Customer Portal Subscription Management
for managing subscriptions
Abstract
1. What We Mean by "Managing Subscriptions"

Figure 1. Customer Portal Subscription Management
- First, to make sure that all of the products on your systems have valid and active subscriptions, so administrators can maintain compliance with any regulatory requirements (like PCI-DSS or SAS-70) and internal mandates.
- Next, to help with procuring the right number and type of software products for the infrastructure. Over-subscribing a system or purchasing too many subscriptions for what your environment actually uses can cost your business money. Tracking used and available subscriptions and managing expirations and renewals more effectively can possibly lower your IT budget.
- Last, subscription management makes it easier for you to know what products your systems need to access and to make sure they are assigned the right subscriptions.
1.1. The Subscription Process
- An account buys a subscription to a product, which gives them access to Red Hat's Content Delivery Network, errata and patches, upgrades, and support.A subscription defines a quantity, meaning the number of systems that are allowed to have access to the product and all its support services because of that subscription.
- A server is added, or registered, to the inventory for the subscription management service. This means that the subscription service can manage the server and attach it subscriptions.
- A subscription is attached to a system, so that the system is entitled to support services and content for that product.
subscription-manager
are limited to the local machine, they cannot be used to manage other systems in the inventory.)
1.2. Hosted Services and On-Premise Subscription Management Applications
1.3. Red Hat Network and RHN Classic
Note
1.4. Customer Portal Subscription Management and Access Control

Figure 2. Subscription Management Permission
2. A Quick Reference of Subscription-Related Terms
- system
- Any entity — a physical or virtual machine — which is in the subscription service inventory and which can have subscriptions attached to it.
- subcriptions
- A subscription defines the products that are available, the support levels, the quantities (or number) of servers that the product can be installed on, architectures that the product is available for, content repositories which supply the product, and other information related to the products.
- attach
- Assigning a subscription to a system.
- utilization
- A summary of the total number of subscriptions available to an organization, and the total number of subscriptions that are attached to Customer Portal Subscription Management, RHN Classic, and different subscription management applications.
- overusage
- A state for an organization when they have more subscriptions attached than they have purchased. This can occur when infrastructures are using both Customer Portal Subscription Management and RHN Classic to register systems, since they draw from the same subscription pools but use separate tallies.
- service level preference
- A preference based on what service level to use for installed products.
- release preference
- A preference that restricts products and updates to a specific operating system minor release.
- organization or subscription management application organization
- A local subdivision that contains a subset of subscriptions. This is a way to define a subscription structure that reflects the IT environment. An organization can be aligned with a physical location or an organizational division in a company.
- hosted
- Subscription and content services provided by Red Hat, rather than an on-premise application.
- available
- A subscription which has quantities that have not been attached to a system yet.
- Customer Portal Subscription Management
- The hosted subscription management service. In this service, subscriptions are managed based on the product (and verified through issued certificates), rather than access to channels.
- CDN
- The Content Delivery Network.
- channel
- A collection of packages based around a software product, a group of related products, or a version of product. The channel-based way of defining subscriptions is used only by RHN Classic.
- compatible
- Available and active subscriptions which match the architecture of the system.
- unit
- Any entity — a physical or virtual machine, a domain, or a person — which is in the subscription management service inventory and which can have subscriptions attached to it.
- content
- Software downloads and updates.
- Content Delivery Network (CDN)
- The Red Hat-hosted content repositories and technology to deliver software, updates, and packages.
- entitlement certificate
- An X.509 certificate that contains a list of subscriptions for a system, including information about the products and quantities, content repositories, roles, and different namespaces.
- identity certificate
- An X.509 certificate which is issued to a system when the system is registered with the subscription management service. This certificate is used to authenticate and identify the system to the subscription management service.
- inventory
- A list of units (systems, domains, people, or applications) which have been registered to the subscription management service and a list of all subscriptions (current, expired, and future) which have been purchased by an organization.
- license
- A legal statement that defines how software can be used. Red Hat products are licensed under GPLv2. A subscription determines how many instances (quantities) or a product can be updated through Red Hat content streams and will be provided support but they do not restrict the ability to install or use software products.
- product
- The individual software product, like Red Hat Enterprise Linux or Directory Server.
- product certificate
- An X.509 certificate that is generated and installed on a system once a product is installed. This contains information about the specific system that the product is installed on (such as its hardware and architecture) and the product name, version, and namespace. This identifies that specific product installation to the subscription management service and CDN.
- register (verb)
- To add a system (physical or virtual) to the subscription management service inventory.
- RHN Classic
- The traditional RHN system. This will be available for a few years but is being phased out.
- status
- Whether all of the products installed on a system are fully covered with active subscriptions.
- Subscription Manager
- A set of tools used to view and attach subscriptions and to manage systems in the inventory. There are two Subscription Manager tools:
- Subscription Manager GUI which is installed on the local system and manages that local system. It can be opened by running
subscription-manager-gui
or in the menu. - Subscription Manager CLI which is also installed on the local system and manages that local system. Different operations can be invoked by running subscription-manager command. This tool can also be used to script interactions for subscriptions, such as for kickstart installations.
- subscription management service
- The backend server which interacts with the individual systems by creating an inventory of systems. It also keeps the inventory of subscriptions, including contracts, quantities, and expiration dates. When a new system is registered, when subscriptions are attached, and when products are installed. The subscription management service manages the changes and issues a corresponding X.509 certificate to the system to mark the change. The subscription management service also defines rules for products, such as hardware/architecture restrictions, to help with attaching subscriptions.
- X.509 certificate
- A specific certificate standard that is used to determine the format of certificates used for SSL communication and within a public key infrastructure. This is used to delineate the certificates used by the new subscription management service from the Satellite certificates used in the RHN Classic system.
3. High-Level Subscription Information
3.1. The Overview Page
- A view of all subscriptions in use for an account
- A view of all systems within the inventory
Note

