LTRCRS 2579

Smart Licensing hands-on
lab
Michal Stanczyk, TECHNICAL LEADER

Andrii Matlavskyi, SOLUTIONS ARCHITECT
Anton Nechai, CONSULTING ENGINEER
LTRCRS-2579
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
LTRCRS-2579 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• Introduction
• Smart Accounts overview
• Products Registration
• On-Prem solution
• License Reservation
• License Conversion
• Troubleshooting scenarios
• Conclusion
Other Smart Licensing Sessions
• Care and Feeding of Smart Licensing - BRKARC-2034

• SCHEDULE: Thursday, January 30 | 08:30 AM - 10:30 AM
• Demystifying Smart Licensing configuration and troubleshooting - LABRST-2483

• SCHEDULE: Walk in Lab, available the whole week
• Smart Licensing with CSSM On-Prem - LABRST-2813

Introduction
Why do we need a new Licensing Model?
Disruption from new New Software Asset

deployment models Management processes
(Virtualization, Containers, can drive down costs
Cloud, etc.)
New consumption model Previous model

required due to challenges are solved
Outsourcing, Out staffing,
BYOD trends
Software Licensing Transition
Classic Licensing Smart Licensing
Complete View
Limited View
Software, services, and devices in
Customers do not know what they own.
easy-to-use portal.
PAK Registration Easy Registration

Manually register each device. No PAKs. Easy activation. Ready to use.
Device-Specific Company-Specific
Licenses are specific to only one device. Flexible licensing. Use across devices.
Locked Unlocked
Use only what you paid for. Add users and licenses as needed.
Smart Accounts
overview
Smart Accounts – Virtual Accounts
Assets are represented as company owned allowing effortless sharing across your
enterprise
Virtual Accounts Share devices and

licenses across virtual
accounts easily.
Data Center
Users & Roles
Licenses
Campus Access
bigu.edu
Devices
Computer Lab
Agreements
Create sub-accounts Purchased licenses by

to reflect organization’s DEFAULT
default land in Default
construct. Virtual Account.
Smart Accounts Types
Customer Partner
Smart Account Holding Account
Virtual Accounts Virtual Accounts

Customer has the ability to manage software licenses in one account Temporary account where smart enabled products are stored
Managed by customer directly, designated VAR or authorized party Partner or reseller store these products until customer identified
• Account Approvers – Owner of account and

• Partner/reseller will have visibility into what products
enters/approves agreements with Cisco
customer wants in Smart Account
• Account Administrators – manages users access and
• The Partner/Reseller will deposit an order into a
privileges
customer account when account is identified
• Administrator of account can view and make changes to
licenses, review logs, track purchases, etc.
*Licenses can’t be used while in Holding Smart Accounts*
Use Case 1: Smart Account Layers
by TECHNOLOGY DOMAIN
Details:
Domain Name COMPANY.COM
Small/Medium Enterprise Size
Centralized IT Organization
Centralized Budgets and Security Smart Accounts COMPANY.COM (COMPANY)
Policies
Virtual Accounts [Technology Domain]
Use Case 1: Smart Account Structure
COMPANY.COM
Domain Name
COMPANY.COM
Smart Account
ENTERPRISE NETWORKING COLLAB DEFAULT

Virtual Account Virtual Account Virtual Account
Use Case 1: Smart Account Topology
Cisco Smart Software
Manager (CSSM)
cisco.com
COMPANY.COM Smart Account
ENTERPRISE NETWORKING COLLAB DEFAULT
Virtual Account Virtual Account Virtual Account
ENT NALA EMEA APAC

COLLAB
ENT
COLLAB ENT COLLAB
by REGION and TECHNOLOGY DOMAIN
Details:
Domain Name COMPANY.COM
Medium/Large Enterprise Size
Centralized IT Organization
Separate Budgets and/or Security Smart Accounts COMPANY.COM (COMPANY)
Policies per Region
Virtual Accounts [Region]
On-Prem
[Technology Domain]
Virtual Accounts
Definable and Searchable Identifiers

