Cisco Cisco AnyConnect Secure Mobility Client v2.x Information Guide
found that device based session capacity planning and per appliance license management
was a constant guessing game and operational challenge. Moreover, with the growing
number of mobile devices needing VPN connections combined with older ASAs being
refreshed to newer platforms there were also budget concerns with having to rebuy
licenses. To help address these issues, we moved AnyConnect to a total unique user,
term-based licensing model. This greatly simplified licensing calculation and consumption
in a number of areas.
was a constant guessing game and operational challenge. Moreover, with the growing
number of mobile devices needing VPN connections combined with older ASAs being
refreshed to newer platforms there were also budget concerns with having to rebuy
licenses. To help address these issues, we moved AnyConnect to a total unique user,
term-based licensing model. This greatly simplified licensing calculation and consumption
in a number of areas.
First, going with a total user count is very much in line with general trend towards
enterprise license / seat count model which enterprises can track and manage much better
than endpoints. Second, focusing on user vs endpoint removes the variability that comes
when the remote end-user has multiple devices connected simultaneously, a common
issue with knowledge workers, Millennials, etc. Third, focusing on total users removes
having to guess how many people need service and then having to buy pandemic
licenses, which sit idle most of the time. This is also more in line with general business
trend of enterprises trying to make employees more productive and thus always
connected. Fourth, moving to a term-based model allows budget planning to shift from a
bursty CAPEX and ongoing support budget exercise to a more smooth OPEX planning
process. Finally, creating a standalone bundled endpoint license separate from the
headend gives you choice when selecting different headend platforms and services. This
model allows you to avoid additional license costs when the head end box is swapped out
or additional capacity is added or when other services are added (e.g. AnyConnect Apex
investment for VPN services can be leverage along side ISE).
enterprise license / seat count model which enterprises can track and manage much better
than endpoints. Second, focusing on user vs endpoint removes the variability that comes
when the remote end-user has multiple devices connected simultaneously, a common
issue with knowledge workers, Millennials, etc. Third, focusing on total users removes
having to guess how many people need service and then having to buy pandemic
licenses, which sit idle most of the time. This is also more in line with general business
trend of enterprises trying to make employees more productive and thus always
connected. Fourth, moving to a term-based model allows budget planning to shift from a
bursty CAPEX and ongoing support budget exercise to a more smooth OPEX planning
process. Finally, creating a standalone bundled endpoint license separate from the
headend gives you choice when selecting different headend platforms and services. This
model allows you to avoid additional license costs when the head end box is swapped out
or additional capacity is added or when other services are added (e.g. AnyConnect Apex
investment for VPN services can be leverage along side ISE).
Cisco AnyConnect services continue to be competitively priced and very much in line with
Cisco's other software pricing initiatives such as Cisco ONE.
Cisco's other software pricing initiatives such as Cisco ONE.
In terms of the actual offers, AnyConnect 4.x collapsed the complex older AnyConnect
licensing model down into two simple tiers. The first is AnyConnect Plus, which includes
basic VPN services such as device and per-app VPN (including 3rd party IKEv2 Remote
Access VPN head-end support), always on, basic device context collection, and FIPS
compliance. AnyConnect Plus also includes other non-VPN services such as the
AnyConnect Network Access Manager 802.1X supplicant and the Cloud Web Security
module. In the 1H of CY 2015 with AnyConnect 4.1, AnyConnect Plus also added AMP for
Endpoint distribution capabilities through the AMP Enabler. Existing AnyConnect
customers can think of AnyConnect Plus as similar to the discontinued AnyConnect
Essentials. The second offer is AnyConenct Apex, which includes more advanced VPN
services such as endpoint posture checks, next generation encryption (including Suite B),
and clientless Remote Access VPN as well as all the capabilities of AnyConnect Plus. In
the 2H of CY 2015 with AnyConnect 4.2MR1, AnyConnect Apex added the Network
Visibility Module, a new endpoint flow based capability that collects user and endpoint
behavior on and off premises. Existing AnyConnect customers can think of AnyConnect
Apex as similar to the discontinuedf AnyConnect Premium and Shared. With both
AnyConnect Plus and Apex continuing to add additional features and services, the value of
AnyConnect term-based offers has and will continue to increase over time.
licensing model down into two simple tiers. The first is AnyConnect Plus, which includes
basic VPN services such as device and per-app VPN (including 3rd party IKEv2 Remote
Access VPN head-end support), always on, basic device context collection, and FIPS
compliance. AnyConnect Plus also includes other non-VPN services such as the
AnyConnect Network Access Manager 802.1X supplicant and the Cloud Web Security
module. In the 1H of CY 2015 with AnyConnect 4.1, AnyConnect Plus also added AMP for
Endpoint distribution capabilities through the AMP Enabler. Existing AnyConnect
customers can think of AnyConnect Plus as similar to the discontinued AnyConnect
Essentials. The second offer is AnyConenct Apex, which includes more advanced VPN
services such as endpoint posture checks, next generation encryption (including Suite B),
and clientless Remote Access VPN as well as all the capabilities of AnyConnect Plus. In
the 2H of CY 2015 with AnyConnect 4.2MR1, AnyConnect Apex added the Network
Visibility Module, a new endpoint flow based capability that collects user and endpoint
behavior on and off premises. Existing AnyConnect customers can think of AnyConnect
Apex as similar to the discontinuedf AnyConnect Premium and Shared. With both
AnyConnect Plus and Apex continuing to add additional features and services, the value of
AnyConnect term-based offers has and will continue to increase over time.
Q. What factors contributed to changing the AnyConnect
license models?
license models?