This section defines the licensing terms and permitted uses of the Entrust Cryptographic Security Platform (CSP).
Authorized Use
In this Licensing section, the term “Customer” means an Entrust customer who has purchased one or more CSP licenses, or an individual authorized by that customer to access components or features of the CSP (“Users”).
CSP is licensed for internal Customer use (i.e. use for the Customer’s own business purposes); however, the Customer is permitted to provide digital certificates, keys or secrets to Users who are outside of the Customer’s organization solely to enable resource access between the Customer and that User. Customer may also grant access to Users who are employees of external contractors, but only to the extent that such Users are using CSP on Customer’s behalf in the operation or management of the Customer’s business and Customer’s own cryptographic assets.
Except as may be otherwise specified in an express license agreement signed by Entrust, neither Customer nor any User may use CSP to set up or provide its own cryptographic management, analysis or reporting service for other companies (e.g. provision of CSP functionality as a “Managed Service Provider” or “Systems Integrator”).
License Packages
CSP has three licensing packages (Standard, Pro, and Enterprise), each of which includes different product functionalities/features, as well as volumes of included certificates, standard objects, enhanced objects, and third-party objects. The table below shows what is included, depending on whether Customer has purchased a Standard, Pro, or Enterprise license package.
Features | Standard | Pro | Enterprise |
|---|---|---|---|
Cryptographic Security Platform
| | |
|
Enhanced PKI Services
|
|
|
|
Advanced Automation
|
|
| |
Certificates | 50 | 200 | 1000 |
Vault Clusters | 2 | 1 | 1 |
Compliance Manager Clusters | 1 | 1 | 1 |
Standard Compliance Pack for Keys & Secrets | 2 | 1 | 1 |
Standard Compliance Pack for Certificates | 2 | 1 | 1 |
Third-Party Objects Under Compliance | 300 | 100 | 100 |
The following table shows the quantities of Standard Objects in each package. The quantities are shown distributed equally among three use cases; however, the license allows you to distribute them in any other way you wish, as long as the total number of Standard Objects remains the same.
For example, using the Standard package, a correct usage might be KMIP Objects: 0, Cloud Keys: 300, Secrets: 0, as the total would still add up to 300.
Standard Objects | Standard | Pro | Enterprise |
|---|---|---|---|
KMIP Objects | 100 | 16 | 16 |
Cloud Keys | 100 | 16 | 16 |
Secrets | 100 | 18 | 18 |
The following table shows the quantities of Enhanced Objects in each package. The quantities are shown distributed equally among three use cases; however, the license allows you to distribute them in any other way you wish, as long as the total number of Enhanced Objects remains the same.
For example, using the Standard package, a correct usage might be Application Security Keys: 50, DB TDE Keys: 50, VM Encryption Keys: 0, as the total would still add up to 100.
Enhanced Objects | Standard | Pro | Enterprise |
|---|---|---|---|
Application Security Keys | 33 | 8 | 8 |
DB TDE Keys | 33 | 8 | 8 |
VM Encryption Keys | 34 | 9 | 9 |
Deployment
CSP may be deployed on the Customer’s own infrastructure and/or commercial cloud environments. Entrust strongly recommends keeping all deployments up to date with the latest product release.
Each CSP license specifies a deployment type, which is categorized either as production or test. If not explicitly specified, the license is considered production.
- Production licenses allow CSP to be used in a production environment to issue and manage trusted digital certificates for Users.
- Test licenses must be used exclusively in a non-production (test) environment to develop, integrate, and verify configuration changes before promoting them to production.
Each CSP license entitles Customer to deploy:
- One cluster of CSP Compliance Manager appliances; and
- Multiple clusters of CSP Key & Secrets Management, CSP PKI, and CSP Certificate Manager.
External Dependencies
CSP licenses do not include any embedded and/or internal databases and Hardware Security Modules (HSM). These components are external dependencies that must be provided, installed, and configured separately by the Customer prior to the operation of the CSP software.
Trade Compliance
CSP software contains cryptographic software components. The Customer’s country of operation may have import and export requirements that apply.
Standard Compliance Packs Limitations
The Standard Compliance Packs included with CSP Compliance Manager are provided to assist organizations in reviewing their cryptographic keys, secrets, and certificates against industry standards and best practices. While the Standard Compliance Packs will assist Customer, Entrust does not represent, warrant, or guarantee that their use will ensure, guarantee or confirm compliance with any particular industry standards and best practices or any specific policy, regulation, or other laws. It is Customer’s sole responsibility to validate all requirements and manage compliance of all relevant industry standards and best practices or any specific policy, standard, or regulation, or other laws (and to determine which of these are applicable to their activities). Entrust disclaims any liability arising from Customer's reliance on the Standard Compliance Packs.
Support and Record-Keeping
To ensure Entrust Customer Support is equipped to assist with issues reported, the Customer is expected to maintain reasonable records of the CSP deployment details including:
- The production instances in use.
- The environment(s) (on-premises or cloud) where those instances reside.