This section defines the licensing model and permitted uses of the Entrust Cryptographic Security Platform (CSP) software solution.
Authorized Use
In this Licensing Model section, the term “Customer” means an Entrust customer who has purchased one or more CSP software licenses, or an individual authorized by that customer to access components or capabilities of the CSP software (“Users”).
CSP software is licensed for internal Customer use (i.e., use for the Customer’s own business purposes). Customer may also grant access to Users who are employees of external contractors, but only to the extent that such Users are using CSP software on Customer’s behalf in the operation or management of the Customer’s business and Customer’s own cryptographic assets. In addition, the Customer is permitted to provide digital certificates to Users outside the Customer’s organization solely to enable communications and resource access between the Customer and that User.
Except as may be otherwise specified in an express license agreement signed by Entrust, neither Customer nor any User may use CSP software to set up or provide its own cryptographic management, analysis, or reporting service for other companies (e.g., provision of CSP software functionality as a “Managed Service Provider” or “Systems Integrator”).
License
The Customer will receive one or more license keys (“licenses”) to enable CSP software functionalities and volumes of Keys and Secrets, certificates, and Third-party Objects based on what the Customer has purchased.
The CSP software solution is offered with a base licensing package (Entrust CSP On -Premise Core) that can be extended with add-on licenses for specific capabilities and volumes.
Base Licensing Package: Entrust CSP on Premise Core
Inclusions | Excluded/Separate License Required |
|---|---|
Compliance Manager: 2-node cluster | Additional Compliance Manager nodes require separate add-on licenses (Entrust CSP ADD-ON Compliance Manager - 2 Nodes Virtual Appliance Cluster) |
Standard Compliance Pack: assessment, documentation, and risk scoring for Discovery scan results and one additional data source (e.g., Vault Cluster, Certificate Manager, KeySafe 5). | Additional data sources require a separate add-on license (Entrust CSP ADD-ON Compliance Manager - Standard Assessment, Documentation, and Risk Scoring (per Vault Cluster)). Discovery scan results do not count as a data source for licensing purposes. |
Discovery (scanning) | |
KeySafe 5 (HSM manager) | |
File Encryption – 10 GB | The 10 GB protected data limit is calculated based on the original data size and excludes any overhead (added data size) resulting from the encryption. Licensing beyond 10 GB requires a separate license (per Terabyte per year) (Entrust CSP ADD-ON File Encryption Subscription 1TB). NOTE: Disc Encryption for Virtual Machines (Linux/Windows) requires a separate Vault Cluster (Entrust CSP ADD-ON Compliance Manager - 2 Nodes Virtual Appliance Cluster for Vaults) and Virtual Machines volume licenses (Entrust CSP ADD-ON Virtual Machine Encryption Keys Subscription) |
Add-on Licenses
Capabilities | Add-on licenses | Notes/Consumption |
|---|---|---|
Compliance Management | Third-party Objects (Entrust CSP ADD-ON Integration with Third Party KMS Keys Subscription) | Volume-based license, consumed when a Third Party Object is imported into Compliance Manager inventory, as follows: Active Object = 1 full license Inactive Object but still managed = 1/10 of a license (dormant object) Deleted Object, or unmanaged object = no license required |
Compliance Manager nodes (Entrust CSP ADD-ON Compliance Manager - 2 Nodes Virtual Appliance Cluster) | Additional 2 nodes for higher availability or multiple clusters – Compliance Manager supports up to a maximum of 8 nodes per cluster. | |
Standard Compliance Pack: assessment, documentation, and risk scoring (Entrust CSP ADD-ON Compliance Manager - Standard Assessment, Documentation, and Risk Scoring (per Vault Cluster)) | Every Vault Cluster, Certificate Manager, KeySafe 5, needs its own Standard compliance Pack. | |
HSM Management | KeySafe 5 Monitoring (nShield - KeySafe 5 Monitoring Base, nShield - KeySafe 5 Monitoring Standard, nShield - KeySafe 5 Monitoring Mid, or nShield - KeySafe 5 Monitoring Enterprise) | Tier-based license determined by the number of HSMs being monitored and subject to an annual (12-month) subscription. |
