Managing Cisco IOS Software Activation

BRKDEV-1201

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

2

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

1

Agenda
Today’s Topics: Software Activation Overview Software Activation Workflows and Management Cisco License Manager SDK Q&A

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

3

Cisco IOS Software Licenses
IOS software has always been covered by a “right to use” license Licenses are per device Use of Cisco software constitutes acceptance of the agreement The license agreement is only valid for the original end-user
Device licenses are non-transferable between end-users

Cisco Software License Agreement is located at:
BRKDEV-1201 14591_04_2008_c1

http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

4

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

2

Software Activation—Terminology
What is a Product Activation (PAK)?
Product Activation Key received from Cisco manufacturing to activate software licensing

What is a Stock Keeping Unit (SKU)?
SKU identifies a licensable feature that can be ordered. One PAK can contain multiple SKUs

What is a Unique Device Identifier (UDI)?
UDI is a distinct combination of Product ID and Serial Number

What is a License file?
An electronic right-to-use a quantity of SKUs on a particular device. SKUs are associated with UDIs to obtain a license file
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

5

Software Activation—Overview
The universal Cisco IOS image is loaded by manufacturing
Image contains all IOS features The K9 crypto version available via cisco.com

The level of Cisco IOS functionality available is determined by the license applied to the device A new license only needs to be applied to upgrade functionality
Maintenance upgrades do not require a new key
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Universal IOS Image

6

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

3

Software Activation—Goals
Enable development of new software business models
Pay as you grow Trial and buy

Deployment simplification
All hardware will have a common software build Feature enablement simply requires the application of a new license key

Simplified software management
Only one archive image required per device type Upgrades only require a single image to be deployed

Better software asset tracking and compliance
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

7

Software Activation—Core Principles
Minimize impact to customers’ operational model Slow evolution and minimum impact to install base
Gradually migrate next-generation products Maintain business continuity in the interim

Manage the number of licenses
No retrofit on existing software features

Consistent experience and deployment
Simple license management tools for controlling and managing software assets Consistent tools for back-end support
BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

8

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

4

Software Activation—Cisco License Manager
Automate License Deployment Auto-Discovery
Recognize devices with IOS licensed features Build license inventory… Wizard based GUI, Bulk PAKs, Re-host, Policy engine…

Detailed Reporting

Data Center

Find unused and re-deployable licenses, license discrepancy

Branch
Security Model
Role-based Access Control, ACLs to limit access to managed resources…

Branch

Secure Cisco.com Connectivity
Obtain PAK info, licenses, two stage deployment…

Branch

Data Center Data Center
Faster Failure Recovery
Backup of licenses in database, Resend licenses…

Partner
Virtualization
Logically split a CLM installation into multiple customer views…
Cisco Public

Open APIs

Full functionality Java and Perl SDKs…

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

9

Software Activation—Initial Product Purchase
1. Customer specifies hardware and software 2. Cisco manufacturing generates appropriate license key and applies it to the device. No PAK is generated. 3. Device is shipped to customer
1

Order Placed
2 3

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

10

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

5

Software Activation—Feature Upgrade
1. Customer purchases products and is shipped required Product Authorization Keys (PAKs) 2. UDI (Product ID and Serial Number) are obtained from the device 3. The UDI and PAK are entered into to Cisco’s licensing portal 4. License file is sent to customer via email 5. Customer installs licenses on the devices
1

5 3 2 4
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

11

Software Activation—Feature Upgrade—CLI
Show CLI Commands
Determine the UDI of the device to obtain license for show license udi Display the list of licensed features available in system show license feature Display all licenses installed on a device show license all

Exec CLI Commands
license install stored-location-url license comment {add feature-name comment | delete}

Call-home CLI Commands
show license call-home pak pak-id license call-home install pak pak-id
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

12

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

6

Device# PID SN UDI ----------------------------------------------------------------------------*0 AS54XM-AC-RPS JAE0948QXKD AS54XM-AC-RPS:JAE0948QXKD

Feature name advipservices

Enforcement Evaluation Clear Allowed Enabled yes yes yes yes

StoreIndex: 1 Feature: advipservices Version: 1.0 License Type: Permanent License State: Active, Not in Use License Priority: Medium

Pak Number : 3XPXR9E7D30 Pak Fulfillment type: SINGLE 1. SKU Name : Gatekeeper SKU Type : Product Description : Gatekeeper Ordered Qty :1 Available Qty :1 Feature List : Feature name: gatekeeper Count: Uncounted Platform Supported : 2800 3800

