Overview of licensing introduced to the agents
With the introduction of Snare version 5 Agents we're introducing a new licensing model. With the new model, Agent can be licensed in one of two ways:
...
For those that have some Agents on a network and some that are individually air-gapped, don't worry. You're able to mix and match your SAM and standalone licenses to match your operating environment.
What
...
Snare Products Require A License?
Snare Enterprise Agents
All Snare Enterprise Agents from version 5 onwards require a licensed issued by Intersect Alliance. Evaluation . Snare Enterprise Agents can be licensed using SAM or by the installation of a standalone license. Evaluation licenses can be obtained via intersectalliance.com or by logging into your Snare License and Download Manager (SLDM) account. Full licenses can be obtained by logging into your SLDM account or from your Partner (if applicable).
Snare Enterprise Agents can be licensed by SAM or by (excluding OpenSource) prior to version 5 do not require the installation of a standalone license. Snare Agent Manager license to function however operating such an Agent without an expliced agreement with Intersect Alliance or a Partner is a violation of the Snare Enterprise Agents End User License Agreement (EULA).
Snare Agent Manager
SAM requires a minimum of two licenses to be installed in order for it to issue licenses to Agents:
1) Integrity key Key License - This provides the SAM with a set of unique keys that used to ensure the integrity of all licenses issues by SAM to Agents. The keys do not expire however we highly recommend replacing these keys every three years or in the event they become compromised. A new Integrity Key License can be generated by logging into your SLDM account and following the prompts.
2) Agent Feature Licenses - This provides SAM with the ability to license Agents with a given feature such as Standard Audit / Epilog Logging, MSSQL Logging etc up to the amount requested during the evaluation or purchase application process.
What about Agents before version 5?
You may have noticed that some Agent families have skipped a few major versions! We've deliberately made things as simple as possible and with this in mind we've bumped all Agent major version numbers to version 5.
It's important to note that earlier version of Agents do continue to count towards overall feature allowance however we've implemented a system that provides you with advanced notice that you maybe over your allocated allowance without the immediate disabling of Agent functionalityWhen multiple feature licenses are installed, allowances for individual features are agregated when calculating overall usage allowances.
SAM is currently unable to license Snare Server or AMC remotely.
Snare Server & AMC
Snare Server version 7 licenses are standalone licenses and can be obtained via SLDM. Snare Server version 6 licenses can be obtained from our Snare Support team.
Quotas and Allowances
Using Snare Agent Manager
Each SAM feature license issued provides you with an install allowance for each feature included covered by the license. Let's say that you have ordered a license that allows Standard Logging (Audit / Epilog) for 20 Agents. You'll be able to use SAM to distribute this allowance across all version 5 Agents and pre-version 5 Agents. It's important to note that all pre-version 5 Agents that support the given feature will be counted towards to the allowance. Opensource Agents are not counted towards your allowance.
Pre-version 5 Agent Features
| Agent | Feature | Feature Key |
|---|---|---|
| Snare Enterprise Agent | Standard Logging | IA_LOG |
| Snare Enterprise Epilog | Standard Logging | IA_LOG |
| Snare Enterprise MSSQL | MSSQL Logging | IA_LOG_MSSQL_HOST |
Example 1:
Let's say you have an allowance for 20 Standard Logging (IA_LOG) Agents. Your network consists of 10 version 5 qualifying Agents and 7 pre-version 5 qualifying Agents. This will result in you having used 17 of the available 20 slots for the Standard Logging Agents feature. At any point in time you're able to add three further Agents to bring you up to your allowance allocation.
Example 2:
Let's stay with the allowance for 20 Standard Logging (IA_LOG) Agents. This time however, you've setup SAM and found that you have 30 pre-version 5 Agents installed on the network. At this point, SAM will update the features status to OVERLIMIT. At the point that the feature first becomes OVERLIMIT, SAM will start warning you via messages on the Dashboard and via the Notification Center that the feature is OVERLIMIT. SAM will also commence a 60 day countdown, in which you'll need to either remove enough agents to come down to the allocated allowance or install a secondary or superseding license that allocates the feature a higher allowance to cover the difference in usage.
In this scenario, should feature usage have not been adjusted to meet the allowance or the allowance not increased to meet the usage, after 60 days all version 5 Agents using the feature would become unlicensed. With these Agents unlicensed, their logging functionality would have ceased.
