Smart Licensing Using Policy for Cisco MDS 9000 Switches

This article provides information about the Smart Licensing Using Policy (SLP) solution, which is an enhanced version of Smart Licensing. SLP doesn't interrupt with the operations of your network and enables a compliance relationship to account for the hardware and software licenses that you purchase and use.

Simplify Licensing with Smart Licensing Using Policy

In the fast-paced network operations environment, there’s an increasing need for a simple and streamlined licensing process. Furthermore, license reporting is crucial for your devices to ensure network compliance.

Smart Licensing Using Policy (SLP) is a policy-based, flexible software licensing model built on the existing Cisco Smart Licensing model. SLP simplifies the licensing process for Cisco MDS 9000 products by offering a more adaptable and automated method of licensing. It enables network administrators to easily activate and manage licenses as well as monitor usage patterns.

Comparison of Traditional, Smart Licensing, and Smart Licensing Using Policy

Comparison of Supported Deployments in Traditional or PAK-based Licensing with SLP

Few concepts and terminologies have evolved with the evolution of licensing from Traditional or PAK based to SL and then to SLP. This table compares the deployment types per the license scheme and can be used as a reference to check especially the SL and SLP documentation.

Supported Deployments in Traditional Licensing, Smart Licensing, and Smart Licensing Using Policy

Supported Deployments

Traditional Licensing (PAK)

Smart Licensing

Smart Licensing Using Policy

Direct Internet access

Hardware local license install

Communication directly with CSSM

Communication directly with CSSM

On-Premises

Hardware local license install

Communication with CSSM On-Prem

Communication with CSSM On-Prem or Cisco Smart Licensing Utility (CSLU)

Offline or air-gapped networks

Hardware local license install

CSSM On-Prem, Specific License Reservation, Permanent License Reservation

SSM On-Prem, CSLU, or Disconnected (from switch where transport mode is off)
Differences and similarities between the licensing models

Supported Deployments

Traditional Licensing (PAK)

Smart Licensing

Smart Licensing Using Policy

Product Instance

No CSSM

Hostname displayed in CSSM

Hostname is no longer displayed in CSSM and License UDI is displayed instead.

Relationship with CSSM

No CSSM

Registers with CSSM

Creates a trust relationship with CSSM

Day 0 (Licensing deployment)

If no license is installed, features are not available

No licensing is available without registration. Enforced license features cannot be used until licenses are authorized after registration with CSSM. Some features permit evaluation period.

Licenses are enabled by default. Compliance is still required but not mandatory for the initial deployment.

Report to CSSM

Does not communicate with CSSM

SL does not report license usage to CSSM. Instead, it authorizes license requests sent by the device.

RUM reports are used as proof of license usage and uploaded to CSSM either automatically or manually.

Communication method

Does not communicate with CSSM

Call Home

Call Home or SmartReceiver

Comparison of Smart Licensing with Smart Licensing Using Policy

Smart Licensing and Smart Licensing Using Policy

Smart Licensing (SL)

Smart Licensing Using Policy (SLP)

The default license communication transport mode is callhome. The device initiates a Call Home and requests the licenses.

  • On-premises Deployments: callhome

  • Direct Deployments: callhome, smart transport.

  • Offline Deployments: off

The license communication transport modes for SLP are as follows:

  • On-premises Deployments: cslu transport (default)

  • Direct Deployments: callhome, smart transport.

  • Offline Deployments: off

Register devices with SSM On-Prem or CSSM (after device installation or bring-up of devices) in the network to meet software compliance.

Devices must establish trust with SSM On-Prem, CSLU, or CSSM within 90 days to meet software compliance.

License states available are Evaluation, Evaluation Expired Registered, Authorized, Out of Compliance, Authorization Expired.

License states available are Pending, Out-of-Compliance, and Authorized.

License reporting is every 30 days.

License reporting (Cisco default policy) is 90 days.

License States in SL and SLP

License states indicate the actual status of the license of a device. Both Smart Licensing (SL) and Smart Licensing Using Policy (SLP) solutions use license states to indicate the status of a license.

When you upgrade or downgrade your devices between the solutions, the license states change accordingly. The table describes the mapping of license states during migration.

