Guest

Cisco Unified Border Element

Software Activation Q&A

  • Viewing Options

  • PDF (267.7 KB)
  • Feedback

Gatekeeper: A Cisco Unified Border Element Component

Software Activation

Q. What is software activation? How does it work?
A. Software activation authorizes and enables the usage of a Cisco ® software feature or feature sets. A special file contained in the device, called a license file, is examined by Cisco software when the device is powered on. Based on the license file installed, Cisco software enables the appropriate feature set(s).

License files can be changed or upgraded to enable a different feature set.

Note: A particular license file only functions with the device for which it was created (a license file is generated based on the unique serial number [SN] and product ID [PID] of the device, known as the unique device identifier [UDI]).

Q. What are the different types of licenses? What is the lifecycle of a license?
A. Software activation offers various types of licenses:

A permanent license requires one-time installation, independent of the release version. We offer several types of permanent licenses:

Permanent feature/feature set/image (uncounted): This applies to a feature, a feature set, or an entire image. A permanent license requires a one-time license installation independent of the software release version. Gatekeeper license is an example of a feature uncounted license.

Permanent feature license (counted): This applies to a count-based feature within an image. A permanent license requires a one-time installation independent of the software release version; if an increase in count is necessary, a new license is required to activate the additional counts. This typically applies to features such as Secure Sockets Layer (SSL)

Subscription-based license: This applies to a feature within an image that requires frequent downloads to keep the device up to date. This typically applies to security features such as intrusion prevention systems (IPS) and so on as a yearly subscription (1-, 2-, or 3-year).

Migration license: This is a permanent license (feature counted or uncounted). Migration license is used for customers that already purchased the feature license and upgraded to a new software release, which includes software activation (preventing feature activation until license is installed). In that case, a migration license is offered to these customers to migrate from a purchased paper license to a permanent license.

A temporary license offers a typical 60-day trial period; once expired, it reverts back to the base functionality offered. There are three types of temporary licenses:

Evaluation/emergency license: Comes preloaded in the software activation code release. This allows for a 60-day trial period of the feature or feature sets/image. The emergency license is best used when the customer has received a new unit (through a return materials authorization [RMA]), has no Internet connection to transfer licenses over, and would like to get a device up and running immediately. Without any further delay or phone calls, the emergency license can be activated for 60 days after accepting an end user license agreement (EULA) on the command-line interface (CLI) or Cisco License Manager interface.

Evaluation license/demo license: Provides a 60-day demo license for licensed features or feature sets/image.

Extension license: License extension available by calling the Cisco Technical Assistance Center (TAC), and upon approval, a defined time frame is offered based on a joint agreement (more or less than 60 days).

For further detail, refer to http://www.cisco.com/go/sa.

Q. What does the Gatekeeper license offer, and what platforms support Gatekeeper software activation?
A. The Gatekeeper license allows the user to gain access to the configuration of Gatekeeper functionality. It is currently offered as unlimited H.323 sessions.

Table 1 shows the platforms that support Gatekeeper software activation.

