Cisco Identity Services Engine User Guide, Release 1.1.x
Managing Licenses
Downloads: This chapterpdf (PDF - 106.0KB) The complete bookPDF (PDF - 26.14MB) | Feedback

Managing Licenses

Table Of Contents

Managing Licenses

Understanding Licensing

Viewing Current Licenses

Viewing Licensing History

Adding and Upgrading Licenses

Removing Licenses


Managing Licenses


This chapter describes the licensing mechanism and licensing schemes that are available in the Cisco Identity Services Engine (Cisco ISE) and how to add or upgrade a license. The following topics are covered:

Understanding Licensing

Viewing Current Licenses

Adding and Upgrading Licenses

Removing Licenses

Understanding Licensing

In Cisco ISE, licensing enables you to provide coverage for increasing numbers of endpoints and offer more complex policy services, depending on the capabilities of the license or licenses that you choose to apply.

Cisco ISE licenses are available in Base, Advanced, and Wireless packages. Each package includes The number of SKUs that is equal to the number of licenses that are included in the package. To use Cisco ISE, you must have a valid Base, Base and Advanced, or Wireless License package.

A single endpoint with multiple network connections may consume more than one Base or Advanced License. This situation can occur, for example, if an endpoint has both a wired and a wireless network connection. Each unique authenticated connection will require its own license.

The Base package includes all of the base services that are required to enable authentication and authorization, Guest services, and link encryption. The Advanced package includes Posture, Profiler, Device Registration and Supplicant Provisioning, and Security Group Access services.

The Base License is consumed whenever an authentication notification is received by Cisco ISE. A single Advanced License is consumed when any one or more of the following services or conditions are applied to the endpoint session:

Posture

Security Group Tag assignment

Authorization using profile information

Endpoint is registered in the MyDevices Portal

Cisco ISE is bundled with a licensing mechanism that has the following important features:

Built-in License—Cisco ISE comes with a built-in evaluation license, which is valid for 90 days. The evaluation license includes both Base and Advanced packages and limits the number of endpoints to 100 for both the Base and Advanced packages. Therefore, you are not required to install a regular license immediately upon installation.

License Management—When you deploy only one Administration ISE node in your network, licenses are centrally managed by the Administration ISE node and are automatically distributed among all other nodes (except Inline Posture nodes) in the deployment. When you have installed a primary Administration ISE node in your network in a distributed deployment, the Administration ISE node manages all the license files. The secondary Administrative node needs a license only when it is permanently promoted to the primary status. In addition, in order to install license files on your Cisco ISE, the node must be in standalone mode or deployed as the primary Administration ISE node for the period of time it takes to install the required licenses.

License Count—The Cisco ISE license is counted as follows:

A Base or Advanced license is consumed based on the feature that is utilized.

An endpoint with multiple network connections can consume more than one license per MAC address. For example, a laptop connected to wired and also to wireless at the same time. Licenses for VPN connections are based on the IP address.

Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.


Note Sessions without RADIUS activity are automatically purged from Active Session list every 5 days or if the endpoint is deleted from the system.


The following license types are available in Cisco ISE:

Evaluation License

Base License

Advanced License

Wireless License


Note Wireless Licenses cannot coexist on an Cisco Administration ISE node with Base or Base and Advanced Licenses.


Refer to the Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x, for more information about the license types available in the Cisco ISE license scheme.

Viewing Current Licenses

To view current licenses in Cisco ISE, choose Administration > System > Licensing > Current Licenses. The Current License page appears, which contains the following information:

Administration Node—Name of the Cisco ISE server instance where the primary node is installed.

ID—Administration node ID which is obtained from the licensing information.

Version—Version number of the Cisco ISE.

Base Type—The status/type of the Base License that is currently installed on the Administration node.

Advanced Type—The status or type of the Advanced License that is currently installed on the Administration node.

Wireless Type—The status or type of the Wireless License that is currently installed on the Administration node.

After the 90-day evaluation license expires and you install a Wireless License, the Current Licenses page indicates that the Base and Advanced Licenses are "Not Installed."

