Overview of licensing introduced to the agents
With the introduction of Snare version 5 Agents we're introducing a new licensing model. With this new model, Agent can be licensed in one of two ways:
1) Using our new product, Snare Agent Manager (SAM). SAM enables Agents running on a network to be licensed from a central location. Better yet, SAM doesn't require an internet connection, so that means that even air-gapped environments receive the benefits. By choosing SAM as your Snare licensing tool, you'll not only be able to easily license all your networked Agents but you'll be primed to take advantage of exciting new Agent management features that we're already developing.
2) Or, directly via the Agents web management or command line interface.
For those that have Agents on a network and some that are individually air-gapped, don't worry. You're able to mix and match your SAM and standalone licenses to suit your operating environment.
What Snare Products Require A License?
Snare Enterprise Agents
All Snare Enterprise Agents from version 5 onwards require a license issued by Intersect Alliance. Snare Enterprise Agents can be licensed using SAM or by the installation of a standalone license. Evaluation licenses can be obtained via intersectalliance.com or by logging into your Snare License and Download Manager (SLDM) account. Full licenses can be obtained by logging into your SLDM account or from your Partner (if applicable).
Snare Enterprise Agents (excluding OpenSource) prior to version 5 do not require the installation of a license to function however operating such an Agent without an expliced agreement with Intersect Alliance or a Partner is a violation of the Snare Enterprise Agents End User License Agreement (EULA). Besides, when using legacy versions of the Agent won't be able to enjoy the latest and greatest features that the Agents have to offer.
Snare Agent Manager
SAM requires a minimum of two licenses to be installed in order for it to issue licenses to Agents:
1) An Integrity Key License - This provides the SAM with a set of unique keys that used to ensure the integrity of all licenses issues by SAM to Agents. The keys do not expire however we highly recommend replacing these keys every three years or in the event they become compromised. A new Integrity Key License can be generated at any time by logging into your SLDM account and following the prompts.
2) Agent Feature Licenses - This provides SAM with the ability to license Agents with a given feature such as Standard Audit / Epilog Logging, MSSQL Logging etc up to the amount requested during the evaluation or purchase application process. When multiple feature licenses are installed, allowances for individual features are aggregated when calculating overall usage allowances.
Snare Server & AMC
Snare Server version 7 licenses are available as standalone licenses only and can be obtained from SLDM. Snare Server version 6 licenses can be obtained from our Snare Support team.
Quotas and Allowances
Using Snare Agent Manager
Each SAM feature license issued provides you with an activation allowance for each feature covered by the license. Let's say that you have ordered a license that allows Standard Logging (Audit / Epilog) for 20 Agents. You'll be able to use SAM to distribute this allowance across all version 5 Agents and pre-version 5 Agents. It's important to note that all pre-version 5 Agents detected by SAM that support the given feature will be counted towards to the allowance. OpenSource Agents are not counted towards your allowance.
Pre-version 5 Agent Feature Allocations
| Agent | Feature | Feature Key |
|---|---|---|
| Snare Enterprise Agent | Standard Logging | IA_LOG |
| Snare Enterprise Epilog | Standard Logging | IA_LOG |
| Snare Enterprise MSSQL | MSSQL Logging | IA_LOG_MSSQL_HOST |
Example 1:
Let's say you have an allowance for 20 Standard Logging (IA_LOG) Agents. Your network consists of 10 version 5 qualifying Agents and 7 pre-version 5 qualifying Agents. This would result in you having used 17 of the available 20 slots for the Standard Logging Agents feature. At any point you'l be able to add three further Agents to bring you up to the allocated allowance.
Example 2:
Let's stay with the allowance for 20 Standard Logging (IA_LOG) Agents. This time however, you've setup SAM and found that you have 30 pre-version 5 Agents installed on the network. At this point, SAM will update the features status to OVERLIMIT. At the point that the feature first becomes OVERLIMIT, SAM will start warning you via messages on the Dashboard and via the Notification Center that the feature is OVERLIMIT. SAM will also commence a 60 day countdown, in which you'll need to either remove enough agents to bring the usage count down to the allocated allowance or install a secondary or obsoleting license that allocates the feature a higher allowance to cover the difference in usage.
In this scenario, should the features usage have not been adjusted to meet the allowance or the allowance not increased to meet the usage, after 60 days all version 5 Agents using the feature would become unlicensed. With these Agents unlicensed, their logging functionality would have ceased.
