NAC Enterprise Licensing

---

NAC Enterprise licensing allows deployment flexibility by providing end-system licensing on a system-wide basis regardless of the number of Extreme Access Control engines. For example, one IA-ES-12K Enterprise license supports 12,000 end-systems across all Access Control engines. The license limits the number of unique end-systems that can be authenticated in a day.

Enterprise licensing is enforced through Extreme Management Center. There are two license components to Enterprise licensing: the NAC Enterprise license and the NAC Enterprise Assessment license.

This Help topic includes the following information about the licenses:

• Enterprise Licenses
  • Applying a Enterprise License
  • Configuring End-System Capacity for an Identity and Access appliance
  • License Violations
• Enterprise Assessment Licenses
  • Applying an Enterprise Assessment License

Contact your sales representative for information on obtaining a NAC Enterprise or NAC Enterprise Assessment license.

Enterprise Licenses

The Enterprise license grants the number of end-systems that can be authenticated in the last 24-hour period.

One IA-ES-12K license supports 12,000 end-systems across all Access Control engines.
One IA-ES-3K license supports 3,000 end-systems across all Access Control engines.
One IA-ES-1K license supports 1,000 end-systems across all Access Control engines.

The calculation is based on the number of end-systems granted by the Enterprise license plus the end-system limit for all NAC-A-20, NAC-V-20, and legacy Access Control engines, (including those running a pre-5.0 version). The NAC Enterprise license can be aggregated by applying additional licenses. The respective end-system limits are dictated by the number of licenses applied. You can view the total end-system license limit for all engines in the NAC Appliances tab, as shown below.

NOTE:

The Extreme Management Center (NMS) license allows you to use a virtual Access Control engine, but does not display end-system information. The Management Center Advanced (NMS-ADV) license supports 500 end-systems on a virtual Access Control engine. This number is added to the end-system limit calculation if an Enterprise license or individual virtual engine is installed. (Note that any Access Control virtual engine running a pre-5.0 version still requires an Access Control VM license in the Management Center server.)

Applying an Enterprise License

The NAC Enterprise license is applied and updated via NAC Manager. The license is applied to the Management Center server and pushed down to all Access Control engines managed by the server, including hardware Access Control engine.

Use the following steps to apply the license:

1. From the NAC Manager menu bar, select Tools > Update Enterprise License. The NAC Enterprise License window opens and lists all Enterprise and Enterprise Assessment licenses entered in the system.
   
   
2. Click the Add License button.
3. In the License Agreement screen, accept the terms of the agreement and click OK.
   
   
4. In the Add Enterprise License window, enter your license text and click Update.
   
   
5. Close the NAC Enterprise License window.

The update operation automatically pushes the license to all the Access Control engines running NetSight 5.0 and later. The Enterprise license also automatically gets pushed down to any new engines added to NAC Manager after the Enterprise license has been applied.

NOTES:

While the license is being applied, the engine status in the NAC Manager tree stays orange until the Management Center server can confirm the license has been applied. This may take a few minutes. If for some reason the license is not pushed to an engine, you can use the Update License link available in the License Status field on the engine Configuration tab to update the license on a particular engine.

Configuring End-System Capacity for an Extreme Access Control Engine

You can configure the end-system capacity for an individual engine via NAC Manager. The default or configured Access Control engine capacity is used to tune the Access Control engine resources. If you do not configure the capacity using these steps, the capacity will be calculated according to the number of end-systems supported by the engine model.

1. In the Access Control engineConfiguration tab, click on the End-System Capacity link to open the Configure End-System Capacity window.
   
   
2. Enter the desired end-system capacity and specify the features expected to be enabled on the engine including Authentication, Accounting, Registration, and Assessment. Note that the number of end-systems supported on an engine is affected by the number of features that are enabled. Configuring the maximum capacity when all features are enabled may impact performance.
   
   
3. The window will then display the system requirements that are recommended for the specified capacity and feature set. Verify that the engine meets these system requirements or make adjustments, if necessary.
   
   
4. Click OK to set the capacity and close the window.
5. Enforce the engine.

License Violations

Extreme Management Center checks the number of end-systems on an Access Control system on a daily basis. Exceeding the license limit results in an event being logged in the NAC Manager Events log. As the length of the violations increases, progressively more severe actions are taken by Management Center.

If violations continue, a License Violation warning message displays when an administrator logs into a Management Center application. Next, additional warning messages display to all Management Center users logging in. For violations lasting a minimum of 60 days, Management Center does not record end-system data for those end-systems over the number allowed by the license. If a violation lasts a minimum of 120 days, all end-systems over the license limit bypass the Access Control rules engine and Management Center assigns the policy associated with the Default Catchall rule (configured by the administrator).

Enterprise Assessment Licenses

The Enterprise Assessment license limits the number of end-systems assessed across all Access Control engine managed by the Extreme Management Center server. The license count is determined by finding all unique end-systems that have an assessment result present. The limit is dictated by the number of Enterprise Assessment licenses purchased. One IA-PA-3K license supports 3,000 unique end-system assessments across all Access Control engine, while one IA-PA-12K license supports 12,000 end-system assessments across all Access Control engine.

The NAC Enterprise Assessment license can be aggregated by applying additional licenses. The respective end-system limits are dictated by the number of licenses applied.

The limit is checked on a daily basis. If the limit is exceeded, an event is logged in the NAC Manager Events log.

Applying an Enterprise Assessment License

The NAC Enterprise Assessment license is applied and updated via NAC Manager.

1. From the NAC Manager menu bar, select Tools > Update Enterprise License. The NAC Enterprise License window opens and lists all Enterprise and Enterprise Assessment licenses entered in the system.
   
   
2. Click the Add Assessment License button.
3. In the License Agreement screen, accept the terms of the agreement and click OK.
   
   
4. In the Add Assessment License window, enter your license text and click Update.
   
   
5. Close the NAC Enterprise License window.

The NAC Enterprise Assessment license is applied to the Management Center server. It does not get pushed to the Access Control engine.