Figure 4. Customer Portal Subscription Management Overview Page
3.2. Subscription Utilization
- All subscriptions that are active and attached (total counts)
- All available subscriptions that can be used by systems in Customer Portal Subscription Management
- Subscriptions in Customer Portal Subscription Management that match a specific system's architecture, socket count, installed products, or other characteristics

Figure 5. Total Counts of Subscriptions for All Subscription Services
3.3. Managing Expired and Expiring Subscriptions

Figure 6. Subscription Overview
- active subscriptions goes to the Active tab.
- subscriptions expiring in the next 120 days goes to the Available for Renewal tab.
- recently expired subscriptions goes to the Recently Expired tab.

Figure 7. Recently Expired Tab

Figure 8. (Expired) Product Renewal Information
3.4. Resolving Over-Utilizing Subscriptions
Warning

Figure 9. Overutilizing Subscriptions

Figure 10. Reviewing Systems
Note
4. Activating Subscriptions
- In the Subscriptions > Overview page, click the Activate a subscription link in the upper right of the Summary area.
- In the Subscription Activation page, enter the 16-digit subscription number.
- Continue through the activation wizard.
5. Managing Systems and Units
5.1. Registering a New System
- Open the Subscriptions tab in the Customer Portal, and select the Overview item under the Subscription Management menu area.
- In the Usage area on the right, click the Subscription Management link.
- In the Units area on the left, click the Register link.
- Fill in the information for the new system.A system requires information about the architecture and hardware in order to ascertain what subscriptions are available to that system.
- The name for the entry, which is normally the hostname.
- The system type, physical or virtual.
- The architecture, which is used to determine compatible subscriptions.
- The number of sockets, either the number of physical sockets or, for virtual machines, the number of CPUs. Some subscriptions cover to a certain number of sockets, and multiple subscriptions may be required to cover larger systems.
- Once the system is created, attach the appropriate subscriptions to that system.
- Open thetab.
- Click thelink.
- Click the check boxes by all of the subscriptions to attach, and then click the Attach Selected button.
- Click thelink to download the entitlement certificate for each subscription. Save the file to some kind of portable media, like a flash drive.
- Optionally, open the Download button. The identity certificate for the registered system could be used by the system to connect to the subscription management service. If the system will permanently be offline, then this is not necessary, but if the system could ever be brought onto the network, then this is useful.tab and click the
- Copy the entitlement certificates from the media device over to the system.
- Import the entitlement certificates. This can be done by using the System menu in the Subscription Manager UI or by using theitem in the
import
command. For example:# subscription-manager import --certificate=/tmp/export/entitlement_certificates/596576341785244687.pem --certificate=/tmp/export/entitlement_certificates/3195996649750311162.pem Successfully imported certificate 596576341785244687.pem Successfully imported certificate 3195996649750311162.pem
- If you downloaded an identity certificate, copy the
cert.pem
file directly into the/etc/pki/consumer
directory. For example:cp /tmp/downloads/cert.pem /etc/pki/consumer
5.2. The System List: Viewing the Inventory