License Feature Statuses
| Status | Meaning |
|---|---|
| AVAILABLE | License feature allowance has available slots. |
| EXHAUSTED | License feature allowance has been met but not exceeded. |
| OVERLIMIT | License feature allowance has been exceeded. Notifications will be generated on the Dashboard and in the Notification Center. If after 60 days the feature status has not been lowered to AVAILABLE or EXHAUSTED, all licensed version 5 Agents will be unlicensed. |
Licenses Issued By Snare Agent Manager
When using SAM as the tool to license Agents, individual Agents will be provided with licenses of type CONTROLLER-EVALUATION or CONTROLLER-FULL. Whether an Agent is provided with an evaluation or full license is directly dependent on whether the Agent has been licensed using a evaluation or full feature license by SAM.
SAM will issue a new self-generated license every 24 hour period to Agents with an expiry of 30 days. This policy allows for communication between SAM and an Agent to be lost for up to 30 days yet still ensure that the Agent will be licensed and continue function in accordance with the issued license.
If after 30 days communication between the SAM and an Agent has not been re-established, the Agent will become unlicensed and its functionality will cease.
How can I tell if Agent is communicating with Snare Agent Manager?
We have two direct indicators to help you determine any connectivity issues you may have between SAM and Agents:
1) Agent List pages have an indicator on the left side (SCREEN SHOT TICKET HERE) that is either green or red. Green indicates that the agent successfully communicated in the last 10 minutes. Red indicates that the agent has not communicated with SAM in the last 10 minutes. Agent are configured to communicate with its assigned SAM at 10 minutes intervals.
2) We've setup a predefined Agent List filter to display all Agents with a communication issues. From SAM, to access this list simply select Agents then Communication Issue from the sidebar.
Using Standalone Agents
Version 5 or newer Agents can be standalone licensed via the Web Management Interface or via the Command Line Interface. Standalone licenses come in two flavors, EVALUATION and FULL.
Evaluation licenses are not locked to an individual host system however, they have a short expiry which is typically 30 days. Full licenses are always locked to an individual host system by Key ID's. Key ID's are an array of key value pairs that are unique to each individual system. They can be access from the License page of any Agent installed on a given system.
Standalone licensed Agents will, if configured, communicate with SAM at 10 minute intervals, however, as they're licensed separately they will not be issued a license by SAM. In this situation where an Agent is on a network and can see a SAM, we highly recommend to use SAM's licensing functionality.
Requesting, Generating and Downloading Licenses
Depending on your accounts status there are a variety of ways that you can obtain licenses for SAM, Snare Enterprise Agents and Snare Server.
New customers can request initial evaluation licenses via intersectalliance.com.
Existing customers licenses are available via SLDM within the License section. Generation of all FULL licenses requires Key ID's. In the case that we're unable to determine the Key ID's that should be associated with a license, we'll place the license in a pending state. This results in licenses that are ready to be generated once we're supplied with the Key ID's of the system the license will be associated with. To check if any licenses are in a pending date go to Licenses > Action Required in your SLDM account.
Existing customers can request evaluation licenses via SLDM by navigating to Products > Try Now in the sidebar.
All valid licenses (evaluation and full) are available for re-download via SLDM.
Purchase Orders
When a Purchase Order has been submitted, we'll automatically generated evaluation licenses for the services requested. These evaluation licenses will be valid for a period matching the agreed payment period (usually 30 days).
Once the Purchase Order has been finalised, we'll generate full licenses for the services requested. If we're unable to determine the Key ID's, we'll place these licenses into a pending state as described above.
Upon generation the licenses will be avaiable from your SLDM account.
Obsolete Licenses
In some cases we may generate licenses that obsolete previously generated licenses. When a license is installed that obsoletes other licenses, those other licenses will cease to function and will instead have their feature allowances replaced by the allowances on the new license.
Typically, obsoleting licenses will only be provided upon renewal or feature allowance adjustments.
FAQ
Where can I find a systems Key ID's?
| Product | Location |
|---|---|
| Snare Agent Manager |
|
| Snare Enterprise Agents |
|
| Snare Server | When unlicensed, using a browser simply navigate to the Snare Server installation. *** WE NEED A SOLUTION FOR WHEN SS IS LICENSED - I guess when SAM is in SS then they'll be able to find out via the SAM UI however I doubt this is a 'good enough' solution. |
What about Agents before version 5?
You may have noticed that some Agent families have skipped a few major versions! We've deliberately made things as simple as possible and with this in mind we've bumped all Agent major version numbers to version 5.
Does removing a network in SAM remove Agents in that network?
No