Co-authored by Lisa Morway, Enterprise Software Marketing, Cisco
By now, you have probably heard of Cisco’s new approach to software licensing. Smart Licensing was created to simplify the customer experience and provide greater insight into software license ownership and consumption so you know what you own and how it is being used. Gone are the days of lost or unknown PAKs. Cisco Smart Licensing establishes a pool of licenses or entitlements that can be used across the entire organization in a flexible and automated manner. But what does this mean for you? Let’s take a look at five common myths about Cisco Smart Licensing and the truth behind them.
Myth #1: Smart Licenses require daily Internet access to validate the license.
The Differences Between Cisco Licenses. The challenge when it comes to Cisco licenses, then, isn’t installing them: it’s figuring out which one you need for your hardware, and what sort of feature set you ought to include. A particular series of Cisco hardware - for example, a series of Cisco routers- might include a dozen individual. Co-authored by Lisa Morway, Enterprise Software Marketing, Cisco. By now, you have probably heard of Cisco’s new approach to software licensing. Smart Licensing was created to simplify the customer experience and provide greater insight into software license ownership and consumption so you know what you own and how it is being used. Your Deal IDEnter in all the Cisco/Meraki Your Quote Number skus you need for Lab/Internal use including the quantity and licensing If you have a prebuilt estimate, you can upload it by clicking on the “Actions” button here Click on “Save and ontinue” Your Quote.
Truth: Smart Licenses use direct cloud access through the Cisco Smart Software Manager as the default method to send license information over the Internet. This method provides real-time visibility and management of your licenses, helping you optimize usage, lower operational costs and ensure compliance. Validation typically occurs every 30 days. Servers that change licensing needs frequently, like Call Managers, may check in more often. Why? This allows you to detect devices that are not using licenses anymore, so you can reallocate them where needed.
Smart Licensing also supports offline options. For instance, customers may choose to manage their licenses on a local satellite server that periodically connects to Cisco to exchange information. This exchange can be automatic or manual and takes place in a time frame that works for you up to one year, although every 30 days is recommended.
Myth #2: If a device using a Smart License does not check-in within 30 days, there will be a loss in functionality.
What are the different types of licenses in the Cisco Catalyst 3850? There are two main types of Cisco Catalyst 3850 license: permanent RTU license and evaluation RTU license. These are available for both image-based licensing (IP Base or IP Services) and AP count licensing. A permanent RTU license is a paid license, with no expiration date.
Truth: If a device has not communicated within 30 days, an alert will be sent notifying the user that the device has not been used. After 90 days with no communication, the license usage is released, however, the device itself will continue to run in an “Authorization Expired” state until the ID certificate is revoked, which is one year after the last communication. At this point, the product returns to evaluation mode under the terms of the particular product’s evaluation policy.
Myth #3: Smart Licenses share the details of customer business interactions, type of network traffic and other customer data with Cisco.
Truth: Smart Licensing only requires information that is absolutely essential to provide accurate licensing status and ensure the communications are unaltered. This information is generally limited to the serial number or unique identifier of the device, licenses and quantities consumed by the device, and which license pool is being used. Any other information (for example host name) can be removed from communications from the product itself by looking for the privacy configurations in the product configuration guide, or in the Data Privacy settings if using Cisco Smart Software Manager satellite.
Myth #4: Using Smart Licensing introduces security risks.
Truth: With Smart Licensing, you control the level of security required for your environment. There are multiple options for usage reporting—Cisco understands that there is not a “one size fits all” approach when it comes to security. Customers may choose one deployment option or a mix and match approach of the various deployment options based on what is most convenient for them. The simplest deployment method is direct cloud access where the Cisco product sends usage information directly over the Internet or through a HTTP Proxy Server. For a higher degree of security, customers may choose on-premises license management where Cisco products send usage information to a locally installed VM-based satellite server which replicates the cloud-based user experience but keeps all communication on the customer premises. Cisco also offers full offline access through License Reservations. In this environment, all license changes are processed manually.
Myth #5: With Smart Licensing, you are handing over the keys to Cisco allowing them to poll a customer’s network and send down commands.
Truth: With Cisco Smart Licensing, communications can never be initiated by Cisco. All communications are initiated by the product itself in the customer’s environment when the licenses are first configured or if they are modified.
Cisco Smart Licensing’s streamlined software license management is like having a Fast-Pass at Disney. Customers like Smart Licensing because it gives them a complete view of their assets from a single interface, and it provides the ability to move licenses across devices, when and where they are needed.
To find out more about Smart Licensing, go to: www.cisco.com/go/smartlicensing.