License States in SL and SLP

License States in SL

LicenseStates in SLP

Evaluation

Pending

Evaluation Expired

Authorized(Registered)

Authorized

Out-of-Compliance

Out-of-Compliance

Authorization Expired.

Smart Licensing Using Policy Support on Cisco MDS 9000 Switches

Starting with Cisco NX-OS Release 9.2(2), Smart Licensing Using Policy is enabled by default on all Cisco MDS 9000 Switches. The default communication transport mode is cslu transport.

Benefits of Smart Licensing Using Policy

With SLP, you no longer need to register your device during installation, and there is no evaluation license period. SLP uses policies to report license usage and consumption from devices to Cisco Smart Software Manager (CSSM).

The primary benefits of SLP are:

  • Seamless day-0 operations

    After a license is ordered, preliminary steps, such as registration or generation of keys, are not required and product features can be configured on the device right-away.

    Subscription based licenses are provided with Cisco MDS 9000 Switches.

  • Visibility and manageability

    Tools, telemetry, and product tagging.

  • Flexible, time series reporting remaining compliant

    Easy reporting options are available, whether you are directly or indirectly connected to Cisco Smart Software Manager (CSSM) or are in an air-gapped network.

Policy-Driven Licensing

A policy is a set of predefined rules that are associated with a smart account and is automatically installed on new Cisco devices. These rules determine how often and under what conditions devices report their software license usage. The policy sets the initial reporting requirements for new licenses, the ongoing report acknowledgment protocols, and the regular intervals at which these reports must be submitted to maintain license compliance.

CSSM determines the policy that is applied to a switch. Only one policy is in use at a given point in time. The policy and its values are based on several factors, including the licenses being used.

A policy provides the switch with these reporting instructions:

  • License usages report acknowledgment requirement (Reporting ACK required): The license usage report is known as a Resource Utilization Measurement (RUM) Report and the acknowledgment is referred to as an ACK. This is a yes or no value that specifies if the report for this product instance requires CSSM acknowledgment. The default policy is always set to yes.

  • Cisco specifies the default duration in days for uploading of RUM report while using the Smart Licensing Using Policy. The RUM reports must be sent within the specified duration, even when there is a change in license usage.

Cisco Default Policy for Cisco NX-OS

Cisco default is the default policy that is always available in the product instance. If no other policy is applied, the product instance applies this default policy. New Cisco MDS 9000 switches come preinstalled with the Cisco default policy for Cisco MDS 9000. This table displays the Cisco default policy values for Cisco MDS 9000 switches.

Policy: Cisco Default

Policy: Cisco default

Policy Requirements
Unenforced

Reporting ACK required: Yes

Unenforced/Non-Export:

First report requirement (days): 90 (CISCO default)

Ongoing reporting frequency (days): 365 (CISCO default)

On change reporting (days): 90 (CISCO default)
Enforced

Reporting ACK required: Yes

Enforced (Pepertual/Subscription):

First report requirement (days): 0 (CISCO default)

Ongoing reporting frequency (days): 0 (CISCO default)

On change reporting (days): 0 (CISCO default)

Key Concepts of Smart Licensing Using Policy

This section explains the key components that you need to understand before implementing SLP.

License Enforcement Types and Duration

The two license enforcement types are:

  • Enforced - The terms of use for such licenses are as per the end user license agreement (EULA).

  • Unenforced – These do not require authorization before use in air-gapped networks or in connected networks.

License duration is the duration or term for which a purchased license is valid. A license enforcement type is either Enforced or Unenforced and is valid for these two durations:

  • Perpetual: A perpetual license enables you to make a one-time purchase of a license that does not expire.

  • Subscription: A subscription-based license enables you to purchase a license for a specific period of time based on your requirement.

Product Instance or Switch

A Product Instance (PI), for example, a switch, is a single instance of a Cisco product, which is identified by a Unique Device Identifier (UDI).

A PI records and reports license usage (Resource Utilization Measurement reports) and provides alerts and system messages about issues such as overdue reports and communication failures. Resource Utilization Measurement (RUM) reports and usage data are securely stored in the product instance.

Throughout this document, the term product instance refers to all supported physical and virtual product instances, unless noted otherwise.

CSSM

Cisco Smart Software Manager (CSSM) is a portal that enables you to manage all your Cisco software licenses from a centralized location. CSSM helps you manage current requirements and review usage trends to plan for future license requirements.