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

13

Software Activation—Feature Upgrade—SNMP
CISCO-LICENSE-MGMT-MIB clmgmtLicenseDeviceInfoTable for managing Stacks clmgmtLicenseInfoTable for licenses installed on the system clmgmtLicensableFeatureTable displays all the possible licensable features for a given system clmgmtLicenseActionTable for License operations
clmgmtLicenseActionTransferProtocol clmgmtLicenseServerAddressType clmgmtLicenseServerAddress clmgmtLicenseServerUsername clmgmtLicenseServerPassword clmgmtLicenseFile clmgmtLicenseStore clmgmtLicenseStopOnFailure clmgmtLicenseAcceptEULA clmgmtLicenseAction is set to install(2)

clmgmtLicenseInstalled for license installation notification
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

14

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

7

Software Activation—Automated Feature Upgrade
1. Customer purchases required Product Authorization Key (PAKs ) 2. PAK is entered into CLM 3. CLM automatically sends the UDIs of the relevant devices together with the PAK to the Cisco licensing system 4. License files are automatically returned to the CLM 5. CLM automatically installs the licenses on the devices
1 5 2 3

CLM
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

4
15

Software Activation—License Transfer
1. Determine the UDIs of the source and destination devices 2. Enter UDIs into the “License Re-host” tool on cisco.com 3. License portal determines licenses associated with source device and customer selects which licenses to move 4. New license issued 5. Customer installs new licenses on the destination device
Source Unit 3

2 1

Destination Unit

4 5

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

16

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

8

Software Activation—License Transfer—CLI
Show CLI Commands
Determine the licensing operations supported by a device show license status Display all licenses installed on a device show license all

Enable Exec CLI Commands
license save credential file-sys:file-sys://lic-location license revoke permission-file-url output-rehost-ticket-url

Call-home CLI Commands
license call-home revoke [target-udi] output-of-rehostedlicense-url [permission-ticket-url] [rehost-ticket-url]
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

17

License Type Supported permanent Non-expiring node locked license extension Expiring node locked license evaluation Expiring non node locked license License Operation Supported install Install license clear Clear license annotate Comment license save Save license revoke Revoke license call-home License call-home

StoreIndex: 1 Feature: advipservices Version: 1.0 License Type: Permanent License State: Active, Not in Use License Priority: Medium

<?xml version="1.0" encoding="UTF-8"?><CISCO_WT_ARTIFACTS version="1.0"><CISCO_WT_REHOST_ARTIFACT version="1.0"><HEADER><ARTIFACT_TYPE>Device Credentials</ARTIFACT_TYPE><ARTIFACT_VERSION>1.0</ARTIF ACT_VERSION><TRANSACTION_ID>T and I trans id</TRANSACTION_ID><UDI><PID>CISCO2851</PID><SN>FTX101 8A21R</SN></UDI><SOURCE>Device</SOURCE><CREATE_DATE >2008-05-14T21:40:36.207Z</CREATE_DATE><ARTIFACT_INFO>T and art info</ARTIFACT_INFO></HEADER><CONTENT>

Retrieving the rehost ticket from the device ....................!. Following Permanent license(s) will be revoked from this device Feature Name: lwapp Following Extension license(s) will be installed in this device Feature Name: lwapp PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR LICENSE KEY PROVIDED FOR ANY CISCO PRODUCT FEATURE …
BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

18

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

9

Software Activation— License Transfer—SNMP
CISCO-LICENSE-MGMT-MIB clmgmtLicenseInfoTable for licenses installed on the system clmgmtLicenseDeviceInfoTable for managing Stacks clmgmtLicenseActionTable for license revocation
clmgmtLicenseActionTransferProtocol clmgmtLicenseServerAddressType clmgmtLicenseServerAddress clmgmtLicenseServerUsername clmgmtLicenseServerPassword clmgmtLicensePermissionTicketFile clmgmtLicenseRehostTicketFile clmgmtLicenseStopOnFailure clmgmtLicenseAction is set to processPermissionTicket(4)

clmgmtLicenseRevoked for license revocation notification clmgmtLicenseEULAAccepted notification during revocation
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

19

Software Activation— Automated License Transfer
1. Identify the source and destination devices and licenses to transfer 2. CLM automatically determines the Device Credentials and UDI of the source and target device 3. CLM automatically communicates to Cisco.com to transfer licenses from source to target device 4. CLM automatically installs the license keys on the destination device

4 1 3 2 CLM
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

20

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

10

Software Activation— RMA of a Failed Unit
1. Determine the UDI of the defective and RMA devices 2. Enter UDI into the “Register for RMA License Transfer” tool on cisco.com 3. License portal determines licenses associated with defective devices 4. New licenses issued 5. Customer installs new licenses on the new device Note: In-built temporary licenses available for Emergency purposes

