I was reviewing a design for Cisco License Manager today. I have written previously on how it will impact our current processes.
The not so obvious aspect of the License Management is that Cisco will receive reports from your license server that will not only show the licenses that you own but also all the hardware that you have. From this Cisco will be able to build a very effective picture of what your business looks like. In effect, you have no privacy.
The Sales View
Now, Imagine that you are Cisco Sales person who wants to understand which account should get the most attention. They will be able to look into your reported assets and understand exactly what you own and then determine what they should be selling you.
For example, lets say that you have a lot of C3550 that are end of life, then the sales person might want to be focussing on pitching the C4500 as an upgrade. Or perhaps the C6500 in your data centre are still running SupervisorII, then a good pitch on Nexus 7K might be a winner.
The Breach View
If you want to take a more “evil” view, Cisco will now have a complete list of everything you have ever owned and will be able to determine if you are in breach of your licensing and maintenance. The Cisco License Manager Service communicates with the Cisco Product License Registration Portal for all license fulfilment issues.
Current Cisco maintenance is based on the chassis and the software upgrades are automatically included. But what it Cisco moves to charge maintenance on every modules, blade, power supply and memory module.
The EtherealMind View
No one seems to questioning Cisco’s attack on privacy here. While Facebook is rightly being criticised for it’s access and sharing of information, what do we know about Cisco ? What are they doing with this licensing data and who are they sharing it with ?
Are Cisco Partners able to access the data, and, if so, what controls are placed on this ?
Therefore, I recommend that you consider very carefully whether you should share your licensing data with Cisco. You may need to consult your Legal Department to ensure that Cisco has given guarantees to keep this information confidential and to use and maintain the data in a proper manner.
So far, I don’t have any good answers to these questions. If anyone from Cisco could get in contact to discuss these matters or point me to people who can comment, I would be pleased to update the readers.