Table 1. Software Activation of Gatekeeper Platform Support

Platform

Software Activation Status

Cisco 2801 Integrated Services Router

Supported in Cisco IOS Software Releases 15.0.1M onward

Cisco 2811 Integrated Services Router

Supported in Cisco IOS® Software Releases 12.4.15XZ onward

Cisco 2821 Integrated Services Router

Supported in Cisco IOS Software Releases 12.4.15XZ onward

Cisco 2851 Integrated Services Router

Supported in Cisco IOS Software Releases 12.4.15XZ onward

Cisco 3825 Integrated Services Router

Supported in Cisco IOS Software Releases 12.4.15XZ onward

Cisco 3845 Integrated Services Router

Supported in Cisco IOS Software Releases 12.4.15XZ onward

Cisco AS5350XM Universal Gateway

Supported in Cisco IOS Software Releases 12.4.15XZ onward

Cisco AS5450XM Universal Gateway

Supported in Cisco IOS Software Releases 12.4.15XZ onward

Cisco 72xx

Not supported

Cisco 7301 Router

Not supported

Q. How do I know a Gatekeeper license is needed for the device in use?
A. If you have previously purchased a paper license for Gatekeeper or Cisco Unified Border Element and the feature has been configured, the new Cisco IOS Software image containing software activation for Gatekeeper will warn the user that the license has not been installed using syslog messages. If the feature was not previously configured, no messages will prompt the user to install the license as desired.
Q. I already have a Gatekeeper license running on an older Cisco IOS Software image. Do I have to upgrade my image, or can I continue to use it as is?
A. You do not need to upgrade to the new Cisco IOS Software image (bug fixes, new features, and so on). You can continue using the current image with a purchased feature license. When Cisco IOS Software image upgrades to Release 12.4.15XZ or 12.4.20T are completed, a Gatekeeper license installation will be required to activate the feature on the specific device.
Q. How do I migrate from my purchased paper license to the software-activated Gatekeeper license?
A. If you have previously purchased a paper license for Gatekeeper or Cisco Unified Border Element, you need to obtain a migration license (no additional charge) by entering in the UDI of your device at http://www.cisco.com/go/license.
Q. How do I manage licensing for multiple devices?
A. Cisco offers a management GUI, Cisco License, Manager, to support network-level licensing (up to 30,000 devices) as well as offer the ability to install licenses across the network using a simple wizard. See the following questions for more detail.
Q. How are licenses managed? What is Cisco License Manager?
A. Several options exist to manage software licenses. The CLI provides the ability to install, view, and remove software licenses per device. This functionality is also available through Simple Network Management Protocol (SNMP) for integration with standards-based network management tools.

For a larger number of devices, Cisco License Manager discovers and manages the licenses for up to 30,000 devices. Cisco License Manager can be used standalone or integrated with the CiscoWorks family of management tools.

Cisco License Manager is a secure client-server application running on Windows XP and Solaris operating systems. Cisco License Manager manages Cisco IOS Software activation and licenses for Cisco network devices. It automates the Cisco IOS Software licensing workflows using its wizard-based, easy-to-use, and intuitive GUI and scales for large network deployments. Cisco License Manager is a standalone application and does not require any other Cisco network management application for it to work. It provides an optional full-functionality Java software development kit (SDK) for integration with third-party software or homegrown management applications.

For additional product information, refer to http://www.cisco.com/go/clm.

Q. When is a license preinstalled?
A. For all orders placed at the time of manufacturing, the licenses will be preinstalled. For example: if a user purchases a Cisco 2821 Integrated Services Router and requests a Gatekeeper or Cisco Unified Border Element license at the time of the order, the license will be preinstalled so that the customer will not require license installation
Q. How do I upgrade using software activation?
A. For orders placed after the product has shipped (that is, upgrades), a license must be purchased (using a product authorization key [PAK]) and registered before the license is activated on the device. See the question following.
Q. What is a PAK? What are the different types?
A. PAKs are purchasable items, ordered in the same manner as other Cisco equipment; they are used to obtain license files for feature sets on specific classes of devices.

A PAK is used to generate one or more licenses. A PAK that generates more than one license is similar in concept to a debit card. The PAK code is reused to generate the number of licenses originally specified during the PAK purchase. Once that number of licenses has been generated, no additional licenses can be created using the same PAK. A PAK can be configured and purchased with quantities anywhere from 1 up to 5000 licenses.

Software-activated SKUs are recognized by FL-XXX-XXX=. Table 2 shows all offered Gatekeeper SKUs.

FL-XXX-XXX= upgrade SKU generating a PAK that is provided by regular mail.

Table 2. Software-Activated Upgrade SKUs

Platforms

Upgrade SKUs

Description

Cisco 28xx

FL-INTVVSRV-2811=

FL-INTVVSRV-2821=

FL-INTVVSRV-2851=

Gatekeeper feature license activating the Gatekeeper component. PAK is mailed out.