You can access the CSSM Web UI at https://software.cisco.com/software/smart-licensing/alerts. Navigate to Manage licenses link. See the Supported Topologies section to know about the different ways in which you can connect to CSSM.

In CSSM you can perform the following:

  • Create, manage, or view virtual accounts.

  • Create and manage Product Instance Registration Tokens.

  • Transfer licenses between virtual accounts or view licenses

  • Transfer, remove, or view Product Instance.

  • Run reports against your virtual accounts.

  • Modify your email notification settings.

  • View overall account information

CSLU

Cisco Smart License Utility (CSLU) is a Windows-based reporting utility that provides aggregate licensing workflows. This utility performs the following key functions:

  • Provides options relating to how workflows are triggered. The workflows can be triggered by CSLU or by the product instance.

  • Collects usage reports from the product instance and uploads these usage reports to the corresponding Smart Account or Virtual Account, online or offline, using files. Similarly, the RUM report ACK is collected online or offline and sent back to the product instance.

  • Sends authorization code requests to CSSM and receives authorization codes from CSSM, if applicable.

CSLU can be part of your implementation in the following ways:

  • Install the Windows application to use CSLU as a standalone tool that is connected to CSSM.

  • Install the Windows application to use CSLU as a standalone tool that is disconnected from CSSM. With this option, the required usage information is downloaded to a file and then uploaded to CSSM. This is suited for air-gapped networks.

SSM On-Prem

Smart Software Manager On-Prem (SSM On-Prem) is an asset manager, which works in conjunction with CSSM. It enables you to administer products and licenses on your premises instead of having to directly connect to CSSM.

Information about the required software versions to implement SLP with SSM On-Prem, is provided below:

MinimumRequired SSM On-Prem Version for SLP1

MinimumRequired Cisco NX-OS Version2

Version 1.1

Cisco MDS 9000 NX-OS Release 9.2(2)

1 The minimum required SSM On-Prem version. This means support continues on all subsequent releases - unless noted otherwise.

2 The minimum required software version on the product instance. This means support continues on all subsequent releases - unless noted otherwise.

Resource Utilization Measurement Reports

A RUM report is a license usage report, which fulfills the reporting requirements as specified by the policy. It is an ISO 19770–4 report that is delivered in the JSON format and signed as per the trust model.

The RUM report contains information such as:

  • license usage filtered by ID

  • license name, and

  • Summary of the license information.

The devices record license usage information and any modifications to license usage in an open RUM report. At specific intervals, open RUM reports are closed, and new RUM reports are opened to record license usage. The closed RUM reports are sent to CSSM.

Trust Code

Trust code is a UDI-tied public key with which the product instance signs a RUM report. This prevents tampering and ensures data authenticity.

Key Features of Smart Licensing Using Policy

  • Policy-Based Management: The Cisco default policy, which is enabled by default, automates license management, streamlining operations and ensuring compliance.

  • Streamlined Activation: SLP automates the device registration at the time of installation, which allows for immediate use of the network devices

  • License Pooling: Licenses can be pooled across the entire network, allowing for more flexible and efficient use of software entitlements.

  • Seamless Integration with CSSM: SLP integrates with CSSM for easy license management and visibility, enabling self-service for license deployments and maintenance.

  • No Evaluation License Period: Devices with SLP can boot up and operate with full feature sets immediately.

  • Trust Establishment: Devices must establish trust with CSSM or SSM using a trust code within 90 days to report license consumption. This ensures a secure and verified licensing environment.

  • Automated Usage Reports: The Resource Utilization Measurement (RUM) reports automate the recording of license usage. Data can be securely stored on the device and synced automatically or manually for compliance.

SLP as a Software License Management Solution

SLP as a software license management solution provides a seamless experience with four aspects of licensing.

  • Purchase: Purchase licenses through the existing channels and use the Cisco Smart Software Manager (CSSM) portal to view product instances and licenses.

    To simplify the implementation of SLP, provide your Smart Account and Virtual Account information when placing an order for a new hardware or software. This allows Cisco to install applicable policies at the time of buying the product.

  • License Type: All licenses on Cisco MDS 9000 Switches are enforced.

