This article explains SSProtect Licensing.
Introduction
SSProtect product Licensing works the same for both Organization Accounts and Individual Accounts. This article describes the way in which licensing provides authorization and access to SSProtect Component Services (features, requests, and resources).
Refer to the end of this article for License Scope and General Terms.
Licenses and Seats
An SSProtect License applies to an Individual Account or an SSProtect Organization.* The License manages the set of component services available to associated Users (Accounts).
*NOTE: An SSProtect Organization most often relates to a single team within a company or business entity, since there are distinct advantages to managing smaller groups of SSProtect Users (Accounts) that constantly/ frequently share data.
Seats are a part of the License, and they are associated with Accounts to enable Licensed functionality. The Seat Count is determined by the License.
Seats can be dynamically attached to/ detached from Accounts within an SSProtect Organization, allowing you to make efficient use of Licensed resources while team dynamics change. You can, for example, disassociate a Seat from an Account that is Disabled, then re-apply the Seat to another Account you dynamically re-enable. This allows you to apply your License to contract resources and temporary workers, even when they are not formally employed by the License holder's entity.
Details are further clarified in related sections that follow.
IMPORTANT: Changes to a License apply to all Accounts in an Organization.
License Types
SSProtect supports different License Types that are managed/ selected for you. These include Trial, Employee, Researcher, Journalist, Partner, Promotional, Organization, MSP, and AWS Licenses. The License Type is chosen for you when you License the software, and your KODiAC Cloud Service operator (MSP) can make adjustments for you at any time.
License Types reflect pricing (discounts), duration, and sometimes the set of SSProtect Service Components available to associated Accounts. For example, AWS Licenses rely on the AWS Marketplace choices to scope Service Components you will use, and also change the way you add additional service components.
These details are somewhat secondary, and more fully described below.
License State and Period
An Account's License State is either Active or Expired, and an Expired License transitions through three different Periods of the Expired State - Grace, Gap, and Final Expiration.
Note the difference between the State and the Period; an Active State always permits full functionality before transitioning to the Expired State (over time). The first Period of the Expired State is the Grace Period, which maintains certain functionality before transitioning to the Gap Period.
When working with an Organization and License Seats, the License duration applies to all Seats and thus to all Organization Accounts in a uniform fashion: Seats within an Organization cannot be Licensed differently. To address related needs, create two Organizations with two, independent Licenses, then purchase the requisite number of Seats for each. The resulting Organizations are then governed by different Licenses and can as a result use a different set of component services for a different duration.
The Free Basic License
Starting with v10.9.0 and for a limited period of time, DefiniSec is offering a Basic License free of charge. This provides fundamental service capabilities to all Accounts, indefinitely. When a License transitions to the Expired State, KODiAC automatically activates the Basic License for continued use (which offers more capability than available in the Gap Period described below). Subsequent Licensing maintains consistent forward use of optional Service Components without any loss of data.
Enterprise License Transitions
Indefinite Basic Licensing isn't appropriate for all Enterprise Agreements that require formalized separation Terms. This may include the use of :xRecovery to deliver a fully secured Data Archive shipped on managed media for secure, offline access, or simply the execution of proper and permanent data removal and disposal. When this is the case, License transitions will forego the use of the Basic License and instead begin to transition through the Expired State Periods - Grace, Gap, and Final Expiration.
Permissions during the Grace Period
During the Grace Period, by default 7 days in duration, you can access protected content but cannot protect new content. This means In-Place Encryption does not re-encrypt Managed Content when closed, removing all ongoing protection from the accessed item.
If using :Recover, materials can be Restored during the Grace Period. :Assess reporting and User Management (for Delegates and Administrators) also remain available, though you cannot create new Users during the Grace Period. Advanced component behavior varies.
The Gap Period
The Gap Period, by default 8 days in duration, follows the Grace Period. This is the duration of time for which content is retained, and during which License Renewal results in seamless continuation using pre-existing configuration details and protected content. All :Assess report data, for previously Licensed transactions, remains available.
