The MIB module for managing licenses on the system. The licensing mechanism provides flexibility to enforce licensing for various features in the system.
The following text introduces different concepts and terms those are necessary to understand the MIB definition and to perform license management.
- Universal Device Identifier that uniquely identifies a device. It comprises of product ID, version ID and serial number of the device.
- NODE LOCKED LICENSE:
- Node locked licenses are locked to one of the device identifiers in the system. For example, the license can be locked to the UDI value of one of the devices in the system. Locking a license to an UDI guarantees that the license will not be moved to a device with a different UDI.
- NON-NODE LOCKED LICENSE:
- Non-node locked licenses are not locked to any device identifier. They can be used on other similar devices.
- METERED LICENSE:
- Metered licenses are valid for limited period of time and they expire after that. This period is the usage period of a license and it is not based on real time clock, but system clock.
- End User License Agreement.
- EVALUATION LICENSE:
- Evaluation licenses are non-node locked metered licenses which are valid only for a limited period. They are used only when there are no permanent, extension or grace period licenses for a feature. User will have to accept EULA (End User License Agreement) before using an evaluation license. Even though they are not node locked, their usage is recorded on the device.
- RIGHT TO USE (RTU) LICENSE:
- Right to use license is a non-node locked metered license which is in evaluation mode for a limited time after which it is converted to Right To Use (RTU) license and is valid for the lifetime of the product. User will have to accept EULA (End User License Agreement) before using this license. Even though it is not node locked, usage information is recorded on the device.
- EXTENSION LICENSE:
- Extension licenses are node locked metered licenses. These licenses are issued by Cisco’s licensing portal. These licenses need to be installed using management interfaces on the device. User will have to accept an EULA as part of installation of extension license.
- GRACE PERIOD LICENSE:
- Grace period licenses are node locked metered licenses. These licenses are issued by Cisco’s licensing portal as part of the permission ticket to rehost a license. These licenses are installed on the device as part of the rehost operation. User will have to accept an EULA as part of the rehost operation for this type of license. Details on permission ticket, rehost operations are provided further down in this description clause.
- PERMANENT LICENSE:
- Permanent licenses are node locked licenses that have no usage period associated with them. These licenses are issued by Cisco’s licensing portal. These licenses need to be installed using management interfaces on the device. Once these licenses are installed, they will provide needed permission for the feature/image across different versions.
- COUNTED LICENSE:
- Counted licenses limit the number of similar entities that can use the license. For example, a counted license when used by a feature can limit the number of IP phones that can connect or the number of tunnels that can be created.
- UNCOUNTED LICENSE:
- Uncounted licenses do not limit the number of similar entities that can use the licenses.
License can be enforced at the image level or at the feature level and this MIB module supports both.
- IMAGE LEVEL LICENSING:
- A universal image that contains all levels of software packages is loaded on to the device. At boot time, the device determines the highest level of license and brings up the appropriate software features or subsystems.
- FEATURE LEVEL LICENSING:
Feature level licensing will support enforcement of license at individual feature. Features have to check for their licenses before enabling themselves. If it does not have a license, the feature should disable itself.
There is a one-to-one relationship between a feature and a license. That is, a feature can use only one license at a time and a license can be used by only one feature at a time.
- LICENSE LINE:
- A License line is an atomic set of ASCII characters arranged in a particular format that holds the license for a single feature within it. A line has all the necessary fields and attributes that make it a valid, non-tamper able and complete license.
- LICENSE FILE:
- File generated by Cisco licensing portal. It is used to install license on product. It has a user readable part and it contains one or more license lines.
- DEVICE CREDENTIALS:
- Device credentials file is a document that is generated by a licensed device. This document establishes the identity of the device and proves that the sender/user has/had authorized access to the device.
- Rehost operation allows a node locked license that is installed on a device to be installed on other similar device. As part of rehost operation, a device processes the permission ticket, revokes the license(s) on the device and generates a rehost ticket as the proof of revocation. This rehost ticket needs to be presented to the Cisco’s licensing portal to get the license transferred on to a new similar device.
- PERMISSION TICKET:
- Permission ticket is a document generated by Cisco licensing portal that allows a device to rehost its licenses.
- REHOST TICKET:
- Rehost ticket is document generated by a device after it has applied a permission ticket. The rehost ticket is a proof of revocation.
- LICENSING PORTAL:
- Generates licenses, permission tickets and verifies device credentials and rehost tickets.
This MIB module provides MIB objects to install, clear, revoke licenses. It also provides objects to regenerate last rehost ticket, backup all the licenses installed on a device, generate & export EULA for licenses.
- STEPS TO INSTALL A LICENSE:
To install a license, the management application 1. Retrieves device credentials of the device. 2. Communicates with Cisco’s licensing portal to getthe license file, uses device credentials to identify the device
- Executes the license install action.
- STEPS TO CLEAR A LICENSE:
To clear a license, the management application 1. Identifies the license to be cleared using licenseindex.
- Executes the license clear action.
- STEPS TO REHOST A LICENSE:
To rehost a license, the management application 1. Retrieves device credentials of the device. 2. Communicates with Cisco’s licensing portal to getthe permission ticket, uses device credentials to identify the device.
- Executes the processPermissionTicket action. Device revokes the license and generates rehost ticket to be submitted as proof of revocation.
- Retrieves device credentials of the device where the license needs to be transferred to.
- Submits rehost ticket as proof of revocation to Cisco’s licensing portal, uses device credentials of the new device to identify the device, gets license file.
- Executes the license install action on the new device.
- STEPS TO REGENERATE LAST REHOST TICKET:
- To regenerate last rehost ticket, the management
- Retrieves device credentials of the device.
- Uses already obtained permission ticket or communicates with Cisco’s licensing portal to get the permission ticket, uses device credentials to identify the device.
- Executes the regenerateLastRehostTicket action. Device generates rehost ticket to be submitted as proof of revocation.
- STEPS TO BACKUP ALL LICENSES:
- To backup all licenses installed in the device, the management application 1. Specifies the backup file path. 2. Executes the license backup action.
- STEPS TO GENERATE & EXPORT EULA:
To install certain kind of licenses, the management application must accept EULA first. The management application can generate and export EULA for one or more licenses with out installing licenses as follows. 1. Specifies the license file path that has licenses to beinstalled
- Specifies the EULA file path where EULA need to be exported to
- Executes the generate EULA action.
To support the various license actions, this MIB module also defines MIB objects to know if a device supports licensing, retrieve device credentials, retrieve information on license stores in the device.
It also defines MIB objects to expose management information associated with the licenses installed on the device, with the licensable features in the software image.
This MIB module also defines various notifications that will be triggered to asynchronously notify the management application of any critical events.
This MIB module is defined generically so it can be implemented on stand alone devices or stack of devices. In stack of devices, one device in the stack acts as master agent and rest are slave agents. Each device in the stack has its own UDI. The master agent receives requests on behalf of all the devices in the stack including itself and delegates it to other devices as needed. It also collects responses from other devices and sends them to the management application. Examples of such devices include stackable switches, devices with route processor and line cards. On the other hand, stand alone device is a single device and has only one UDI associated with it.
entPhysicalIndex imported from ENTITY-MIB is used to identify the device uniquely. It is specified as the index or one of the index for tables in this MIB as needed.