TAG for Technology Domain
Use Case 2: Smart Account Structure
COMPANY.COM
Domain Name
Default
COMPANY.COM Virtual Account
Smart Account
NALA EMEA APAC On-Prem APAC

Virtual Account Virtual Account Virtual Account Virtual Account
On-Prem EMEA
Virtual Account
On-Prem NALA APAC ENT
TAG: ENT TAG: ENT TAG: ENT Virtual Account
EMEA ENT
NALA ENT APAC COLLAB
TAG: COLLAB TAG: COLLAB TAG: COLLAB
EMEA COLLAB
NALA COLLAB
Manager (CSSM)
cisco.com
COMPANY.COM Smart Account
DEFAULT NALA EMEA On-Prem NALA On-Prem EMEA On-Prem APAC APAC
VA VA VA VA VA VA VA
ENT
COLLAB
NALA ENT EMEA APAC COLLAB ENT
COLLAB
On-Prem NALA ENT
NALA ENT On-Prem NALA Collab
EMEA ENT On-Prem EMEA ENT
APAC ENT On-Prem EMEA Collab
CSSM On-Prem APAC ENT

EMEA COLLAB On-Prem On-Prem APAC Collab
Smart Account Topology used for the Lab Pod01
Manager (CSSM)
cisco.com
CL-DEFAULT-
Cisco Systems,
COMPANY.COM
Inc. (JAMES.CISCO.COM)
Smart Account
Smart Account Pod01
CL-Direct-NALA- CL-Direct-EMEA-
CL-DEFAULT- CL-Direct-NALA- CL-OnPrem-NALA-
CL-Direct-EMEA- CL-OnPrem-EMEA-
CL-OnPrem-NALA- CL-OnPrem-APAC-
CL-OnPrem-EMEA- CL-Direct-APAC-
CL-OnPrem-APAC- CL-Direct-EMEA-
Pod01
Pod01 Pod01 Pod01 Pod01 Pod01 Pod01 Pod01Pod01 Pod01
Pod01 Pod01
Pod01
NALA CSR1 EMEA CSR2 APAC CSR3

NALA EMEA APAC
CL-OnPrem-NALA-ENT
EMEA CUCM CL-OnPrem-NALA-Collab
CL-OnPrem-EMEA-ENT
NALA CSR4
CL-OnPrem-EMEA-Collab
EMEA CSR5
CSSM CL-OnPrem-APAC-ENT
APAC CSR6 On-Prem CL-OnPrem-APAC-Collab

Product
Registration
Smart License Deployment models
The Cisco Product is configured to use Smart Licensing at install/provisioning time.
Direct cloud access is the default option
Options
1 Direct cloud access (default)
Cisco product sends usage information directly over the internet. No HTTPs
additional components are needed. Cisco Cisco.com Usage Info
Available Today for

Product
2 Access through an HTTP proxy
all products!
Security Policy
Cisco Products send usage information over the internet via a Proxy
Server. Any off-the-shelf Proxy will work.
Ease of use
HTTP
Cisco Proxy Cisco.com Usage Info
Product
File Transfer
3 Access Through On-Premise License Management
Cisco products send usage information to a locally installed satellite.
+ Periodically, exchange information with Cisco to keep satellite sync. This
4 synchronization can occur automatically in connected environments or Cisco
HTTPs
Cisco.com Usage Info
Cisco
manually in disconnected environments. Product Satellite
Availability
5 Full Offline Access – License Reservation
Limited
Request License
Use copy/paste information between product and Cisco.com to manually Copy / Paste
check in and out licenses. Functionally equivalent to current node locking, License Response
Cisco Cisco.com Usage Info
but with Smart License tracking. Product
Smart Licensing Transport
• Smart Call Home (SCH)

• Legacy (default) transport mechanism for Smart Licensing
• Supported on all Smart Licensing enabled products
• Smart Transport
• New transport mechanism for Smart Licensing
• Might be not supported on older Cisco products / software version
Smart Call Home for Smart Licensing Transport
Option 1 - Default
• Smart Call Home Server is located in a secure Cisco Data Center

