Data Protection Gateway Licensing Model
CipherTrust Data Protection Gateway (DPG) is offered as part of the CipherTrust Flex Connector Advanced licensing. It can be used with CipherTrust Manager Community Edition, CipherTrust Manager Enterprise Edition, or Trialware.
Trialware
Provides the fully-functional DPG for 90 days with pre-installed trial license. After the trial period expires, DPG continues to work normally, however, new client registrations are not allowed.
This is the default license shipped with the CipherTrust Manager.
CipherTrust Manager Community Edition
With CipherTrust Manager Community Edition, three DPG licenses are included for use. This allows you to register three applications (REST API endpoint configurations) on the CipherTrust Manager as registered clients. There is no limitation on the number of connectors deployed within an application. A license is considered in use if one or more DPGs are registered within an application (REST API endpoint) configured on the CipherTrust Manager.
There is also no limitation on the number of applications configured on CipherTrust Manager, but if you try to register clients on a fourth application configuration, the system throws the following error: License not yet installed for feature DataProtectionGateway
.
To free up a license, you must remove all the registered clients from the application.
CipherTrust Manager Enterprise Edition
Licenses with CipherTrust Manager Enterprise Edition is limited by the number of licenses purchased. A license is considered in use if one or more Data Protection Gateways are registered under an application (REST API endpoint) configured on the CipherTrust Manager.
There is also no limitation on the number of applications configured on the CipherTrust Manager, but if you try to register clients beyond the license count, the system throws the following error: License not yet installed for feature DataProtectionGateway
.
To free up a license, you must remove all registered clients from the application.
Activating DPG Licenses
Once you have purchased your entitlement of a CipherTrust Flex Connector Advanced licensing, it needs to be converted to a DPG specific license file for use with the CipherTrust Manager. To do so, take your entitlement to the Sentinel EMS License Portal as well as your EID and select Data Protection Gateway
under Variant
. You can find the details about your EID and available licenses on the License Portal.
Refer to Activating a Connector License for details.
After the DPG license is activated, its state becomes Active on the Features tab of the Licensing page of the CipherTrust Manager GUI. The license is displayed with the feature name DataProtectionGateway.
License Enforcement for DPG
Data Protection Gateway licenses are enforced by the following:
The CipherTrust Manager appliance has activated Connector licenses: When Data Protection Gateway licenses are activated and uploaded to the CipherTrust Manager, you can use applications (REST API endpoint configurations on the CipherTrust Manager up to the license capacity. The number of applications that you want to use cannot exceed the license count. However, there is no restriction on the number of applications configured in CipherTrust Manager. Whenever Data Protection Gateway is registered with an application, that application consumes a license. You can register multiple clients under that application with no further licenses required. Licenses are available and shared across domains. For example, if there are five licenses for DPG, only five applications in total can be used across all domains.
Reaching license capacity: Additional application can't be used because the license count has been exhausted. In this case, users can delete currently registered clients or buy more licenses.
License expires: The CipherTrust Manager GUI displays a red banner, at the top, to inform the administrator that licenses have expired. If there are more applications using licenses than capacity available, no new application can be added and no new clients can be registered under the new application. Currently, registered clients will be allowed to continue until their natural end. There is no grace period when the license expires.