Cisco® IOS® Software delivers the flexibility and rich functionality that characterize Cisco networks. With a new approach to software licensing, Cisco makes it easier for customers to deploy, manage, and upgrade their Cisco IOS Software assets. Not only does the new approach streamline network deployment, it helps customers monitor compliance policies. Single-click, automated processes help customers significantly simplify software deployment and license management, saving time and creating a foundation for license management best practices.
Introduction: The Importance of Software Licensing
Cisco IOS Software has traditionally been covered by a right-to-use license, with one license associated with each device. When a customer began using a Cisco product, the usage automatically constituted acceptance of the license agreement and validated the license for that customer - device licenses are nontransferable between end-user customers.
While this practice made it relatively easy to deploy and begin using the Cisco product, it had implications for tracking hardware and software systems, adding service features, updating and upgrading images, and transferring licenses. Customers increasingly request simpler ways to manage these tasks.
Deploying and managing new licenses has largely been a manual process. Users with large numbers of devices are requesting an automated license management mechanism to save time and improve productivity.
Adding new functionality can be complicated. Customers need simpler ways of purchasing new software images and additional capabilities to minimize the time required to:
• Fully test new software systems
• Deploy new software images to all affected devices
• Accurately configure every instance of the new software
• Closely monitor changed systems
Multiple software images deployed throughout an infrastructure can create complexity and service inconsistencies. With multiple images - often on similar device types - managing upgrades, patches, and refreshes can be difficult. By making software licensing more consistent, users can improve delivery of network services in locations such as enterprise branches and wiring closets.
Improved Tracking of License Status
When a person in charge of a device moved or left a company, the known status of existing licenses and feature sets often went with him or her. Licenses often end up on different devices than those on which they were originally installed. With the ability to track license deployments, businesses have full knowledge of how software is used and can avoid paying for extra licenses.
Minimizing the Risk of Noncompliance and Fraud
There is a growing emphasis on software audits in order to meet compliance requirements, yet tracking installed licenses can be difficult. In addition, counterfeit hardware and software are becoming more common. In recent months, Cisco has identified a growing incidence of counterfeit equipment and copied software - and changed its licensing approach to minimize the risk to users.
The New Cisco Approach: Simplified Software Activation and License Management
A new software activation approach addresses these issues, and is implemented on Cisco Catalyst® 3750-E and 3560-E Switches and Cisco 860 and 880 Integrated Services Routers. By starting with key new products, users will be able to integrate software activation and licensing into their processes, as well as benefit from the ability to automate and easily track new license deployments across their infrastructures.
Improving Deployment and Provisioning
Now, each network device type - such as Cisco 880 Integrated Services Routers - will have a universal Cisco IOS Software image already installed. This means that a consistent image is deployed and only one archive image must be maintained per device.
A Software Activation License is also preinstalled in the device, which activates the specific functionality that the user orders. Each Software Activation License is unique to a specific device and functions only with that device. The Software Activation License includes that system's product ID number, serial number, and a Product Authorization Key (PAK). When a user purchases new capabilities for a device, the user receives a PAK - a short string of code provided by Cisco for activating software licenses on new equipment or for new feature sets on installed devices. Software Activation Licenses do not expire, and a new license is needed only when adding new feature sets. For example, advancing a device from the IP base feature set to IP Services requires a new Software Activation License. However, simply upgrading software images, from 12.2(35)SE to 12.2(45)SE for example, does not require a new license.
When the device is first powered on, the Software Activation License is examined by Cisco IOS Software, which activates the appropriate feature sets. Unlike previous right-to-use licenses, the new approach helps enable users to simplify deployment of new systems and maintain an accurate record of the specific image, functionality, and additional features that are activated on each device.
Multiple License Types
There are two types of licenses:
• Permanent: These are valid for the life of the device, and all devices must have a permanent license
• Temporary: These licenses are used for evaluating new capabilities or in emergency situations. A temporary license allows a feature set to be used for 60 days. When the 60-day period expires, the device will continue to operate normally until restarted. After the restart the device will default to the original functionality before the temporary license was enabled. The Cisco Technical Assistance Center (TAC) can provide an extension license for longer trials or other circumstances.
Permanent and temporary licenses also apply to feature sets - such as IP Services feature sets - or to individual features, such as Gatekeeper.
Adding or Upgrading Capabilities
Because the universal Cisco IOS Software image contains all functionality that the device is capable of delivering, adding new capabilities only requires a new "key" to turn on feature sets, once they are purchased. When the user chooses to activate new software, the license manager (built into the device) collects the device Unique Device identifier (UDI) and current licensing information and encrypts it for secure transport over the Internet to Cisco. This "call home" feature helps enable Cisco to immediately identify the device and new feature set desired when the user enters the PAK into the Cisco licensing portal. The new license is generated and sent back to the user for deployment.
To upgrade features without "call home":
1. Customer purchases the necessary PAK, which is a code that can be delivered by mail or electronically.
2. Customer enters the device product ID, serial number, and PAK into Cisco's licensing portal at www.cisco.com/go/license.
