Upload
dangdang
View
227
Download
3
Embed Size (px)
Citation preview
Kathleen NguyenProduct ManagerJan, 2018
Cisco Engineering Licensing Office
Cisco Smart Software Manager satellite
Why Do We Care About Software Licensing?Today’s Experience
Customer or partner places order (9 tools)1 Customer enters PAK
for each license2Customer receives or downloads and installs software (2 of 5 tools)
3Customer stores records of devices, software, licenses (no tool)
4
Customer uses software5§ Routers§ Switches§ Video§ Unified
Communications
Customer SystemCustomer manages software (10 tools)6
Tomorrow’s ExperienceCustomer or partner places order inCisco® Commerce
1
Cisco System
Customer manages licenses3
License ServiceAutomated
Entitlement
AutomatedUsage Report
Customer activates and uses software2
§ Routers§ Switches§ Video§ Unified
Communications
Customer System
What Is Cisco Smart Licensing?Cisco® Smart Software Licensing is not just a new licensing tool. It transforms the way you think aboutCisco and software lifecycle management.
Limited ViewCustomers do not know what they own.
PAK Registration Manually register each device.Unlock with a license key.
Device-SpecificLicenses are specific to only one device.
LockedYou cannot use more than you paid for.
Complete ViewSoftware, services, and devices are found at one easy-to-use portal.
Easy RegistrationNo PAKs. Easy activation.Device is ready to use.
Company-Specific Flexible licensing. Use across devices.
UnlockedAdd users and licenses as needed.
Deploying Smart Enabled Products
Dire
ct D
eplo
ymen
tM
edia
ted
Dep
loym
ent
Cisco Commerce Workspace
Place Order
Manage Licenses
Usage
Cisco Smart SoftwareManager
Annuity Platform
Distribution
Entitlement
1
3
Activate and Use Software
2
Proxy or SCH Transport Gateway
Air Gap
Offline Monthly Inventory Update
Local Cisco Licenses
Warning and Notifications None
License Quan Use Surplus / Shortage
1900-WAN-Collab-Suite
100 90 +10
Overall Cisco Licenses
Warning and Notifications -25Major Alert: Insufficient licenses – 25 needed to return to compliance
License Quantity In Use Surplus / Shortage
1900-WAN-Collab-Suite 300 325 -25
1900-Threat-Defense-Suite 500 425 +75
1900-UNIVERSAL 10 1(1 Reserved) 9
Track and Transfer Devices
ISR1921 Chemistry A Transfer
ISR1921 Chemistry B RemoveLicense Reservation
Router
Switch
Firewall
Software
Unified Communications
Router
Switch
Firewall
Software
Unified Communications
Router
Switch
Firewall
Software
Unified Communications
Lice
nse
Res
erva
tion
Smart Software Manager satellite
Cisco Smart Software Manager satelliteCisco® Smart Software Manager satellite is an on-premises deployment of Cisco Smart Licensing provided free of charge.
It is ideal for customers whose products are unable to reach Cisco.com directly.
Cisco Software Manager satellite
Contains a subset of, and works similar to, Cisco Smart Software Manager portal for license management of installed products
§ Cisco devices and software products are registered with, and report license consumption, directly through the Smart Software Manager satellite
§ Near-real-time license usage information based on synchronization schedules with Smart Account
Cisco Smart Software Manager satellite Benefits
Highly secure, highly available, on-premise, single source of truth of license consumption
Near-real-time license entitlement based on synchronization schedules with backend install base
Smart Licensing Benefits§ Licenses are not node-locked to devices, which simplifies the RMA
(return-merchandise-authorization) process
§ Licenses can be pooled across the entire company, so they can be re-used across organizational boundaries
§ Save money by knowing what is being used compared to entitlement
§ Save time and simplify RMAs by being able to transfer licenses across the company in real time
Cisco Smart Software Manager satellite DeploymentsSmart Software Manager satellite can be deployedin one of two modes:§ Connected
- Used when there is connectivity to Cisco.com directly from the Smart Software Manager satellite
- Cisco® Smart Account synchronization (optionally)happens automatically
- Easiest to deploy
§ Disconnected- Used when there is no connectivity to Cisco.com from the Smart
Software Manager satellite- Smart Account synchronization must be manually uploaded
and downloaded
Monthly Inventory Update
SSM satellite
Router
Switch
Firewall
Video
Unified Communications
Offline
Connected
Disconnected
Cisco Smart Software Manager satellite Features
Utility Billing: aggregation point for products to sent usage-based measurements and relay Utility information to Software Billing Platform (SBP) for rating and billing.