License Feature Statuses
| Status | Meaning |
|---|---|
| AVAILABLE | License feature allowance has available slots. |
| EXHAUSTED | License feature allowance has been met but not exceeded. |
| OVERLIMIT | License feature allowance has been exceeded. Notifications will be generated on the Dashboard and in the Notification Center. If after 60 days the feature status has now been lowered to AVAILABLE or EXHAUSTED, all licensed version 5 Agents will be unlicensed. |
Using Standalone Agents
Providing a standalone license to a version 5 or newer agent can be performed via the Web Management Interface or via the Command Line Interface. All standalone licenses provide a one-to-one relationship for the licensing of an Agent. This means that each (full) standalone
Licensing from an end users perspective consists of two different pathways.
...
Standalone licenses can be issued for either Agents, Snare Server or SAM. In standalone mode the agent will not talk to a Snare Agent Management Console to obtain its license. It will however still talk to it to provide details to a SAM about its ip, license class etc.
A standalone license is identified by the License-Type being either: EVALUATION, FULL.
...
Licenses Issued By Snare Agent Manager
When using SAM as the tool to license Agents, individual Agents will be provided with licenses of type CONTROLLER-EVALUATION or CONTROLLER-FULL.
...
Snare Agent Manager
SAM needs to be licensed first before can allocate a license to Snare agents. For permanent license strings Intersect Alliance need the KeyiD's from the SAM under the Licenses tab to provide a license to the SAM.
This license for SAM will also use a IA_SAM=1 feature reference.
Then there is a feature license for your agents:
IA_LOG = nn
IA_MSSQL_LOG = nn
IA_MSSQL_LOG_HOST = nn
SAM automatically sends a license (generated by itself) once a day to the agents, so the agents are perpetually license for another 30 days,so if network is down the agents will log for another 30-days.
If after network outage is resolved the SAM will resend a license of internal (todays date) plus another 30 days.
THEREFORE agents will keep on logging for 30 days after they last communicated with SAM.
(Last Seen is the last time the agent contacted SAM, or if did a scan that SAM saw the agent)
The Snare Agent Manager controls the licenses that are required for the Snare enterprise agents to function.
The Snare Agent Manager license is generated by Intersect Alliance based on the Key Ids where it is installed. When a new license is required ensure these Key Ids are provided by copying them to clipboard.
Snare Enterprise Agent
The Snare Enterprise Agent will display the details of the active licenses registered to your organization. You may license your agent depending on your network set up.
- If your agent is installed on a network then you also have Snare Agent Manager (SAM) installed that may push out all the licenses to your installed agents.
- If you have a standalone agent, installed on your desktop or device, then you will require to submit your Key IDs via the Snare License and Download Manager (SLDM), and add that license to your agent.
If SAM licenses the agent, then you can see the status on the Licenses page and it will be referenced as LICENSE-TYPE= full or evaluation, so it will be easy to see when SAM does the licensing or not at the agent level.
Warnings can occur when it is detected that your organization has more legacy enterprise agents than the new version 5 license allows. You have a 60 day grace period to contact your Snare Sales representative to update your license.
If your organization is oversubscribed, extra evaluation licenses maybe supplied until fully migrated to version 5.
For existing customers, Licenses will be downloadable from the Intersect Alliance site Snare License and Download Manager (SLDM) based on your current purchase of software.
Example: Customer A was evaluating Snare Ent Agents utilizing SAM, in which they received 2 licenses - both for SAM (1 Integrity Key and 1 feature license). Cust A has purchased Snare, what the happens with the licenses/what do you need?
Once the PO phase gone through to completed - and the customer has supplied the KEY IDS from their production SAM - the full licenses will be auto generated and will expire within purchased time span as required. During the PO submission a user will have the ability to download evals for the full license allotment of the PO (for default 30 days or more depending on their purchasing arrangements) - once the payment has been received the customer will get their full licenses.
if more evaluations are required then they can be added to SAM to cover the additional agent features.
if additional licenses are purchased they can be added to the existing install or obsolete the existing license and provide a new total.