Cisco 38xx

FL-INTVVSRV-3825=

FL-INTVVSRV-3845=

Gatekeeper feature license activating the Gatekeeper component. PAK is mailed out.

Cisco AS5xxx

FL-INTVVSRV-5350XM=

FL-INTVVSRV-5400XM=

Gatekeeper feature license activating the Gatekeeper component. PAK is mailed out.

Cisco 28xx, 38xx

FL-CUBE-25=

FL-CUBE-100=

Cisco Unified Border Element feature license that includes Gatekeeper feature license activating Gatekeeper component. PAK mailed out for Gatekeeper component applicable to call platforms as listed in Table 1.

In the near future support for electronic delivery of the PAK will be offered; look for L-XXX-XXX SKUs.

Q. What do I do if I lose the PAK number?
A. The PAK can be retrieved using the current Cisco ordering tool; Sales Order entry is required before the PAK can be provided.
Q. What is licensing call home? What are the various call home functions?
A. Licensing call home provides the ability to perform certain licensing operations from the device by communicating directly with the licensing backend server using HTTPS secure connectivity.

The following call home functionality is supported

license call-home install pak <PAK>: Install the licenses to the device using a PAK.

license call-home resend: Retrieve all the licenses to which the device is entitled.

license call-home revoke udi <target-udi>: Transfer/rehost a given PID from the device to a target device.

Q. How is a license obtained and installed?
A. A license can be obtained and installed following a four-step process:

1. Purchase a PAK for the desired type of license(s): for example, SL-xxx-xxx.

2. Register the PAK code and UDI of the device to Cisco's online license portal (http://www.cisco.com/go/license).

3. Install the license file returned from the license portal to the provided e-mail address (using CLI, call home, or Cisco License Manager).

4. Reboot is not required for feature licenses.

Note that a license is generated based on the UDI of the device; for multiple purchased licenses using the same PAK, the user needs to register the same PAK using all UDIs to received license files for each device.

Cisco License Manager can be used to facilitate this process for networkwide license deployment (refer to question 6).

For additional product information regarding license installation with Cisco License Manager, refer to http://www.cisco.com/go/clm.

Q. What happens in RMA cases?
A. As done today, customers will receive the replacement hardware (based on their Cisco SMARTnet ® Service contract) of the specific device with the default image, which will include the default license. To transfer additional purchased licenses (Gatekeeper license), an RMA portal is provided: http://www.cisco.com/go/license, select RMA.

If the user or location in which the replacement unit is installed does not have Internet to access the RMA portal, a built-in evaluation license (also referred to as emergency license in question 2) is provided in the image to allow the user to immediately activate and reconfigure the features for 60 days until the RMA license transfer is complete.

Q. What do I do if a license is accidentally removed or expires?
A. If the license has been cleared from the device, the user has the following options to retrieve it:

• If the device is connected to the Internet, a CLI call home function is provided to retrieve all registered licenses (note that this can only be implemented after the license has been issued based on a specific UDI).

• If Cisco License Manager is deployed, Cisco License Manager can call home and retrieve the license(s) for the user to reinstall.

• The license portal using UDI entry can resend the license(s): http://www.cisco.com/go/license select resend.

Otherwise, the Gatekeeper feature will not be configurable until a temporary license is installed properly.

If the license expires or is removed during endpoint registration, the location request as well as endpoint requests will time out, and the Gatekeeper feature will not be configurable until the license is reinstated.

For additional Cisco Unified Border Element feature information, go to http://www.cisco.com/go/cube.