Cisco Licensing – Cisco Licenses Explained
- 6 March, 2019
Article, Cisco Licensing Explained, Enterprise Agreements, Licenses
Traditionally, Cisco licensing has offered a perpetual licensing model in which you buy once and keep the license through the life of the hardware. Once that hardware has been replaced, the license is obsolete, and the new hardware will need its own set of license(s). In the event you RMA the device, you’re eligible for a one time transfer of that license to the new hardware but for all intents and purposes that is the exception to the rule. This is true for all hardware.
The software features you buy on top of the hardware are licensed separately and require their own support contract. If you want to get IPS (Intrusion Prevention System) feature for your firewall, you’ll need a software license or entitlement.
This leads to a situation where one single device will have two support contracts associated to it. One for the hardware failure and the underlying operating system and another for the software support and updates you’d get specific to the IPS example above.
This perpetual method of ownership still requires you to have a support contract at all times to get the latest updates. What happens if you let the support lapse but keep the Cisco licensing? The core feature of the IPS module will continue to work as is. However, the module will stop receiving the latest threat updates leaving you more vulnerable to new threat vectors. You would also not be eligible to call Cisco support (TAC) and get assistance with the IPS software module.
How does support work for Cisco licensing?
There are two models and SKU’s you’ll normally see on your order and build of material sheets; Smartnet (SNT) and Software Support Services (SWSS). At a glance, these might look quite similar but there are fundamental differences that, if not accounted for, can leave a company vulnerable to security threats or extended downtime. In this article, we’ll examine the differences.
Smartnet only applies to the hardware. Depending on the level purchased, you get anywhere from 8x5xNBD (next business day) up to 24x7x2hours replacement on that hardware. This also grants you operating system updates similar to getting Windows updates while your Smartnet is valid.
Software Support Service (SWSS) has one single purpose. To keep the software add-on features updated and eligible for support.
Now let’s revisit our earlier example with more detail to see how these apply in a real-world scenario. Let’s say you have a Cisco Firepower NGFW (Next-Gen Firewall) withAMP(Advanced Malware Protection), IPS (Intrusion Prevention System) and URL Filtering. You are up for renewal. You get a build of materials that has an SNT and SWSS SKU’s on it. You choose to buy the SNT but leave out the SWSS because you assume the hardware replacement will cover the software and could even be cheaper.
The SNT gets renewed and things seem to work as before. Two months down the road, you’re looking into the URL module to and realize it hasn’t been receiving updates for some time. You call support and provide your details. Support will now tell you that while your hardware is in coverage you are not eligible for signature updates due to the lack of SWSS (software support services). You now have to work with your Cisco team and “re-instate” coverage which is often more expensive than keeping it current.
Let’s flip the scenario. You bought SWSS but left out SNT (Smartnet). You experience a hardware failure. You call support and they’ll tell you the reverse. There’s nothing they can do with helping you replace your hardware and you’ll need to contact your Cisco Account Team to buy new hardware with new licenses attached to it. The whole SNT and SWSS cycle starts again.
The lesson here is to always ensure that your Smartnet and Software subscriptions remain in sync to avoid these scenarios that we see all too often. The larger the environment, the higher the operation overhead this creates.
Operational challenges
There are significant challenges, especially in larger and geographically dispersed organizations, to keep your support and Cisco licensing in harmony given that growth and purchasing needs can originate from various sides of the business. Different teams and cost centres can also have their own strategies as to what they consider best practices. This leads to a lot of operational challenges and it’s not uncommon to sense dread in an organization around “renewal time.”
This is the bane of most IT and procurement teams as it requires a lot of manual inventory, reconciliation, lifecycle management and roadmap reviews. Many excel spreadsheets are passed around and many meeting hours are used up for a process that should take a fraction of the time. This continuous burden and pushback from customers force Cisco to think and innovate around the issue.
This think tank led to the formation of Cisco Enterprise Agreements.
Cisco Enterprise Agreements
Cisco License Manager
Cisco Enterprise Agreements came to light when organizations asked for a more agile way handling their Cisco licensing needs, especially when considering that the majority of the new Cisco platforms are software-centric and are best utilised with software features enabled.
The goal of the Cisco Enterprise Agreement is twofold: reduce overall cost vs a perpetual licensing model and demonstrate a significant reduction in operational overhead.
You can find an in-depth look at Cisco Enterprise Agreements here.
Cisco License Grace Period
The Tesrex Review & Renew is a two-week process that will pinpoint all the areas where you can save money and streamline management. Click here to learn more about this no-obligation engagement.
This is the first article in our series concerning Cisco Licensing and Enterprise Agreements. Please ensure you have signed up to be notified of when the rest of this series is released by clicking the blue icon in the bottom right-hand corner.
Cisco License Registration
You can read Part 2 here.
Book a 30 minute chat
Arrange a short call with a Cisco Licensing expert. They can answer any of your questions.