Activating Licenses
This section describes how you can activate the CipherTrust Manager and Connectors licenses. Activating a license involves generating a license and adding it to the CipherTrust Manager.
This section covers the following information:
Caution
As the License Portal limits the number of license strings you can generate, take care to provide the correct lock code for the desired license type before generating the license string. The Key Manager Lock Code produces a Virtual CipherTrust Manager license. The Connector Lock Code produces connector licenses and the KMIP license.
Activating a CipherTrust Manager License
You need a valid and active license on each Virtual CipherTrust Manager instance to access all administration features. You can find the details of your EIDs and available licenses after you have logged on to the License Portal. The license will not replicate across a cluster.
Generate a CipherTrust Manager License
Log in to the License Portal. Refer to Logging on to the Portal for details. The Products tab is displayed.
Under Products, expand the Virtual CipherTrust Manager license. You might have a "k170v" or "k470v" license depending on the performance level you purchased. A k170v license is shown as an example.
Note
Alternatively, use the Search option located at the top right corner to locate a specific product. You can locate details of your ordered products by either searching the partial or complete product name (product version is NOT required).
Physical CipherTrust Manager appliances (k470 and k570) are shipped with pre-installed license and do not require additional configuration.
Under Actions, click Activate for the desired entitlement. The Order Activation page is displayed.
Select the product and enter 1 in the Quantity To Activate.
Obtain the Key Manager Lock Code:
Log in to the CipherTrust Manager GUI.
Open the Admin Settings application.
In the left pane, click Licensing.
Click the Lock codes tab.
Click to expand Key Manager Lock Code.
Copy the Key Manager Lock Code. This lock code is needed to activate a CipherTrust Manager license.
Return to the License Portal.
Paste the copied lock code in the Product Lock Code field.
Click Activate. This initiates the entitlement activation process.
A message stating that activation is completed successfully is displayed on the Order Activation page.
The generated license file is available for download. Now, you should add the license to the Virtual CipherTrust Manager, as described below.
Add the License to the CipherTrust Manager
Click Download License File. The
license.zipfile is downloaded to your local machine.Extract the ZIP file. The default license file is
lservrc.On the CipherTrust Manager GUI:
Open the Admin Settings application.
In the left pane, click Licensing.
Click the Features tab, if needed.
Click Add license. The Add License dialog box is displayed. The File Upload option is selected by default.
Click Upload License. Select the license file.
Click Add License.
Now your Virtual CipherTrust Manager has an Active license. The license is displayed in the features list. The Expiration date indicates how long the license is valid.
To view more details about the license, click the overflow (
) icon.
Repeat these steps for every Virtual CipherTrust Manager instance. CipherTrust Manager licenses are not replicated across a cluster.
Activate a CipherTrust Manager license using KSCTL
Retrieve the 'Key Manager Lock Code'.
ksctl licensing lockdataLog in to the License Portal. Refer to Logging on to the Portal for details. The Products tab is displayed.
Under Products, expand the Virtual CipherTrust Manager license. You might have a "k170v" or "k470" license depending on the performance level you purchased. A k170v license is shown as an example.
Note
Alternatively, use the Search option located at the top right corner to locate a specific product. You can locate details of your ordered products by either searching the partial or complete product name (product version is NOT required).
Physical CipherTrust Manager appliances (k470 and k570) are shipped with pre-installed license and do not require additional configuration.
Under Actions, click Activate for the desired entitlement. The Order Activation page is displayed.
Select the product and enter 1 in the Quantity To Activate.
Paste the copied lock code in the Product Lock Code field under Product Locking.
Click Activate. This initiates the entitlement activation process.
Copy the License String. The license string is needed to install the license on CipherTrust Manager GUI.
Note
The license string generated for one CipherTrust Manager cannot be used on any other CipherTrust Manager.
Activate your product by entering the License String.
ksctl licensing licenses add -l "<license string>"Repeat these steps for every Virtual CipherTrust Manager instance. CipherTrust Manager licenses are not replicated across a cluster.
Activating a Connector License
To register and use a Connector on your CipherTrust Manager, you need to have a valid and active license for that Connector on your appliance. You can find the details regarding your EID and your available Connector licenses on the License Portal.
