SmartLicensing Using Policy for Cisco MDS 9000 Switches
Smart Licensing Using Policy for Cisco MDS 9000 Switches
This article provides information about the deployment of Smart Licensing Using Policy (SLP) on Cisco MDS 9000 Switches. Before reading this document, ensure that you have read the Cisco Smart Licensing Using Policy on MDS 9000 Switches article from the Learn category on the Cisco NX-OS Licensing collection page on Cisco.com.
Introduction to Smart Licensing Using Policy
Smart Licensing using Policy (SLP) is an enhanced version of Smart Licensing, the objective of which is to provide a cloud-based licensing solution that does not interrupt the operations of your network, rather enables a compliance relationship to account for the hardware and software licenses purchased and used.
SLP is supported starting with Cisco MDS NX-OS Release 9.2(2) and is the only licensing mechanism available.
The primary benefits of this enhanced licensing model are:
Seamless day-0 operations
After a license is ordered, no preliminary steps, such as registration or generation of keys, are required unless an enforced license is used.
-
Visibility and manageability of licenses
View and manage all your switch licenses at one place.
-
Flexible, time series reporting of licenses to remain compliant
Easy reporting options are available, whether you are directly or indirectly connected to Cisco Smart Software Manager (CSSM) or are using an air-gapped approach.
This document provides conceptual, configuration, and troubleshooting information for SLP on Cisco MDS switches. For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.
The conceptual information includes an overview of SLP, supported products, supported topologies, and explains how SLP interacts with other features. SLP is a software license management solution that provides a seamless experience for customers:
-
Purchase: Purchase licenses through the existing channels and use the Cisco Smart Software Manager (CSSM) portal to view switches and licenses.
To simplify the implementation of SLP, we recommend that you provide your Smart Account and Virtual Account information when placing an order for new hardware or software. This allows Cisco to install applicable licenses on switches and deposit entitlements to SA/VA at the time of manufacturing. Also, purchase information will be populated under the show license authorizations command.
-
License Types: Licenses on Cisco MDS switches are of two categories β enforced and unenforced.
Enforced licensing prevents a feature from being used without first obtaining a license.
Unenforced licensing does not need to complete any licensing-specific operations before using the feature. License usage is recorded on your switch with timestamps and the required workflows to report usage to Cisco can be completed later.
-
Report: License usage should be reported to CSSM. Multiple options are available for license usage reporting. You can use the Cisco Smart Licensing Utility (CSLU) or SSM On-Prem , or report usage information directly to CSSM. For air-gapped networks, a provision for offline reporting where usage information can be downloaded from switches and uploaded to CSSM is also available. The usage report is in plain text XML format.
If you are purchasing licenses via third-party vendors or partners, check with your vendors or partners for instructions on implementing SLP.
Understand Key Concepts of SLP Before Deployment
This section explains the key components that you need to understand before deploying SLP on Cisco MDS 9000 Switches.
Policy Selection
To know which policy is applied (the policy in-use) and its reporting requirements, enter the show license all command.
Policies can be customized. To customize policies, contact the Cisco Global Licensing Operations team. Go to Support Case Manager. Click OPEN NEW CASE > Select Software Licensing. The licensing team will contact you to start the process or for any additional information. Customized policies are also made available through your Smart account in CSSM.
RUM Report and Report Acknowledgment
A Resource Utilization Measurement report (RUM report) is a license usage report, which the product instance generates, to fulfill reporting requirements as specified by the policy. RUM reports are data files with information about license usage and device identity. These reports are securely stored in the device and are cert-signed by the hardware.
When a switch does not consume a license, it does not generate any RUM report. To verify license consumption, use the show license usage command.
An acknowledgment (ACK) is a response from CSSM and provides information about the status of a RUM report.
The policy that is applied to a product instance determines the following reporting requirements:
-
Whether a RUM report is sent to CSSM, and the maximum number of days that are provided to meet this requirement.
-
Whether the RUM report requires an acknowledgment (ACK) from CSSM.
-
The maximum number of days provided to report a change in license consumption.
A RUM report sent to CSSM from device or CSLU can be accompanied by other requests.
System logs are generated at X and X-30 days if reporting is not done. X is the reporting interval per the policy.
RUM States
The RUM reports change state throughout the communication between product instance and CSSM.
State |
Description |
---|---|
SmartAgentRumStateOpen |
New report that is created by Smart Agent on the device |
SmartAgentRumStateClosed |
RUM report that is sent to CSSM (reloads will also push the open reports to closed state) |
Sample RUM Report
<?xml version="1.0" encoding="UTF-8"?>
<smartLicense>
<RUMReport>
<![CDATA[
{
"payload":{ "asset_identification":{
"asset":{
"name":"regid.2017-11.com.cisco.MDS_9700,1.0_ac6ddieu7-89ju-4dne7-8699-4eeeklljnk"
},
"instance":{
"sudi":{
"udi_pid":"DS-C9124V-8EK9",
"udi_serial_number":"FDjhjudyw8778"
},
"product_instance_identifier":"f804e59b-7296-4c6d-a4f4-e61207ddf150"
},
"signature":{ "signing_type":"CISC123", "key":"00000000",
"value":"A0EPZ4grbhDeNG2q1wJxeRAkEIFabnHp8UCB+qoFMFRA3oMkZ3G572mm FDFZXVSaA2yfVRym0GMgKDo2glzz7er1RVIyB8XnrqgdgFBMkvJiuHb5B9Bdvs 8qABGErQZP7m5HTUQcHNwczYYAoflIMo2ltaaUzhbmjppoh1b6cIvjUqTVTyg37cj/
Z0r7hIviUxrzvHBVFFVA50Ik8wXPFWS24aLC4ubXvEDNzDv1UWQwfJy0XmkegJ07PBVAfcRPhfZ4/5J9YtsQ1xRb5ot+ IdogZmhX7ISVOAh3WFjvAMVhQrH4xeSKD1wgIZtLAC+TnixvU6HAc4p168UK6aZV4A=="
