Saturday, September 29, 2012

Enterprise Licence Manager

Since from UCM 9.0, Cisco introduced ELM (Enterprise License Manager).  Instead of putting license files on UCM, CUC servers, now you put license files on a "License Server" (ELM).


This is similar to some other software manufacturers such as Microsoft's KMS, VMware's license server, etc.

The advantages are obvious:

  • Have a centralized location to manage licenses for multiple servers/products (UCM, CUC, etc.)
  • Having a single license pool makes it easier to allocate/relocate license.  For example, you decommissioned a UCM server and installed a new one.  In the past, you need to open a Cisco case to "rehost" the license (because of the change of license MAC).  Now you may do it yourself with ELM.
ELM comes with the UCM9 installation DVD.  You may install it as a standalone server or co-resident with UCM.  In a real enterprise environment, it makes sense to have a standalone ELM server.  So the ELM was not affected if you had to reinstall the UCM.


Please note that workflow has changed with this new architecture.  Before, you need the "license MAC" of the UCM server when requesting license.  Now, you need the "license request" of the ELM server.  With this workflow, you may request license without knowing the UCM's MAC address.

"license request" is the signature of ELM server.  Cisco uses this signature to encrypt the license file so it can only be decrypted by the requesting ELM (signature owner).


The request (signature) is encoded in Base64 format.  You may decode it with any Base64 decoder.


Don't be confused if you're still seeing scrambled characters after decoding.  As seen from screenshot above, the request consists of Cisco proprietary info (such as server ID) and a standard X.509 CSR.  Proprietary info are in binary format thus you won't be able to read it in plain text.  CSR is encoded in Base64 (yes, Base64 in Base64).  You may further decode the CSR if you're interested.  Just copy the text portion between "-----BEGIN CERTIFICATE REQUEST----- " and "-----END CERTIFICATE REQUEST----- ", then paste it into a CSR decoder.


Interesting enough, ELM uses PostgreSQL instead of UCM's Informix.  Use "su - postgres" to switch to postgres user so you can have access to the database.

In case you're not familiar with PostgreSQL, here are some commands you may use to get started:

psql : PostgreSQL command line interface
\l : List databases
\c : Connect to a database
\d : List tables
\d: Describe a table



You may use standard SQL statement to view or change the data in tables.  You may put the SQL statement in one line or multiple lines.  Semicolon(;) is a special character to trigger the execution of the SQL statement.  You may put the semicolon at the same line of the SQL statement or a different line.


is the same as


4 comments:

  1. Glad Cisco finally did something to simplify the licensing chaos that is CUWL!

    ReplyDelete
  2. Thank you for the great post. I get prompted for a username when I su postgres and if the password is changes the connection to te db breaks ...

    Did the su with the root account.

    ReplyDelete
  3. With 8.x, I could test customer systems by building a "duplicate" lab server using the same license mac details and license file.

    Does this mean its not now possible to do that in 9.x/ELM?

    ReplyDelete
  4. Greetings from Brazil.

    I know your blog since 2009, when I bought your book (the 6.0 version). It still a amazing blog with a lot of good info.

    Thank you.

    ReplyDelete