Figure 12. Subscription Management Page

Figure 13. The System List
5.3. System Details: Viewing System Information

Figure 14. The System Details

Figure 15. The System Facts
Note
5.4. Attaching Subscriptions to a System
Note
- The service level for the subscription.
- The contract number for the purchase of the subscription, which is important for record keeping and tracking.
- The quantity still available for that subscription. Subscriptions are purchased in quantities; this number tells how many are still left of the total quantity purchased.
- The start and end dates of the subscription. This keeps you from attaching a subscription that may only be valid a few days before it expires or which are not yet active.
Note
- Open thetab.
- Click thelink.
- Click the checkboxes by all of the subscriptions to attach.Normally, subscriptions are listed only if they are compatible with the system, meaning they match the system's recognized hardware, architecture, and preferences (service level or release version). To list all subscriptions, even those that aren't compatible with the system's hardware or service level preference, then deselect the appropriate Only Show... checkbox.
- Click the Attach Selected button.
5.5. Checking Status

Figure 16. Subscription Status
- Green means all products have a valid subscription.
- Yellow means that some products may not have active subscriptions but updates are still in effect.
- Red means that updates are disabled.

Figure 17. Unknown Subscription Status
5.6. Setting a Preferred Service Level
- Premium
- Standard
- None (self-supported)
Note
[root#server ~]# subscription-manager attach --auto --servicelevel Premium

Figure 18. Service-Level Preference
5.7. Viewing the Operating System Release Release Preference
yum update
and move from version to version.

Figure 19. Operating System Release Version Preference Setting
5.8. Autoattaching Subscriptions

Figure 20. Toggling Autoattaching
5.9. Viewing Subscriptions for a System

Figure 21. Subscription Details Link

Figure 22. Subscription Details
5.10. Removing Subscriptions for a System

5.11. Removing a System
unregister
command with Red Hat Subscription Manager.
- Open the Subscriptions tab in the Customer Portal, and select the Overview item under the Subscription Management area.
- In the Usage area on the right, click the Subscription Management link.
- Click the link for the system type in the Subscription Management page.
- Select the checkboxes by the systems to delete.
Note
You cannot delete more than five (5) systems at a time.
Note
5.12. Viewing and Regenerating Identity Certificates for a System