}
},
"meta":{
"entitlement_tag":"regid.2019-06.com.cisco.LAN_MDS9000_9124V,1.0_ ac6ddieu7-89ju-4dne7-8699-4eeeklljnk",
"report_id":16283555555, "software_version":"10.2(1)FI9(1)", "ha_udi":[
{
"role":"Active", "sudi":{
"udi_pid":"DS-C9124V-8EK9",
"udi_serial_number":" FDjhjudyw8778"
}
}
]
},
"measurements":[
{
"log_time":1628323253, "metric_name":"ENTITLEMENT", "start_time":1628323253, "end_time":1628323254, "sample_interval":1, "num_samples":1,
"meta":{
"termination_reason":"CurrentUsageRequested"
},
"value":{
"type":"COUNT",
"value":"1"
}
}
]
},
"header":{
"type":"rum"
},
"signature":{
"sudi":{
"udi_pid":"DS-C9124V-8EK9",
"udi_serial_number":"FDOkjahwdiuw78"
},
"signing_type":"CISC123", "key":"782198723987",
"value":"BIoW16suShhDdAJZgRGtxdk/b4yhdvtDJQzE4eujgG+w/ UKICJ40oEsh2HfIy0kcbfSn3gaAPwhlwHxFUVjLh+kYHxuwSvsI0RwwyIgBIlYbc9JojQ40dZGLRVmJt05djYIRkRHI5dYMO0Fn/
a/F+VnaEQ2hVbbTWMW0pDLnJksPyQ9Mn91RmI4ZCfkS5gGNeS9U0CyeBpSYfh/r+N4bn/gmf+XDmK30x6yukTflvUC6IV/
lNMxJYOpZ87mV/4XX6Bw88Ab1K3KX6VHVpeMr45UeUNGd0efaigReB9ERISJnERxAEs4SuU/ZhnFMONAwW/4WCpDXD/p8bcw76mmSkw=="
}
}
]]>
</RUMReport>
</smartLicense>
Sample RUM ACK
<?xml version="1.0" encoding="UTF-8"?>
<smartLicense>
<smartLicenseRumAck>
<data>
<![CDATA[[
{
"status_code":"OK",
"status_message":"Rum Report is accepted.", "localized_message":"Rum Report is accepted.",
"product_instance_identifier":"f80003456-1234-3g5h-b6b6-e1234hrtu5678", "sudi":{
"udi_pid":"DS-C9124V-8EK9",
"udi_serial_number":"FDO3456yuth"
}
]]]>
},
"report_id":162123456, "correlation_id":"610e4fcecebababeyro678990-bf94ajdu47878787hdj", "subscription_id":null
</data>
<signature>MEQCIBtBcrLc384LDGgD9axXIMFiV4usLWOeOvJiP4nL9PKhAiA16 yiPufFIFwfEPIGbqMbfTKB+gGxB52m5tPVWZ/MP6Q==</signature>
</smartLicenseRumAck>
<smartLicenseAccountInfo>
<customerInfo>
<timestamp>1628327760658</timestamp>
<smartAccount>InternalTestDemoAccount10.cisco.com</smartAccount>
<virtualAccount>nxofirst</virtualAccount>
<smartAccountId>2312345</smartAccountId>
<virtualAccountId>509876</virtualAccountId>
<smartAccountDomain>internaltestdemoaccount10.cisco.com</smartAccountDomain>
</customerInfo>
<signature>MEQCIBelsrxUBMzZSi406NeeHOJRlboJedEThjgyutwiqwge2iuey2 uehdufydwinGOsmgLaef1HAG+naWneLqZ139ARFiTsmA==</signature>
</smartLicenseAccountInfo>
<correlationID>ngnx-d3chwyt37hgdytf1924b4a57c190bc6</correlationID>
</smartLicense>
Smart Licensing Using Policy Workflow
Smart Licensing Using Policy solution makes it easier for you to procure, deploy, and manage your license. Cisco Smart Software Manager (CSSM) is your primary licensing server and portal where you can create your smart accounts and manage licenses.
Smart Software Manager On-Prem and Cisco Smart Licensing Utility are your locally installed on-premises user portals that work with CSSM.
After purchasing licenses, activate your licenses on your devices in your deployments. As the devices establish trust and report license usage, you can manage your licenses through continuous reporting.
Smart Licensing Using Policy Workflow In a Nutshell
These are the stages for deploying Smart Licensing Using Policy:
-
Order licenses
-
Order your license from Cisco Commerce Workspace (CCW).
-
Access CSSM and create the smart account and virtual accounts to organize your licenses.
-
-
Activate licenses.
-
Select the deployment methods.
-
Online Deployments
-
Offline or Air-gapped Deployments
-
-
Configure the smart license transport mode and establish trust with CSSM.
-
-
Manage licenses.
-
Generate your Resource Utilization Measurement (RUM) report from the device. Synchronize the report with CSSM either automatically or manually.
-
Monitor the license usage and compliance status through the CSSM portal.
-
Supported Deployment Models and Topologies
This section describes the various ways in which you can implement a smart licensing policy. For each topology, refer to the accompanying overview to know how the setup is designed to work, and refer to the considerations and recommendations, if any.
Choosing a Topology
The following table allows you to choose a topology depending on your network deployment.
Deployment Model |
Topology |
Recommendations |
---|---|---|
Online Deployment > Direct (Smart transport/call home) |
Topology 2: Connected Directly to CSSM |
Use this topology when you have switches that are already registered to CSSM and need to continue in the same mode. If you need to continue using this topology after upgrading to SLP, then Smart Transport is the preferred transport method. See Topology 2: Connected Directly to CSSM. |
Online Deployment > On-Prem > Smart Software Manager (SSM) On-Prem (Recommended) |
Topology 4: Connected to CSSM through SSM On-Prem |
Use this topology when you want to collect licensing information from each switch in the network and when there is no connectivity to CSSM. See Connected Mode in Topology 4: CSLU Disconnected from CSSM. |
Online Deployment > On-Prem > CSLU |
Topology 1: Connected to CSSM through CSLU |
Use this topology when you do not want the switches to be directly connected to CSSM. This topology supports only one SA/VA combination. See Online Mode in Topology 1: Connected to CSSM Through CSLU. |
Offline Deployment > from the switch |
Topology 6: No Connectivity to CSSM and No CSLU (Offline mode) |
Use this topology when you want to collect licensing information from a single source and when there is no connectivity to CSSM. You cannot view license consumption locally. Also, only a single VA can be used. See Topology 6: SSM On-Prem Disconnected from CSSM. |
Offline Deployment > SSM On-Prem Disconnected |
Topology 5: SSM On-Prem Disconnected from CSSM |
Use this topology when you want to manage or view licenses from a single source. You can view license consumption locally. You can also use multiple SA/VA combinations. See SSM On-Prem in Disconnected Mode in Topology 5: No Connectivity to CSSM and No CSLU. |
Offline Deployment > CSLU Offline |
Topology 3: CSLU Disconnected from CSSM |
Use this topology when you need to manage or view license consumption locally. You can also use multiple VA. See CSLU in Offline Mode in Topology 3: Connected to CSSM Through SSM On-Prem. |
Guidelines and Limitations
The following categories contain the guidelines you need to remember before deploying SLP.
