Frequent readers of my blog and Twitter stream may have noticed that I have a special loathing in my heart for licensing. I’ve been subjected to some of the craziest runarounds because of licensing departments. I’ve had to yell over the phone to get something taken care of. I’ve had to produce paperwork so old it was yellowed at the edges. Why does this have to be so hard?
Licensing is a feature tracking mechanism. Manufacturers want to know what features you are using. It comes back to tracking research and development. A lot of time and effort goes into making the parts and pieces of a product. Many different departments put work into something before it goes out the door. Vendors need a way to track how popular a given feature might be to customers. This allows them to know where to allocate budgets for the development of said features.
Some things are considered essential. These core pieces are usually allocated to a team that gets the right funding no matter what. Or the features are so mature that there really isn’t much that can be done to drive additional revenue from them. When’s the last time someone made a more streamlined version of OSPF? But there are pieces that can be attached to OSPF that carry more weight.
Rights and Privileges
Here’s an example from Cisco. In IOS 15, OSPF is considered a part of the core IOS functionality. You get it no matter what on a router. You have to pay an extra license on a switch, but that’s not part of this argument. OSPF is a mature protocol, even in version 3 which enables IPv6 support. If you have OSPF for IPv4, you have it for IPv6 as well. One of the best practices for securing OSPF against intrusion is to authenticate your area 0 links. This is something that should be considered core functionality. And with IPv4, it is. The MD5 authentication mechanism is built into the core OS. But with IPv6, the IPSec license needed to authenticate the links has to be purchased as a separate license upgrade. That’s because IPSec is part of the security license bundle.
Why the runaround for what is considered a best practice, core function? It’s because IPv6 uses a different mechanism. One that has more reach that simple MD5 authentication. In order to capture the revenue that the IPSec security team is putting in, Cisco won’t just give away that functionality. Instead, it needs to be tracked by a license. The R&D work from that team needs to be recovered somehow. And so you pay extra for something Cisco says you should be doing anyway. That’s the licensing that upsets me so.
License Unit Report
How do we fix it? The money problem is always going to be there. Vendors have to find a way to recapture revenue for R&D while at the same time not making customers pay for things they don’t need, like advanced security or application licenses. That’s the necessary evil of having affordable software. But there is a fix for the feature tracking part.
We have the analytics capability with modern software to send anonymized usage statistics to manufacturers and vendors about what feature sets are being used. Companies can track how popular IPSec is versus MD5 or other such feature comparisons. The software doesn’t have to say who you are, just what you are using. That would allow the budgets to be allocated exactly like they should be used, not guessing based on who bought the whole advanced communications license for Quality of Service (QoS) reporting.
Licensing is like NAT. It’s a necessary evil of the world we live in. People won’t pay for functionality they don’t use. At the same time, they won’t use functions they have to pay extra for if they think it should have been included. It’s a circular problem that has no clear answer. And that’s the necessary evil of it all.
But just because it’s necessary doesn’t mean we can’t make it less evil. We can split the reporting pieces out thanks to modern technology. We can make sure the costs to develop these features gets driven down in the future because there are accurate statistics about usage. Every little bit helps make licensing less of a hassle that it currently is. It may not go away totally, but it can be marginalized to the point where it isn’t painful.