Overview of licensing introduced to the agents
End user can license via standalone or on network via SAM (highly recommended) - SAM may be operated on air gaped network; and is designed to make licensing your agents quick and simple.
The SAM application will evolve and will pick up new functionality on the way. The next version 2 will incorporate configuration of the agents and replace the existing AMC in the Snare Server.
What needs a license?
- Snare Agent Manager
- Integrity key licenses
- agent feature licenses
- If agents are in standalone mode then the agent will need a standalone license key
All the Snare products will now require a license to operate including v5+ agents and SAM v1+, Snare Server v7+ products.
As part of the upgrade to the Snare Agents all of them and moved up to a new baseline called version 5 as they all have the same basic feature set. This as resulted in some agents skipping some versions like the SQL agent and Epilog.
Licensing from an end users perspective consists of two different pathways.
- Standalone licensing
Standalone licenses can be issued for either Agents, Snare Server or SAM. In standalone mode the agent will not talk to a Snare Agent Management Console to obtain its license. It will however still talk to it to provide details to a SAM about its ip, license class etc.
A standalone license is identified by the License-Type being either: EVALUATION, FULL. - SAM based licensing
In SAM Based licensing, SAM provides the licenses to the agents.
Licenses are provided to an agent are identified by the License-Type being either: CONTROLLER-EVALUATION or CONTROLLER-FULL.
Snare Agent Manager
SAM needs to be licensed first before can allocate a license to Snare agents. For permanent license strings Intersect Alliance need the KeyiD's from the SAM under the Licenses tab to provide a license to the SAM.
This license for SAM will also use a IA_SAM=1 feature reference.
Then there is a feature license for your agents:
IA_LOG = nn
IA_MSSQL_LOG = nn
IA_MSSQL_LOG_HOST = nn
SAM automatically sends a license (generated by itself) once a day to the agents, so the agents are perpetually license for another 30 days,so if network is down the agents will log for another 30-days.
If after network outage is resolved the SAM will resend a license of internal (todays date) plus another 30 days.
THEREFORE agents will keep on logging for 30 days after they last communicated with SAM.
(Last Seen is the last time the agent contacted SAM, or if did a scan that SAM saw the agent)
The Snare Agent Manager controls the licenses that are required for the Snare enterprise agents to function.
The Snare Agent Manager license is generated by Intersect Alliance based on the Key Ids where it is installed. When a new license is required ensure these Key Ids are provided by copying them to clipboard.
Quotas and Allowances
For each feature we have the number of allowances, so if you have IA_LOG=20, then you have twenty agents that have the ability to use that feature. Any enterprise agents ( except the SQL agent ) will count towards that total including legacy (pre-v5), the exception is OPENSOURCE (where you may run as many as you like).
overlimit and under 60 days
If you have installed 20 v5 agents and the SAM shows these 20 as operational. If you now set up a scan in the SAM and discover another 10 legacy enterprise agents you will get an over usage warning. The feature IA_LOG then detects that you have gone over your license limit and goes into a state=OVERLIMIT - this has now triggered a 60 day warning period for you to contact your sales rep/or manipulate the environment to only use 20 agents or less i.e come back to your allowance
overlimit and over 60 days
eg get to 61 days and we still have 30 agents( 20 v5 and 10 legacy enterprise agents) ;
The system will now unlicense as many v5 agents first until get to attempt to come back up the license limit. So if 10 v4 agents and 20 v5 agents, then the SAM will unlicense the 10 v5 agents until it goes back to limit of 20 - then OVERLIMIT will become EXHAUSTED where no new licenses can be allocated until the license quote is upgraded.
eg get to 61 days and we still have 30 agents, 25 v4 agents plus 5 v5 agents; it will unlicense ALL the v5 - since more v4 agents than the license spots so can't get back to EXHAUSTED, and will always be OVERLIMIT.
SAM will allocate licenses up to the license exhausted limit and will only end up an an over-limit state if other legacy enterprise agents are detected and the total number of agents exceeds the license quota..
Some of the terms in use are:
AVAILABLE
- the number of features available on that particular license
EXHAUSTED
- when the full license feature capability is used, eg IA_LOG=20 and 20 are utilized.
EVALUATION
- usually designated for time based evaluation of the Snare software.
Snare Enterprise Agent
The Snare Enterprise Agent will display the details of the active licenses registered to your organization. You may license your agent depending on your network set up.
- If your agent is installed on a network then you also have Snare Agent Manager (SAM) installed that may push out all the licenses to your installed agents.
- If you have a standalone agent, installed on your desktop or device, then you will require to submit your Key IDs via the Snare License and Download Manager (SLDM), and add that license to your agent.
If SAM licenses the agent, then you can see the status on the Licenses page and it will be referenced as LICENSE-TYPE= full or evaluation, so it will be easy to see when SAM does the licensing or not at the agent level.
Warnings can occur when it is detected that your organization has more legacy enterprise agents than the new version 5 license allows. You have a 60 day grace period to contact your Snare Sales representative to update your license.
If your organization is oversubscribed, extra evaluation licenses maybe supplied until fully migrated to version 5.
For existing customers, Licenses will be downloadable from the Intersect Alliance site Snare License and Download Manager (SLDM) based on your current purchase of software.
Example: Customer A was evaluating Snare Ent Agents utilizing SAM, in which they received 2 licenses - both for SAM (1 Integrity Key and 1 feature license). Cust A has purchased Snare, what the happens with the licenses/what do you need?
Once the PO phase gone through to completed - and the customer has supplied the KEY IDS from their production SAM - the full licenses will be auto generated and will expire within purchased time span as required. During the PO submission a user will have the ability to download evals for the full license allotment of the PO (for default 30 days or more depending on their purchasing arrangements) - once the payment has been received the customer will get their full licenses.
if more evaluations are required then they can be added to SAM to cover the additional agent features.
if additional licenses are purchased they can be added to the existing install or obsolete the existing license and provide a new total.
Obsolete Licenses
An Obsolete license can be used when (and if staying at same usage count) the customer is renewing licenses in advance (ie on 12 month support and renewing), we will issue them with new licenses for duration of the 14 months but obsolete existing licenses that they have but will have a 2 month window where their support period is extended.
If the customer is changing their usage count and upping the feature quantities then a new license can be allocated to obsolete the existing features and provide new feature totals.
Networks & License
Deleting a network doesn't delete the agents on that network. SAM still knows about these agents and as a result all enterprise agents will continue to count towards license usage.