Obsolete Licenses
An Obsolete license can be used when (and if staying at same usage count) the customer is renewing licenses in advance (ie on 12 month support and renewing), we will issue them with new licenses for duration of the 14 months but obsolete existing licenses that they have but will have a 2 month window where their support period is extended.
If the customer is changing their usage count and upping the feature quantities then a new license can be allocated to obsolete the existing features and provide new feature totals.
Networks & License
Deleting a network doesn't delete the agents on that network. SAM still knows about these agents and as a result all enterprise agents will continue to count towards license usage.Whether an Agent is provided with an evaluation or full license is directly dependent on whether the Agent has been licensed using a evaluation or full feature license by SAM.
SAM will issue a new self-generated license every 24 hour period to Agents with an expiry of 30 days. This policy allows for communication between SAM and an Agent to be lost for up to 30 years and still ensure that the Agent will be licensed and continue function in accordance with the issued license.
If after 30 days communication between the SAM and an Agent has not been re-established, the Agent will become unlicensed and its functionality will cease.
How can I tell if Agent is communicating with Snare Agent Manager?
We have two direct indicators to help you determine any connectivity issues you may have between SAM and Agents:
1) Agent List pages have an indicator on the right hand side (SCREEN SHOT TICKET HERE) that is either green or red. Green indicates that the agent successfully communicated in the last 10 minutes. Red indicates that the agent has not communicated with SAM in the last 10 minutes. Agent are configured to communicate with its assigned SAM every 10 minutes.
2) We've setup a predefined Agent List filter to display all Agents with a communication issues. From SAM, to access this list simply select Agents then Communication Issue from the sidebar.
Using Standalone Agents
Version 5 or newer Agents can be standalone licensed via the Web Management Interface or via the Command Line Interface. Standalone licenses come in two flavors, EVALUATION and FULL. Evaluation licenses are not locked to an individual host system however, they have a short expiry which is typically 30 days. Full licenses are always locked to an individual host system by Key ID's. Key ID's are an array of key value pairs that are unique to each individual system. They can be access from the License page of any Agent installed on a given system.
Standalone licensed Agents will, if configured, communicate with SAM on a regular schedule however as they're licensed separately they will not be issued a license by SAM. In this situation where an Agent is on a network and can see a SAM, we highly recommend to use SAM's licensing functionality.
Requesting, Generating and Downloading Licenses
Depending on your status there are a variety of ways that you can obtain licenses for SAM, Snare Enterprise Agents and Snare Server.
If you're an existing customer, licenses are available via SLDM within the License section. Generation of all full licenses require Key ID's. In the case that we're unable to determine the Key ID's associated to a license we'll place the license in a pending state. This means that the licenses are ready to be generated once you supply us with the Key ID's of the system the license will be associated with. To check if any licenses are in a pending date go to Licenses > Action Required in your SLDM account.
Evaluation licenses can be requested via our website or if you already have an account, via SLDM.
All valid licenses (evaluation and full) are available for re-download via SLDM.
Purchase Orders
When a Purchase Order has been submitted, we'll automatically generated a evaluation license(s) for the services requested. These evaluation licenses will be valid for a period matching the agreed payment period (usually 30 days).
Once the Purchase Order has been finalised, we'll generate full license(s) for the services requested. If we're unable to determine the Key ID's, we'll place these licenses into a pending state as described above.
Obsolete Licenses
In some cases we may generate licenses that Obsolete previously generated licenses. When a license is installed that obsoletes other licenses, those other licenseswill cease to be functional and will instead have their feature allowances replaced by the allowances on the new license.
Typically, obsoleting licenses will only be provided upon renewals or feature allowance adjustments.
FAQ
What about Agents before version 5?
You may have noticed that some Agent families have skipped a few major versions! We've deliberately made things as simple as possible and with this in mind we've bumped all Agent major version numbers to version 5.
Where can I find a systems Key ID's?
| Product | Location |
|---|---|
| Snare Agent Manager |
|
| Snare Enterprise Agents |
|
| Snare Server | When unlicensed, using a browser simply navigate to the Snare Server installation. *** WE NEED A SOLUTION FOR WHEN SS IS LICENSED - I guess when SAM is in SS then they'll be able to find out via the SAM UI however I doubt this is a 'good enough' solution. |
Does removing a network in SAM remove Agents in that network?
No