General
-
Cisco MDS 9000 Release 9.2(2) supports only the SLP licensing mode.
-
For SL registered switches with CSSM, when upgrading from pre-SLP releases to Cisco NX-OS MDS Release 9.2(2), duplicate entry may occur for the same switch on CSSM or SSM On-Prem. The duplicate entry will be deleted automatically within a day from CSSM, but needs to be deleted manually by users from SSM On-Prem.
-
Ports enabled in SL mode in pre-SLP releases will not be enabled if boot variables are used for migration instead of boot variables reload.
-
Syslogs will be printed on a weekly basis for port licenses that are not authorized. This scenario is specific to SL based migration.
-
SLP MIB is not supported.
-
Authorization code cannot be returned to the SA/VA pool for enforced port licenses.
Upgrade
-
When upgrading to Cisco MDS NX-OS Release 9.2(2) for SL registered switches, the transport mode may go to CSLU instead of Call Home. We recommend configuring the transport mode to Call Home manually and establish the trust with CSSM.
-
During upgrade from earlier release with traditional licensing (PAK) to Cisco MDS NX-OS Release 9.2(2), reflection of RUM sync in the show command may take up to 24 hours after migration.
Transport
-
While using the transport mode as CSLU, if licenses do not get released from the SA/VA after write-erase and reload of a switch, it is recommended to delete the switch from SA/VA.
CSLU
-
Only CSLU mode of transport is supported with SSM On-Prem.
-
For CSLU, single SA/VA is supported, but multitenant is not supported.
-
For autodiscovery (when only one IP is configured in CSLU local), only one CSLU can be used in the network.
-
CSLU-initiated pull mode is not supported in Cisco MDS NX-OS Release 9.2(2).
Commands
-
It is recommended to do a license smart factory reset only.
-
The following commands do not support XMLized output:
-
show-techsupport license
-
show license eventlog
-
show license history message
-
show license data conversion
-
-
The output of the show license status command may show discrepancy in timer values but has no functional impact. The timer gets updated automatically and the RUM Reporting will be retried after 24 hours.
Online Deployments
Online Deployments are classified as Direct and On-premises deployments. The direct deployment is done using either Smart or Call Home Transport mode. Both the transport modes have the option to use proxy servers. The On-premises deployment is done using either SSM On-prem or CSLU. SSM On-prem and CSLU also have the option to use proxy servers.
Direct Deployments
Direct deployment involves connecting devices to https://smartreceiver.cisco.com/licservice/license through the internet or an HTTP proxy server to report usage information using the Smart transport mode. Direct deployment works out of the box with no additional configuration.
Direct deployment is most suitable for small networks, especially in the enterprise world. It's when a user doesn't want to manage an on-premises server and communicates with Cisco directly or through a proxy.
Transport Modes
The two modes of transport available for Direct deployment are Smart and Call home.
Smart - The Smart Transport mode is a transport method where a Smart Licensing (JSON) message is contained within an HTTP message and exchanged between a product instance and CSSM to communicate.
Call Home - The Call Home Transport mode provides e-mail-based and web-based notifications of critical system events. This method of connecting to CSSM is available in the Smart Licensing environment and remains available with SLP.
Direct Deployment Methods
Direct deployment is also termed as Topology 2: Connected Directly to CSSM. The transport mode is Smart transport or call home. Direct deployment offers these methods:
-
Direct Cloud Access: In this method, the product instance or device sends usage information directly over the internet to CSSM. The transport mode can be either Smart or Call Home.
-
Direct Cloud access through a proxy server: In this method, the product instance or device sends usage information over the internet through a proxy server using either Smart or Call Home transport mode to CSSM.
Report License Usage
In direct deployments, the device automatically generates reports once it establishes a trusted connection with the CSSM. The device initiates communication and automatically sends out the license usage report as per the default policy. CSSM automatically sends the ACK reports in the first 5 minutes. You can set up a subsequent reporting frequency as per the policy.
Steps to Deploy SLP using Direct Deployment Mode
After you order the licenses and set up your smart accounts in CSSM, activate and manage licenses for your chosen mode of direct deployment.
-
Based on your choice of transport mode, choose any one of these procedure to activate licenses.
-
Irrespective of the mode of transport used, the procedure to manage the licenses in the direct deployment mode is the same - Manage Licenses on Direct Deployment with Smart or Call Home Transport Mode
Activate Licenses on Direct Deployment with Smart Transport Mode
Procedure
Step 1 | Enable smart transport mode on your device using the license smart transport smart command. Example:
|
Step 2 | Configure the transport URL with the license smart url smart transport-url command. The switch automatically configures the Smart URL (https://smartreceiver.cisco.com/licservice/license). Example:
|
Step 3 | If you are deploying Direct Cloud access through an HTTPS proxy method, configure a proxy for the smart transport mode using the license smart proxy hostname port port-number command. Skip this step for Direct Cloud Access deployment. When you configure a proxy server, licensing messages are sent to the proxy along with the final destination URL (CSSM). The proxy sends the message to CSSM. Example:
|
Step 4 | Establish trust by generating a token from the smart account and virtual account in CSSM and copy the token on the devices using the license smart trust idtoken command. Example:
|
Step 5 | View the trust establishment on the device using the license smart save trust-request filepath_filename command. Example:
|
Step 6 | Verify license status using the show license status command. Verify the latest date at Trust Code Installed. Example:
|
Activate Licenses on Direct Deployment with Call Home Transport Mode
Procedure
Step 1 | Enable call home transport mode on your device using the license smart transport callhome command. Example:
|
Step 2 | Configure the basic call home configurations.
