This article explains SSProtect Licensing.
Introduction
SSProtect product Licensing works the same for both Organization Accounts and Individual Accounts. This article describes the way in which Licensing provides authorization and access to various components, services, features, requests, and resources.
Refer to the end of this article for License Scope, general terms, and applicable Terms.
Licenses and Seats
An SSProtect License applies to an Individual Account or an Organization. The License manages the set of component services available to associated Users (Accounts).
Seats are a part of the License, and they are associated with Accounts to enable Licensed functionality. The Seat Count is determined by the License.
Seats can be dynamically attached to/ detached from Accounts within an SSProtect Organization, allowing you to make efficient use of Licensed resources while team dynamics change. You can, for example, disassociate a Seat from an Account that is Disabled, then re-apply the Seat to another Account you dynamically enable. This allows you to apply your License to contract resources and temporary workers, even when they are not formally employed by the License holder.
Details are further clarified in related sections that follow.
IMPORTANT: Changes to a License apply to all Accounts in an Organization.
License Types
SSProtect supports different License Types for accounting, pricing, and general capabilities. These include Employee, Trial, Researcher, Journalist, Partner, Promotional, Customer, MSP, and AWS Licenses. When downloading software for evaluation, Accounts/ Organizations are Licensed with Trial Licenses. Note that the License Type can be changed by your KODiAC Cloud Services operator (MSP) at any time.
License Types affect various aspects of pricing (discounts), duration, and sometimes the set of core service components available to associated Accounts and Organizations. For example, AWS Licenses rely on the AWS Marketplace to scope the core set of available service components, and change the way additional service components are added.
These details are somewhat secondary, and more fully described in this sections' articles.
License State and Period
An Account's License State is either Active or Expired, and an Expired License transitions through three different Periods of the Expired State - Grace, Gap, and Expired.
Note the difference between the State and the Period; an Active State always permits full functionality before transitioning to the Expired State (over time). The first Period of the Expired State is the Grace Period, which maintains certain functionality before transitioning to the Gap Period.
When working with an Organization and License Seats, the License duration applies to all Seats and thus to all Organization Accounts in a uniform fashion: Seats within an Organization cannot be Licensed differently. To address related needs, create two Organizations with two, independent Licenses, then purchase the requisite number of Seats for each. The resulting Organizations are then governed by different Licenses and can as a result use a different set of component services for a different duration.
Default Licenses and Timeframes
When you download SSProtect and Provision a new Account, it is assigned a Trial License, in the Active State for 15 days (by default). The License then transitions to the Grace Period for 7 more days before entering the Gap Period for 8 days. After the Gap Period, the License enters the Expired State and Expired Period, prohibiting further use. The Expired Period represents the earliest point in time that managed content and configuration data would be permanently deleted.
Note that you can request custom License Terms to specifically govern the way managed content and configuration data gets handled at Expiration. The duration of any License Period can also be changed, even dynamically, when both the MSP and License holder agree (i.e. extend the License as a courtesy).
Permissions during the Grace Period
During the Grace Period, applied to all License Types, by default 7 days in duration, you can access protected content but cannot protect new content. This means In-Place Encryption does not re-encrypt content when it is closed - and in fact Releases Protections, which means the resulting plaintext file is afforded no ongoing protection.
If using :Recover, materials can be Restored during the Grace Period. :Assess reporting and User Management (for Delegates and Administrators) also remain available, though you cannot create new Users during the Grace Period. Advanced component behavior varies.
The Gap Period
The Gap Period, by default 8 days in duration, follows the Grace Period. This is the duration of time for which content is retained, and during which License Renewal results in seamless continuation using pre-existing configuration details and protected content. All :Assess report data, for previously Licensed transactions, remains available.
After the Gap Period expires, there is no certainty that a License can be renewed for continued service using previous configuration and/ or stored data (as noted above). When this happens, you have to create a new License, which then requires re-creation of all configuration. Prior content - including stored protected data and :Assess report details - may be permanently deleted.
Gap -> Expired Transition
A transition from the Gap Period to the Expired State (and Period) does not automatically result in removal of stored information and configuration data, though it is the earliest point at which this can occur. Be sure to Renew if you wish to retain managed content and configuration. As noted, the default Gap Period is 8 days, and agreements can be modified to adjust this timeframe at any time.
License Notifications
License expiration is not currently managed with Administrative Notification, though at Login, you will be presented with the License dialog if operating in the Grace or Gap Periods. This reality is depicted in major UI component Captions.
License Renewal
As noted in the Gap Period section, Licenses can be renewed at any time before the Gap Period expires. After that time, Licenses and associated Accounts/ configuration will likely need to be re-created, and stored data will likely be lost. Coordinate requests directly with Support.
License Seat Associations
Organizations are formed with a pre-configured number of Seats. If you Sign-Up with a new Organization, as described in the article, Creating an Account, you will by default start with 5 (Trial) License Seats that operate as noted in the previous paragraphs - however only after assigned to an Account.
If you have an Organization provisioned for you, and you receive a Registration Email to operate as noted in the article, Using the Registration Email, you may have more than 5 Seats available for assignment to new Accounts. This depends on terms specific to your use, and as a result the timeframes that govern progression through the License States and Periods may vary.
When working through the AWS Marketplace, Seat Counts are determined by the AWS Marketplace Subscription.
NOTE: Most aspects of a Licensed Organization can be changed, dynamically, though only within the constraints of the governing License Agreement.
Re-Using Licensed Seats
License Seats are, as noted, dynamically attached to Accounts, usually when Provisioned. As a Privileged User, when you Provision a new Account, a Seat is pre-reserved and associated with the Account you have created. This Seat can be dynamically re-used with another Account in two cases - 1) after you Disable an Account, or 2) after you Delete the Account and execute a Recover Seat operation.
Sign-Ups to existing Organizations do not pre-reserve a Seat, and as such an Organization does not need to have a Licensed Seat available when an end-user submits a Join request. You will, however, need an available Seat to Validate the Account, activating it for use within your Organization.
Refer to the article, Seats, Deleting, and Purging for more information.
Licensing Scope
In this article, unless specifically noted, references to Licensing refer to Authorization that is managed and enforced by KODiAC Cloud Services, as it pertains to SSProtect software components, services, features, requests, resources, and related entities, as a result of an agreement or set of agreements governed by one or more contracts, a License Agreement, or other Terms of Use.
Some, but not all, expectations, boundaries, prerequisites, and terms to which a user must agree before making use of Licensed entities can be found in the License Agreement presented during software installation.
Note that License Agreements may be, but do not have to be, different for each Organization Account and Individual Account. Additional details are beyond the scope of this article.
License Transfers
Licenses and Seats cannot be transferred to other SSProtect Organizations, though Seats can be re-used within the context of an Organization (as noted above). These rules are enforced by KODiAC Cloud Services, as your host computer (and the :Foundation Client) does not contain or manage License resources that affect authorization to associated resources. The :Foundation Client does, however, offer insight into License State as described in the article, License and Components Interface.
Additional Resources
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v9.9.5 of the :Foundation Client