• Smart License messages are sent to the Cisco SSM portal
• Smart License uses only the SmartCall Home Client
Smart License
Cisco Smart
(Packet Delivery) Software Manager
SCH
Call Home Client

• Information is exchanged using
HTTPS (TLS/SSL encryption HTTPS
Smart Agent
of data)
Home Server
Smart Call
Cisco Smart Call
Product Home
Smart Transport
Option 2
• Smart License messages are sent to the Cisco SSM portal using Direct
URL
• Information is exchanged using
Smart License
Cisco Smart
HTTPS (TLS/SSL encryption Software Manager
of data)
Smart Agent
Product
(config)# license smart transport smart
(config)# license smart url <…>
Smart Licensing Data Interchange & Visibility
Information exchanged with Cisco
• Required information includes:

• Unique identifier for the device
• Licenses (a.k.a entitlements) being consumed
• Organization identifier (ID Token created in your Virtual Account)
• Optionally (Privacy disabled):

• Hostname / IP address
Smart Licensing Work Flow
Have more licenses

Device/Product than being used
started
In-Compliance
SL State= (Authorized)
Un-configured Device/Product Registration
For Hybrid Create/Copy Enter Register

Platform uses Users & Roles
Product Registration feature & Licenses

command/GUI reports usage
Enable Smart ID Token from with ID Token to CSSM
Licensing CSSM Devices
Agreements
SL State=
Un-identified Customer Smart
Account identified SL State= Out-of
Registered Compliance
Using more licenses

than entitled to
Smart Licensing Workflow - ID Tokens
Example:
YWJkNWNhYTEtNDhjZC00YTcyLTllABCtZDE1ZjMyNWIxMGI4LTE1NzcyNzk4%0AMDY1NzB8QUg0M29wRElVMjhJaGp3UXJsNFUrdDBE
TnJrVTQ3MmxxMEdCSDMx%0AZ3RuUT0%3D%0A
Used to securely Register products to a Smart Account and Virtual Account

ID Tokens are “organizational identifier” used to establish ‘identity’ when
registering a Product
An ID Token: ID Tokens are NOT:
• Can be used once – or reused
multiple times • Product specific
• Can be created and revoked at any • Licenses or keys or PAKs
time • Stored on the Cisco Product
• Expires after a period of time • Needed after the product is
(default is 30 days; Minimum of 1 registered
day and a maximum of 365 days)
Smart License Product States
Un-
Registered
Failed
Register
Product
Registered
State
Consume
License
Out Of
Authorization Authorized
Compliance
Expired State
State
• Registered state
Product has been associated with a valid Smart Account
Un-
Registered
Failed
Register
Product
Registered
State
Consume
License
Out Of
Compliance
Expired State
Note: Platforms may differ with timeouts, State
check with specific platform for details
Un-
• Authorized state (In Compliance) Registered
Product is using an entitlement, and the Virtual Account Failed

does not have a negative balance Register
Product
Registered
State
Consume
License
Out Of
Compliance
Expired State
Un-

Product
• Out of Compliance state
Product is using an entitlement, but the Virtual Account Registered
State
has a negative balance
Consume
License
Out Of
Compliance
Expired State
Un-

Product
• Out of Compliance state
Product is using an entitlement, but the Virtual Account Registered
State
has a negative balance
• Authorization expired state Consume
License
Product has not communicated with
Cisco within a maximum of 90 days Out Of
Compliance
Expired State
Evaluation Period
• Device has not yet registered with Cisco

• One 90-day evaluation period for the entire device (not per license)
• The count down timer is maintained across reboots, never reset!
• The evaluation timer will stop counting down when one of the following
happens:
• All licenses are released
• The device receives a successful response to an entitlement authorization request
sent to the Cisco Licensing Authority and enters the Authorized or OOC state
Direct Access
Options
Available Today for