Example:
|
Step 3 | If you are deploying Direct Cloud access through a proxy method, configure a proxy for the call home transport mode using the transport http proxy hostname port port-number command. Skip this step for Direct Cloud Access deployment. When you configure a proxy server, licensing messages are sent to the proxy along with the final destination URL (CSSM). The proxy sends the message to CSSM. Example:
|
Step 4 | Establish trust by generating a token from the smart account and virtual account in CSSM and copy the token on the devices using the license smart trust idtoken command. Example:
|
Step 5 | View the trust establishment on the device using the license smart save trust-request filepath_filename command. Example:
|
Step 6 | Verify license status using the show license status command. Verify the latest date at Trust Code Installed. Example:
|
Manage Licenses on Direct Deployment with Smart or Call Home Transport Mode
Procedure
Step 1 | Navigate to Smart Software Licensing > Reports on the CSSM UI. |
Step 2 | Download the acknowledgment sent and upload to your device. |
Step 3 | Manage the license consumption on your devices. View the license status and summary using the show license summary show license usage command. Example:
|
Step 4 | (Optional) Set the time interval to automatically synchronize RUM reports using the license smart usage interval command. Example:
|
On-Premises Deployments
On-Premises deployment is a deployment option for organizations that prefer not to have their products communicate directly with CSSM over the internet. This type of deployment involves the use of either a license server, such as Smart Software Manager (SSM), or a Windows application, such as Cisco Smart License Utility (CSLU), on the premises to manage devices and licenses. These tools use a synchronization process to exchange license information with CSSM, which can be done automatically over the network or manually offline.
The two ways to set up On-Premises deployments are:
-
SSM On-Prem
-
CSLU
Smart Software Manager On-Prem
Smart Software Manager (SSM) is an On-Premise version of CSSM and provides a similar set of features. When you connect a device to SSM On-Prem, SSM On-Prem becomes the single point of interface with CSSM. Once the SSM On-Prem is operational, devices register to SSM On-Prem and report license consumption.
SSM On-Prem Modes
SSM On-Prem connects with Cisco Smart Software Manager in the cloud to synchronize license consumption and usage at the desired frequency such as daily, weekly, or monthly. You can also deploy SSM On-Prem in a totally disconnected mode.
-
Connected - Manage your devices on premises with a license server connected to CSSM. Devices register to SSM On-Prem and report license consumption and usage to CSSM at the desired frequency. Based on topologies, this online deployment is classified as On-Premises Deployment using SSM On-Prem and also termed as Topology 4: Connected to CSSM through SSM On-Prem. See Steps to Deploy SSM On-Prem in Connected Mode to deploy SSM-On Prem in Connected Mode.
-
Disconnected - Manage your devices on premises without connecting to CSSM. SSM On-Prem synchronizes to CSSM through a manual file transfer process for reporting license consumption and usage. Based on topologies, this Offline Deployment mode is classified as SSM On-Prem in Disconnected Mode and also termed as Topology 5: SSM On-Prem disconnected from CSSM. See the deployment of SSM On-Prem in Disconnected Mode in the Remote Deployments section.
Report License Usage
To report license usage, synchronize local accounts on SSM On-Prem with CSSM by using the Synchronization widget in the SSM On-Prem UI.
Execute the license smart sync all command to synchronize device information with SSM On-Prem. You can synchronize license usage with CSSM using the following:
-
Set up on-demand synchronization with CSSM
-
Schedule synchronization with CSSM at a specified time
-
Synchronize the license usage with CSSM, either by connecting to CSSM immediately or by downloading and uploading files for SSM On-Prem disconnected mode.
Steps to Deploy SSM On-Prem in Connected Mode
After you order the license and set up your smart accounts in CSSM:
Use the same procedures to deploy SSM On-prem proxy method.
Activate Licenses on SSM On-Prem in Connected Mode
If the device is registered to SSM On-Prem with pre-SLP release using callhome transport, then the transport mode changes to CSLU after the migration. Also, the url is populated on the product instance from OnPrem CSLU tenant ID. Ensure that you save the configuration using the copy running-config startup-config command.
Procedure
Step 1 | Go to the Software Download. page, click Smart Software Manager On-Prem, and download and install Smart Software Manager On-Prem. See Cisco Smart License Utility Quick Start Setup Guide. |
Step 2 | Configure SSM On-Prem and create a local account. See SSM On-Prem User Guide |
Step 3 | Navigate to the License workspace > Inventory > General > Product Usage Registration Tokens, select CSLU Transport URL at the SSM On-Prem UI. Note If you are deploying SSM On-Prem proxy method, to configure a proxy see Cisco Smart Software Manager On-Prem User Guide. |
Step 4 | Configure the transport mode and SSM On-Prem URL on your device using the license smart transport cslu command. The SSM On-Prem URL is http://<ip>/cslu/v1/pi/<tenant ID>. Enter the hostname or the IP address of the server where you have installed SSM On-Prem. The tenantID is the default local virtual account ID. Example:
|
Step 5 | Establish trust by generating the token from the SSM On-Prem UI and copy the token to the switch using the license smart trust idtoken idtoken all force command. Example:
|
Step 6 | Verify the license status using the show license status command. View the trust establishment on the device and verify the latest date at Example:
|
Manage Licenses on SSM On-Prem in Connected Mode
Procedure
Step 1 | Log into the SSM On-Prem > Smart Licensing workspace.
| ||||
Step 2 | Manage the license consumption on your devices. View the license status and summary using the show license summary or show license usage commands. Example:
| ||||
Step 3 | (Optional) Set the time interval for automatic synchronizing of the RUM reports using the license smart usage interval <1-365> command. Example:
|
Cisco Smart Licensing Utility
Cisco Smart License Utility Manager (CSLU) is a Windows-based application that enables you to administer licenses for your devices on premises instead of having to directly connect your devices to CSSM. When you connect a device to CSLU, CSLU becomes the only interface with CSSM. Once the CSLU is operational, devices register to CSLU and report license consumption.