  • Report: License usage should be reported to CSSM. Multiple options are available for license usage reporting. You can use the Cisco Smart Licensing Utility (CSLU), or report usage information directly to CSSM. For air-gapped networks, a provision for offline reporting where you download usage information and upload it to CSSM, is also available. The usage report is in plaintext XML format.

  • Reconcile: Reconciliation is available for situations where delta billing applies (between purchased and consumed).

Smart Licensing Using Policy Workflow

Smart Licensing Using Policy solution makes it easier for you to procure, deploy, and manage your license. Cisco Smart Software Manager (CSSM) is your primary licensing server and portal where you can create your smart accounts and manage licenses.

Smart Software Manager On-Prem and Cisco Smart Licensing Utility are your locally installed on-premises user portals that work with CSSM.

After purchasing licenses, activate your licenses on your devices in your deployments. As the devices establish trust and report license usage, you can manage your licenses through continuous reporting.

Workflow to Deploy Smart Licensing Using Policy

Smart Licensing Using Policy Workflow In a Nutshell

These are the stages for deploying Smart Licensing Using Policy:

  1. Order licenses

    1. Access CSSM and create the smart account and virtual accounts to organize your licenses.

    2. Order your license from Cisco Commerce Workspace (CCW).

  2. Activate licenses.

    1. Select the deployment methods.

      • Online Deployments

      • Offline or Air-gapped Deployments

    2. Configure the smart license transport mode and establish trust with CSSM.

  3. Manage licenses.

    1. Generate your Resource Utilization Measurement (RUM) report from the device. Synchronize the report with CSSM either automatically or manually.

    2. Monitor the license usage and compliance status through the CSSM portal.

Deployment Models for Smart Licensing Using Policy

Smart Licensing Using Policy offers the following deployments:

Online Deployments

  • Direct Deployments (with transport mode as Smart or Call Home)

    • Direct Cloud Access (CSSM)

    • Direct Cloud Access (CSSM) through a proxy server

  • On-premises Deployments

    • Smart Software Manager (SSM) On-Prem (recommended)

    • Smart Software Manager (SSM) On-Prem through a proxy server

    • Cisco Smart License Utility (CSLU)

    • Cisco Smart License Utility (CSLU) through a proxy server

Offline or Air-gapped Deployments

  • Disconnected (from the switch where transport is off) or Air-gapped deployment from the switch

  • SSM On-Prem Disconnected (remote deployment)

  • CSLU Offline (remote deployment)

Supported Deployment Models and Topologies

This section describes the various ways in which you can implement a smart licensing policy. For each topology, refer to the accompanying overview to know how the setup is designed to work, and refer to the considerations and recommendations, if any.

Choosing a Topology

The following table allows you to choose a topology depending on your network deployment.

Deployment Model

Topology

Recommendations

Online Deployment > Direct (Smart transport/call home)

Topology 2: Connected Directly to CSSM

Use this topology when you have switches that are already registered to CSSM and need to continue in the same mode. If you need to continue using this topology after upgrading to SLP, then Smart Transport is the preferred transport method. See Topology 2: Connected Directly to CSSM.

Online Deployment > On-Prem > Smart Software Manager (SSM) On-Prem (Recommended)

Topology 4: Connected to CSSM through SSM On-Prem

Use this topology when you want to collect licensing information from each switch in the network and when there is no connectivity to CSSM. See Connected Mode in Topology 4: CSLU Disconnected from CSSM.

Online Deployment > On-Prem > CSLU

Topology 1: Connected to CSSM through CSLU

Use this topology when you do not want the switches to be directly connected to CSSM. This topology supports only one SA/VA combination. See Online Mode in Topology 1: Connected to CSSM Through CSLU.

Offline Deployment > from the switch

Topology 6: No Connectivity to CSSM and No CSLU (Offline mode)

Use this topology when you want to collect licensing information from a single source and when there is no connectivity to CSSM. You cannot view license consumption locally. Also, only a single VA can be used. See Topology 6: SSM On-Prem Disconnected from CSSM.

Offline Deployment > SSM On-Prem Disconnected

Topology 5: SSM On-Prem Disconnected from CSSM

Use this topology when you want to manage or view licenses from a single source. You can view license consumption locally. You can also use multiple SA/VA combinations. See SSM On-Prem in Disconnected Mode in Topology 5: No Connectivity to CSSM and No CSLU.