Product
all products!
Security Policy
Ease of use
HTTP
Product
File Transfer
HTTPs
Cisco
Availability
Limited
Request License
Direct Cloud Access
Steps:
1. Setup layer 3 connectivity to tools.cisco.com
• DNS server (vrf?)
• Source interface for DNS communication (vrf?)
• Source interface for HTTP client (vrf?)
• Routing (vrf?) Cisco Smart
Software
2. Register to CSSM
License
Smart
Manager
SCH Smart Agent

3. Set license level/enable licensed feature
Call Home Client

4. Verify license status HTTPS
Product
LAB Time: Scenario 1-2
Product Direct registration Lab topology - Pod01
Manager (CSSM)
cisco.com
CL-DEFAULT-
Cisco Systems,
COMPANY.COM
Smart Account
Smart Account Pod01
Pod01
Pod01 Pod01
Pod01

NALA EMEA APAC
CL-OnPrem-NALA-ENT
Hostname IP Address Credentials EMEA CUCM CL-OnPrem-NALA-Collab
admin /
CSR1 198.18.133.201 CL-OnPrem-EMEA-ENT
cisco NALA CSR4
admin /
CSR2 198.18.133.202 EMEA CSR5
cisco CSSM CL-OnPrem-APAC-ENT
On-Prem solution
Options
Available Today for

Product
all products!
Security Policy
Ease of use
HTTP
Product
File Transfer
HTTPs
Cisco
Availability
Limited
Request License
How does Cisco SSM On-Prem Work?
1 2 3
Install/Register Synchronize Local
Register/Report
CSSM On-Prem Database
• Install Smart Software • Devices and software • Choose to periodically

Manager On-Prem & products register synchronize local
register it to Cisco and report license database to the Cisco to
Smart Software consumption ensure up to date files
Manager
Usage
Info
Cisco.com
HTTP / HTTPs
Cisco
CSSM
Product
On-Prem
Smart Software Manager On-Prem -
Requirements
The Free installation package is available in ISO installable via Bootable Media
System Requirements
ISO (Customer Provided):
Smart Software Manager On-Prem

Containers Minimum Recommended
Database
Crypto Services 200 GB Hard Disk 200 GB Hard Disk
License/Admin
License Services Workspace
8GB Memory 8GB Memory
(Centos 7) 2 vCPUs 4 vCPUs
CSSM On-Prem version 7.x is recommended.

On-Prem UI - Workspaces
Licensing Workspace Administration Workspace
HTTPS://<On-prem-IP:8443> HTTPS://<On-prem-IP:8443>/admin
• Local Virtual Account • Perform registration and

management synchronization
• Register, deregister, transfer • Network and Proxy
products configuration
• Transfer and distribution of • Authentication and user
licenses between Local Virtual management
Accounts
Deployment Modes – Connected and
Disconnected
Connected Disconnected
• When there is direct connectivity to cisco.com • When there is no connectivity to cisco.com

from the On-Prem from the On-Prem
• License consumption and entitlement can be • On-Prem can be synchronized with Cisco SSM
synchronized with Cisco SSM on-demand or via a file upload and download
automatically via scheduling
• Easiest to deploy
Cisco
Cisco
Automatic
Updates
Periodic
Updates
Change Product Configuration for On-Prem Model
Product Instance • Change call-home profile configuration on a product:

https://<On-Prem-FQDN>:443/Transportgateway/services/DeviceRequestHandler
• Change Trustpoint configuration on device:
crypto pki trustpoint SLA-TrustPoint

revocation-check none
CSSM On-Prem
• To ensure that Certificate Common Name match the DNS record.
• CSSM On-Prem Certificate Common Name takes effect only

after a new Local Account is registered to CSSM (cloud).
LAB Time: Scenario 3
On-Prem solution Lab topology - Pod01
LAB Time: Scenario 3
Manager (CSSM)
cisco.com
CL-DEFAULT-
Cisco Systems,
COMPANY.COM
Smart Account
Smart Account Pod01
Pod01
Pod01 Pod01
Pod01