For information about downloading, installing, and using CSLU, see Cisco Smart License Utility
CSLU Modes
The CSLU can be configured in both Online and Offline modes.
-
CSLU Online or Connected - Device initiates communication automatically and sends the RUM report to CSLU as per the default policy. CSLU forwards the RUM report to CSSM and retrieves the acknowledgment (ACK). Based on topologies, this Online Deployment is classified as On-Premises Deployment using CSLU and also termed as Topology1: Connected to CSSM through CSLU. See Steps to Deploy CSLU On-Prem in Online Mode.
-
CSLU Offline or Disconnected - Device initiates communication automatically and sends the RUM reports to CSLU. CSLU is not connected to CSSM, so you need to manually connect to CSSM and upload the RUM reports. Based on the topologies, this Offline Deployment is classified as Offline Deployment using CSLU in Offline Mode and also termed as Topology 3: CSLU Disconnected from CSSM. See CSLU Offline Mode in the Remote Deployments section.
Report License Usage
By default, the CSLU utility application is scheduled to collect data information at 24-hour intervals. CSLU connects to the selected Product Instance(s) and collects the RUM reports. These RUM reports are then stored in the CSLUβs local library.
Steps to Deploy CSLU On-Prem in Online Mode
After you order the license and set up your smart accounts in CSSM:
Use the same procedures to deploy CSLU On-prem proxy method.
Procedure
Step 1 | Go to the Software Download page, click Smart Licensing Utility, and download and install the latest version of CSLU application on your Windows or Linux server. See Cisco Smart Licensing Utility Quick Start Setup Guide for CSLU and Software Download for Linux. Note If you are deploying CSLU proxy method, to configure a proxy see Cisco Smart Licensing Utility User Guide. |
Step 2 | Set up CSLU preference settings and associate the Smart account and virtual account details. See Cisco Smart Licensing Utility User Guide. |
Step 3 | Configure the transport mode on the device using the license smart transport cslu command. Example:
|
Step 4 | Configure the transport URL using the license smart url cslu command. The default CSLU URL is http://cslu-local:8182/cslu/v1/pi. 8182 is the port number on the CSLU. Example:
|
Step 5 | If you want to establish trust immediately with CSLU, use the license smart sync all command. |
Step 6 | Verify the license status using the show license status command. Verify the latest date in the Example:
|
Perform these steps to manage licenses on CSLU.
.
Procedure
Step 1 | Log into CSLU UI . | ||||
Step 2 | Synchronize the reports from CSLU with Cisco using the CSLU UI..
|
Offline Deployments
Offline deployment is when a device is not communicating with Cisco. Offline deployments, also termed as air-gapped deployments, are used in highly secure environments which have no internet access.
Offline Deployments Based on your Network
Depending on your network environment, you can select the offline deployment methods.
-
Remote deployments - Your On-Premises servers offer disconnected modes. Use disconnected licensing mode by turning off communication with Cisco on your On-Premises servers.
-
SSM On-Prem in Disconnected Mode
-
CSLU in Offline Mode or Disconnected
See Remote Deployments.
-
-
Air-gapped deployments from the switch - License reservation offers security for organizations that need a full air-gapped environment when on-premises licensing is not an option. The license reservation solution is for classified environments that donβt allow electronic communication in or out of the environment. With a license reservation solution, you are fully offline without any ongoing communication or additional infrastructure. After you order the license and set up your smart accounts in CSSM, you need to Activate Licenses.
Report License Usage
Report license usage for remote environments - In remote offline deployments, turn off device communication to CSSM on the On-Premises servers. Manually upload the license consumption using RUM reports to establish trust and reporting to CSSM.
Report license usage for air-gapped environments from the switch - In fully offline deployment, no action is required, as there is no trust establishment or reporting of devices to CSSM.
Remote Deployments
Based on the topologies, the two types of remote deployments, where licenses are activated on SSM On-Prem and on CSLU are also termed as Topology 5: SSM On-Prem Disconnected from CSSM and Topology 3: CSLU Disconnected from CSSM respectively.
Steps to Deploy SSM On-Prem in Disconnected Mode
To deploy SLP remotely using SSM On-Prem in Disconnected mode, perform these two steps.
Activate Licenses on SSM On-Prem in Disconnected Mode
Procedure
Step 1 | Go to the Software Download page, click Smart Software Manager On-Prem, and download and install Smart Software Manager On-Prem. See Cisco Smart License Utility Quick Start Setup Guide. |
Step 2 | Configure SSM On-Prem and create a local account. See SSM On-Prem User Guide |
Step 3 | Navigate to the License workspace > Inventory > General > Product Usage Registration Tokens, select CSLU Transport URL at the SSM On-Prem UI. |
Step 4 | Configure the transport mode and SSM On-Prem URL on your device using the license smart transport cslu command. The SSM On-Prem URL is http://<ip>/cslu/v1/pi/<tenant ID>. Enter the hostname or the IP address of the server where you have installed SSM On-Prem. The tenantID is the default local virtual account ID. Example:
|
Step 5 | If you are deploying SSM On-Prem disconnected mode, log off from CSSM. |
Manage Licenses on SSM On-Prem in Disconnected Mode
Procedure
Step 1 | Log into SSM On-Prem > Smart Licensing workspace. | ||||
Step 2 | Synchronize the reports from SSM On-Prem with Cisco using the SSM On-Prem > Smart Licensing workspace.
| ||||
Step 3 | Manage the license consumption on your devices. View the license status and summary using the show license summary or show license usage commands. Example:
| ||||
Step 4 | (Optional) In the disconnected mode, manually upload the RUM reports with SSM On-Prem for synchronization. |
Steps to Deploy CSLU in Offline Mode
To deploy SLP remotely using CSLU in Offline mode, perform these two steps.