Offline Deployment > CSLU Offline

Topology 3: CSLU Disconnected from CSSM

Use this topology when you need to manage or view license consumption locally. You can also use multiple VA. See CSLU in Offline Mode in Topology 3: Connected to CSSM Through SSM On-Prem.

Topology 1: Connected to CSSM Through CSLU

Here, switches in the network are connected to CSLU, and CSLU becomes the single point of interface with CSSM. A switch can be configured to push the required information to CSLU.

Switch-initiated communication (push): A switch initiates communication with CSLU by connecting to a REST endpoint in CSLU. Data that is sent is unsecure and includes RUM reports.

Configure the switch to automatically send RUM reports to CSLU at required intervals. CSLU is the default method for a switch.

Topology: Connected to CSSM Through CSLU

Topology 2: Connected Directly to CSSM

This method was available in the earlier version of Smart Licensing and remains supported with SLP.

Here, establish a direct and trusted connection from a switch to CSSM. The direct connection requires network reachability to CSSM. For the switch to then exchange messages and communicate with CSSM, configure one of the transport options available with this topology. Lastly, the establishment of trust requires the generation of a token from the corresponding Smart Account and Virtual Account in CSSM and installation on the switch.

You can configure a switch to communicate with CSSM in the following ways:

  • Use smart transport to communicate with CSSM (recommended)

    Smart transport is a transport method where a Smart Licensing (JSON) message is contained within an HTTPs message and exchanged between a switch and CSSM to communicate.

    The following smart transport configuration options are available:

    • Smart transport: In this method, a switch uses a specific smart transport licensing server URL. This must be configured exactly as shown in the workflow section.

    • Smart transport through an HTTPs proxy: In this method, a switch uses a proxy server to communicate with the licensing server and CSSM.

  • Use Call Home to communicate with CSSM.

    Call Home provides email-based and web-based notification of critical system events. This method of connecting to CSSM was available in the earlier Smart Licensing environment and remains available with SLP.

    The following Call Home configuration options are available:

    • Direct cloud access: In this method, a switch sends usage information directly over the Internet to CSSM; no additional components are needed for the connection.

    • Cloud access through an HTTPs proxy: In this method, a switch sends usage information over the Internet through a proxy server — either a Call Home Transport Gateway or an off-the-shelf proxy (such as Apache) to CSSM.

Topology: Connected Directly to CSSM

Topology 3: Connected to CSSM Through SSM On-Prem

 Note

When the SSM On-Prem server is associated with virtual account in CSSM, it will be required that all product instance registration tokens to be generated from their Smart Software On-Prem management interface.

Here, switches in the network are connected to SSM On-Prem and SSM On-Prem becomes the single point of interface with CSSM. You can also configure the switch to push the required information to SSM On-Prem.

Switch-initiated communication (push): A switch initiates communication with CSSM by connecting to a REST endpoint in SSM On-Prem. Data that is sent includes RUM reports. Configure the switch to automatically send RUM reports to SSM On-Prem at required intervals.

Topology: Connected to SSM On-Prem Through CSSM

Topology 4: CSLU Disconnected from CSSM

The CSLU utility is installed on-premises and the switches communicate with it. The other side of the communication, between CSLU and CSSM, is offline. In fact, CSLU provides the option of working in a mode that is disconnected from CSSM.

Communication between CSLU and CSSM is sent and received in the form of signed files (xml) that are saved offline and then uploaded to or downloaded from CSLU or CSSM.

Topology: CSLU Disconnected from CSSM

Topology 5: No Connectivity to CSSM and No CSLU

Here we have a switch and CSSM disconnected from each other without any other intermediary CSLU or components. All communication is in the form of uploaded and downloaded files.

Topology: No Connectivity to CSSM and No CSLU

Topology 6: SSM On-Prem Disconnected from CSSM

Here, a switch communicates with SSM On-Prem and the switch-initiated communication must be implemented. The other side of the communication, between SSM On-Prem and CSSM, is offline. SSM On-Prem provides the option of working in a mode that is disconnected from CSSM.

Communication between SSM On-Prem and CSSM is sent and received in the form of signed files (xml) that are saved offline and then uploaded to or downloaded from SSM On-Prem or CSSM.

Topology: SSM On-Prem Disconnected from CSSM