NALA EMEA APAC
CL-OnPrem-NALA-ENT
Hostname IP Address Credentials
EMEA CUCM
admin / CL-OnPrem-NALA-Collab
CSR4 198.18.133.204
cisco CL-OnPrem-EMEA-ENT
NALA CSR4
admin / CL-OnPrem-EMEA-Collab
CSR5 198.18.133.205
cisco EMEA CSR5
admin /
CSSM CL-OnPrem-APAC-ENT
CUCM1 198.18.133.3 APAC CSR6 On-Prem CL-OnPrem-APAC-Collab

cisco LTRCRS-2579 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
License
Reservation
Options
Available Today for

Product
all products!
Security Policy
Ease of use
HTTP
Product
File Transfer
HTTPs
Cisco
Availability
Limited
Request License
Introduction to License Reservation
The Smart Account must be authorized for License Reservation:
• Must have enough available licenses (Over subscription is not allowed)
• Smart Account must be authorized for any Export Restricted Functionality
Permanent License Reservation: Specific License Reservation:

• All features are enabled • Only featured owned can be reserved
• Cost premium • At no additional cost
• Some products will not support PLR • Not all products support SLR (yet)
Specific License Reservation
• Manually exchange information (copy and paste) with CSSM
• Two-way data exchange via ASCII strings

• Product Request (UDI/vUDI, etc.) entered into CSSM
• Requested licenses and quantities chosen in CSSM
• CSSM returns an authorization locked to UDI/vUDI
• Entitles specific license consumption on product

CSSM
1 2
Get UDI/vUDI Type or Paste
Request Request String
3
Choose Licenses
5 4
Copy Auth String
Paste Auth String
License Reservation Cancellation
When licenses are reserved on a Product Instance, there are two ways to remove a
PID from a Smart Account and release all of the licenses reserved for that PID:
1. If the PID is operational (graceful removal)

Return the SLR authorization by creating a Reservation Return Code on the Product
Instance (which removes the authorization code) and then enter the Reservation Code
into CSSM
1. If the PID is NOT operational (Failure or due to destroying the VM/Container):

Call Cisco Licensing to get the Product Instance removed from your Smart Account
License
Conversion
License Conversion methods
• Convert manually:
• PAK conversion
• License conversion
• Convert automatically (Device Led Conversion):

• ASR1000, ISR4000, ISR1000, Catalyst 3850/3650, Catalyst 9800
• Nexus 7000
• ACI
Device Led Conversion (DLC)
• Ensure correct license is the current running license as the DLC procedure
can only be done once!
• Steps:
1. Configure and setup Smart Licensing like normal
2. Register the device to CSSM / On-Prem
3. Licenses will be "Out Of Compliance” state after Registration
4. Check "show platform software license dlc" for licenses that will be converted during DLC
5. Start conversion
# license smart conversion start
• When you start you will see status changes to “Waiting for response” and next status is 1h later
Which licenses will be included in DLC?
• Permanent ISR4431-lab#show platform software license dlc

Index 1 Feature: securityk9
• Right To Use Permanent License: 0
EVAL RTU License: 1
• EvalRightToUse RTU License: 0
Paper License: 0
Index 2 Feature: throughput

Permanent License: 0
EVAL RTU License: 1
RTU License: 0
Paper License: 0
DLC Process Status: Not Complete
DLC started…
ISR4331-lab# show license status
<..>
License Conversion: Automatic Conversion Enabled: False
Status: Waiting for response on Nov 05 08:54:25 2019 UTC
Next response check: Nov 05 09:54:30 2019 UTC
ISR4431-lab#show platform software license dlc

Index 1 Feature: securityk9
After 1 hour Permanent License: 0
EVAL RTU License: 1
RTU License: 0
Paper License: 0
Index 2 Feature: throughput

Permanent License: 0
EVAL RTU License: 1
RTU License: 0
Paper License: 0
DLC Process Status: Completed

DLC Conversion Status: SUCCESS
Licenses not considered in the DLC path
• In some scenarios DLC is not supported, e.g.:

• upgrading from IOS-XE 3.X to IOS-XE 16.10
• when smart license equivalent does not exist
Covered in the lab exercise
• Customers can convert licenses or PAKs manually in CSSM or License Registration

Portal
• Alternatively, contact Cisco Licensing to manually deposit licenses in the respective

Virtual Account.
Troubleshooting
scenarios
CLI Commands
• show license all • ping [vrf abc] tools.cisco.com

• show call-home profile all
• ping [vrf abc] <Satellite IP>
• Show call-home smart statistics
• telnet tools.cisco.com 443
• show crypto pki trustpoints
• show crypto pki certificate

• telnet tools.cisco.com 443 /vrf abc
• show run all | sec call-home
• show run | inc http
• show run | sec crypto
• show run | sec SLA-TrustPoint
• show tech license <<<<<< attach to TAC SR
Debugs
• debug smart_lic all

• Before IOS-XE 16.9 – stored in IOS syslog
• After IOS-XE 16.9 onwards – enabled by default and stored in IOSRP tracelogs:
# show logging process IOSRP module smart-agent
• debug call-home smart-licensing all

• debug ip http client all
• debug ssl openssl [errors | ext | msg | states ]
• debug crypto pki […]
HTTP used instead of HTTPS
• HTTP is no longer supported for call-home, the below config will NOT work
call-home
profile “CiscoTAC-1”
destination address http http://tools.cisco.com/its/service/oddce/services/DDCEService
• Change it to:
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
no destination address http http://tools.cisco.com/its/service/oddce/services/DDCEService
• Retry the registration/authorization attempt:

license smart register id <token> force - retry registration
license smart renew auth - retry authorization
Non-default call-home profiles
• Call-home profile not active or SL reporting not enabled:
call-home
contact-email-addr <myemail@abc.com> Not in the default config for a new
profile "Cisco-SL-01“
call-home profile !
active
reporting smart-licensing-data
destination transport-method http
no destination transport-method email
destination address http https://9.0.0.58:80/Transportgateway/services/DeviceRequestHandler
profile "CiscoTAC-1"
no active
reporting smart-licensing-data
destination transport-method http

no destination transport-method email
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
DNS not working
• If DNS is not possible, obtain the IP address:
• perform an NSLOOKUP for tools.cisco.com
• ping tools.cisco.com from another device with DNS local to device being
converted
• Define static host entry on the device:
(config)# ip host [vrf ABC] tools.cisco.com 72.163.4.38

or
(config)# ip host [vrf ABC] tools.cisco.com 173.37.145.8
License Authorization "Failure reason: Fail to
send out Call Home HTTP message."
• Behavior:
• Device unable to register or renew authorization
• Logs are seen:

027479: *Jul 31 19:45:49.721: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart
Software Manager or satellite : Fail to send out Call Home HTTP message. 027480: *Jul 31 19:45:49.722:
%SMART_LIC-3-AUTH_RENEW_FAILED: Authorization renewal with the Cisco
Smart Software Manager or satellite : Communication message send error for udi xxx
Snip of "show license all":

License Authorization:
Status: OUT OF COMPLIANCE on Jul 26 09:24:09 2018 UTC
Last Communication Attempt: FAILED on Aug 02 14:26:23 2018 UTC
Failure reason: Fail to send out Call Home HTTP message.
Next Communication Attempt: Aug 02 14:26:53 2018 UTC
Communication Deadline: Oct 25 09:21:38 2018 UTC
License Authorization "Failure reason: Fail to
send out Call Home HTTP message."
• What to look into:
• Verify HTTP server configuration on the switch is correct.
• "show run | s http"
• Call home is the correct address.

