This document describes best practices, how to obtain a demo license for a virtual appliance, share a permanent hardware license to a virtual license, and also installation of a demo license or permanent license from Cisco for the Virtual Email Security Appliance (vESA), Virtual Web Security Appliance (vWSA), or Virtual Security Management Appliance (vSMA).
Various references might list the virtual ESA as VESA, vESA, or ESAV, and the virtual WSA as VWSA, vWSA, or WSAV, or virtual SMA as VSMA, vSMA, and SMAV. Be sure to use these acronyms interchangeably, as needed.
Best Practices for Virtual ESA, Virtual WSA, Virtual SMA Licenses
Before you complete configuration for your vESA/vWSA/vSMA, you are required to request and install a virtual appliance license.
Obtain a Virtual License (VLN)
A Virtual License Number (VLN) must be created from Cisco Global License Operations (GLO). You will need to have your activation keys from your ESA, WSA or SMA, and your Cisco.com account in order to complete this process. (If you do not already have a Cisco.com account, register for an account at www.tools.cisco.com/RPF/register/register.do.).
If sharing an existing license, you will need to have your email address used for existing device registration. If not, you will not be able to request the Activation Code listed in the steps below. Any assistance with licensing must be handled through GLO. (Phone: 1-800-553-2447, option 3 and request to have a case opened for GLO/Licensing, or contact via email: firstname.lastname@example.org)
From the Move Licenses drop-down, choose Share License...
Choose the Get Activation Codes option.
You will be presented with a pop-up window. Choose IronPort Product - SW Bundles (if you have an existing software bundle) or IronPort Product - TC (if you have individual products).
Enter an existing ESA/WSA/SMA serial number in the Source Serial Number/Virtual Device Identifier field. If you have multiple ESAs, WSAs, or SMAs, choose one that has the same licenses that you want enabled on your virtual appliance.
For the Select Destination Appliance Type option, choose the Virtual button.
Leave the Target Serial Number/Virtual Device Identifier field BLANK.
In the Send to field, enter the email address to which the activation code should be sent.
If you have previously stepped through the license request, you may be presented with existing VLN(s), choose as needed.
Click Request Code.
Check the email address as entered from earlier steps. An activation code will be sent. Once you receive the activation code, repeat steps #3 and #4 (listed above). Once you reach step #5, choose the Use Activation Codes option.
Paste in the provided activation code and click Next.
Choose the Cisco ESA/WSA software SKUs that should be embedded on the Cisco virtual ESA/virtual WSA/virtual SMA license. Click Next.
Enter the email address to which the license should be sent.
Finally, click Get License.
Note: Your virtual license file should be sent and received within three hours to the email address as you have specified in.
Note: The virtual license file will be sent in XML format.
Load the Virtual License onto Your Appliance
The virtual license file once received can only be loaded from the CLI of the appliance using the command loadlicense, and then either Paste from CLI or Load from file.
You will need to enter CTRL-D once the license has been entered. (*Highlighted in yellow in the example below.)
After the successful load of the license file, you will be presented with full EULA to accept. You will need to enter Y in order to accept the EULA and complete loading the license onto the virtual appliance.
Note: It is recommended to load the XML file in Notepad++, or other similar text editor that is capable of XML rendering. If a web browser is used to open the XML file, extraneous dashes or blank spaces may be added which results in this error – "Malformed license: Invalid XML, could not parse". If you see this error, please re-try loading the XML in an appropriate text editor.
Example output of Paste via CLI:
1. Paste via CLI 2. Load from file How would you like to load a license file? > 1
Paste the license file now. Press CTRL-D on a blank line when done.
</Envelope> ^D IMPORTANT: PLEASE READ THIS END USER LICENSE AGREEMENT CAREFULLY. IT IS VERY IMPORTANT THAT YOU CHECK THAT YOU ARE PURCHASING CISCO SOFTWARE OR EQUIPMENT FROM AN APPROVED SOURCE AND THAT YOU, OR THE ENTITY YOU REPRESENT (COLLECTIVELY, THE "CUSTOMER") HAVE BEEN REGISTERED AS THE END USER FOR THE PURPOSES OF THIS CISCO END USER LICENSE AGREEMENT. IF YOU ARE NOT REGISTERED AS THE END USER YOU HAVE NO LICENSE TO USE THE SOFTWARE AND THE LIMITED WARRANTY IN THIS END USER LICENSE AGREEMENT DOES NOT APPLY. ASSUMING YOU HAVE PURCHASED FROM AN APPROVED SOURCE, DOWNLOADING, INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE CONSTITUTES ACCEPTANCE OF THIS AGREEMENT.
<<<SNIP FOR BREVITY>>>
Please refer to the Cisco Systems, Inc. End User License Agreement, Privacy Statement and Service Description of Software Subscription Support Services.
Do you accept the above license agreement? > Y
Example output of Load from file:
1. Paste via CLI 2. Load from file How would you like to load a license file? > 2
Enter the name of the file in /configuration to import: [license.xml]> license.xml
Note: If you choose to Load from file, you will need to use File Transfer Protocol (FTP) in order to place the license file onto the virtual appliance. This might require configuration of the interface either from CLI with the interfaceconfig command, or the GUI, Network > IP Interfaces. Ensure that FTP is enabled on the interface required, and submit/commit all changes.
An example FTP from your localhost, with standard FTP commands, is shown here:
$ftp 172.16.6.165 Connected to 172.16.6.165. 220 ironport.example.com Cisco IronPort FTP server (V8.0.0) ready Name (172.16.6.165:user): admin 331 Password required. Password: <password> 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> hash Hash mark printing on (1024 bytes/hash mark). ftp> bin 200 Type set to Binary. ftp> cd /configuration 250 CWD command successful. ftp> put license.xml local: license.xml remote: license.xml 227 Entering Passive Mode (172,16,6,165,67,52) 150 Opening Binary connection for license.xml ###### 226 Transfer Complete 6244 bytes sent in 00:00 (90.08 KiB/s) ftp> quit 221 Goodbye.
At this point, the license file should be loaded onto your virtual appliance. You can use the featurekey command in order to get the full display of the feature keys that were tied to the license and that are now active.
Note: Feature keys are included as part of the license.The feature keys expire at the same time as the license, even if the feature has not been activated. Purchasing new feature keys will require you to download and install a new virtual appliance license file. This is specified in the Cisco Content Security Virtual Appliance Installation Guide.
You can also use the showlicense command and see the VLN number and license validity dates:
Virtual License =============== vln VLNESA123456 begin_date Mon Jan 01 18:20:50 2014 GMT end_date Wed Dec 31 18:20:49 2014 GMT company CISCO seats 25 serial EF7 email email@example.com issue 4a0cf2fe83bb47cbbd84e0f359123456 license_version 1.1