Activate Licenses on CSLU in Offline Mode
Procedure
Step 1 | Go to the Software Download page, click Smart Licensing Utility. and download and install the latest version of the CSLU application on your Windows or Linux server. See Cisco Smart Licensing Utility Quick Start Setup Guide for CSLU and Software Download for Linux. |
Step 2 | Set up CSLU preference settings and associate the Smart account and virtual account details. See Cisco Smart Licensing Utility User Guide. |
Step 3 | If you want to deploy CSLU Offline mode, navigate to CSLU Preference > Cisco Connectivity and set the option to off in the CSLU UI. The field switches to Cisco Is Not Available. Example:
|
Step 4 | Verify the license status using the show license status command. Verify the latest date in the Trust Code Installed field. Example:
|
Manage Licenses on CSLU in Offline Mode
Procedure
Log into CSLU UI to synchronize the reports from CSLU with Cisco.
|
High Availability
This section explains considerations that apply to a High Availability configuration, when running a software version that supports SLP.
Trust Code Requirements in a High Availability Setup
In Dual Supervisor setup, two trust codes are installed. The active Product instance can submit the requests for both the supervisors and install the trust codes that are returned in an ACK.
Policy Requirements in a High Availability Setup
There are no policy requirements that apply exclusively to a High Availability setup. As in case of a standalone product instance, only one policy exists in a High Availability setup as well, and this is on the active. The policy on the active applies to the standby in the setup.
Product Instance Functions in a High Availability Setup
This section explains general product instance functions in a High Availability setup, and what the product instance does when a standby is added.
For trust codes: The active product instance can request (if necessary) and install trust codes for standby.
For policies: The active product instance synchronizes with the standby.
For reporting: Only the active product instance reports usage. The active reports usage information for standby.
In addition to scheduled reporting, the following events trigger reporting:
-
The addition or removal of a standby. The RUM report includes information about the standby that was added or removed.
-
A switchover.
-
A reload.
For addition of a standby:
-
A product instance that is connected to CSLU, does not take any further action.
-
A product instance that is directly connected to CSSM, performs trust synchronization. Trust synchronization involves the following:
-
Installation of trust code on the standby if not installed already.
-
Installation of policy and purchase information, if applicable.
-
Sending of a RUM report with current usage information.
-
Upgrades
This section describes how upgrade or migration to SLP is handled. It also clarifies how SLP handles all earlier licensing models including: the earlier version of Smart Licensing, Right-to-Use Licensing (RTU), and how evaluation or expired licenses from any of the earlier licensing models are handled in SLP environment.
To migrate to SLP, you must upgrade to a software version that supports SLP. After you upgrade, SLP is the only supported licensing model and the switch continues to operate without any licensing changes. The SLP section provides details and examples for migration scenarios that apply to Cisco Nexus Switches.
When migrating from traditional licensing model to SLP, license conversion takes place automatically. This Device Led Conversion (DLC) process is triggered when traditional licenses are detected on the device during an upgrade. DLC request is sent to CSSM as part of the license report and may take up to an hour to complete.
Identifying the Current Licensing Model Before Upgrade
Before you upgrade to SLP, if you want to know the current licensing model that is effective on the switch, enter the show running license all command in privileged EXEC mode. This command displays information about the current licensing model for all except the RTU licensing model.
How an Upgrade Affects Enforcement Types for Existing Licenses
An unenforced license that was being used before upgrade, remains available after upgrade. All licenses on Cisco Nexus Switches are unenforced licenses. This includes licenses from the earlier licensing models as follows:
-
Traditional Licensing (PAK)
-
Smart Licensing
-
Right-to-Use (RTU) Licensing
-
Evaluation or expired licenses from any of the above-mentioned licensing models
How an Upgrade Affects Reporting for Existing Licenses
When you upgrade to a software version which supports SLP, reporting is based on the reporting requirements in the policy which can be displayed in the output of the show license status command for the following licenses:
-
Traditional Licenses (PAK)
-
Smart Licenses (Registered and Authorized licenses)
-
Right-to-Use (RTU) Licenses
-
Evaluation or expired licenses
How an Upgrade Affects Transport Type for Existing Licenses
The transport type, if configured in your existing setup, is retained after upgrade to SLP.
When compared to the earlier version of Smart Licensing, other transport types are available with SLP. There is also a change in the default transport mode. The following table clarifies how this may affect upgrades:
Migration | Transport Type Before Upgrade | Transport Type After Upgrade |
---|---|---|
SL (EVAL) | Callhome |
CSLU |
SL (Registered) |
Callhome |
|
PAK-based | NA |
CSLU |
SL (Registered) with On-Prem | callhome |
CSLU |
How an Upgrade Affects the Token Registration Process
In the earlier version of Smart Licensing, a token was used to register and connect to CSSM. ID token registration is not required in SLP. The token generation feature is still available in CSSM and is used to establish trust when a switch is directly connected to CSSM. See Topology 2: Connected Directly to CSSM.
Downgrades
To downgrade, you must downgrade the software version on the switch. This section provides information about downgrades for new deployments and existing deployments (you upgraded to SLP and now want to downgrade).
New Deployment Downgrade
This section applies if you had a newly purchased switch with a software version where SLP was already enabled by default, and you want to downgrade to a software version where SLP is not supported.
The outcome of the downgrade depends on whether a Trust Code was installed while you were still operating in the SLP environment, and further action may be required depending on the release you downgrade to.
If the topology you implemented while in the SLP environment was connected directly to CSSM, then a trust code installation can be expected or assumed, because it is required as part of topology implementation. For any of the other topologies, trust establishment is not mandatory. Downgrading switches with one of these other topologies will therefore mean that you must restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment. The following table displays the outcome and action for new deployment downgrade to Smart Licensing.
In the SLP Environment |
Downgrade to⦠|
Outcome and Further Action |
---|---|---|
Standalone product instance, which is connected directly to CSSM, and trust established. |
Action is required: You must reregister the product instance. |
Action is required: You must re-register the product instance. |
High Availability setup, which is connected directly to CSSM, and trust established. |
Any release that supports Smart Licensing. |
Action is required: You must re-register the product instance. Generate an ID token in the CSSM Web UI and on the product instance, enable smart licensing using license smart enable and configure the license smart register idtoken idtoken all command in global configuration mode. |
Any other topology. (Connected to CSSM Through CSLU, CSLU Disconnected from CSSM, No Connectivity to CSSM and No CSLU) |
Any release that supports Smart Licensing. |
Action is required: Restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment. |
Upgrade and Then Downgrade
If you upgrade to a software version that supports SLP and then downgrade to any of the earlier licensing models, license consumption does not change, and any product features you have configured on the product instance are preserved β only the features and functions that are available with SLP are not available anymore. Refer to the corresponding section below to know more about reverting to an earlier licensing model.