Defective Unit

2 1

3

RMA Unit
BRKDEV-1201 14591_04_2008_c1

4 5
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

21

Cisco License Manager—Usage

Login

Create Device Inventory using Auto Discovery

Add PAKs and Download Info

Obtain Licenses

Deploy Licenses to Devices

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

22

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

11

Cisco License Manager— Device Management

Manual Addition or via XML

Auto-discovery

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

23

Cisco License Manager— PAK Management

Add PAKs

Browse PAKs

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

24

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

12

Cisco License Manager— License Management

Policy Based License Management

Wizard for Obtaining Licenses

Wizard for License Transfers
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

25

Cisco License Manager— Supported Products
Cisco License Manager part numbers:
Cisco License Manager Client and Server Software is available free via download from Cisco.com Java and Perl SDKs sold separately

Supports Software Activation and License Management for
Cisco Catalyst 3750-E and 3560-E Series Switches Cisco Catalyst Blade Server (CBS) 3100 Series Switches
NEW! NEW! NEW! NEW! NEW! NEW!

Cisco Modular ISRs—2811, 2821, 2851, 3825, 3845 Cisco Universal Gateways—AS5350XM, AS5400XM Cisco Fixed ISRs—C860, C880 Cisco Unified Communications 500 Series Cisco Intrusion Prevention System Advanced Integration Module Cisco XR12000 SIPs

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

26

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

13

Cisco License Manager—Architecture
Cisco Domain
License Manager GUI Asset/License Mgmt Apps

Customer Domain

GUI Interface

Java/Perl SDK
Device Discovery Inventory Management License obtaining License deployment User Administration Event Handling Report Generator

License Server

Cisco.com

Embedded Database

Secure Device interface

Device Discovery

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

27

Cisco License Manager SDK—Overview
Full functionality Java and Perl APIs for ISVs to integrate with Cisco License Manager Java class library bundled in a single JAR file. Requires Java JDK 1.5 Supports local or remote integration Using CLM SDK requires
1. Add clm-sdk.jar to Java classpath when compiling and running client program. 2. Start CLM Server. 3. Start client program.
BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

28

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

14

Cisco License Manager SDK—Functions
Java Class LicenseManager provides a façade for invoking functions
Connect and Login to Server Discover and Manage Devices Manage PAK and Download PAK information Obtain License from Cisco Deploy License To Devices Other License Operations: Resend, Rehost, Annotate, etc. Generate Reports Manage User Accounts Access Control Functions

API Reference Guide provides detailed info on APIs Error messages for error codes can be found in <CLM_HOME>/conf/ClmErrorMessages.properties
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

29

public class LicenseManager { // -----------------------------------------------------// Constructors // -----------------------------------------------------public LicenseManager(); // -----------------------------------------------------// User login and logout. // -----------------------------------------------------public UserToken login(String username, String password, String server_host, int port, int idle_timeout); public void logout(UserToken token); // -----------------------------------------------------// License operations. // -----------------------------------------------------public String asyncObtainLicense(UserToken token, LicenseRequest[] lic_req, IDStatusListener listener public boolean rehostLicense(UserToken token, RehostRequest rehost_req);

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

30

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

15

Cisco License Manager SDK— Sample Code
import com.cisco.nm.clm.sdk.LicenseManager; public class CLMClientSample { public static void main(String[] args) { ….. // Create an instance of LicenseManager. LicenseManager lm_instance = new LicenseManager(); // Create an instance of EULA and sign it. EulaInfo eula = new EulaInfo(Calendar.getInstance().getTime(), true, true); // Connect and login to server UserToken token = lm_instance.login("admin", “test", "localhost", 1099, 0, eula); ….. // Prepare License request using the SKU list in the PAK object. LicenseRequest[] lic_req = new LicenseRequest[1]; lic_req[0] = new LicenseRequest(); lic_req[0].setSKUSelection(pak.getSkuList()); lic_req[0].setDeviceID(device.getDeviceID());
BRKDEV-1201 14591_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

31

Cisco License Manager SDK— Sample Code (Cont.)
// Obtain license with the license request. req_id = lm_instance.asyncObtainLicense(token, lic_req, false, my_listener); . . // Assume we have 2 license obtained and stored in // the data storage, we now deploy them to the device. String[] lic_ids = {"lic00001", "lic0002"}; req_id = lm_instance.asyncDeployLicenses(token, lic_ids, my_listener); . . // Disconnect and logout from server. lm_instance.logout(token); } } // End of program

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

32

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

16

Q and A

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

33

Recommended Reading
Cisco Software Activation
http://www.cisco.com/go/sa

Cisco License Manager
http://www.cisco.com/go/clm

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

34

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

17

Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008. Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

35

BRKDEV-1201 14591_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

36

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

18