What is Cisco ONE?
Hi habr! The Cisco Open Network Environment (hereinafter referred to as Cisco ONE) is a new approach to ordering software and licenses for Cisco network equipment. In this article we will try to figure out what Cisco ONE is and in what cases it may be beneficial to use this approach. Immediately, Cisco ONE is not a replacement for the traditional ordering method (“A-la-carte”), both approaches will exist in parallel.
I will try to make an article without too much marketing. Also, I immediately want to make a reservation, I do not pretend to be 100% knowledgeable in using Cisco ONE. However, I will try to convey the main points.
')
For which Cisco devices can Cisco ONE be used?
Cisco ONE covers three categories of devices:
- Data Center;
- WAN;
- Access.
The Data Center category includes Nexus switches:
- Cisco Nexus 3000;
- Cisco Nexus 5000;
- Cisco Nexus 6000;
- Cisco Nexus 7000;
- Cisco Nexus 9000;
- Cisco MDS 9000.
WAN category includes routers:
- ISR G2;
- ISR 4000;
- ASR 1000.
The Access category includes Catalyst switches and WiFi controllers (WLC):
- Catalyst 2960X;
- Catalyst 3600/3800/4500/6800;
- WLC.
What are the benefits of Cisco ONE?
- Simplified and universal licensing scheme.
Here it is meant that earlier, for various categories of devices, it was necessary to remember various licensing schemes. For example, for the 2960X switches there are Lan Lite and Lan Base and IP Lite options (however, for these switches it’s more correct to say not the license, but the Feature Set, see the article “ Differences Lan Lite and Lan Base ”). For the 3560X / 3750X and for the new 3650/3850, there are licenses LAN BASE, IP BASE, IP Services. For ISR G2, ISR4K routers, there are IP Base, Security, UC, AppX. And now, if we want to use the Cisco ONE approach, then we will have a choice of only three license options, regardless of the type of device:- Foundation;
- Advanced Application;
- Advanced Security.
Foundation - licenses for the minimum set of functionality, according to Cisco, that you need to have in a full-fledged network.
Advanced Application - licenses for additional functionality, which may include Collaboration, Advanced Mobility Services, etc.
Advanced Security - licenses for advanced security features, such as FirePOWER for Cisco ASA, Cisco ISE. This type of license has not yet been implemented (March 2016).
Further in the article we will try to understand in more detail what exactly is included in one or another set of licenses. At this point, it should be noted that now (March 2016) there are only two types of licenses - Foundation and Advanced (yes, just Advanced). At the same time, for different types of devices, the Advanced license opens up completely different functions. For example, for routers, Advanced opens licenses for Unified Communications, and for WLCs licenses for Wireless Intrusion Prevention (wireless intrusion prevention system).
If you want to use the Advanced license functionality, the Foundation license must also be purchased. - Reduced total cost of ownership. Caution - Marketing! Certainly, the reduction in total cost of ownership depends on many factors. We will not go into marketing, however, in some cases, buying under the Cisco ONE scheme will be really cheaper than buying under the standard A-la-carte scheme.
The Cisco ONE Part Number will always be a few hundred dollars more on the Cisco GPL (Global Price List), relative to a regular part number. The reason is that Cisco ONE includes additional licenses that Cisco believes are required to build a full-fledged network. For example, for Catalyst switches, additional licenses include licenses for connecting the device to Cisco Prime Infrastructure (centralized monitoring and network management system), licenses for Cisco ISE (centralized access control system to the network), etc. Thus, the reduction in the purchase price can occur only when you are implementing or already using in the network those tools whose licenses are part of the Cisco ONE Part Number. Further in the article we will look at a specific example of cost reduction. - Transfer of licenses to next-generation devices. Simplified hardware upgrade procedure. In other words, if you use Cisco ONE, then when you replace the hardware, the Cisco ONE licenses can be transferred to a new device. Do not buy a new set of licenses for the new device.
- The ability to manage licenses using a custom portal. So far, unfortunately, it has not been possible to use this portal.
Examples of some Cisco ONE partner numbers and comparison with regular Cisco twin meters.
Catalyst 2960X Switches
Consider the WS-C2960X-24TS-L model. Cisco ONE parnier will look like:
C1-C2960X-24TS-L
For this switch, there is only a single Cisco ONE license option - Foundation. The Cisco ONE Part Number includes the following additional licenses:
- Energy Management licenses for 50 end devices;
- Prime Infrastructure licenses - 1 Lifecycle and 1 Assurance;
- ISE Base licenses for 50 end devices.
The price of Cisco ONE is about $ 200 more expensive than A-la-carte.
Note: using Cisco ONE, there is no way to order a LAN Lite switch.
