to push the required information to CSLU.
Switch-initiated communication (push): A switch initiates communication with CSLU by connecting to a REST endpoint in CSLU. Data that is sent is unsecure and includes RUM reports.
Configure the switch to automatically send RUM reports to CSLU at required intervals. CSLU is the default method for a switch.
Topology 2: Connected Directly to CSSM
This method was available in the earlier version of Smart Licensing and remains supported with SLP.
Here, establish a direct and trusted connection from a switch to CSSM. The direct connection requires network reachability to CSSM. For the switch to then exchange messages and communicate with CSSM, configure one of the transport options available with this topology. Lastly, the establishment of trust requires the generation of a token from the corresponding Smart Account and Virtual Account in CSSM and installation on the switch.
You can configure a switch to communicate with CSSM in the following ways:
-
Use smart transport to communicate with CSSM (recommended)
Smart transport is a transport method where a Smart Licensing (JSON) message is contained within an HTTPs message and exchanged between a switch and CSSM to communicate.
The following smart transport configuration options are available:
-
Smart transport: In this method, a switch uses a specific smart transport licensing server URL. This must be configured exactly as shown in the workflow section.
-
Smart transport through an HTTPs proxy: In this method, a switch uses a proxy server to communicate with the licensing server and CSSM.
-
-
Use Call Home to communicate with CSSM.
Call Home provides email-based and web-based notification of critical system events. This method of connecting to CSSM was available in the earlier Smart Licensing environment and remains available with SLP.
The following Call Home configuration options are available:
-
Direct cloud access: In this method, a switch sends usage information directly over the Internet to CSSM; no additional components are needed for the connection.
-
Cloud access through an HTTPs proxy: In this method, a switch sends usage information over the Internet through a proxy server — either a Call Home Transport Gateway or an off-the-shelf proxy (such as Apache) to CSSM.
-
Topology 3: Connected to CSSM Through SSM On-Prem
When the SSM On-Prem server is associated with virtual account in CSSM, it will be required that all product instance registration tokens to be generated from their Smart Software On-Prem management interface.
Here, switches in the network are connected to SSM On-Prem and SSM On-Prem becomes the single point of interface with CSSM. You can also configure the switch to push the required information to SSM On-Prem.
Switch-initiated communication (push): A switch initiates communication with CSSM by connecting to a REST endpoint in SSM On-Prem. Data that is sent includes RUM reports. Configure the switch to automatically send RUM reports to SSM On-Prem at required intervals.
Topology 4: CSLU Disconnected from CSSM
The CSLU utility is installed on-premises and the switches communicate with it. The other side of the communication, between CSLU and CSSM, is offline. In fact, CSLU provides the option of working in a mode that is disconnected from CSSM.
Communication between CSLU and CSSM is sent and received in the form of signed files (xml) that are saved offline and then uploaded to or downloaded from CSLU or CSSM.
Topology 5: No Connectivity to CSSM and No CSLU
Here we have a switch and CSSM disconnected from each other without any other intermediary CSLU or components. All communication is in the form of uploaded and downloaded files.
Topology 6: SSM On-Prem Disconnected from CSSM
Here, a switch communicates with SSM On-Prem and the switch-initiated communication must be implemented. The other side of the communication, between SSM On-Prem and CSSM, is offline. SSM On-Prem provides the option of working in a mode that is disconnected from CSSM.
Communication between SSM On-Prem and CSSM is sent and received in the form of signed files (xml) that are saved offline and then uploaded to or downloaded from SSM On-Prem or CSSM.