• "show call-home profile all"
• Verify you ping tools.cisco.com or the nslookup translated IP
• Check HTTP client source interface is correct

• Check DNS/IP in call home profile is set correctly
• Check ip route is pointing the right way
• Ensure TCP443 is not being blocked anywhere in the path
LTRCRS-2579 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
On-Prem solution Lab topology - Pod01
LAB Time: Scenario 4-6 Cisco Smart Software
Manager (CSSM)
cisco.com
CL-DEFAULT-
Cisco Systems,
COMPANY.COM
Smart Account
Smart Account Pod01
Pod01
Pod01 Pod01
Pod01

NALA EMEA APAC
CL-OnPrem-NALA-ENT
Hostname IP Address Credentials EMEA CUCM CL-OnPrem-NALA-Collab
admin /
CSR3 198.18.133.203 CL-OnPrem-EMEA-ENT
cisco NALA CSR4
admin /
CSR6 198.18.133.206 EMEA CSR5
cisco CSSM CL-OnPrem-APAC-ENT
Conclusion
Call to Action
Get access to your Assess your network and Educate others

organization/customer create a transition plan
Smart Account
Other Smart Licensing Sessions
• Care and Feeding of Smart Licensing - BRKARC-2034

• SCHEDULE: Thursday, January 30 | 08:30 AM - 10:30 AM
• Demystifying Smart Licensing configuration and troubleshooting - LABRST-2483

• Smart Licensing with CSSM On-Prem - LABRST-2813

Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
Cisco Live sessions will be available for viewing on

demand after the event at ciscolive.com.
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
Meet the Engineer

Related sessions
1:1 meetings
Thank you

LTRCRS 2579

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LTRCRS 2579

Uploaded by

Copyright:

Available Formats

Smart Licensing hands-on

Michal Stanczyk, TECHNICAL LEADER

• Care and Feeding of Smart Licensing - BRKARC-2034

• Demystifying Smart Licensing configuration and troubleshooting - LABRST-2483

• Smart Licensing with CSSM On-Prem - LABRST-2813

Disruption from new New Software Asset

New consumption model Previous model

PAK Registration Easy Registration

Virtual Accounts Share devices and

Users & Roles

Create sub-accounts Purchased licenses by

Virtual Accounts Virtual Accounts

• Account Approvers – Owner of account and

Virtual Accounts [Technology Domain]

ENTERPRISE NETWORKING COLLAB DEFAULT

ENT NALA EMEA APAC

Virtual Accounts [Region]

Definable and Searchable Identifiers

NALA EMEA APAC On-Prem APAC

APAC ENT On-Prem EMEA Collab

CSSM On-Prem APAC ENT

NALA CSR1 EMEA CSR2 APAC CSR3

APAC CSR6 On-Prem CL-OnPrem-APAC-Collab

Available Today for

2 Access through an HTTP proxy

• Smart Call Home (SCH)

• Smart Call Home Server is located in a secure Cisco Data Center

Call Home Client

• Required information includes:

• Optionally (Privacy disabled):

Have more licenses

For Hybrid Create/Copy Enter Register

Product Registration feature & Licenses

Using more licenses

Used to securely Register products to a Smart Account and Virtual Account

check with specific platform for details

Product is using an entitlement, and the Virtual Account Failed

check with specific platform for details

Product is using an entitlement, and the Virtual Account Failed

check with specific platform for details

Product is using an entitlement, and the Virtual Account Failed

check with specific platform for details

• Device has not yet registered with Cisco

Available Today for

2 Access through an HTTP proxy

SCH Smart Agent

Call Home Client

NALA CSR1 EMEA CSR2 APAC CSR3

APAC CSR6 On-Prem CL-OnPrem-APAC-Collab

Available Today for

2 Access through an HTTP proxy

• Install Smart Software • Devices and software • Choose to periodically

Smart Software Manager On-Prem

(Centos 7) 2 vCPUs 4 vCPUs

CSSM On-Prem version 7.x is recommended.

Licensing Workspace Administration Workspace

• Local Virtual Account • Perform registration and

• When there is direct connectivity to cisco.com • When there is no connectivity to cisco.com

Product Instance • Change call-home profile configuration on a product:

• Change Trustpoint configuration on device:

crypto pki trustpoint SLA-TrustPoint

• CSSM On-Prem Certificate Common Name takes effect only

NALA CSR1 EMEA CSR2 APAC CSR3