On-Premises Server – Cisco Licensing and Registration
On-Premises Server
Because the Cisco Smart Licensing Cloud is hosted at cisco.com, your management center needs to connect to the Internet to obtain a smart license from Cisco. However, some organizations may have a limited Internet access policy, which can prevent a management center from connecting to the Internet directly. In that environment, you can use the Cisco Smart Software Manager on-premises server as an air-gapped solution. In this licensing model, the management center connects to an on-premises version of the Cisco SSM server deployed from an OVA image, which is registered to the Cisco Smart Licensing Cloud through the Internet.
Figure 3-3 illustrates the connection of a management center to the Cisco Smart Licensing Cloud through the Cisco SSM server and Internet.
Figure 3-3 Management Center Connects to the Cisco Smart Licensing Cloud via On-Premises SSM Server
Figure 3-4 shows the options to connect a management center to the Cisco Smart Licensing system. By default, the Connect Directly to Cisco Smart Software Manager option is selected.
Figure 3-4 Options to Connect a Management Center to Different Types of Smart Software Manager for Licensing
Offline Access
Some organizations may want to deploy Secure Firewall in a restricted network where Internet connectivity to the firewall’s management network is prohibited. For this type of air-gapped environment, Cisco allows you to reserve licenses from your smart account. This is known as Permanent License Reservation (PLR). In the PLR licensing model, the management center can operate without any connection to the Cisco SSM cloud application. You can manually copy and paste licensing information between the management center and cisco.com to check the licenses in and out.
The PLR model offers two options for license reservation: Specific License Reservation (for a specific term) and Universal Permanent License Reservation (for an unlimited term). However, to reserve any licenses, you need to obtain approval from your Cisco account representative, because the PLR model allows you to license Secure Firewall without any connection to the Cisco SSM—either a direct connection or via an on-premises server.
Table 3-3 highlights two predominant differences between Specific License Reservation (SLR) and Universal Permanent License Reservation (PLR) models.
Table 3-3 Major Differences Between SLR and PLR Models
Criteria | SLR | PLR |
Duration | Licenses are reserved for a specific period. | Licenses are perpetual. |
Enforcement | Once it expires, the management center does not allow new registration and deployment. | Enforcement is not a concern because the license never expires. |
Note
The smart licensing managers—Cisco SSM cloud application and the on-premises SSM server—are not limited to Cisco Secure Firewall only. You can register many Cisco products using them. To learn more about various smart licensing models, read the publications at cisco.com. To get access to the Cisco SSM, contact Cisco Support or your Cisco account representative.