Installation Guide for Cisco Security Manager 4.2
Licensing
Downloads: This chapterpdf (PDF - 116.0KB) The complete bookPDF (PDF - 1.72MB) | Feedback

Table of Contents

Licensing

Determining Which License You Need to Install and Use Security Manager 4.2

New Installation of Security Manager 4.2

Upgrade from Security Manager 4.0, 4.0.1, or 4.1

If You Have a Valid SAS Contract Purchased with Security Manager 4.0, 4.0.1, or 4.1

If You Do Not Have a Valid SAS Contract Purchased with Security Manager 4.0, 4.0.1, or 4.1

Upgrade from Security Manager 3.3 or 3.3.1

Upgrade from Security Manager 3.2, 3.2.1, or 3.2.2

Description of Licenses for Security Manager

Standard and Professional

90-day Evaluation License

Standard-to-Professional Upgrade License

Version Upgrade License

Incremental (“Add-on”) Licenses

Active and Standby Servers

Licenses for Component Applications

RME and Performance Monitor

Common Services and AUS

Device Count

Installing a License for Security Manager or Component Applications

Updating a License for Security Manager or Component Applications

Additional Documentation on Licensing

Getting Help with Licensing

Licensing

With the information in this chapter, you can determine which license you need to install and use Cisco Security Manager 4.2. This chapter also has descriptions of the various licenses available, such as standard, professional, and evaluation.

Other than a few notes, this chapter does not discuss license installation. Refer to Chapter 5, “Installing and Upgrading Server Applications”

Determining Which License You Need to Install and Use Security Manager 4.2

The license that you need depends upon whether you are performing a new installation or upgrading from one of several previous versions:

New Installation of Security Manager 4.2

A new installation of Cisco Security Manager 4.2 requires the purchase of the appropriate Cisco Security Manager 4.2 license. Details about Cisco Security Manager licensing can be found in the product bulletin at http://www.cisco.com/en/US/products/ps6498/prod_bulletins_list.html .

Upgrade from Security Manager 4.0, 4.0.1, or 4.1

To upgrade from Security Manager 4.0, 4.0.1, or 4.1, first determine whether or not you have a valid SAS contract purchased with Security Manager 4.0, 4.0.1, or 4.1.

If You Have a Valid SAS Contract Purchased with Security Manager 4.0, 4.0.1, or 4.1

If you have a valid license for Security Manager 4.0. 4.0.1, or 4.1, you can use that license for Security Manager 4.2. Also, that license will be recognized and retained by the Security Manager installation program, so you will not need to apply that license during upgrade from Security Manager 4.0. 4.0.1, or 4.1 to Security Manager 4.2.

If You Do Not Have a Valid SAS Contract Purchased with Security Manager 4.0, 4.0.1, or 4.1

Customers without SAS contracts can purchase minor upgrade SKUs which will provide them with a valid Security Manager 4.2 license.

Upgrade from Security Manager 3.3 or 3.3.1

Customers upgrading from Cisco Security Manager 3.3 or 3.3.1 are required to purchase the appropriate Cisco Security Manager 4.2 license or a version upgrade license. Details about Cisco Security Manager licensing can be found in the product bulletin at http://www.cisco.com/en/US/products/ps6498/prod_bulletins_list.html .

Upgrade from Security Manager 3.2, 3.2.1, or 3.2.2

Customers upgrading from Cisco Security Manager 3.2, 3.2.1, or 3.2.2 are required to purchase the appropriate Cisco Security Manager 4.2 license or a version upgrade license. Details about Cisco Security Manager licensing can be found in the product bulletin at http://www.cisco.com/en/US/products/ps6498/prod_bulletins_list.html .

Description of Licenses for Security Manager

Two base license types, Standard and Professional, are available, in addition to a free 90-day evaluation license.

Standard and Professional

For a list of the base licenses available for Cisco Security Manager 4.2, refer to Table 2-1 .

Table 2-1 List of the Base Licenses Available

License Name
License Abbreviation
Number of Devices that can be Managed (Refer to Device Count)

Standard-5

ST5

5

Standard-10

ST10

10

Standard-25

ST25

25

Professional-50

PRO50

50

Professional-100

PRO100

100

Professional-250

PRO250

250

For a comparison of Professional base versions with Standard base versions, refer to Table 2-2 .

Table 2-2 Comparison of Professional Base Versions with Standard Base Versions

Feature
Supported in Professional?
Supported in Standard?

Support of incremental (“add-on”) device license packages in increments of 50, 100, and 250 devices

Yes

No

Support for the management of Cisco Catalyst 6500 and 7600 Series switches and associated services modules

Yes

No

Support for the management of firewall service modules

Yes

No

Support for temporary licenses (licenses with an expiration date)

Yes

No (only permanent licenses are supported)

To obtain a base license, you must have (or obtain) a Cisco.com user ID, and you must register your copy of the software on Cisco.com. When registering, you must provide the Product Authorization Key (PAK) that is attached to the Software License Claim Certificate inside the shipped software package:

You must register Security Manager as soon as you can within the first 90 days and for the number of devices that you need to ensure uninterrupted use of the product. Each time you start the application, you are reminded of how many days remain on your evaluation license and you are prompted to upgrade during the evaluation period. At the end of the evaluation period, you cannot log in until you upgrade your license.

