This section defines the licensing terms and permitted uses of the Entrust Cryptographic Security Platform (CSP).
Authorized Use
In this Licensing section, the term “Customer” means an Entrust customer who has purchased one or more CSP licenses, or an individual authorized by that customer to access components or features of the CSP (“Users”).
CSP is licensed for internal Customer use (i.e. use for the Customer’s own business purposes); however, the Customer is permitted to provide digital certificates, keys or secrets to Users who are outside of the Customer’s organization solely to enable resource access between the Customer and that User. Customer may also grant access to Users who are employees of external contractors, but only to the extent that such Users are using CSP on Customer’s behalf in the operation or management of the Customer’s business and Customer’s own cryptographic assets.
Except as may be otherwise specified in an express license agreement signed by Entrust, neither Customer nor any User may use CSP to set up or provide its own cryptographic management, analysis or reporting service for other companies (e.g. provision of CSP functionality as a “Managed Service Provider” or “Systems Integrator”).
License Packages
CSP has three licensing packages (Standard, Pro, and Enterprise), each of which includes different product functionalities/features, as well as volumes of included certificates, standard objects, enhanced objects, and third-party objects. The table below shows what is included, depending on whether Customer has purchased a Standard, Pro, or Enterprise license package.
Packages | Standard | Pro | Enterprise |
|---|---|---|---|
Cryptographic Security Platform
|
|
|
|
Enhanced PKI Services
|
|
| |
CSP Certificate Manager (Discovery) |
|
| |
CSP Certificate Manager (Control) |
| ||
Certificates | 50 | 200 | A custom amount as specified in an Entrust-issued quote |
Vault Appliances | 2 | 8 | A custom amount as specified in an Entrust-issued quote |
Compliance Manager Appliances | 2 | 2 | A custom amount as specified in an Entrust-issued quote |
Standard Compliance Pack for Keys & Secrets | 1 | 4 | A custom amount as specified in an Entrust-issued quote |
Standard Compliance Pack for Certificates | 1 | 4 | A custom amount as specified in an Entrust-issued quote |
Third-Party Objects Under Compliance | 250 | 1000 | A custom amount as specified in an Entrust-issued quote |
KMIP Objects | 83 | 333 | A custom amount as specified in an Entrust-issued quote |
Cloud Keys | 83 | 333 | A custom amount as specified in an Entrust-issued quote |
Secrets | 84 | 334 | A custom amount as specified in an Entrust-issued quote |
Application Security Keys | 16 | 66 | A custom amount as specified in an Entrust-issued quote |
TDE Databases | 16 | 66 | A custom amount as specified in an Entrust-issued quote |
Virtual Machines | 18 | 68 | A custom amount as specified in an Entrust-issued quote |
The Customer will receive one or more license keys (“licenses”) to enable CSP features and the associated volumes of certificates, standard objects, enhanced objects, and third-party objects based on what the Customer has purchased. These licenses are subject to the following terms:
- Once a digital certificate is issued, it is deemed consumed.
- Once a standard or enhanced object is created, it is deemed consumed.
- Once a third-party object is created, it is deemed consumed.
- The Customer may not alter the license key or attempt to circumvent the licensing mechanism.
The Customer may only use a valid license key provided by Entrust with the corresponding CSP software component.
Deployment
CSP may be deployed on the Customer’s own infrastructure and/or commercial cloud environments. Entrust strongly recommends keeping all deployments up to date with the latest product release.
Each CSP license specifies a deployment type, which is categorized either as production or test. If not explicitly specified, the license is considered production.
- Production licenses allow CSP to be used in a production environment to issue and manage trusted digital certificates for Users.
- Test licenses must be used exclusively in a non-production (test) environment to develop, integrate, and verify configuration changes before promoting them to production.
Each CSP license entitles Customer to deploy:
- one cluster of CSP Compliance Manager appliances; and
- multiple clusters of CSP Key & Secrets Management, CSP PKI, and (for Pro and Enterprise licenses) CSP Certificate Manager.
Plugins
CSP CA Gateway functionality can be extended, through plugins, to connect to additional CA types. The Customer is permitted to run plugins. These plugins may be:
- Developed by Entrust (sold separately), or
- Developed by the Customer or a third party, under a valid CSP CA Gateway SDK License, and recognized by Entrust (via digital signing).
Plugins are out-of-scope for the product warranty and Entrust support for CSP.
External Dependencies
CSP licenses do not include any embedded and/or internal databases and Hardware Security Modules (HSM). These components are external dependencies that must be provided, installed, and configured separately by the Customer prior to the operation of the CSP software.
Trade Compliance
CSP software contains cryptographic software components. The Customer’s country of operation may have import and export requirements that apply.
Standard Compliance Packs Limitations
The Standard Compliance Packs included with CSP Compliance Manager are provided to assist organizations in reviewing their cryptographic keys, secrets, and certificates against industry standards and best practices. While the Standard Compliance Packs will assist Customer, Entrust does not represent, warrant, or guarantee that their use will ensure, guarantee or confirm compliance with any particular industry standards and best practices or any specific policy, regulation, or other laws. It is Customer’s sole responsibility to validate all requirements and manage compliance of all relevant industry standards and best practices or any specific policy, standard, or regulation, or other laws (and to determine which of these are applicable to their activities). Entrust disclaims any liability arising from Customer's reliance on the Standard Compliance Packs.
Support and Record-Keeping
To ensure Entrust Customer Support is equipped to assist with issues reported, the Customer is expected to maintain reasonable records of the CSP deployment details including:
- The production instances in use.
- The environment(s) (on-premises or cloud) where those instances reside.