CTE-US Licensing Model
CTE UserSpace is a kernel-independent file encryption product that is based on CTE and CTE UserSpace (rebranded ProtectFile FUSE). A CTE UserSpace license is required to register the CTE UserSpace clients with a CipherTrust Manager.
CTE UserSpace supports the CTE base and add-on Confidential Computing licenses.
CTE base: Standalone license to use the CTE solution. This license is required to use add-on licenses.
Confidential Computing add-on: Add-on license to use the Confidential Computing feature. Add-on licenses require a CTE base license activated on the CipherTrust Manager.
CTE UserSpace follows a licensing model similar to the CTE licensing, which is required to register CTE clients with the CipherTrust Manager.
CTE UserSpace is offered through the following licensing models:
Refer to Activating CTE UserSpace Licenses for instructions on how to activate CTE UserSpace licenses.
Trialware
Provides the fully-functional CTE UserSpace solution for 90 days with pre-installed trial license. After the trial period expires, CTE UserSpace continues to work normally, however, new client registrations are not allowed.
Term License
Provides the fully-functional CTE UserSpace solution for a prepaid charge for a specific period of time, for a specific number of clients.
This license comes with a grace period of 90 days. After the license period expires, the grace period starts. During the grace period, CTE continues to work normally. After the grace period is over, CTE still continues to work normally, but new client registrations are not allowed.
The CipherTrust Manager console starts showing a notification about the remaining license time. The license renewal can be ordered before the license expires.
Note
The number of clients that can be registered with the CipherTrust Manager is limited by the number of licenses purchased.
For example, if a 1-year license is purchased for 1000 clients, then only 1000 clients can be registered with the CipherTrust Manager.
Perpetual Licensing Model
Provides the fully-functional CTE UserSpace solution for a prepaid charge with no time limit, for a specific number of clients.
Note
The number of clients that can be registered with the CipherTrust Manager is limited by the number of licenses purchased.
For example, if a perpetual license is purchased for 1000 clients, then only 1000 clients can be registered with the CipherTrust Manager.
A CipherTrust Manager appliance administrator can install the CTE UserSpace license.
Add-on Licenses
CTE offers the Confidential Computing (CC) feature as an add-on license. To use Confidential Computing, you also need a CTE base license activated on the CipherTrust Manager.
Activating CTE UserSpace Licenses
Activating a CTE UserSpace license requires a license string for the CipherTrust Manager with which the clients will be registered. This string is generated when a license is activated on the Sentinel EMS License Portal.
Refer to Activating a Connector License for details.
After the CTE UserSpace license is activated, its state becomes Active on the Features tab of the Licensing page of the CipherTrust Manager GUI. The license is displayed with the feature name CipherTrust Transparent Encryption for UserSpace.
After the base CTE license is installed, the add-on licenses can be activated and installed. The steps to install the add-on licenses are the same as installing a connector license. Refer to Activating a Connector License for details.
License Enforcement
Expected behavior with CTE is explained in this section.
CipherTrust Manager appliance has activated Connector licenses: When Connector licenses are activated and uploaded to a CipherTrust Manager, you can register clients to the license capacity. The number of clients that you can register cannot exceed the Connector license count.
Reaching license capacity: If you attempt to register additional clients, registration fails because the license count has been exhausted. In this case, you can delete currently configured clients or buy additional licenses to register new clients.
If you have many existing clients, and later apply a new license which allows for fewer client registrations, a warning is displayed and a system banner appears across all pages. This banner persists as long the number of Used Clients under Client Usage exceeds the number of Total Clients. No clients are deleted, but you cannot register more clients.
License expires: The CipherTrust Manager GUI displays a red banner to inform the administrator of expired licenses. A 90-day grace period starts from the license expiry. During the grace period, you can still manage currently registered clients and register new clients. After the grace period is over, existing configurations become read-only. While the registered clients continue to work normally, you can't register more clients.
Note
The total number of clients registered on the CipherTrust Manager shouldn't exceed the total number of CTE licenses available on the CipherTrust Manager.
CTE licenses are enforced on domain level on the CipherTrust Manager. The total license usage is determined by the sum of clients registered across all domains. For example, if 200 CTE clients are registered in the root domain, and 100 more clients are registered in subdomains, the total license usage is 300.
Registering CTE UserSpace Clients with ProtectFile License
CTE UserSpace 9.4 and older clients honor both ProtectFile and CTE UserSpace feature activations on CipherTrust Manager 2.9 and older versions. If both features are active, you can register clients equivalent to the aggregate capacity of the ProtectFile and CTE UserSpace licenses.
From CTE UserSpace version 10.0 and CipherTrust Manager version 2.10 onward, a CTE UserSpace client will no longer honor ProtectFile feature activation on the CipherTrust Manager. CTE UserSpace clients can only be registered using the CipherTrust Transparent Encryption for UserSpace licenses.
