Cisco License Manager

Cisco® License Manager is a lightweight GUI-based application for managing Cisco IOS® Software activation and licenses for Cisco devices such as Cisco Catalyst® 3560-E and 3750-E Series Switches. It automates the licensing workflows associated with fulfillment and accelerates deployment of licenses in customer networks. Cisco License Manager resides in the customer premises and securely communicates with Cisco devices in the customer network to automatically build an inventory of software licenses in the customer network. In addition, it securely interacts with the license server on the Cisco Website for license fulfillment, and it requires Internet connectivity from the host on which Cisco License Manager is installed. Some customers have isolated networks with no Internet connectivity and therefore may not be able to make full use of Cisco License Manager functionality. This paper describes how to deploy Cisco License Manager in these scenarios to be able to use its full functionality.

Some customers, especially in government and the financial and healthcare market segments, keep their networks isolated from the Internet for security reasons. There is no Internet connectivity from their network operations centers. As a result, these customers cannot use the full functionality of Cisco License Manager. They can automatically discover Cisco devices with licensing capability and build up and maintain a networkwide inventory of licenses. However, any functionality related to license fulfillment, such as retrieving SKU information from a Product Activation Key (PAK), obtaining licenses by associating devices with PAKs, and collecting all the licenses for a device, cannot be used because these functions require secure Internet connectivity to the license server on the Cisco Website.

The three following approaches can be used to make use of the full functionality of Cisco License Manager deployed in isolated networks.

The simplest solution for customers looking to deploy Cisco License Manager in isolated networks is to manually obtain license keys for their devices from the Cisco Product Registration portal at https://www.cisco.com/go/license Cisco License Manager installed in the isolated network using the following script:

Where password is the Cisco License Manager administrator password, import-source indicates the source of the license file and should be set to -email because the license file is sent from the Cisco Product Registration portal in an e-mail, and license-file is the fully qualified location of the license file.

For example, the following script imports a license file located at C:\clm_email_license.xml:

Once the license file is imported in Cisco License Manager, it can then deploy the licenses to devices and keep its inventory up to date. However, this approach is not scalable and would work only if the number of devices in the network is small.

Cisco License Manager supports a two-stage deployment model where it is installed on a host in the isolated network (Figure 1). Cisco License Manager has connectivity to network devices and discovers Cisco devices with licensing capability and builds an inventory of licenses in the isolated network. Once this is done, the customer can physically move Cisco License Manager to a network domain with Internet connectivity and fulfill licenses by securely communicating to the license server on the Cisco Website and obtaining and saving the licenses to its database. Cisco License Manager can then be moved back to the original isolated network domain to deploy previously obtained licenses to network devices.

Cisco License Manager is a lightweight application and can even be installed on low-powered machines such as laptops if the number of managed devices is relatively small compared to the maximum supported number of 30,000 devices and there are no concurrent clients enabling network operators to physically move between network domains easily. Please see the Cisco License Manager data sheet for exact minimum system requirements for larger deployments.

Some customers have policies and restrictions on physically moving hosts or equipment out from isolated network domains. In this case, the customer should deploy Cisco License Manager on two hosts-one inside the isolated network (Cisco License Manager server 1) and the second one in the network domain with Internet connectivity (Cisco License Manager server 2). See Figure 2. Cisco License Manager installed in the isolated network (Cisco License Manager server 1) has connectivity to network devices and discovers Cisco devices with licensing capability and builds an inventory of licenses in the network. Then the customer can back up the Cisco License Manager database using the following script:

Where password is the Cisco License Manager administrator password and absolute_backup_directory_path is the location where the backup files will be stored.

For example, the following script backs up all the data to the C:\CLMServer1 directory:

The customer should copy this database onto physical media and take it to the Cisco License Manager host in the network domain with Internet connectivity (Cisco License Manager server 2) and restore its database using Cisco License Manager server 1's database backup with the following script:

Where password is the Cisco License Manager administrator password and absolute_backup_directory_path is the location where the backup files are stored.

For example, the following script restores Cisco License Manager from the backup stored at C:\CLMServer1:

The customer should modify the following two entries in the <$CLM_HOME>/conf/Clm.properties file as follows to have the correct hostname and restart the Cisco License Manager server:

Now, Cisco License Manager server 2 has the information about all the devices in the isolated network and their unique device identifiers (UDIs). The customer then can proceed with the license fulfillment by securely connecting to the license server on the Cisco Website and obtaining and saving the licenses to its database. Once this is done, the user can back up the database on Cisco License Manager server 2 using the following command:

The customer can then take this database on physical media to the isolated network and restore Cisco License Manager server 1's database using the database backup of Cisco License Manager server 2 with the following command:

As done in the previous restore step, the customer should modify the following two entries in the <$CLM_HOME>/conf/Clm.properties file to have the correct hostname and restart the Cisco License Manager server:

Now the Cisco License Manager installed in the isolated network (on Cisco License Manager server 1) has all the obtained licenses and is ready to deploy them. The user must update the license information for all managed devices by selecting all top-level device groups and then clicking Poll Licenses before deploying the licenses to the managed devices to guard against the case where some license operations were done while licenses were being obtained in Cisco License Manager in the connected network domain.

Please note that users must not add, remove, or autodiscover network devices in either of the Cisco License Manager servers. The users must perform these steps with minimum delay between them in order to minimize the delta between the databases on the two Cisco License Manager installations.

The Cisco License Manager application automates software license management and securely communicates both with network devices and the license server on the Cisco Website. Some customers have isolated networks of Cisco devices with no Internet connectivity, thereby limiting the benefits they can achieve from the functionality of Cisco License Manager. This document lists three approaches to help enable users to make full use of Cisco License Manager functionality in these scenarios.

Please visit http://www.cisco.com/go/cim for more information or send an e-mail to ask-clm-pm@cisco.com.