Certificate Management | Certification Authority (Entrust CSP ADD-ON Certification Authority) | Certificates require separate licensing. |
Advanced PKI (Entrust CSP ADD-ON Advanced PKI) | Timestamping Authority software (included in Advanced PKI) may be deployed as a three-node cluster, limited to up to 600 timestamps per second (TPS). | |
Advanced CLM (Entrust CSP ADD-ON Advanced CLM) | ||
Timestamping Expansion (Entrust CSP ADD-ON Timestamping Expansion) | Expansion of Timestamping Authority (included in Advanced PKI) by two additional nodes or increase the limit on existing nodes by up to an additional 600 TPS. The maximum number of nodes per cluster is 5. | |
Certificates (Entrust CSP ADD-ON Production Certificates) | Volume-based license. A certificate license is required for each active certificate. | |
Keys and Secrets Management | Vault Cluster: 2-node cluster (Entrust CSP ADD-ON Compliance Manager - 2 Nodes Virtual Appliance Cluster for Vaults) | Each license covers a single 2-node cluster. A Vault Cluster supports up to a maximum of 8 nodes. |
KMIP Keys (Entrust CSP ADD-ON KMIP Keys Subscription) | Each of these is a volume-based license, consumed as follows: Active Key/Secret = 1 full license Inactive Key/Secret but still managed = 1/10 of a license (dormant Key/Secret) Deleted Key/Secret, or unmanaged Key/Secret = no license required | |
Secrets (Entrust CSP ADD-ON Managed Secrets Keys Subscription) | ||
Cloud Keys (Entrust CSP ADD-ON Bring Your Own Key, Hold Your Own Key, and Native Key Mgmt Keys Subscription) | ||
TDE Databases (Entrust CSP ADD-ON TDE Database Keys Subscription) | ||
Application Keys (Entrust CSP ADD-ON Application Security inc. Tokenization and Cryptographic Rest API Keys Subscription) | ||
Virtual Machines Keys (Entrust CSP ADD-ON Virtual Machine Encryption Keys Subscription) |
These licenses are subject to the following terms:
- For items purchased on a volume basis, Customer may not exceed the total volume indicated in the applicable purchased license. If Customer’s consumption exceeds the licensed volume entitlements that it has purchased, Entrust may invoice Customer an overage fee in arrears for its actual consumption.
- The Customer may not alter the license key or attempt to circumvent the licensing mechanism.
- The Customer may only use a valid license key provided by Entrust with the corresponding CSP software component.
Deployment
CSP software may be deployed on the Customer’s own infrastructure and/or commercial cloud environments. Entrust strongly recommends keeping all deployments up to date with the latest product release.
External Dependencies
CSP software licenses do not include any Hardware Security Modules (HSM). These components are external dependencies that must be provided, installed, and configured separately by the Customer before the CSP software can operate.
Trade Compliance
CSP software contains cryptographic software components. The Customer’s country of operation may have import and export requirements that apply.
Standard Compliance Packs Limitations
The Standard Compliance Packs included with CSP Compliance Manager (each a “Compliance Pack” and collectively the “Compliance Packs) are provided to assist organizations in reviewing their cryptographic keys, secrets, and certificates against industry standards and best practices. While these Compliance Packs will assist the Customer, Entrust does not represent, warrant, or guarantee that their use will ensure, guarantee, or confirm compliance with any particular industry standards and best practices or any specific policy, regulation, or other laws. The Customer is solely responsible for validating all requirements and managing compliance with all relevant industry standards and best practices or any specific policy, standard, or regulation, or other laws (and to determine which of these are applicable to its activities). Entrust disclaims any and all liability arising from Customer's reliance on the Compliance Packs.
Support and Record-Keeping
To ensure Entrust Customer Support is equipped to assist with reported issues, the Customer is expected to maintain reasonable records of CSP software deployment details, including the production instances in use and the environment(s) (on-premises or cloud) where those instances reside. In addition, upon Entrust's request, Customer will provide a report detailing its consumption of Keys and Secrets, certificates, and Third-party Objects.