Please Note:

Getting Started
CipherTrust Manager Deployment
- Hardening Guidelines
- Install Virtual CipherTrust Manager
  - Plan Configuration Settings for Cloud Init
  - Deploying with Cloud-init
  - Amazon Web Services Deployment
  - Google Cloud Deployment
  - Alibaba Cloud Deployment
  - Microsoft Azure Deployment
  - Microsoft Azure Stack Deployments
  - Microsoft Azure Dedicated HSM Provisioning
  - Oracle Cloud Deployment
  - Private Cloud Deployment
  - Resizing the Virtual Hard Disk After Deployment
- Install Physical CipherTrust Manager Appliance
  - Securely Transporting a CipherTrust Manager k570 Appliance
  - Remote PED-Authenticated k570 Initialization
  - Backing Up k570 Root of Trust Keys
  - Hardware Specifications
  - HSM Tamper Behavior
  - Reboot the Appliance
  - Power Supply and Fan Maintenance
  - Serial Connections
  - Front Locking Bezel
- Network Configuration Tutorial
  - Planning Network Configuration
- Install the CLI Toolkit
- Changing the Initial Password
- Network Time Protocol Server Configuration
- Starting Services After Deployment
- System Configuration Utility
- Resetting a CipherTrust Manager
Licensing
- Trial Evaluation
- Accessing the License Portal
- Activating Licenses
- Managing Licenses
- View and Delete Licenses on CipherTrust Manager
- Migrating Licenses from Legacy Appliances
- Recovering Licenses after Redeployment
- Virtual CipherTrust Manager Licensing Model
- CCKM Licensing Model
- CTE Licensing Model
- CTE UserSpace Licensing Model
- DDC Licensing Model
- KMIP Licensing Model
- ProtectFile Licensing Model
- Data Protection Gateway Licensing Model
- RESTful Data Protection Licensing Model
DDC Deployment
- Architecture
- Requirements
- Post-install
- DDC Agents
- Hardening Guidelines
Migrate from KeySecure Classic
Migrate from Data Security Manager
Migrate KMIP Managed Objects from Data Security Manager
Migrating ProtectFile to CTE Agent

CipherTrust Manager
Getting Started
Licensing
Data Protection Gateway Licensing Model

Data Protection Gateway Licensing Model

CipherTrust Data Protection Gateway (DPG) is offered as part of the CipherTrust Flex Connector Advanced licensing. It can be used with CipherTrust Manager Community Edition, CipherTrust Manager Enterprise Edition, or Trial License.

Trial License

Provides the fully-functional DPG for 90 days with pre-installed trial license. After the trial period expires, DPG continues to work normally, however, new client registrations are not allowed.

This is the default license shipped with the CipherTrust Manager.

CipherTrust Manager Community Edition

With CipherTrust Manager Community Edition, three DPG licenses are included for use. This allows you to register three applications (REST API endpoint configurations) on the CipherTrust Manager as registered clients. There is no limitation on the number of connectors deployed within an application. A license is considered in use if one or more DPGs are registered within an application (REST API endpoint) configured on the CipherTrust Manager.

There is also no limitation on the number of applications configured in CipherTrust Manager, but if you try to register clients on a fourth application configuration, the system throws the following error: License not yet installed for feature DataProtectionGateway.

To free up a license, you must remove all the registered clients from the application.

CipherTrust Manager Enterprise Edition

Licenses with CipherTrust Manager Enterprise Edition is limited by the number of licenses purchased. A license is considered in use if one or more Data Protection Gateways are registered under an application (REST API endpoint) configured on the CipherTrust Manager.

There is also no limitation on the number of applications configured on the CipherTrust Manager, but if you try to register clients on a fourth application configuration, the system throws the following error: License not yet installed for feature DataProtectionGateway.

To free up a license, you must remove all registered clients from the application.

Activating DPG Licenses

Once you have purchased your entitlement of a CipherTrust Flex Connector Advanced licensing, it needs to be converted to a DPG specific license file for use with the CipherTrust Manager. To do so, take your entitlement to the Sentinel EMS License Portal as well as your EID and select Data Protection Gateway under Variant. You can find the details about your EID and available licenses on the License Portal.

Refer to Activating a Connector License for details.

After the DPG license is activated, its state becomes Active on the Features tab of the Licensing page of the CipherTrust Manager GUI. The license is displayed with the feature name DataProtectionGateway.

License Enforcement for DPG

Data Protection Gateway licenses are enforced by the following:

The CipherTrust Manager appliance has activated Connector licenses: When Data Protection Gateway licenses are activated and uploaded to the CipherTrust Manager, you can use applications (REST API endpoint configurations on the CipherTrust Manager up to the license capacity. The number of applications that you want to use cannot exceed the license count. However, there is no restriction on the number of applications configured in CipherTrust Manager. Whenever Data Protection Gateway is registered with an application, that application consumes a license. You can register multiple clients under that application with no further licenses required. Licenses are available and shared across domains. For example, if there are five licenses for DPG, only five applications in total can be used across all domains.
Reaching license capacity: There no limitation on the number of applications configured on the CipherTrust Manager, but if you try to register clients on a fourth application configuration, the system throws the following error: License not yet installed for feature DataProtectionGateway. To free up a license, you must remove all registered clients of the application.
License expires: The CipherTrust Manager GUI displays a red banner, at the top, to inform the administrator that licenses have expired. If there are more applications using licenses than capacity available, no new application can be added and no new clients can be registered under the new application. Currently, registered clients will be allowed to continue until their natural end. There is no grace period when the license expires.

Suggest A Change

Data Protection Gateway Licensing Model

Trial License

CipherTrust Manager Community Edition

CipherTrust Manager Enterprise Edition

Activating DPG Licenses

License Enforcement for DPG

On this page