Figure 23. Identity Certificate Details
-----BEGIN CERTIFICATE----- MIIDdzCCAuCgAwIBAgIIASDVoX2P1a8wDQYJKoZIhvcNAQEFBQAwSzEqMCgGA1UE AxMhY2FuZGxlcGluMS5kZXZsYWIucGh4MS5yZWRoYXQuY29tMQswCQYDVQQGEwJV UzEQMA4GA1UEBxMHUmFsZWlnaDAeFw0xMTAzMDkxNTAxMDVaFw0xMjAzMDkxNTAx MDVaMC8xLTArBgNVBAMMJDdmY2Y2NjYwLTdkZDYtNDdjZi04ZjJjLTQ0NmJiMWE1 YWQyZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJA0wmfB9znYeZu2 lOCga8ERkKPHDZtBKJknT/L74U4+ZQb7wFfRhhqeAv38erEyH40o79iVZJAc0cnT pBdUYVN9ronv8vOFgdkqBdrjy4t7qq8ofI6dpj0U8fTaisU82WXBq1t41dn7OrJT vbRCa4ZCt3FMzTkthd1ZKniLgfvokeGr6gVnh4jEgoFuMPHxigXKPDBvn7R5mf0w vNM1m2/1OKMPI4u5ZLsN/XTyd4t3MSX25SFqobtkVABW7jVlRvyWuR7V6PxpzmTZ 7CjodUY+CVZrFIiL8s2pMkX38KCEXlUuH8DXymDxj4IAMSYC2SW7F7z2YQNTbAvK kcklWHECAwEAAaOB+zCB+DARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgSw MHsGA1UdIwR0MHKAFGiY1N2UtulxcMFy0j6gQGLTyo6CoU+kTTBLMSowKAYDVQQD EyFjYW5kbGVwaW4xLmRldmxhYi5waHgxLnJlZGhhdC5jb20xCzAJBgNVBAYTAlVT MRAwDgYDVQQHEwdSYWxlaWdoggkA1s54sVacN0EwHQYDVR0OBBYEFOP0p6JiVnQ2 SBmscyhvB1It2bjmMBMGA1UdJQQMMAoGCCsGAQUFBwMCMCUGA1UdEQQeMBykGjAY MRYwFAYDVQQDDA10ZXN0LXN5c3RlbS0xMA0GCSqGSIb3DQEBBQUAA4GBADOoBuca Jg244L6LLMw8ov32VK/kRCk9z8qcMA6y8+jL1yrfW//9Ig1BJiWKnrqln3eSNvf+ zouqNgaS4kvQeQf51lPVws++q3J9/q1i4WvJ4kDRN7HOtasf6KmSBpVM6dSDLrX3 nEZbvD0hT+2YVj/DJ7IXvQ9F3KXDkcwb4Lrh -----END CERTIFICATE-----
6. Managing Errata Notifications for Registered Systems
Note
- In the upper right corner of the Customer Portal, expand the details for the logged in user.
- Click the Account settings link.
- In the settings main page, click the Account Details link in the middle of the Your Red Hat Account box.
- In the Your Preferences menu on the left, click the Errata Notifications link.
- Select the checkboxes for each type of errata for which to receive an update. Security errata relate to critical security issues. Bug fixes and enhancement notifications relate to incremental updates to the product.
- Set the frequency to receive errata notifications. This applies to all selected types of errata notifications.
- Click thebutton.
7. Managing On-Premise Subscription Management Applications
7.1. Registering Application Organizations
- Open the Subscriptions tab in the Customer Portal, and select the Overview item under the Subscription Management menu area.
- In the Usage area on the right, click the Subscription Management link.
- In the Subscription Management Applications column, click the Register link.
- Select the application type and fill in the name of the new subscription management application organization.
Note
This name should correspond to the organization name in the on-premise application. - Click thebutton.
7.2. The Subscription Management Application List and Details

Figure 24. Subscription Management Applications in the Overview

Figure 25. Viewing the Subscription Management Application Inventory
- The organization name, which links to the entry details page
- The total number of subscriptions (across products and contracts) attached to that organization
- The UUID for the organization, analogous to the UUID for a system