Catalyst 3850 Switches
Consider the WS-C3850-24T-E model (with a maximum IP Services license). Cisco ONE Part Number will look like:
C1-WS3850-24T / K9
There are Foundation and Advanced licenses for this switch. Foundation opens the following additional licenses:
- Energy Management licenses for 50 end devices;
- Prime Infrastructure licenses - 1 Lifecycle and 1 Assurance;
- ISE Base licenses for 50 end devices.
Advanced adds license:
- LAN Base to IP Services.
The price of Cisco ONE is about $ 750 more expensive than A-la-carte.
Note: using Cisco ONE, there is no way to order a switch with an IP Base license. That is, either Lan BASE, or immediately IP Services.
Cisco ISR 4000 Routers
Consider the model ISR4321-AX / K9. For comparison, you have to choose a router in the AX bundle, which includes the Sec and Appx licenses. This set corresponds to the minimum order Cisco ONE - Foundation. Cisco ONE Part Number will look like:
C1-CISCO4331 / K9
Foundation and Advanced licenses exist for this router. Foundation opens the following additional licenses:
- Energy Management licenses for 100 end devices;
- SEC license;
- AppX license;
- WAAS licenses;
- NAM licenses;
- Prime Infrastructure licenses - 1 Lifecycle and 1 Assurance.
Decoding "WAAS" and "NAM"
Wide Area Application Services - accelerating applications on global channels.
Network Analysis Module - recognition, analysis and control of applications whose traffic passes through a network device.
Wide Area Application Services - accelerating applications on global channels.
Network Analysis Module - recognition, analysis and control of applications whose traffic passes through a network device.
Advanced adds licenses:
- UC;
- CME-SRST;
- CUBE.
The price of Cisco ONE is about $ 50 more expensive than A-la-carte.
Note: using Cisco ONE, there is no way to order a router with an IP Base license, or an SEC bundle. In my opinion, this is a significant omission, because it is the SEC bandl that is most in demand (remember, it opens up the functionality of FireWall and VPN). It turns out the minimum partner Cisco ONE will be significantly (now far from $ 50) more expensive than the most common variant of A-la-carta. In addition, Cisco ONE does not allow you to select a SEC-NPE license. Consequently, to import a router as part of the Cisco ONE bundle, you will always need to obtain an FSB permit, which automatically extends the equipment delivery time.
WiFi controllers
Consider the ALC-CT2504 WLC model. Cisco ONE parnier will look like:
C1-AIR-CT2504-K9
There are Foundation and Advanced licenses for this controller. Foundation opens the following additional licenses:
- Energy Management licenses for up to 25 end devices;
- Prime Infrastructure licenses - 1 Lifecycle and 1 Assurance;
- ISE Base licenses for 25 end devices;
- Basic license for CMX functionality.
Decoding "CMX"
Connected Mobile Experiences is an additional set of applications that is installed on the Mobility Services Engine (MSE) platform and serves for such tasks as geolocation of WiFi clients, etc.
Advanced adds licenses:
- Wireless IPS;
- Advanced CMX.
The price is difficult to compare, it is not quite clear how to order licenses for access points.
To find the benefits of a Cisco ONE order, I tried to calculate the purchase of Cisco devices to build a relatively small network. Example:
- Access switches: C2960X-48 - 5 pieces
- Kernel Switches: 3850-24 IP Services - 2 pieces per stack
- Border: ISR4331-SEC / K9 - 2 pieces
Total 240 access ports and 9 network devices.
I found the specification for the A-la-carte order option and for the Cisco ONE order option. The cost of the GPL specification Cisco ONE turned out about $ 3.000 more expensive than the specification of A-la-carte.
After that, I assumed that we want to connect all network devices (9 pieces) of this network to the Cisco Prime Infrastructure monitoring system and implement the Cisco ISE system to control the access of 240 user devices (by the number of access switch ports).
To accomplish this task, the A-la-carte specification will require the addition of Prime Infrastructure partner number (hereinafter PI), its basic license, PI Lifecycle license and PI Assurance license, Cisco ISE virtual machine, and ISE basic license for 250 end-user devices.
But in the Cisco ONE specification, many of the listed licenses already exist. In particular, we have by default obtained in the Cisco ONE specification PI Lifecycle, PI Assurance and ISE Base licenses for 250 end devices. It remains only to add the Prime Infrastructure part-number (hereinafter PI), its basic license and the Cisco ISE virtual machine.
As a result, to solve this problem, the Cisco ONE specification turned out to be about $ 5,000 cheaper.