System Security Enhancements: FIP-140-2 compliance, CentOS Nessus vulnerability scan issues addressed, all system ciphers updated with SHA-256.
Immediate registration of satellite to portal: The registrationof the satellite to the Smart Software Manager portal is instantaneous (without a 48-hour wait for the Cisco signed certificate).
IPV6 Support: supports IPv4, dual stack IPv4 and IPv6, and IPv6 addressing schemess
Multiple satellites can connect to the Cisco® SmartSoftware Manager. Each satellite can scale up to4000 product instances.
Export Control: Generate restricted tokens and activate restricted functionality according to Export Control Laws (ECLs).
Network Utility: Network setup and troubleshooting are provided via a user friendly GUI.
Single DC High Availability: Redundancy and reliable fail-over in an active-standby configuration
Synchronization Optimization: Optimize the sync to CSSM process and eliminate any mis-matches.
Backup/Restore: Enable customers to run backup of the satellite system and restore in case of a failure or other purposes .
Cisco Smart Software Manager satellite System Requirements§ The free installation package is available in an ISO format
ISO
Cisco® Smart Software Manager satellite
Centos 7
§ 200-GB hard disk § 8 GB memory§ 4 vCPUs (8 vCPUs if
> 4K product instances)
Minimum System Requirements(Customer Provided):
LCS
Satellite Installation/Registration Workflow
A. Satellite Installation
B. Configure IP @, DNS, NTP
C. On browser with satellite IP@
or FQDN
D. Register satellite with
Cisco
E. Satellite now operational
G. Periodic synchronization
with Cisco
F. Products register to satellite
1. Customer needs the following info for Smart Licensing:• Customer Smart
Account (off cisco.com)• Virtual Account• CCO ID/password2. Customer needs to login and click on option to register.
1. Customer logins with standard satellite credentials (needs to change pw)
2. Customer adjusts NTP/DNS as needed
1. Customer configures VM with IP address, DNS, NTP
1. Customer downloads VM off cisco.com and installs
Satellite Usage-based Billing Workflow
15 mins Once/4 hrs Once/8 hours
BehaviorLocal store ~ every 15 mincaptured and cached. 30days (unacknowledged) buffer held
Utility consumption sent to satellite every 4 hours (6 times a day)90 days data held.
Satellite synchronizes with Cisco once/day. Enhanced Receiver directs entitlement data to CSSM and utility data to SBP.
If no synchronization to Smart Receiver for 30 days, satellite fulfills auth-requests in pre-paid mode.
Smart Receiver(Transparent)
1 x day
3 x day
Cisco Smart Software Manager satellite Registration§ After installation, Cisco® Smart Software Manager satellite must be registered to establish identity§ Registration authorization response is immediate
Smart Software ManagerRouter
Switch
Firewall
Unified Communications
Video
Registration request file
Authorization response file
Air Gap
Source-of-Truth Database
Customer Premises Cisco.com
Cisco Smart Software Manager satellite
Centos 7 LCS
Smart Receiver
Communication withCisco Smart Software Manager satellite
§ The products communicate with Cisco® Smart Software Manager satellite the same way they do with Smart Software Manager.
§ The satellite user interface is consistent with Smart Software Manager.§ Registration/synchronization (both network and manual) from satellite to Cisco SSM via secure communication
§ Manual sync is executed under HTTPS browser session (HTTPS is default for UI access)§ Network sync is via HTTPS
Cisco Smart Licensing Messages
Cisco Aggregation Service Routers
HTTP/S
Certificateautomatically
signed
Cisco Smart SoftwareManager satellite
Centos 7
HTTPSRegistration
Manual/Network Sync
Cisco Smart SoftwareManager
LCS
Network Synchronization with Cisco Smart Software Manager
§ Synchronize Cisco® Smart Software Manager satellite and Smart Software Manager for the latest license entitlement and usage:
- Need to sync every 30 days. If no synchronization has occurred after 90 days, the Smart Software Manager satellite is removed from portal and products are unregistered.
