WIXLIB

Smart Licensing Overview and Best Practicesfor Cisco Email and Web Security (ESA, s UsedBackground InformationSummary of the Smart License Global Topic from CiscoOut of the BoxCommunication RequirementsDescription of the CSSM tool and the tabs.Generate a Token from CSSMEnable the Smart License feature on the ESA/SMA/WSARegister the ESA/SMA/WSA to a Smart Account using the Token.ActionsDefinitions related to Smart LicenseHow to View License ExpirationLogging Services for Smart LicensingRelated InformationIntroductionThis document describes the activation process, definitions, and troubleshooting of the SmartLicensing Service on ESA/SMA/WSA.PrerequisitesComponents UsedThe information in this document is based on these software and hardware versions: Email Security Appliance (ESA) AsyncOS Version 12.0 and newer.Security Management Appliance (SMA) AsyncOS Version 12.0 and newer.Web Security Appliance (WSA) AsyncOS Version 11.7 and newerNote: Enabling the Smart License Feature on the ESA/SMA/WSA is Permanent anddoes not permit the option to revert an appliance back to Classic License Mode.Background Information

Smart Licensing Provides the ability to: Manage all of your product licensing from a central locationNormalizes the process between Physical a Virtual ESA/SMA/WSA, using 1 method to applyand manage licensesEasily apply a license to your ESA/SMA/WSAReceive Alerts related to license expirationHardware model ESA/SMA/WSA, out of the box, have a 90 day Evaluation Period for allservicesSummary of the Smart License Global Topic from CiscoEven though the core purpose of this article is to configure the Smart Licensing Services on theESA/SMA/WSA, we have included links below to provide general direction to educate on the topic.Registering the ESA/SMA/WSA host with smart licensing first requires the owner of the applianceto possess a Smart Account.Smart Accounts are issued one per domain.The administrator of the Smart Account can create sub-level Virtual Accounts allowingsegregation of resources.Virtual Accounts may be used to restrict access to different Cisco Product Licenses based oncustomer needs.Customers access the Cisco Smart Software Manager (CSSM) to manage licenses anddownload TOKENSThe following links provided by Cisco, include videos, guides, and explanations related to SmartLicensing: Create New Smart Account or Request to add a user to an existing accountSmart Software Licensing Overview Cisco WebPageSmart Licensing Deployment GuideCisco Smart Accounts Cisco PageSmart Software Manager Cisco PageCisco Smart Software Manager (CSSM)Out of the Box All hardware model ESA/SMA/WSA purchased include 90-day Evaluation Licenses for allfeaturesAll hardware models migrating with existing Classic Licenses(CL) will receive 90-dayEvaluation LicensesAll Virtual ESA/SMA/WSA models require a basic VLN (.xml) file loaded to the appliance tolink it/them to the upgrade/update serverAll Virtual ESA/SMA/WSA models when created, do NOT include 90-day licenses and requireregistration via the Classic License VLN (.xml)All Virtual ESA/SMA/WSA models migrating with existing Classic Licenses (CL) include 90day Evaluation Licenses

Communication Requirements Network or Proxy communication smartreceiver.cisco.com on TCP port 443Description of the CSSM tool and the tabs.A basic illustration of the CSSM Tabs General TabThe location to generate the token (the token is time-based and may be used to registermultiple ESA/SMA/WSAEnsure the proper "Virtual Account:" has been selected as a customermay have multiple virtual accountsNew Token, will open a template to complete and results ina "Token," line entry in the tableActions can be executed repeatedly as needed and willdisplay options to; Copy, Download, Revoke the tokenCSSM General Tab Licenses Tab The location to review and confirm the presence and availability of licensesTheLicense column lists the names of the services or bundles purchasedThe Purchased columnlists the presence of usable keysThe Alerts column displays important messages regarding aspecific license