Upgrade to SLP and Then Downgrade to Smart Licensing
The outcome of the downgrade depends on whether a Trust Code was installed while you were still operating in the SLP environment, and further action may be required depending on the release you downgrade to. See Table 1.
Migrating to Smart Licensing Using Policy
To upgrade to SLP, upgrade the software version (image) on the switch to a supported version.
Before you Begin
Read the Upgrades section to understand how SLP handles various aspects of all earlier licensing models.
When migrating from traditional licensing model to SLP, license conversion takes place automatically.
Upgrading the Switch Software
See the corresponding release note for the upgrade procedure. If there are any general release-specific considerations, these are called-out in the corresponding release notes.
Also refer to the sample show command outputs of the migration scenarios provided below. Sample outputs are provided for before and after migration, for comparison.
Smart Licensing to Smart Licensing Using Policy
The following is an example of a Cisco MDS 9000 switch migrating from Smart Licensing to SLP. This is a High Availability setup with an active and standby.
The show command outputs below call-out key fields to check, before and after migration.
Smart Licensing to Smart Licensing Using Policy: show Commands
show license summary
Before Upgrade (Smart Licensing)
switch# show license summary
Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: BU Production Test
Virtual Account: MDS-Avalon
Export-Controlled Functionality: Allowed
License Authorization:
Status: OUT OF COMPLIANCE on Oct 14 06:26:13 2021 UTC
Last Communication Attempt: SUCCEEDED
Next Communication Attempt: Oct 14 18:26:56 2021 UTC
Communication Deadline: Jan 12 06:21:55 2022 UTC
Smart License Conversion:
Automatic Conversion Enabled: False
Status: Not started
License Usage:
License Entitlement tag Count Status
-------------------------------------------------------------------------
MDS 9396T 32G 16 port a... (PORT_ACTIV_9396T_PKG) 48 OUT OF COMPL
IANCE
MDS 9300 series Enterpr... (ENTERPRISE_PKG) 1 OUT OF COMPL
IANCE
After Upgrade (SLP)
switch# show license summary
License Usage:
License Entitlement tag Count Status
-------------------------------------------------------------------------
MDS 9396T 32G 16 port-a... (PORT_ACTIV_9396T_PKG) 48 NOT AUTHORIZ
ED
MDS 9300 series Enterpr... (ENTERPRISE_PKG) 1 IN USE
The Status
field shows that the licenses are now IN USE
instead of registered and authorized. The Count
filed indicates the total number of ports that are consuming port licenses.
show license usage
Before Upgrade (Smart Licensing)
switch# show license usage
License Authorization:
Status: OUT OF COMPLIANCE on Oct 14 06:26:13 2021 UTC
(PORT_ACTIV_9396T_PKG):
Description: MDS 9396T 32G 16 port activation
Count: 48
Version: 1.0
Status: OUT OF COMPLIANCE
(ENTERPRISE_PKG):
Description: MDS 9300 series Enterprise package
Count: 1
Version: 1.0
Status: OUT OF COMPLIANCE
After Upgrade (SLP)
switch# show license usage
License Authorization:
Status: Not Applicable
(PORT_ACTIV_9396T_PKG):
Description: MDS 9396T 32G 16 port-activation
Count: 48
Version: 1.0
Status: NOT AUTHORIZED
Enforcement Type: ENFORCED
License Type: Enforced
(ENTERPRISE_PKG):
Description: MDS 9300 series Enterprise package
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic
The license counts remain the same.
show license status
Before Upgrade (Smart Licensing)
switch# show license status
Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: BU Production Test
Virtual Account: MDS-Avalon
Export-Controlled Functionality: Allowed
Initial Registration: SUCCEEDED on Oct 14 06:27:26 2021 UTC
Last Renewal Attempt: None
Next Renewal Attempt: Apr 12 06:27:26 2022 UTC
Registration Expires: Oct 14 06:22:22 2022 UTC
License Authorization:
Status: OUT OF COMPLIANCE on Oct 14 06:26:13 2021 UTC
Last Communication Attempt: SUCCEEDED on Oct 14 06:27:57 2021 UTC
Next Communication Attempt: Oct 14 18:27:56 2021 UTC
Communication Deadline: Jan 12 06:22:54 2022 UTC
Smart License Conversion:
Automatic Conversion Enabled: False
Status: Not started
After Upgrade (SLP)
switch# show license status
Utility:
Status: DISABLED
Smart Licensing using Policy:
Status: ENABLED
Data Privacy:
Sending Hostname: yes
Callhome Hostname Privacy: DISABLED
Smart Licensing Hostname Privacy: DISABLED
Version Privacy: DISABLED
Transport:
Type: CSLU
Cslu address: cslu-local
Policy:
Policy in use: Merged from multiple sources
Reporting ACK required: Yes
Unenforced/Non-Export:
First report requirement (days): 90 (CISCO default)
Ongoing reporting frequency (days): 365 (CISCO default)
On change reporting (days): 90 (CISCO default)
Enforced (Pepertual/Subscription):
First report requirement (days): 0 (CISCO default)
Ongoing reporting frequency (days): 0 (CISCO default)
On change reporting (days): 0 (CISCO default)
Export (Perpetual/Subscription):
First report requirement (days): 0 (CISCO default)
Ongoing reporting frequency (days): 0 (CISCO default)
On change reporting (days): 0 (CISCO default)
Miscellaneous:
Custom Id: <empty>
Usage reporting:
Last ACK received: <none>
Next ACK deadline: Jan 12 08:39:14 2022 UTC
Reporting push interval: 30 days
Next ACK push check: <none>
Next report push: Oct 14 08:40:00 2021 UTC
Last report push: <none>
Last report file write: <none>
Trust Code installed: Jan 12 08:39:14 2022 UTC
Active: PID: DS-C9148T-K9, SN: JPG220700PY
Jan 12 08:39:14 2022 UTC
The Transport:
field:A transport type was configured and therefore retained after upgrade.
