Virtual CipherTrust Manager Licensing Model
New Virtual CipherTrust Manager instances are launched as Community Edition, without a Virtual CipherTrust Manager license. Community Edition has restrictions on available features.
Licensed Administration Features
The following operations require a Virtual CipherTrust Manager license and are not available in Community Edition:
Creating child domains.
Clustering the Virtual CipherTrust Manager instance with other Virtual CipherTrust Manager instances.
Configuring a new LDAP connection for users.
Configuring a new OpenID Connection (OIDC) for users.
Configuring a Hardware Security Module (HSM) as root of trust.
Creating schedules for backup or key rotation operations.
The following chart summarizes the features available in Community Edition without licenses and features available in Enterprise Edition, after a Virtual CipherTrust Manager license is applied.
These restrictions apply to creating new resources and configuration. If a previously installed Virtual CipherTrust Manager license expires, is deleted, or is paused as part of stopping the trial evaluation, existing resources and configurations are still fully available.
Similarly, if you restore a backup from another CipherTrust Manager containing licensed resources, these objects are fully available and editable after restore. Also, if a CipherTrust Manager is added into a cluster while it has a Virtual CipherTrust Manager license, and the CipherTrust Manager later goes into Community Edition, the cluster remains intact and licensed resources continue to replicate to every node.
Licensed resources included in backups include child domains, LDAP connections, OIDC connections for managing CipherTrust Manager users, and schedules.
You can enable a 90-day trial evaluation of the Virtual CipherTrust Manager license, or purchase this license for a longer term.
Contact a Thales Sales representative for assistance in purchasing licenses. One Virtual CipherTrust Manager license is needed per instance, as the license does not replicate across a cluster.
30 days prior to license expiration, the CipherTrust Manager Server will notify you, in the top banner in red, that your license is expiring soon. Before the expiration, a new purchased license must be installed.
Virtual CipherTrust Manager License Behavior with Firmware Upgrade, Downgrade, and System Reset
Every type of Virtual CipherTrust Manager license, trial, term, or permanent, is retained after firmware upgrade with the original expiration date. Similarly, installed licenses are retained with firmware downgrade. Upgrading or downgrading a CipherTrust Manager in Community Edition results in a CipherTrust Manager with no Virtual CipherTrust Manager license. If the version after upgrade or downgrade is 2.8 or higher, the CipherTrust Manager displays as Community Edition.
If you reset a CipherTrust Manager in Community Edition, data is wiped and the CipherTrust Manager remains in Community Edition mode. If you reset a CipherTrust Manager with a trial, term, or perpetual license all Connector licenses are removed but the Virtual CipherTrust Manager license remains with the original expiry date from before reset.
CPU Count Limits
Either a k170v or k470v license may be purchased. k170v allows for up to four CPUs, whereas k470v allows for more than four CPUs. The Community Edition and trial evaluation is equivalent to k170v, and allows up to four CPUs.
If you find that your initial choice of license doesn't meet your needs, you can purchase and change to the other license type at any time. A k170v or k470v license immediately takes effect when applied. The most recently applied license overrides existing Virtual CipherTrust Manager licenses, even if older licenses have not yet expired.
If you exceed the CPU allocation for a Virtual CipherTrust Manager k170v, a warning message is displayed on login which can be closed. An alarm notification is also present which can only be cleared by reducing the number of CPUs allocated to the Virtual CipherTrust Manager.