Smart Licensing is no longer 👏 . Everything that Smart Licensing was and required has been reverted back to before Smart Licensing was imposed. I believe this was another attempt at separating Cisco’s hardware from the software that runs it.
Entitlement to use the software is now being verified? Let me ask you this… Can a Cisco switch function as a switch without IOS? No, it cannot. Without a way to configure the hardware, it will do absolutely nothing. Software that is inherent for a device to function is always transferable.
"The whole point of the first sale doctrine is that once the copyright owner places a copyrighted item in the stream of commerce by selling it, he has exhausted his exclusive statutory right to control its distribution."
-Supreme Court Justice Stevens
Cisco claims the first sale doctrine doesn’t apply due to Vernor v. Autodesk, but do you think the software on a Cisco switch is more akin to what’s on any standard kitchen appliance, or is it more like Microsoft Office which requires a license activation key before installation can even happen? A microwave does nothing unless there is software to run it. Boxed software is entirely different. For example, we can’t drop a copy of Cisco’s IOS on another OEM’s box and have it work. The two bundled together is the product, and we can purchase different bundles based on the required features.
I’ll move on, but keep pushing back on these forced initiatives and know the main reason Smart Licensing and the Smart Licensing Using Policy were created was to impact Cisco’s shareholders. Since taking the helm in 2015, Chuck Robbins has been committed to changing Cisco from a hardware company to a software company. Doing so will exponentially increase Cisco’s valuation. DNA, Cisco Prime, and Cisco ONE were all created since Robbins took over. Unfortunately, the ultimate result of Smart Licensing has been wasted time and money for all parties involved.
What Was Smart Licensing?
According to Cisco, Smart Licensing was “reinventing licensing” and “transforming how we think about Cisco.” If you add it all up, Cisco’s goal was to “reinvent and transform how we think about Cisco licensing.” Do you need any reinventing or transformations around their licensing? What if we just left it as a perpetual license because, without the software, the device isn’t functional?
Beginning with IOS XE version 16.9, all hardware was suddenly required to “phone home” or check in with a Cisco cloud license validation/entitlement system known as Cisco Smart Software Manager or CSSM. If entitlement wasn’t validated, the new version of software would eventually disable the device.
In addition to the newly introduced risk of losing a functioning device in a production environment, there were new security implications by requiring customers to stay connected to Cisco’s cloud, as well as interoperability issues such as Field Notice: FN72323.
Do you know what the market agreed to with Smart Licensing? I doubt legal departments for Cisco’s customers reviewed the Smart Licensing Terms of Use. From their Terms of Use V5, Smart Licensing collected and stored software license usage information, product ID numbers, serial numbers, unique virtual device identifier, equipment models, license and hardware versions, host names, IP addresses, system contacts, installed memory, installed flash, boot versions, chassis series, MAC addresses, slot IDs, card types, and card families.
At the very bottom of the Terms of Use reads:
“Cisco is a global company and, as such, may need to transfer your personal information both within the United States and outside of the United States in accordance with our Privacy Statement. By using Smart Licensing, you consent to the transfer, processing, and storage of such information outside of your country of residence where data protection standards may be different.”
We were consenting to our network data being stored in countries where data protection laws might be different. Which countries? What are the global differences in data protection laws?
Smart License Using Policy
Beginning with IOS XE 17.3.2, the Smart Licensing Using Policy (SLP) is in effect. At 17.3.2, we go back to what it was like before 16.9 with a new “requirement” to at some point report license usage to the Smart Account. “Requirement” is more of a suggestion here.
What’s new with SLP compared to Smart Licensing?
- Products will no longer boot into evaluation mode.
- Per-product software registration is not required.
- Phone Home with Cisco Cloud is no longer required.
Which platforms/images are subject to SLP?
- All IOS-XE 17.3.2 / 17.4.1 and later releases
- Catalyst 9000 series switches
- ASR1K, ISR1K, ISR4K
- Virtual routers beginning with 17.4.1
- Catalyst 9800 series wireless controllers and APs
- IR 1101
- IE 3200, 3300, and 3400 series industrial ethernet switches
- Catalyst 8200, 8300, and 8400
How often is reporting required? (See 4.5. in Smart License Using Policy - FAQ).
Perpetual Licenses:
- A report is required within 90 days when there is a change in software use.
- If there is no change in software use, no report is required ever.
Subscription Licenses:
- Reporting is required within 90 days when there is a change in the software use.
Licensing will now have three defining components: License Type, Enforcement Type, and Export Status. The different combinations require different reporting time frames.
License Type:
- Perpetual – What we’re used to.
- Subscription – Requires a subscription renewal and additional recurring cost.
Enforcement Type:
- Not Enforced – Does not require authorization or registration before use.
- Enforced - Does require authorization, and an authorization code will need to be installed on the target device to use the feature(s).
Export Status:
- Restricted - Restricted by U.S. trade control laws, authorization before use is required, and a code needs to be installed on the target device to access the feature (HSECK9).
- Not Restricted – Not restricted by U.S. trade control laws.
For the most part, this is a win for the market. However, Smart Accounts aren’t obsolete yet, but I suspect they will be, as reporting and the time required to manage this effort doesn’t add little if any value to the end-user.
The required information to “reconcile” is:
- Hardware serial numbers
- Software unique ID serial numbers
- Software product package and entitlement tag
- Software use count per license
- Time and date stamp
The
output of ‘sho lic all’ will produce a Smart Licensing Status that defines the License Type, Enforcement Type, and Export Status for all software installed on the system. It also provides a “policy” and “usage reporting” table that outlines their “required” reporting time frames.
Why is the Use of Smart Accounts Not Obsolete if We’re Not Required to Use Them?
Along with the internal timer, the system will report daily errors in the run log about Call Home and reporting. As of this publication, there is no way to turn it off.
‘no service call-home’ and ‘no call-home’ disable the services and error messages, but the Smart Agent in the software upon reboot enables them again. Same with ‘license smart transport off.’ The most effective solution that I’ve seen so far is an eem scriplet which runs upon boot and disables the Smart Agent.
- eem scriptlet that runs at boot disabling call-home.
- event manager applet disable-call-home-on-boot
- event syslog pattern "SYS-5-RESTART" // This pattern matches the system restart message.
- action 1.0 cli command "configure terminal"
- action 2.0 cli command "no call-home"
- action 3.0 cli command "no service call-home"
- action 4.0 cli command "end"
- action 5.0 syslog msg "Call-home service has been disabled after reboot."
Be prepared to see the following error messages:
Disabling Smart Agents
If you find another way to disable the Smart Agents, please let us know! Otherwise, we’ll post an update to this blog when we learn of a better way.
If you’d like to be notified when a solution is available, sign up for email notifications using the form below.