This section defines the licensing model and permitted uses of the Entrust Cryptographic Security Platform (CSP) software solution.
Authorized Use
In this Licensing Model section, the term “Customer” means an Entrust customer who has purchased one or more CSP software licenses, or an individual authorized by that customer to access components or features of the CSP software (“Users”).
CSP software is licensed for internal Customer use (i.e. use for the Customer’s own business purposes). Customer may also grant access to Users who are employees of external contractors, but only to the extent that such Users are using CSP software on Customer’s behalf in the operation or management of the Customer’s business and Customer’s own cryptographic assets. In addition, the Customer is permitted to provide digital certificates, keys or secrets to Users who are outside of the Customer’s organization solely to enable resource access between the Customer and that User.
Except as may be otherwise specified in an express license agreement signed by Entrust, neither Customer nor any User may use CSP software to set up or provide its own cryptographic management, analysis or reporting service for other companies (e.g. provision of CSP software functionality as a “Managed Service Provider” or “Systems Integrator”).
License
The CSP software solution has three licensing packages (Standard, Pro, and Enterprise), each of which includes different product functionalities/features, as well as volumes of included certificates, standard objects, enhanced objects, and third-party objects. The table below shows what is included, depending on whether Customer has purchased a Standard, Pro, or Enterprise license package.
Features | Standard | Pro | Enterprise |
|---|---|---|---|
Cryptographic Security Platform
| |
|
|
Enhanced PKI Services
|
|
|
|
Advanced Automation
|
|
| |
Number of Certificates that can be issued by CSP PKI | 50 | 200 | 1000 |
Number of Vault Appliances | 2 | 1 | 1 |
Number of Vault Clusters to be assessed for Compliance | 2 | 1 | 1 |
Number of Compliance Manager Appliances | 1 | 1 | 1 |
Number of Standard Objects | 300 | 50 | 50 |
Number of Enhanced Objects | 100 | 25 | 25 |
Number of Third Party Objects | 300 | 100 | 100 |
Agentless File Encryption – protected data amount in gigabytes (GB) | 10 | 10 | 10 |
Allocation of Standard and Enhanced Objects Entitlements
The total number of Standard Objects and Enhanced Objects in each package may be allocated in any way the Customer wishes, as long as the total number of Standard and Enhanced Objects does not exceed the total number for the entitlement for the applicable package.
The default allocation of Standard Objects is shown below.
Standard objects | Standard | Pro | Enterprise |
|---|---|---|---|
Number of KMIP Keys | 100 | 16 | 16 |
Number of Cloud Keys | 100 | 16 | 16 |
Number of Secrets | 100 | 18 | 18 |
The default allocation of Enhanced Objects is shown below.
Enhanced Objects | Standard | Pro | Enterprise |
|---|---|---|---|
Number of Application Security Keys | 33 | 8 | 8 |
Number of TDE Databases | 33 | 8 | 8 |
Number of Virtual Machines | 34 | 9 | 9 |
– protected data amount in gigabytes (GB) | 10 | 10 | 10 |
Consumption
The Customer will receive one or more license keys (“licenses”) to enable CSP software features and the associated volumes of certificates, standard objects, enhanced objects, and third-party objects based on what the Customer has purchased. These licenses are subject to the following terms:
- Once a digital certificate is issued, it is deemed consumed.
- Once a standard or enhanced object is created, it is deemed consumed.
- Once a third-party object is created, it is deemed consumed.
- The Customer may not alter the license key or attempt to circumvent the licensing mechanism.
- The Customer may only use a valid license key provided by Entrust with the corresponding CSP software component.
- Upon request by Entrust, Customer will provide a report showing its consumption. If Customer’s consumption exceeds the licensed entitlements that it has purchased, Entrust may invoice Customer an overage fee in arrears for its actual consumption.
- The CSP Agentless File Encryption freemium version that comes with the Standard, Pro, and Enterprise packages includes 10 GB in protected data; in order to exceed this protected data limit the Customer must purchase a production subscription (on a per terabyte basis). The calculation to determine whether the 10 GB protected data limit has been reached is based on the original data size and excludes any overhead (added data size) resulting from the encryption.
Deployment
CSP software may be deployed on the Customer’s own infrastructure and/or commercial cloud environments. Entrust strongly recommends keeping all deployments up to date with the latest product release.
Each CSP software license specifies a deployment type, which is categorized either as production or test. If not explicitly specified, the license is considered production.
- Production licenses allow CSP software to be used in a production environment to issue and manage trusted digital certificates for Users.
- Test licenses must be used exclusively in a non-production (test) environment to develop, integrate, and verify configuration changes before promoting them to production.
Each CSP software license entitles Customer to deploy:
- One cluster of CSP Compliance Manager appliances; and
- Multiple clusters of CSP Key & Secrets Management, CSP PKI, and CSP Certificate Manager.
Plugins
CSP CA Gateway functionality can be extended, through plugins, to connect to additional CA types. The Customer is permitted to run plugins. These plugins may be:
- Developed by Entrust (sold separately), or
- Developed by the Customer or a third party, under a valid CSP CA Gateway SDK License, and recognized by Entrust (via digital signing).
Plugins are out-of-scope for the product warranty and Entrust support for CSP software.
External Dependencies
CSP software licenses do not include any embedded and/or internal databases and Hardware Security Modules (HSM). These components are external dependencies that must be provided, installed, and configured separately by the Customer prior to the operation of the CSP software.
Trade Compliance
CSP software contains cryptographic software components. The Customer’s country of operation may have import and export requirements that apply.
Standard Compliance Packs Limitations
The Standard Compliance Packs included with CSP Compliance Manager are provided to assist organizations in reviewing their cryptographic keys, secrets, and certificates against industry standards and best practices. While the Standard Compliance Packs will assist Customer, Entrust does not represent, warrant, or guarantee that their use will ensure, guarantee or confirm compliance with any particular industry standards and best practices or any specific policy, regulation, or other laws. It is Customer’s sole responsibility to validate all requirements and manage compliance of all relevant industry standards and best practices or any specific policy, standard, or regulation, or other laws (and to determine which of these are applicable to their activities). Entrust disclaims any liability arising from Customer's reliance on the Standard Compliance Packs.
Support and Record-Keeping
To ensure Entrust Customer Support is equipped to assist with issues reported, the Customer is expected to maintain reasonable records of the CSP software deployment details including:
- The production instances in use.
- The environment(s) (on-premises or cloud) where those instances reside.