Versions Compared

Version Old Version 6 New Version 7
Changes made by

Steve Challans (Unlicensed)

aaron.heath

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview of licensing introduced to the agents

End user can license via standalone or on network via SAM (highly recommended) - SAM may be operated on air gaped network; and is designed to make licensing your agents quick and simple.

The SAM application will evolve and will pick up new functionality on the way.  The next version 2 will incorporate configuration of the agents and replace the existing AMC in the Snare Server.

What needs a license? 

  • Snare Agent Manager 
    • Integrity key licenses
    • agent feature licenses
  • If agents are in standalone mode then the agent will need a standalone license key

All the Snare products will now require a license to operate including v5+ agents and SAM v1+, Snare Server v7+ products.

As part of the upgrade to the Snare Agents all of them and moved up to a new baseline called version 5 as they all have the same basic feature set.  This as resulted in some agents skipping some versions like the SQL agent and Epilog.With the introduction of Snare version 5 Agents we're introducing a new licensing model. With the new model, Agent can be licensed in one of two ways:

1) via our new product, Snare Agent Manager (SAM). SAM enables Agents running on a network to be licensed from a central location. Better yet, SAM doesn't even require an internet connection, so that means that even air-gapped environments receive the benefits. By choosing SAM as your Snare licensing tool, you'll not only be able to easily license manage all your networked Agents but you'll be primed to take advantage of exciting new Agent management features that we're already developing.

2) or, directly via the Agents web management or command line interface. 

For those that have some Agents on a network and some that are individually air-gapped, don't worry. You're able to mix and match your SAM and standalone licenses to match your operating environment.

What needs a license? 

 All Snare Enterprise Agents from version 5 onwards require a licensed issued by Intersect Alliance. Evaluation licenses can be obtained via intersectalliance.com or your Snare License and Download Manager account.

Snare Enterprise Agents can be licensed by SAM or by the installation of a standalone license. 

Snare Agent Manager requires a minimum of two licenses to be installed:

1) Integrity key License - This provides the SAM with a set of unique keys that used to ensure the integrity of all licenses issues by SAM to Agents.

2) Agent Feature Licenses - This provides SAM with the ability to license Agents with a given feature such as Standard Audit / Epilog Logging, MSSQL Logging etc up to the amount requested during the evaluation or purchase application process.

What about Agents before version 5?

You may have noticed that some Agent families have skipped a few major versions! We've deliberately made things as simple as possible and with this in mind we've bumped all Agent major version numbers to version 5.

It's important to note that earlier version of Agents do continue to count towards overall feature allowance however we've implemented a system that provides you with advanced notice that you maybe over your allocated allowance without the immediate disabling of Agent functionality.

Quotas and Allowances

Using Snare Agent Manager

Each SAM feature license issued provides you with an install allowance for each feature included covered by the license. Let's say that you have ordered a license that allows Standard Logging (Audit / Epilog) for 20 Agents. You'll be able to use SAM to distribute this allowance across all version 5 Agents and pre-version 5 Agents. It's important to note that all pre-version 5 Agents that support the given feature will be counted towards to the allowance. Opensource Agents are not counted towards your allowance.

Pre-version 5 Agent Features

AgentFeatureFeature Key
Snare Enterprise AgentStandard LoggingIA_LOG
Snare Enterprise EpilogStandard LoggingIA_LOG
Snare Enterprise MSSQLMSSQL LoggingIA_LOG_MSSQL_HOST
Example 1:

Let's say you have an allowance for 20 Standard Logging (IA_LOG) Agents. Your network consists of 10 version 5 qualifying Agents and 7 pre-version 5 qualifying Agents. This will result in you having used 17 of the available 20 slots for the Standard Logging Agents feature. At any point in time you're able to add three further Agents to bring you up to your allowance allocation.

Example 2:

Let's stay with the allowance for 20 Standard Logging (IA_LOG) Agents. This time however, you've setup SAM and found that you have 30 pre-version 5 Agents installed on the network. At this point, SAM will update the features status to OVERLIMIT. At the point that the feature first becomes OVERLIMIT, SAM will start warning you via messages on the Dashboard and via the Notification Center that the feature is OVERLIMIT. SAM will also commence a 60 day countdown, in which you'll need to either remove enough agents to come down to the allocated allowance or install a secondary or superseding license that allocates the feature a higher allowance to cover the difference in usage.

In this scenario, should feature usage have not been adjusted to meet the allowance or the allowance not increased to meet the usage, after 60 days all version 5 Agents using the feature would become unlicensed. With these Agents unlicensed, their logging functionality would have ceased.

License Feature Statuses

StatusMeaning
AVAILABLELicense feature allowance has available slots.
EXHAUSTEDLicense feature allowance has been met but not exceeded.
OVERLIMITLicense feature allowance has been exceeded. Notifications will be generated on the Dashboard and in the Notification Center. If after 60 days the feature status has now been lowered to AVAILABLE or EXHAUSTED, all licensed version 5 Agents will be unlicensed.

Using Standalone Agents

Providing a standalone license to a version 5 or newer agent can be performed via the Web Management Interface or via the Command Line Interface. All standalone licenses provide a one-to-one relationship for the licensing of an Agent. This means that each (full) standalone 

 

Licensing from an end users perspective consists of two different pathways.

...

The Snare Agent Manager license is generated by Intersect Alliance based on the Key Ids where it is installed.  When a new license is required ensure these Key Ids are provided by copying them to clipboard.

Quotas and Allowances

For each feature we have the number of allowances, so if you have IA_LOG=20, then you have twenty agents that have the ability to use that feature. Any enterprise agents ( except the SQL agent ) will count towards that total including legacy (pre-v5), the exception is OPENSOURCE (where you may run as many as you like).

overlimit and under 60 days

If you have installed 20 v5 agents and the SAM shows these 20 as operational. If you now set up a scan in the SAM and discover another 10 legacy enterprise agents you will get an over usage warning.  The feature IA_LOG then detects that you have gone over your license limit  and goes into a state=OVERLIMIT - this has now triggered a 60 day warning period for you to contact your sales rep/or manipulate the environment to only use 20 agents or less i.e come back to your allowance

overlimit and over 60 days

eg get to 61 days and we still have 30 agents( 20 v5 and 10 legacy enterprise agents) ;

  The system will now unlicense as many v5 agents first until get to attempt to come back up the license limit.  So if 10 v4 agents and 20 v5 agents, then the SAM will unlicense the 10 v5 agents until it goes back to limit of 20 - then OVERLIMIT will become EXHAUSTED where no new licenses can be allocated until the license quote is upgraded. 

eg get to 61 days and we still have 30 agents, 25 v4 agents plus 5 v5 agents;  it will unlicense ALL the v5 - since more v4 agents than the license spots so can't get back to EXHAUSTED, and will always be OVERLIMIT.

SAM will allocate licenses up to the license exhausted limit and will only end up an an over-limit state if other legacy enterprise agents are detected and the total number of agents exceeds the license quota..

Some of the terms in use are:

AVAILABLE

  • the number of features available on that particular license

EXHAUSTED

  • when the full license feature capability is used, eg IA_LOG=20 and 20 are utilized.

EVALUATION

...


Snare Enterprise Agent

The Snare Enterprise Agent will display the details of the active licenses registered to your organization.  You may license your agent depending on your network set up.

...

If the customer is changing their usage count and upping the feature quantities then a new license can be allocated to obsolete the existing features and provide new feature totals. 


Networks & License

Deleting a network doesn't delete the agents on that network. SAM still knows about these agents and as a result all enterprise agents will continue to count towards license usage.