Table Of Contents
Managing Licenses
Understanding Licensing
Viewing Current Licenses
Viewing Licensing History
Adding and Upgrading Licenses
Removing Licenses
Managing Licenses
This chapter describes the licensing mechanism and licensing schemes available in the Cisco Identity Services Engine (ISE) and how to add or upgrade a license. The following topics are covered:
•Understanding Licensing
•Viewing Current Licenses
•Adding and Upgrading Licenses
•Removing Licenses
Understanding Licensing
In Cisco ISE, licensing enables you to provide coverage for increasing numbers of endpoints and offer more complex policy services depending on the capabilities of the license or licenses that you choose to apply.
Cisco ISE licenses are available in Base and Advanced packages. Each package includes a number of SKUs that is equal to the number of licenses included in the package. To use Cisco ISE, you must have a valid base and advanced license package.
The base package includes all of the base services required to enable 802.1X, Guest, and Monitoring and Troubleshooting. The advanced package includes Posture, Profiler, and Security Group Access services.
Cisco ISE is bundled with a licensing mechanism that has the following important features:
•Built-in License—Cisco ISE comes with a built-in evaluation license, which is valid for 90 days. The evaluation license includes both base and advanced packages and limits the number of endpoints to 100 for both the base and advanced packages. Therefore, it is not required to install a regular license immediately upon installation.
•Central Management—Licenses are centrally managed by the ISE administration node. In a distributed deployment, where two ISE nodes assume the Administration persona (primary and secondary), upon successful installation of the license file, the licensing information from the primary Administration node is propagated to the secondary Administration node. So there is no need to install the same license on each Administration node within the deployment.
•Concurrent Endpoint Count—The Cisco ISE license includes a count value for base and advanced packages, which restricts the number of endpoints that use those services. The count value is the number of endpoints across the entire deployment that are concurrently connected to the network and accessing the service.
Note Concurrent endpoints represent the total number of supported users and devices. An endpoint can be any combination of users, personal computers, laptops, IP phones, smart phones, gaming consoles, printers, fax machines, or other types of network devices.
The following license types are available in Cisco ISE:
•Evaluation License
•Base License
•Advanced License
Refer to Cisco Identity Services Engine Hardware Installation Guide, Release 1.0, for more information about the license types available in the Cisco ISE license scheme.
Viewing Current Licenses
To view current license in Cisco ISE, choose Administration > System > Licensing > Current Licenses. The Current License page appears, which contains the following information:
•Administration Node—Name of the ISE server instance where the primary node is installed.
•ID—Administration node ID obtained from the licensing information.
•Version—Version number of the Cisco ISE.
•Type—Type of license that is activated in the Cisco ISE node.
•Expires—Number of days remaining after which the current license expires.
•Licensed To—Name of the organization to which the license has been allotted.
•Base—Number of base licenses that are installed in the Cisco ISE node versus the number of endpoints that are supported under the current licensing scheme. If you are using an evaluation license, this number is 1/100.
•Advanced—Number of advanced licenses that are installed in the Cisco ISE node versus the number of endpoints that are supported under the current licensing scheme. If you are using an evaluation license, this number is 1/100.
Viewing Licensing History
You can obtain reports about the license types and actions taken (such as when the license was installed, upgraded, deleted, and so on) from the Licensing History page. To view the licensing history, choose Monitor > System > Reports > Licensing History. The Licensing History page appears, which provides the following licensing information:
•Time Stamp—The time at which a particular license was added, updated, or deleted.
•Admin User Name—Name of the Admin User who took the particular action.
•Admin IP Address—IP address of the Cisco ISE node where the license is installed.
•Action—Action taken such as created, upgraded, deleted, and so on.
•License File—Name of the license file that has been added, updated, or deleted. This column remains blank if the license is an evaluation license.
•Description—A short description of the action taken.
See System Reports, page 23-11 for information on how to generate the report on licensing history.
Adding and Upgrading Licenses
You can add a license only on a standalone or primary Administration ISE node. You can upgrade your existing evaluation license on or before the expiry of the 90-day evaluation period. You must install the base license before upgrading to the advance license.
Prerequisite
Make sure that you have obtained and installed appropriate license on your Cisco ISE node. Refer to the Cisco Identity Services Engine Hardware Installation Guide, Release 1.0, for more information about how to obtain a valid license and how to install it.
To add or upgrade a license, complete the following steps:
Step 1 From the ISE Administration interface, select Administration > System > Licensing > Current Licenses. The Current Licenses page appears with a list of available deployment licenses and their configuration.
Step 2 Click the radio button next to the license name that you want to upgrade and click Edit.
The Licensed Service page appears, which contains the following information:
•Service—The services available on the Cisco ISE node.
•Installations—The services currently installed on the Cisco ISE node.
•License File—Type of license that is currently activated on the Cisco ISE node.
•End Points—Number of endpoints supported under the current licensing scheme.
•Updated Time—Time at which the license was updated.
•Counter—Number of licenses that are installed in the Cisco ISE node and the number of endpoints that are supported under the current licensing scheme.
Step 3 Click Add Services. The Import New License File page appears.
Step 4 Click Browse to import the new license file that supports the added service.
Step 5 Click Save.
Go back to the Current Licenses page to verify the addition of the upgraded license. For further confirmation, check the features of the respective services for which the license has been upgraded.
Removing Licenses
You can add a license only on a standalone or primary Administration ISE node. You cannot remove evaluation licenses. If you remove the production licenses within the evaluation period, the evaluation license is restored upon deletion.
If base and advanced packages are installed separately, you can remove each of them individually. If you have installed a combined license, all related installations in the base and advanced packages are removed.
Note If the advanced package count is greater than the base package count, then the base package cannot be deleted.
To remove a license, complete the following steps:
Step 1 From the ISE Administration interface, select Administration > System > Licensing > Current Licenses. The Current Licenses page appears with a list of available deployment licenses and their configuration.
Step 2 Click the radio button next to the node name and click Edit. The Licensed Services page appears.
Step 3 Click the radio button next to the license name that you want to delete and click Remove.
Step 4 Click OK in the confirmation dialog box to confirm that you want to delete this licensing package.
The Licensed Services page appears with the modified status.