Figure 26. Organization Details
7.3. Attaching Subscriptions to Organizations
7.3.1. About Manifests
Important
manifest.zip | |- consumer_export.zip | |- export/ | |- consumer_types/ | |- entitlements/ | |- entitlement_certificates/ | |- products/ | |- rules/ | |- consumer.json | |- meta.json
These JSON files contain a little information about the application organization entry (the UUID) and the manifest itself (version and creation date).
consumer_types/
contains a list of JSON files, one for each supported application type. The JSON files indicate which type the subscriptions are attached to. For example, for Subscription Asset Manager, the sam.json
has a manifest
value of true.
{"id":"5","label":"sam","manifest":true}
entitlements/
contains a JSON file for each subscription attached to the application organization. Each filed is named UUID.json
.
... {"id":"8a878dcd3520d43501353f6f98f911e9","productName":"Red Hat Enterprise Linux Server","productId":"69","updated":"2012-02-02T18:59:32.000+0000","created":"2012-02-02T18:59:32.000+0000"}],"endDate":"2012-10-13T03:59:59.000+0000","quantity":50,"productName":"Red Hat Enterprise Linux Server, Premium (4 sockets) (Up to 4 guests)","contractNumber":"2625891","accountNumber":"1506376","productId":"RH0153936","subscriptionId":"2267347","consumed":31,"exported":30,"sourceEntitlement":null,"activeSubscription":true,"restrictedToUsername":null,"productAttributes":[{"productId":"RH0153936","name":"support_type","value":"L1-L3","id":"8a878dcd3520d43501353f6f98f811de","updated":"2012-02-02T18:59:32.000+0000","created":"2012-02-02T18:59:32.000+0000"} ...
entitlement_certificates/
contain PEM files with the base 64-encoded blob of the entitlement certificate for each subscription.
products/
contains JSON file for every product included with the subscriptions. This contains detailed information about supported versions and content sets, dependencies, repositories, and other product-specific (but not necessarily subscription-specific) information.
... {"name":"Red Hat Enterprise Linux Server","id":"69","attributes":[{"name":"type","value":"SVC"},{"name":"arch","value":"i386,ia64,x86_64"},{"name":"name","value":"Red Hat Enterprise Linux Server"}],"multiplier":1,"href":"/products/69","productContent":[{"content":{"name":"Red Hat Enterprise Linux 5 Server Beta (Source ISOs)","id":"861","type":"file","vendor":"Red Hat","modifiedProductIds":[],"contentUrl":"/content/beta/rhel/server/5/$releasever/$basearch/source/iso","label":"rhel-5-server-beta-source-isos","gpgUrl":"http://","metadataExpire":86400,"requiredTags":"rhel-5-server"},"enabled":false} ...
rules/
contains a single JavaScript file which sets the functions that the application uses to interact with the backend Red Hat subscription management service.
7.3.2. Attaching Subscriptions to Organizations
- Open the Subscriptions tab in the Customer Portal, and select the Overview item under the Subscription Management menu area.
- In the Usage area on the right, click the Subscription Management link.
- In the Subscription Management Applications column, click the organization type.
- Click the organization name in the application inventory.
- Open thetab.
- Click thelink to open the subscription selection window.
- Select the checkboxes by the subscriptions to attach and set the total quantity for the application organization in the Quantity column.The list of available subscriptions provides three important pieces of information:
- The contract number for the purchase of the subscription, which is important for record keeping and tracking.
- The quantity still available for that subscription. Subscriptions are purchased in quantities; this number tells how many are still left of the total quantity purchased.
- The start and end dates of the subscription. This keeps you from attaching a subscription that may only be valid a few days before it expires or which are not yet active.There should probably be a mix of subscriptions, with different end dates, attached to the organization to make it easier to renew subscriptions without having to update the manifest.
Note
The quantity defaults to be the total number of subscriptions available for that contract. Be aware of how many subscriptions are being attached to a single application organization so that the subscriptions can be attached appropriately among other units and subscription management applications. - Click thebutton in the lower left corner.
7.3.3. Downloading the Manifest
manifest.zip
archive to the local filesystem, so it can then be uploaded to Subscription Asset Manager or CloudForms System Engine.

Figure 27. Downloading the Application Organization Manifest
7.3.4. Updating the Manifest and Changing Subscriptions
Important
- Open the Subscriptions tab in the Customer Portal, and select the Overview item under the Subscription Management menu area.
- In the Usage area on the right, click the Subscription Management link.
- In the Subscription Management Applications column, click the organization type.
- Click the organization name in the application inventory.
- Open thetab.
- Delete any previous subscriptions which need to be updated. Select the checkbox by the subscription, and click the Remove Selected button.A subscription quantity attached to a subscription management application organization cannot be changed directly. If additional numbers need to be added or removed from an attached subscription, delete the original assignment and then attach the subscription with the new quantity.For example, if your subscription bloc has a quantity of 30 and it should increase to 35, you can delete the old bloc and add a new one with a quantity of 35; that leaves you with one subscription and a quantity of 35. Alternatively, you can simply add a new bloc with a quantity of 5; that results in two separate subscription entries, one with a quantity of 30 and one with a quantity of 5.
- Add any new subscriptions, as in Section 7.3.2, “Attaching Subscriptions to Organizations”.
- Click the Section 7.3.3, “Downloading the Manifest”.button and save the updated manifest, as in
- Upload the updated manifest to the on-premise application.