Wireless Upgrade Type—The status or type of the Wireless Upgrade License that is currently installed on the Administration node.

After installing a Wireless Upgrade License, the Current Licenses page indicates that there is now an "Eval (0 Days)" Base License and that the Advanced License is "Not Installed."

Licensed To—Name of the organization to which the license has been allotted.

Base—The ratio in this number represents the number of utilized endpoints versus the number of allowed endpoints that are supported under the current Base licensing scheme. For example, if you are using an evaluation license and have identified only one endpoint, this number is 1/100.

Advanced—The ratio in this number represents the number of utilized endpoints versus the number of allowed endpoints that are supported under the current Advanced licensing scheme. For example, if you are using an evaluation license and have identified only one endpoint, this number is 1/100.

Viewing Licensing History

You can obtain reports about the license types and actions taken (such as when the license was installed, upgraded, deleted, and so on) from the Licensing History page. To view the licensing history, choose Operations > System > Reports > Licensing History. The Licensing History page appears, which provides the following licensing information:

Time Stamp—The time at which a particular license was added, updated, or deleted.

Admin User Name—Name of the Admin User who took the particular action.

Admin IP Address—IP address of the Cisco ISE node where the license is installed.

Action—Action taken, such as created, upgraded, deleted, and so on.

License File—Name of the license file that has been added, updated, or deleted. This column remains blank if the license is an evaluation license.

Description—A short description of the action taken.

See System Reports for information on how to generate a licensing history report.

Adding and Upgrading Licenses

You can add a license only on a standalone or primary Administration ISE node. You can upgrade your existing evaluation license on or before the expiration of the 90-day evaluation period. You have two options for upgrading or replacing your evaluation license. You must take either of these actions:

Install a Base License and then choose whether or not to also install an Advanced License

Install a Wireless License

Prerequisite

Make sure that you have obtained and installed appropriate license on your Cisco ISE node. Refer to the Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x, for more information about how to obtain a valid license and how to install it.

To add or upgrade a license, complete the following steps:


Step 1 From the Cisco ISE Administration interface, choose Administration > System > Licensing > Current Licenses. The Current Licenses page appears with a list of available deployment licenses and their configuration.

Step 2 Click the radio button next to the license name that you want to upgrade, and click Edit.

The Licensed Service page appears, which contains the following information:

Service—The services that are available on the Cisco ISE node.

Installations—The services that are currently installed on the Cisco ISE node.

License File—Type of license that is currently activated on the Cisco ISE node.

End Points—The number of endpoints that are supported under the current licensing scheme.

Updated Time—Time at which the license was updated.

Counter—The number of licenses that are installed in the Cisco ISE node and the number of endpoints that are supported under the current licensing scheme.

Step 3 Click Add Services. The Import New License File page appears.

Step 4 Click Browse to import the new license file that supports the added service.

Step 5 Click Save.

Go back to the Current Licenses page to verify the addition of the upgraded license. For further confirmation, check the features of the respective services for which the license has been upgraded.


Removing Licenses

You can add a license only on a standalone or primary Administration ISE node. You cannot remove evaluation licenses. If you remove the production licenses within the evaluation period, the evaluation license is restored upon deletion.

If Base, Advanced, or Wireless packages are installed, you can remove each of them individually. If you have installed a combined license, all related installations in the Base and Advanced packages are removed.


NoteIf the Advanced package count is greater than the Base package count, then the Base package cannot be deleted.

If you have installed a Wireless Upgrade License after a Wireless License, you must remove the Wireless Upgrade License before you can remove the underlying Wireless License.


To remove a license, complete the following steps:


Step 1 From the Cisco ISE Administration interface, choose Administration > System > Licensing > Current Licenses. The Current Licenses page appears with a list of available deployment licenses and their configuration.

Step 2 Click the radio button next to the node name, and click Edit. The Licensed Services page appears.

Step 3 Click the radio button next to the license name that you want to delete, and click Remove.

Step 4 Click OK in the confirmation dialog box to confirm that you want to delete this licensing package.

The Licensed Services page appears, showing the modified status.