Scheduled Synchronization
On Demand
Automatic Network Synchronization: Connected Mode - Sync now, or schedule
Manual Synchronization with Cisco Smart Software Manager
Smart Software Manager
Router
Switch
Firewall
Unified Communications
Video
Synchronization request file
Synchronization response file
Air Gap
Source-of-Truth Database
Cisco Smart Software Manager satellite
CentOS 7
Manual Synchronization: Disconnected Mode - Sync file upload or download
§ Manual synchronization mode is disabled when satellite is in Utility mode (at least one device is consuming a usage-based license & satellite has sync’ed with Smart Receiver in last 30 days)
§ Need to sync every 30 days. If no synchronization has occurred after 90 days, the Cisco® Smart Software Manager satellite is removed from the portal and products are unregistered.
LCS
Smart Software Manager satellite High Availability
satellite
Zabbix
satellite
DB
DB
Zabbix
Standby
Active
Pacemaker
Pacemaker
Router
Switch
Firewall
Video
Unified Communications
DRDB
DRDB
Smart Software Manager
Source-of-Truth Database
Other Cisco Smart Software Manager satellite Functions
View Virtual Accounts
RunReports
Manage Users
Administration
Satellite Release History
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19Internal use
Smart Software Manager satellite ReleasesDates May, 2015 Nov, 2015 Feb, 2016 Jun, 2016 Aug, 2016 Jan, 2017
Release satellite 2.0 (Initial
Release)
2.1.0 2.1.3 2.2.0 2.3.0 2.5.0
Image Type OVA OVA OVA OVA OVA OVA
Features List
Product Registration
In-placeUpgrade
Simplified Installation
Network Utility Export Control SyncOptimization
Network & Manual
Registration
Immediate Registration to
CSSM
AutomatedSoftware Delivery
ConfigurableHeaders
Multi-NIC TG Removal
Logging Automatic HTTPS
communication from product instances to
satellite
Collector Login Removal
Login Failure Message Removal
4K Device Default secure HTTPS access to satellite UI
CLI Access Removal
UI Restart/ Shutdown
User AccessManagement
JeOSFramework
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20Internal use
Smart Software Manager satellite Releases (Con’t)
Dates Feb, 2017 Mar, 2017
May, 2017 Jun, 2017 Jul 14, 2017 Nov 28, 2017
Jan 30, 2018
Release 2.5.2 3.0.0 satellite 3.1.0
satellite 4.0
satellite 4.1 satellite 4.2 satellite 5.0
Format OVA OVA OVA ISO, OVA ISO, OVA ISO,Upgrade
ISO
Features List
Migration UI
Single DC High
Availability
CSPC CentOS FIPS
Compliance
Device Led Conversion
Critical BugFixes (Slow
UI, High CPU)
Utility Billing
CBR8Registration Issue
Resolution
Backup/ Restore
3rd Party Software Support
IPV6 SecurityUpdates
Critical Bug Fixes on HA
and NTP
Password Looping
Cent OS framework
ISO Packaging
Enhanced Backup/ Restore
Root Access
Removal
CSPC S1 bugs
What’s New with Smart Software Manager satellite 5.0.0?
Service Provider Licensing Agreement (SPLA) Support: aggregates usage-based measurements from product instances and relays them to Software Billing Platform (SBP) for rating and billing
Critical bug fixes related to HA and NTP
What’s New with Smart Software Manager satellite 4.2.0?
Critical Bug Fixes:SR 682113369 - Slow UI response or hung condition on the “Product Instance” tab off the Virtual AccountSR 682843947 - no alerts results in a JavaScript error instead of no data).SR-682777918 - CPU spikes to 100%+ after it was upgraded to 3.0.5Security Updates: Add numerous security packages (kernel, sudo, remote libraries, etc.) to the FIPS compliance 4.0.0 and 4.1.0 ISO images to comply with various security audit vulnerabilities..Enhanced Backup/Restore: Enable customers to use backup/restore to upgrade from 3.1.x to 4.2.0.
What’s New with Smart Software Manager satellite 4.1.0?
Device-Led Migration: allows the device/product instance to initiate a conversion of classic licenses, that are only known to the devices themselves, to Smart licenses so that they can be deposited in a CSSM Smart Account.
What’s New with Smart Software Manager satellite 4.0.0?
System Security Enhancements: FIP-140-2 compliance, CentOS Nessus vulnerability scan issues addressed, all system ciphers updated with SHA-256.