Note
Unlike the Key Manager Lock Code, the Connector Lock Code is cluster-wide. This means that a license applied using the Connector Lock Code replicates across the cluster.
Instructions provided in this section apply to all the supported Connectors. Exceptions are: for CipherTrust Cloud Key Manager (CCKM), the usage unit is Cloud Units; for DDC, the unit is Data Allowance; and for CTE and similar Connectors, the unit is Clients.
Generate a Connector License
Log in to the License Portal and select CipherTrust Data Security option from the dropdown at the top right corner.
Under Products, expand the Flex Connector bundle license that you would like to activate.
Note
Alternatively, use the Search option located at the top right corner to locate a specific product. You can locate details of your ordered products by either searching the partial or complete product name (product version is NOT required).
Under Actions, click Activate for the desired entitlement. The Order Activation page is displayed.
Select the desired Variant (for example, CipherTrust CTE-KubernetesProtection1, CipherTrust Transparent Encryption SAP-HANA, CipherTrust Batch Data Transformation, and CipherTrust Database Protection).
Select the product and enter the Quantity To Activate.
Obtain the Connector Lock Code:
Log in to the CipherTrust Manager GUI.
Open the Admin Settings application.
In the left pane, click Licensing.
Click the Lock codes tab.
Click to expand Connector Lock Code.
Copy the Connector Lock Code. Every CipherTrust Manager appliance has a unique Connector Lock Code. This lock code is needed to activate a Connector license for the CipherTrust Manager.
Note
In a CipherTrust Manager cluster, the Connector Lock Code is applicable to all nodes of the cluster to enforce connector licenses across the cluster nodes. When a Connector license is activated for one CipherTrust Manager appliance, the license is replicated on all the nodes of the cluster.
Return to the License Portal.
Paste the copied lock code in the Product Lock Code field.
Click Activate. This initiates the entitlement activation process.
A message stating that activation is completed successfully is displayed on the Order Activation page.
The generated license file is available for download. Now, you should add the license to the CipherTrust Manager, as described below.
Add the License to the CipherTrust Manager
To add the license to the CipherTrust Manager:
Click Download License File. The
license.zipfile is downloaded to your local machine.Extract the ZIP file. The default license file is
lservrc.On the CipherTrust Manager GUI.
Open the Admin Settings application.
In the left pane, click Licensing.
Click the Features tab, if needed.
Click Add license. The Add License dialog box is displayed. The File Upload option is selected by default.
Click Upload License. Select the license file.
Click Add License.
Now your Connector has an Active license. The Connector license is displayed in the features list. The Expiration date indicates how long the license is valid.
To view more details about the license, click the overflow () icon.
To view the usage of a feature licenses, expand the feature. The Client Usage section shows the count of licenses consumed in the current domain. The Domain Level Usage section shows the consumption of CTE licenses in all domains, and in individual domains. For example, expanding CipherTrust Transparent Encryption shows:
Likewise, you can see the the consumption of KMIP licenses in all domains (Domain Level Usage), and in individual domains.
Similarly, expanding Cloud Key Manager shows:
Note
Unlike Connector licenses such as CTE-TransparentEncryption and ProtectFile, usage is not displayed for the CipherTrust Manager and LUKS licenses.
Activating CipherTrust Secrets Management (CSM)
To manage secrets using CipherTrust Secrets Management, you need an Akeyless account with administrative privileges. Refer to the Secrets Management document to learn how licensing and access is managed for CSM.
Connector License Activation After System Reset
If adding a connector license fails with Error[150]: The specified lock code is invalid., and you have recently reset the system, the Connector Lock Code likely changed. The following remedies are available:
Restore a CipherTrust Manager backup file containing the desired Connector Lock Code, if one is available, and retry adding the license.
Add the reset CipherTrust Manager to another CipherTrust Manager cluster node with the desired Connector Lock Code. The Connector Lock Code and installed connector licenses replicate to the reset CipherTrust Manager. You can add license files associated with the Connector Lock Code on any cluster node.
If a suitable backup file or cluster node is not available, contact customer support.