CSSM License Tab Product Instances TabDisplays the individual appliance names, models, last communication, and AlertsCSSM Product Instances TabGenerate a Token from CSSM Launch the CSSM webpage Cisco Smart Software Manager (CSSM)Top of page, select Inventory Once loaded, select the appropriate “Virtual Account:” from thetop left portion of the pageA large organization may have multiple virtual accounts assigned toa single smart account, requiring a selection of the appropriate virtual account related to theESA/SMA/WSA licensesTabs: General, Licenses, Product Instances, Event LogGenerate a Token from CSSM Select the “General,” tabJust below the heading, “ProductInstance Registration Tokens,” select the button, “New Token”A window will appear tocomplete the “Description,” and “Expire After,” valuesCreate a TokenReturning to the GeneralTab, select the “Actions,” drop-down tab to copy or download the tokenSAMPLE TOKEN Virtual Account:ESASmart Account:InternalTestDemoAccount.MY DOMAIN.com

Token Description: SMA tokenExport-Controlled Functionality: AllowedCreated by User:my CCOIDContact Email:ADMIN@MY DOMAIN.comExpiry Date:2018-Nov-09 04:19:05 (in 18 days)* Note: this token file was downloaded on October 22nd 2018* Note: copy entire token string to use for product instance registrationEnable the Smart License feature on the ESA/SMA/WSA Web UI activation:Browse to System Administration Smart Software LicensingSelect Enable SmartSoftware LicensingOptions are listed providing the choices to request feature keys: Option 1:Use a token to register and request needed featuresOption 2: Register without a token andhave a 90 day Evaluation PeriodSelect OKCommit ChangesCLI activation:Execute command license smart Enable YOption 1 and Option 2 will be listed the sameas the above UI descriptionSelect OKCommitRegister the ESA/SMA/WSA to a Smart Account using theToken. Navigate to System Administration Smart Software LicensingSelect the "Register" button to open the pop-up registration pagePaste the copied token in the space provided below step 4Select "Register" to complete the steps (The pop-up window will close)Refresh the "Smart Software Licensing" page after 30 seconds to view the new statusOnce completed the "Registration Status" field will present the word "Registered" along withthe registration expiration datesSmart Software Licensing"Register"

Registration Pop-uppage.Registration confirmation.ActionsAdditional tasks can be performed from the Smart Licensing "Actions" drop-down menu. Renew Authorization Complete this task to manually renew the License Authorization Statusfor all licenses listed under the License TypeNote: The license authorization is renewed automatically every 30 days. The licenseauthorization status will expire after 90 days if the ESA/SMA/WSA does not communicatewith CSSM. Renew Registration Complete this action to manually renew the registrationNote: The initial registration is valid for one year. Renewal of registration is performedautomatically every six months if the appliance has connectivity to CSSM. De-register Disconnects the ESA/SMA/WSA from CSSMThe system will transition toEvaluation ModeThe licenses consumed by the ESA/SMA/WSA get released and credited tothe smart account for re-use

Re-register Reregister the ESA/SMA/WSA with CSSMNote: Re-register could be used to migrate between organizations multiple virtual AccountsDefinitions related to Smart LicenseLicense types:Classic License (CL): CL refers to the legacy methods used for both hardware and virtuallicensesSmart License (SL): SL refers to Smart LicensingLicense Authorization Status - Is the status of a given license within the Appliance. The ESA/WSA/SMA does not display the actual expiration date with the Smart Licenses page.Location: WebUI System Administration Licenses.Location: CLI license smart summary.The status of a specific feature will appear with one of the below values: Eval: SL Service has been enabled on a new (Hardware) ESA/SMA without tokenregistrationSL Service has been enabled on an appliance with existing CL installedEval Expired: 90 Day Evaluation SL has expired and the appliance has transitioned to theadditional 30-day grace periodIn Compliance: The appliance has been registered with a token and currently feature isconsuming a valid licenseOut of Compliance (Grace Period) may be observed in 2 scenariosOne-click request for a temporary 30-day feature license is being usedA license has expiredon the appliance and the 30 day grace period has initiatedOut of Compliance (Expired): LIcense fully expired and the associated service stopsfunctioningSystem Administration LicensesNote: The WebUI Smart Licensing pages contain numerous informational buttons in the formof a ? to assist to define values.

How to View License ExpirationHow do I see the actual expiration date?The License Expiration Dates can be viewed within the CSSM Smart Software Management Site. Navigate to: Inventory Virtual Account LIcenses Click a license name to open the popupwindow.The Overview tab will show the current license count, purchase and expiration date.The Transaction History tab shows each purchase/expiration per transaction.

CSSM: View license expiration.