Updated: Nov 2, 2021
ClearEdge has seen a significant uptick in audits by Cisco over the last year. Like many other suppliers, the vendor is using audits to drive revenue through (a) audit findings and penalties, and (b) new spending on Cisco products to make the audit findings go away.
Unless customers have negotiated their own contractual terms that supersede and replace the Verification language in Cisco’s standard EULA, they at risk of being audited. Cisco’s EULA states the following:
Most customers agree to these contractual terms. In some cases, this acceptance is not part of a negotiation, but rather a box that IT checks when installing a solution. For example, when a switch is being configured with Right-To-Use licenses, Cisco’s terms state: “To activate a permanent or evaluation license, you are required to accept the End-User License Agreement (EULA).” (Source)
What is Cisco Finding in these Audits?
As Cisco developed its auditing practice, it focused on three main areas where customers were most often found out of compliance.
1. Unentitled OS Upgrades
Cisco is looking at the OS Version running on your devices and comparing it to what you are entitled to run. Meanwhile, it’s licensing rules have changed over time, depending on the specific release. A general rule is if a customer wants to upgrade the OS to a newer version, they must have the device on an active support contract with Cisco. If a device is not put on an active support contract and gets upgraded, the device falls out of compliance.
Most customers are not intentionally upgrading their devices without the right to do so – they’re simply busy. When a device needs to be plugged into the network and upgraded, IT usually has a lot of details to manage to make these changes. They may not think to add the devices to the current maintenance contract, or maybe they want to wait until a renewal to assess what devices need to be added to the maintenance contract (although that may be too late). Further, maintaining an accurate inventory of every device on a network can be tedious and time consuming, and many organizations lack the resources to constantly update their systems and contracts.
2. Unentitled Features
The next thing Cisco is looking for is whether a customer is running the appropriate feature set on a device. When Cisco sells a router/switch or other device to a customer, the customer has several options. The switch comes with a basic feature package, but you could upgrade to a license with richer features. For example, some switches come with a what is called a LAN Base license. However, you could choose to buy an IP Base license, which includes the LAN Base features and more.
The compliance challenges arise in the deployment process. Some Cisco routers/switches come preloaded with all license feature sets. The engineer installing the device can choose which feature set to deploy. So, if the engineer deploys the IP Base license but has only purchased a LAN Base license, they have unknowingly put the company out of compliance with Cisco.
3. Unentitled Hardware
Cisco has a very strong network of resellers and for many years has required customers to purchase Cisco solutions through them. However, customers can buy used Cisco equipment outside of this network, typically at a much cheaper price, from resellers who are not registered with Cisco. This is considered purchasing on the secondary or grey market. If a customer buys equipment this way, Cisco requires that the devices go through a hardware inspection, then get relicensed before it can be plugged into the customer’s network. These steps sometimes negate the savings achieved by buying used products outside of the Cisco network. For more information on this subject, use this link.
While the above scenario does create a legitimate compliance violation there have been miscommunications between Cisco and its resellers. Some client audits have revealed products purchased outside of Cisco’s network of resellers, but upon closer inspection, the equipment had been sourced from a Cisco registered reseller. The miscommunication between Cisco and its resellers puts the onus on the customer to correct the suppliers’ mistakes.
What Customers Can Do
To take control of their Cisco license and device compliance, clients must collect and organize product entitlement data. During this process, they must access and aggregate purchasing and related shipping records, which may require help from reseller(s) for some of the needed data. Entitlements must then be reconciled with deployments – spanning all OS versions, Feature Sets, Active Support Timelines, and so on.
Achieving this “dashboard” of compliance information will protect customers facing a Cisco audit, and yield a wealth of opportunity:
If there are compliance issues, customers can fix them before Cisco discovers them, and save money by doing so. Cisco typically starts negotiations at list price when they are reconciling audit findings. Customers purchasing new equipment often start negotiations at their historically discounted rate (typically 50% or higher, depending on the product). If a device needs to be added to support, the customer avoids paying back maintenance costs and relicensing fees, which can be very costly.
The organization will avoid slowdowns with Cisco’s TAC team. We often hear from customers who have called Cisco with questions about a device, only to find out that the device has not been added to the active support contract. This slowdown would be avoided because all devices running on the network would already be inventoried and on support, if necessary.
The organization can make smarter decisions about Cisco purchases with this information. You will be able to avoid unnecessary purchases and buy only the new devices you need.
For more information regarding Cisco audit preparation and defense, visit our website to view our extensive portfolio of compliance-related content, or contact your ClearEdge representative.
This blog was created based off our webinar on the subject, which can be accessed here.
- Corinne Boyles is a Principal Consultant at ClearEdge Partners.