After the Gap Period expires, there is no certainty that a License can be renewed for continued service using previous configuration and/ or stored data (as noted above). When this happens, you have to create a new License, which then requires re-creation of all configuration. Prior content - including stored protected data and :Assess report details - may be permanently deleted.
Gap -> Final Expiration
A transition from the Gap Period to the Final Expiration does not automatically result in removal of stored information and configuration data, unless required by formal Enterprise License terms. It is however the earliest point in time at which this can occur when not specified.
Be sure to Renew your License if you wish to retain managed content and configuration. As noted, the default Gap Period is 8 days, and agreements can be modified to adjust this timeframe at any time.
Default Preliminary Licensing
When you download SSProtect and Provision a new Account, KODiAC will assign a free, Basic License or a Trial License, depending on whether or not you've chosen to evaluate optional Service Components. If so, you are assigned a Trial License that will remain in the Active State for 15 days, at which point it will transition to the Expired State.
As noted above, once your Trial License enters the Expired State. KODiAC will replace it with the free Basic License to permit ongoing use of simple capabilities. Continued use of optional Service Components will require an Extend request or the purchase of a new License.
Extending a Trial License
From the License and Components Interface, choose the Extend button to request additional time for your Trial License to remain Active. This is almost always granted, adding another 15 days for you to evaluate optional Service Components.
License Notifications
License expiration is not currently managed with Administrative Notification, though at Login, you will be presented with the License dialog if operating in the Grace or Gap Periods. This reality is depicted in major UI component Captions.
License Renewal
As noted in the Gap Period section, Licenses can be renewed at any time before the Gap Period expires. After that time, Licenses and associated Accounts/ configuration will likely need to be re-created, and stored data will likely be lost. Coordinate requests directly with Support.
License Seat Associations
Organizations are formed with a pre-configured number of Seats. If you Sign-Up with a new Organization, as described in the article, Creating an Account, you will by default start with 5 (Basic or Trial) License Seats that operate as noted in the previous paragraphs - however only after assigned to Accounts.
If you have an Organization provisioned for you, and you receive a Registration Email to operate as noted in the article, Using the Registration Email, you may have more than 5 Seats available for assignment to new Accounts. This depends on terms specific to your use, and as a result the timeframes that govern progression through the License States and Periods may vary.
When working through the AWS Marketplace, Seat Counts are determined by the AWS Marketplace Subscription.
NOTE: Most aspects of a Licensed Organization can be changed, dynamically, though only within the constraints of the governing License Agreement.
Re-Using Licensed Seats
License Seats are, as noted, dynamically attached to Accounts, usually when Provisioned. As a Privileged User, when you Provision a new Account, a Seat is pre-reserved and associated with the Account you have created. This Seat can be dynamically re-used with another Account 1) after you Disable an Account, or 2) after you Delete the Account and execute a Recover Seat operation.
Sign-Ups to existing Organizations do not pre-reserve a Seat, and as such an Organization does not need to have a Licensed Seat available when an end-user submits a Join request. You will, however, need an available Seat to Validate the Account, activating it for use within your Organization.
Refer to the article, Seats, Deleting, and Purging for more information.
Licensing Scope
In this article, unless specifically noted, references to Licensing refer to Authorization that is managed and enforced by KODiAC Cloud Services, as it pertains to SSProtect software components, services, features, requests, resources, and related entities, as a result of an agreement or set of agreements governed by one or more contracts, a License Agreement, or other Terms of Use.
Some, but not all, expectations, boundaries, prerequisites, and terms to which a user must agree before making use of Licensed entities can be found in the License Agreement presented during software installation.
Note that License Agreements may be, but do not have to be, different for each Organization Account and Individual Account. Additional details are beyond the scope of this article.
License Transfers
Licenses and Seats cannot be transferred to other SSProtect Organizations, though Seats can be re-used within the context of an Organization (as noted above). These rules are enforced by KODiAC Cloud Services, as your host computer (and the :Foundation Client) does not contain or manage License resources that affect authorization to associated resources. The :Foundation Client does, however, offer insight into License State as described in the article, License and Components Interface.
Additional Resources
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v10.9.1 of the :Foundation Client