After registration, the base software license is sent to the email address that you provided during registration. Keep the license in a secure location.

90-day Evaluation License

If you provide no license during installation, the resulting installation will be an evaluation version. You can also select Evaluation Only during installation. Refer to Installing Security Manager Server, Common Services, and AUS.

The evaluation license is limited to 50 devices.

The evaluation license provides the same privileges as the Professional Edition licenses, except that you cannot apply incremental licenses to the evaluation version.

Standard-to-Professional Upgrade License

A Standard-to-Professional upgrade license is available. It can be applied only if the base license is a Standard-25 (“ST25”) license.

Version Upgrade License

If you need to upgrade to Security Manager 4.2 from a previous major version, such as 3.3, you can purchase a version upgrade license.

There are different version upgrade licenses. Each one corresponds to a particular base license from the previous version. You can use a particular upgrade license (e.g., PRO50U) only if you applied the corresponding base license (e.g., PRO50) to the previous version of Security Manager. Other upgrade licenses are not accepted.

Incremental (“Add-on”) Licenses

If your base license is a Professional version (not a Standard version or the evaluation version), you can purchase incremental (“add-on”) licenses to increase the number of devices that you are allowed to manage. You can purchase as many incremental licenses as you wish.

Incremental (“add-on”) licenses for previous versions are valid for the current version. For example, if you have a Professional-50 license for Security Manager 4.2, you can use a 4.1 incremental device license.

Incremental licenses are available in increments of 50, 100, and 250 devices.

Active and Standby Servers

A Cisco Security Manager license allows the use of Cisco Security Manager on a single server. A standby Cisco Security Manager server, such as one used in a high-availability or disaster recovery configuration, does not require a separate license if only one server is active at any one time. This is true even when high availability (HA) configuration is being used.


Note Users who use a standby server are responsible for manually restoring the database from their active server on a regular basis.


Licenses for Component Applications

Your license for Security Manager includes a license file for some component applications. Other component applications do not require a license file.

RME and Performance Monitor

Cisco Security Manager also includes a separate license file for RME and Performance Monitor. You are entitled to use these applications for the same number of devices that you have purchased for Cisco Security Manager. When you order a Security Manager base product you receive a second Product Authorization Key (PAK) for the RME and Performance Monitor license. (The Security Manager media kit contains a combined Software License Claim Certificate for Performance Monitor and RME.)

When you register Security Manager, you should also obtain the combined license file for Performance Monitor and RME. You can install the applications from the product DVD, or you can obtain the software by going to http://www.cisco.com/go/csmanager , clicking Download Software, and downloading the applications.

Common Services and AUS

Common Services does not require a license file.

Auto Update Server does not require a license file.

Device Count

Security Manager consumes one device count (of the number allowed by the license) when you add any of the following to the device inventory:

• Each physical device

• Each security context

  • Each virtual sensor

Advanced Inspection and Prevention Security Services Modules (AIP-SSMs), IDS Network Modules, IPS Advanced Integration Modules (IPS AIM), and any other modules supported for devices other than the AIP-SSC 5 and the Catalyst 6500 or 7600 installed in the host device do not consume a license; however, additional virtual sensors (added after the first sensor) do consume a license.

In the case of a Firewall Services Module (FWSM), the module itself consumes a device count and then consumes an additional device count for each additional security context. For example, an FWSM with two security contexts would consume three device counts: one for the module, one for the admin context, and one for the second security context.

Unmanaged devices are a special case. In Security Manager you can add unmanaged devices to the device inventory. An unmanaged device is a device for which you have deselected Manage in Cisco Security Manager in the device properties. An unmanaged device does not consume a license.

Another class of unmanaged device is an object that is added to a topology map. You can use the Map > Add Map Object command to add different types of objects on the map such as network clouds, firewalls, hosts, networks, and routers. These objects do not appear in the device inventory and do not consume a device license.

Installing a License for Security Manager or Component Applications

During the installation of Security Manager, you are asked for license information. Refer to Installing Security Manager Server, Common Services, and AUS.

During the installation of Common Services and AUS, you are not asked for license information. Common Services does not require a license file. Auto Update Server does not require a license file.

During the installation of Performance Monitor, you are asked for license information. Refer to Installing Performance Monitor.

During the installation of RME, you are asked for license information. Refer to Installing Resource Manager Essentials (RME).

Updating a License for Security Manager or Component Applications

To learn how to update a license file for Security Manager or a component application, see Updating Security Manager, Performance Monitor, and RME Licenses.

Additional Documentation on Licensing

For complete information on the types of licenses available and the various supported upgrade paths, as well as information about the Cisco Software Application Support service agreement contracts that you can purchase, see the product bulletin for the most recent major release of Security Manager at http://www.cisco.com/en/US/products/ps6498/prod_bulletins_list.html .

Getting Help with Licensing

For licensing problems with Security Manager, contact the Licensing Department in the Cisco Technical Assistance Center (TAC):

• Phone: +1 (800) 553-2447