3. The new license file is sent over email and the user installs the new license on the device.
Simplifying Asset Management with Cisco License Manager
An important element of the new Cisco software-licensing model is improved asset management using Cisco License Manager. This is a free application that can be quickly downloaded and used to accelerate license deployment, monitor license activations and inventory, and easily obtain new licenses. Cisco License Manager works in the following way:
1. With a single click, the Cisco License Manager identifies devices on the network by IP address, automatically locating each and establishing a connection with the license agent on each device.
2. The Cisco License Manager displays the devices in the network, and gathers the licensing information for each, saving it in the license management database. The information gathered includes which licenses are deployed on the devices, as well as other licensable features on each device that have not been activated yet.
3. License information for all devices can be easily browsed or generated in a Device Summary Information report.
Figure 1. CLM Capabilities
Automating Software Activation with Cisco License Manager
Cisco License Manager can accelerate software license and feature set activation by automating the process - for one device or up to 30,000 devices. Using Cisco License Manager, the user:
1. When the purchased PAK is received, the user enters it into Cisco License Manager .
2. Cisco License Manager sends the product IDs and serial numbers of the relevant devices, together with the PAK, to the Cisco licensing system over a secure connection
3. Cisco returns the appropriate license files to Cisco License Manager
4. Cisco License Manager automatically installs the licenses on the devices or can store the license in its inventory until the user is ready to deploy it
For customer devices that reside behind a firewall, a secure Internet connection through the firewall must be created for the device to "call home." For more details about supporting isolated networks, please visit www.cisco.com/go/clm.
In addition to the license, Cisco License Manager captures the feature SKU ID, license features, and license quantities and records them for future tracking. As users deploy the new licenses, they can choose which feature sets to activate simply by clicking checkboxes that Cisco License Manager uses to describe which feature sets are authorized for activation on each relevant network device. For example, a PAK may contain 10 items, but the user wants to deploy only two now. The user can do this with a single click and install two feature sets. Cisco License Manager will update its inventory to reflect the two feature sets that have been activated, as well as the eight that have not.
To save time and eliminate manual data reentry, device information that exists in another application can be exported in an XML file and imported into Cisco License Manager. For example, device information in CiscoWorks LAN Management System can be imported into Cisco License Manager this way.
For the most current information about Cisco devices that are supported by Cisco License Manager, please visit www.cisco.com/go/clm.
Replacing a Device Using Return Materials Authorization
Occasionally customers will want to return a device or exchange a defective system. Now that Software Activation Licenses and PAKs are associated with specific devices, exchanging a device requires that its license be transferred as well. Cisco has created a simple, online process for transferring, or "rehosting" the license of a defective system:
1. Determine the product ID and serial number of the device to be returned and of the replacement device
3. The license portal automatically determines the licenses associated with the defective device and issues a new license
4. The user simply installs the new license on the replacement device
Transferring a License
Occasionally a customer will want to transfer a license from one system to another. Using a command-line interface (CLI), the user can connect to the original device to revoke its license and specify the UDI - the Cisco identifier that contains product ID, serial number and version information of the target device. The original device contacts the Cisco license portal and requests rehosting permission. When granted, the user connects to the new unit and instructs it to collect the new license, which it does and automatically installs it. Using Cisco License Manager, the user can simply select the source and destination devices from a GUI wizard and the process is automated.
Cisco IOS Software is integral to Cisco routing and switching systems, containing critical network services and rich advanced features that help enable customers to differentiate their businesses, maintain high productivity, and achieve their business goals. This is why it is more important than ever to be able to accurately and efficiently manage it. The new Cisco software licensing and activation model makes it easier to deploy, manage, track and fully utilize this important business asset.
A secure client/server application for managing licenses on a network-wide basis.
Temporary Evaluation/Extension/Emergency License
A free license, which has usage-based expiration for a fixed duration associated with it, provided to allow customers and software activation licensee engineers to evaluate new products. The 60-day evaluation/emergency licenses are embedded in every Cisco IOS Software image or can be obtained from the Cisco license portal. Cisco TAC can grant extension licenses for longer trials.
Temporary Grace Period
A device is given a 60-day grace period after a rehost has been performed
File generated by Cisco licensing tools that provides an electronic right to use for a quantity of SKUs on a particular device. It is used to install a license on a device and has a user-readable part and contains one or more licenses. An SKU is associated with a UDI to obtain a license file.
The movement of digital rights from one working device to another.
Product Authorization Key: Provided to a customer by Cisco for activating software licenses on new equipment or for new feature sets.
Cisco Product License Registration Portal
A self-serve Cisco.com portal that allows customers to obtain product licenses.
Stock-keeping unit: This identifies a licensable feature that can be ordered. One PAK can contain multiple SKUs
Cisco.com portal from which Cisco software can be downloaded.
Cisco Technical Assistance Center for customer support.
Unique Device Identifier: A Cisco-wide identifier that contains product ID, serial number and version.