Q. Where are the licenses stored?
A. The license file is stored on a special area of the memory in the device. The license file is not directly viewable within the device file system, but the CLI exists to view and manage the license file.
Q. What is a license rehost? How do I transfer my license to another device?
A. License rehost is the ability to securely transfer a license from one working device to another working device within the same family or as defined in the license policy. For example, if a user has conducted Gatekeeper certification on a demo lab unit, since the user purchased the license for Gatekeeper and wants to transfer that license over to a product unit, the user can do so using the rehost function. The function can be achieved using one of the following methods:

• CLI call home function

• Cisco License Manager rehost function

Q. What is the procedure for manual licensing for customers without Internet connectivity to their networks?
A. If the customer is using Cisco License Manager, the procedure can be made automated to a large extent by deploying two Cisco License Managers: one inside the isolated network and one outside with Internet access. Note that this does require ability to copy data from Cisco License Manager deployed inside the isolated network. If this is not possible, then the first step will need to be manual: printing the device UDIs and adding them into Cisco License Manager with Internet connectivity using an Extensible Markup Language (XML) file.

For more information regarding various options for deploying Cisco License Manager or additional details, go to http://www.cisco.com/go/clm.

The device does not have to be connected to the Internet to be upgraded. The UDI (serial number and PID) has to be taken out of the secure network on paper, disk, or whatever is allowed and then sent to Cisco's license portal. A license gets sent back in response. The license is a small file. It must be brought back into the secure network on some type of approved media/process and installed on the device.

Appendix

Glossary and Important Links

Cisco Software Activation

Glossary

Item

Description

Cisco License Manager

License management tool, similar to network management tool.

EULA

End user license agreement.

EULACIN

End user license CA organization that provides support for licensing.

Evaluation/emergency license

A free license that has usage-based expiration associated with it, provided to allow customers and sales engineers to evaluate new products. Recommended usage is in labs and other nonproduction networks. 60-day license.

Extension license

A license that has a usage-based expiration associated with it. This is used for two purposes: to allow TAC or Cisco to provide a temporary license, and also provided to extend functionality when rehosting licenses. Available on Cisco Web portal for access.

Grace period

Device A is given a 60-day grace period, after a rehost has been performed.

License

Legal rights that permit the usage of legally obtained products. This is not a license line.

License enforcement

Enforcement of licenses using electronic means.

License file

File generated by Cisco licensing tools. Used to install license on product. Has a user-readable part and contains one or more licenses.

License storage

This is a file that holds a collection of license lines. This file exists in permanent (read/write) storage on a device.

License transfer/rehost

The movement of digital rights from one working router to another.

Node locking

The binding of digital rights to a specific network node (a router or switch).

PAK

Product authorization key: Provided to customer when a spare upgrade license is purchased. Used to generate license line.

Permissions ticket

A set of data issued by Licensing backend servers that has a human-readable field and an encrypted field. It informs the device about which licenses to revoke and which ones to install. See the rehost process for details.

Persistent storage

The persistence file holds the "license history" for that device, along with certain information about license removals, expires, rehosts, and so on.

Registration system

Cisco self-service Website, where PAK can be registered to obtain a license line.

RMA

Returned materials authorization. The return of a failed unit of hardware back to the supplier or manufacturer.

Service contract

Product support contract, expected to be one per product for a fixed period of time.

SKU

Stockkeeping unit. Software on Cisco.com is an SKU. A SKU maps to one or more license features.

Software center

Cisco Website from which software can be downloaded.

UDI

Unique device identifier. Cisco identifier that contains product ID, serial number, and version. Only product ID and serial number are used by this project.

TAC

Technical Assistance Center; CA support.

Important Links

Link

Description

http://www.cisco.com/go/license

Cisco software activation license portal allowing users to register their PAK, download a demo license, and implement an RMA transfer of licenses.

http://www.cisco.com/go/clm

Cisco License Manager product information, including data sheet, software downloads.

http://www.cisco.com/go/cube

Cisco Unified Border Element feature link, including product information.

http://www.cisco.com/go/isr

Integrated services router product information, including data sheets, licensing conceptual overview, software activation user's guide, and so on.

http://www.cisco.com/go/sa

Cisco software activation link, including access to all software activation documents such as user's guide, conceptual overview, and so on.

http://www.tools.cisco.com/ITDIT/CFN/jsp/index.jsp

Feature Navigator Tool link.