The Policy:
header and details: A custom policy was available in the Smart Account or Virtual Account β this has also been automatically installed on the switch. (After establishing trust, CSSM returns a policy. The policy is then automatically installed.)
The Usage Reporting:
header: The Nextreport push:
field provides information about when the switch will send the next RUM report to CSSM.
The Trust Code Installed:
field: The ID token is successfully converted and a trusted connection has been established with CSSM.
show license udi
Before Upgrade (Smart Licensing)
switch# show license udi
UDI: SN:JPG22060061
After Upgrade (SLP)
switch# show license udi
UDI: PID:DS-C9396T-K9, SN:JPG22060061
HA UDI List:
Active: PID:DS-C9396T-K9, SN:JPG22060061
This is a High Availability setup, and the command displays all UDIs in the setup.
The CSSM Web UI After Migration
Log in to the CSSM Web UI at https://software.cisco.com/software/smart-licensing/alerts. Under Inventory > Product Instances.
Registered licenses in the Smart Licensing environment were displayed with the hostname of the switch in the Name column. After upgrading to SLP, they are displayed with the UDI of the switch. All migrated UDIs are displayed. In this example, they are PID:C9500-16X,SN:FCW2233A5ZV and PID:C9500-16X,SN:FCW2233A5ZY.
Only the active switch reports usage. Therefore, PID:C9500-16X,SN:FCW2233A5ZV displays license consumption information under License Usage.
Reporting After Migration
The switch sends the next RUM report to CSSM, based on the policy.
To change the reporting interval to report more frequently: on the switch, configure the license smart usage interval command.
Evaluation or Eval Expired to Smart Licensing Using Policy
The following is an example of a Cisco MDS 9000 switch with evaluation licenses (Smart Licensing) that were migrated to SLP.
The notion of evaluation licenses does not apply to SLP. When the software version is upgraded to one that supports SLP, all licenses are displayed as IN USE and the Cisco default policy is applied to the switch.
The following table calls out key changes or new fields to check for in the show command outputs, after upgrade to SLP.
Evaluation or Eval Expired to Smart Licensing Using Policy: show Commands
show license summary
Before Upgrade (Smart Licensing, Evaluation Mode)
switch# show license summary
Smart Licensing is ENABLED
Registration:
Status: UNREGISTERED
Export-Controlled Functionality: Not Allowed
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 89 days, 21 hours, 13 minutes, 49 seconds
Smart License Conversion:
Automatic Conversion Enabled: False
Status: Not started
License Usage:
License Entitlement tag Count Status
-------------------------------------------------------------------------
<empty> (ENTERPRISE_PKG) 1 EVAL MODE
<empty> (PORT_ACTIV_9396T_PKG) 48 EVAL MODE
After Upgrade (SLP)
switch# show license summary
License Usage:
License Entitlement tag Count Status
-------------------------------------------------------------------------
MDS 9396T 32G 16 port-a... (PORT_ACTIV_9396T_PKG) 48 NOT AUTHORIZED
MDS 9300 series Enterpr... (ENTERPRISE_PKG) 1 IN USE
All licenses are migrated and IN USE
.There are no EVAL MODE licenses.
show license usage
Before Upgrade (Smart Licensing, Evaluation Mode)
switch# show license usage
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 89 days, 21 hours, 13 minutes, 10 seconds
(ENTERPRISE_PKG):
Description: <empty>
Count: 1
Version: 1.0
Status: EVAL MODE
(PORT_ACTIV_9396T_PKG):
Description: <empty>
Count: 48
Version: 1.0
Status: EVAL MODE
After Upgrade (SLP)
switch# show license usage
License Authorization:
Status: Not Applicable
(PORT_ACTIV_9396T_PKG):
Description: MDS 9396T 32G 16 port-activation
Count: 48
Version: 1.0
Status: NOT AUTHORIZED
Enforcement Type: ENFORCED
License Type: Enforced
(ENTERPRISE_PKG):
Description: MDS 9300 series Enterprise package
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic
show license status
Before Upgrade (Smart Licensing, Evaluation Mode)
switch# show license status
Smart Licensing is ENABLED
Registration:
Status: UNREGISTERED
Export-Controlled Functionality: Not Allowed
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 89 days, 21 hours, 12 minutes, 51 seconds
Smart License Conversion:
Automatic Conversion Enabled: False
Status: Not started
After Upgrade (SLP)
switch# show license status
Utility:
Status: DISABLED
Smart Licensing using Policy:
Status: ENABLED
Data Privacy:
Sending Hostname: yes
Callhome Hostname Privacy: DISABLED
Smart Licensing Hostname Privacy: DISABLED
Version Privacy: DISABLED
Transport:
Type: CSLU
Cslu address: cslu-local
Policy:
Policy in use: Merged from multiple sources
Reporting ACK required: Yes
Unenforced/Non-Export:
First report requirement (days): 90 (CISCO default)
Ongoing reporting frequency (days): 365 (CISCO default)
On change reporting (days): 90 (CISCO default)
Enforced (Pepertual/Subscription):
First report requirement (days): 0 (CISCO default)
Ongoing reporting frequency (days): 0 (CISCO default)
On change reporting (days): 0 (CISCO default)
Export (Perpetual/Subscription):
First report requirement (days): 0 (CISCO default)
Ongoing reporting frequency (days): 0 (CISCO default)
On change reporting (days): 0 (CISCO default)
Miscellaneous:
Custom Id: <empty>
Usage reporting:
Last ACK received: <none>
Next ACK deadline: Jan 12 08:39:14 2022 UTC
Reporting push interval: 30 days
Next ACK push check: <none>
Next report push: Oct 14 08:40:00 2021 UTC
Last report push: <none>
Last report file write: <none>
Trust Code installed: <none>
The CSSM Web UI After Migration
No changes in the CSSM Web UI.
Reporting After Migration
Implement any one of the supported topologies and fulfill reporting requirements. See Supported Deployment Models and Topologies. The reporting method depends on the implemented topology.
Feature History for Smart Licensing Using Policy
Release | Feature | Feature Information |
---|---|---|
Cisco MDS 9000 NX-OS Release 9.2(2) |
Smart Licensing Using Policy (SLP) |
This feature was introduced. |