Conclusion
The Cisco ONE order diagram can be summarized in the following table:
Draw conclusions on Cisco ONE thesis:
- The cost of a Cisco ONE single partner number is always slightly higher than the cost of a similar partner number when ordering according to the standard scheme ("A-la-Carte");
- The Cisco ONE Part Number includes licenses for additional tools and services. For example, Cisco Prime Infrastructure, Cisco ISE, Energy Management, WaaS, NAM, CMX, etc .;
- A Cisco ONE order can offer a cost advantage over a standard order (“A-la-Carte”) if the network uses additional tools and services for which licenses are part of the Cisco ONE partner planner;
- Ordering Cisco ONE gives you much less flexibility in choosing. For example, it is not possible to order Catalyst 2960X switches in LAN Lite version; for older Catalyst switches, it is not possible to order an IP Base license; for ISR G2 and ISR4000 routers, the minimum order includes Sec and AppX licenses.
I hope that this article will help save time to those readers who want to understand what is Cisco ONE, and in what cases it makes sense to recall the existence of this order option.
Additional useful information on Cisco ONE
Cisco ONE Partner Affiliate
The Cisco ONE partner can be found on the cisco.com website at the links below:
Through these links, you can also find information on how to migrate to the Cisco ONE license, if you already have Cisco equipment that you purchased using the traditional scheme.
In addition, you should pay attention to the presence of bundles in the categories of Access Switching and Access Wireless. Partner bundles begin with "ONENTWK- ...". The bundles include sets of switches, controllers and / or WiFi access points. The acquisition of network equipment as part of a bundle can also reduce the final cost of the specification.
Extended service support
When using Cisco ONE, you need two contracts to get extended service support. The first contract - Software Support Service (SWSS) is required to receive services related specifically to Cisco ONE: access to software updates and additions included in Cisco ONE, the ability to transfer licenses to Cisco ONE, the ability to handle Cisco TAC.
But to obtain basic technical support for hardware and operating systems, you must additionally purchase the Smart Net Total Care service contract. First of all, Smart Net Total Care is needed to replace failed hardware.
Thus, to obtain full-fledged extended service support when ordering Cisco ONE, you must purchase both the SWSS contract and the Smart Net Total Care contract.
Smart licenses
At the time of this writing (March 2016), Cisco ONE Advanced Security licenses were not implemented. For Cisco network security solutions, which include Cisco ASA, FirePOWER, ESA, WSA, etc. solutions, Cisco now offers a new approach to ordering licenses - Smart Licenses. So far, I do not have an exact idea of ​​the Smart Licenses. I can only say that this option of ordering licenses will make it possible to move away from the option of activating functionality on devices using the Product Activation Key (PAK). PAK and serial number binding will not be used. Instead, the client will have a set of license-subscriptions that can be easily transferred to the hardware as needed. For these purposes, there will also be a special portal.
PS Rumor has it that the Smart Licenses approach should gradually spread to all Cisco solutions. What will happen with Cisco ONE is not yet clear. Time will tell.
The Cisco ONE partner can be found on the cisco.com website at the links below:
Through these links, you can also find information on how to migrate to the Cisco ONE license, if you already have Cisco equipment that you purchased using the traditional scheme.
In addition, you should pay attention to the presence of bundles in the categories of Access Switching and Access Wireless. Partner bundles begin with "ONENTWK- ...". The bundles include sets of switches, controllers and / or WiFi access points. The acquisition of network equipment as part of a bundle can also reduce the final cost of the specification.
Extended service support
When using Cisco ONE, you need two contracts to get extended service support. The first contract - Software Support Service (SWSS) is required to receive services related specifically to Cisco ONE: access to software updates and additions included in Cisco ONE, the ability to transfer licenses to Cisco ONE, the ability to handle Cisco TAC.
But to obtain basic technical support for hardware and operating systems, you must additionally purchase the Smart Net Total Care service contract. First of all, Smart Net Total Care is needed to replace failed hardware.
Thus, to obtain full-fledged extended service support when ordering Cisco ONE, you must purchase both the SWSS contract and the Smart Net Total Care contract.
Smart licenses
At the time of this writing (March 2016), Cisco ONE Advanced Security licenses were not implemented. For Cisco network security solutions, which include Cisco ASA, FirePOWER, ESA, WSA, etc. solutions, Cisco now offers a new approach to ordering licenses - Smart Licenses. So far, I do not have an exact idea of ​​the Smart Licenses. I can only say that this option of ordering licenses will make it possible to move away from the option of activating functionality on devices using the Product Activation Key (PAK). PAK and serial number binding will not be used. Instead, the client will have a set of license-subscriptions that can be easily transferred to the hardware as needed. For these purposes, there will also be a special portal.
PS Rumor has it that the Smart Licenses approach should gradually spread to all Cisco solutions. What will happen with Cisco ONE is not yet clear. Time will tell.
Source: https://habr.com/ru/post/279283/
All Articles