ISO Packaging: satellite is packaged as a universal ISO which allows it to be exported to OVA, Hyper-V, and KVM image types.
IPV6: supports IPv4, dual stack IPv4 and IPv6, and IPv6 addressing schemes.
What’s New with Smart Software Manager satellite 3.1.x?
Third Party Software Support: Support 3rd party software (such as Speech View in Unity Connection and Apple Push Notifications in Unified Communication Managers) to authorize Smart License enabled Cisco products to use their services
Cisco Services Platform Collector (CSPC) Support: Co-reside with CSPC on a Multi Service Delivery Appliance (MSDA) and enable CSPC configurations on satellite for Smart License enabled products
What’s New with Smart Software Manager satellite 3.0.x?
On-box Backup/Restore: Enable periodic backups of the satellite databases, configuration, and certificates. You can then rename, download, and restore backups to the same or different host.
)
Single DC High Availability: Provide redundancy and reliable fail-over with an active-standby configuration that can detect failure and recover with no loss of continuous operations and system usability
CentOS Framework: Replace JeOS with CenOS framework.
What’s New with Smart Software Manager satellite 2.5.0?
Transport Gateway Removal: Replace Transport Gateway within satellite with a receiver to be independent of JeOS
Synchronization Optimization: Improved synchronization with Cisco SSM enabling a more efficient way of exchanging product instances, license usage, and license entitlement as well as preventing out-of-sync conditions.
What’s New with Smart Software Manager satellite 2.5.2?
CBR8 Registration Issue Resolution: Resolve registration of devices that perform the SSL/HTTP certificate validation and fail with satellite https destination address
Migration UI: Upgrade satellite with automatic roll-back while system is running and restart with the upgraded version
Password Looping Resolution: Resolve a situation when a user is asked to change password on CLI and it goes into a loop, and not allowing the complete satellite installation and configuration.
Root Access Removal: Replace root with sudo access using the Admin user. .
What’s New with Smart Software Manager satellite 2.3.0?
Multi-NIC: Enables multiple interfaces for traffic separation between network management and product instance registrations
Export Control: Allows Smart License enabled products that connect to satellite to generate restricted tokens and activate restricted functionality according to Export Control Laws (ECLs)
Logon Failure Message Removal: Disable login failure error message for security reasons..
UI Shutdown/Restart: Restart or shutdown now initiated from the satellite GUI
.
What’s New with Smart Software Manager satellite 2.2.0?
Configurable Banners: Headers and footers on the satellite GUI and reports are configurable to align with federal security or other classifications
Network Utility: Network setup and troubleshooting through a new, user-friendly GUI. There is no more shell access, except for the initial installation and registration
Removal of Collector Login: Remove Collector Login user.
What’s New with Smart Software Manager satellite 2.1.3?
Automated Software Delivery: Automatically check and install available upgrade patches
Simplified Installation: Scripted satellite network setup and registration to Cisco Smart Software Manager for faster installation
What’s New with Smart Software Manager satellite 2.1.0?
Immediate registration of satellite to portal: The registration of the satellite to Cisco Smart Software Manager portal is instantaneous (without a 48-hour wait for the Cisco signed certificate)
In-place upgrade: Upgrade satellite with automatic roll-back while system is running and restart with the upgraded version
Default secure HTTPS access to satellite UI: User login to satellite is defaulted to HTTPS.
For More Information: Cisco Smart Licensing
Cisco® Smart Licensing http://www.cisco.com/c/en/us/products/abt_sw.html
Cisco Smart Software Manager http://www.cisco.com/web/ordering/smart-software-manager/index.html
Cisco Smart Accountshttp://www.cisco.com/web/ordering/smart-software-manager/smart-accounts.html
Cisco Smart Software Manager satellitehttp://www.cisco.com/go/smartsatellite
For More Information: Cisco Smart Call HomeFor more Information on Cisco® Smart Call Home
For more Information on Cisco Transport Gateway
§ Smart Call Home:
http://www.cisco.com/c/en/us/support/cloud-systems-management/smart-call-home/tsd-products-support-series-home.html
§ Cisco Privacy and Security Compliance:
http://www.cisco.com/web/about/doing_business/legal/privacy_compliance/index.html
§ User Guide:
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/smart_call_home/user_guides/SCH_Ch4.pdf
§ Troubleshooting Guide:
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/smart_call_home/user_guides/SCH_Ch5.pdf