Symantec offers many different products, each with its own licensing requirements. Some Symantec Encryption products use a licensing system to enable product functionality for purchased products. This article outlines the licensing concepts and explores licensing scenarios
Symantec Encryption functionality may be fully or partially disabled until a valid license number is entered. The process of entering a license number into Symantec Encryption software is called License Authorization and enables one or more seats (or users) of Symantec Encryption software.
Sample License Number:
Section 1 - Symantec Endpoint Encryption:
Symantec Endpoint Encryption Management Server (SEEMS)
Symantec Endpoint Encryption Drive Encryption (SEE Drive Encryption)
Symantec Endpoint Encryption Removable Media Encryption (SEE RME)
Symantec Endpoint Encryption Management Server can be installed on as many systems as is needed with not additional licensing. SEEMS manages systems encrypted with Symantec Endpoint Encryption Drive Encryption and Removable Media Encryption.
Symantec Endpoint Encryption license meter is per device such as number of laptops or desktops to be covered. For example, if SEE Drive Encryption is installed on 100 systems, then a licence for 100 seats would be needed.
If an additional 50 seats was installed with SEE RME, then another 50 seats would be needed for a total of 150 seats needed.
Symantec Endpoint Encryption products do not employ the use of a license number as do the rest of the encryption products in the proceeding document.
Section 2 - Symantec Encryption Products:
Symantec Email Encryption
Symantec Drive Encryption
Symantec File Share Encryption
All of these Encryption Desktop features listed above are licensed per user, meaning individual users actively using the Symantec Encryption Desktop software either on the same system or any profile on the same system.
Example 1: One user on one or more profiles per system must purchase one copy of Symantec Encryption Desktop.
Example 2: Two users on one or more profiles per system must purchase two copies of Symantec Encryption Desktop.
Example 3: One user wanting to use Symantec Encryption Desktop on five different computers must purchase five copies.
Example 4: Symantec Drive Encryption enables a user to encrypt the entire hard drive of a computer. After the system has been encrypted, the system cannot be booted until a passphrase (password) has been entered. In some cases, this is the only encryption functionality that will be used. Symantec Drive Encryption will allow multiple users to be added to the software to boot a system. In this scenario, only one license per system\device is required. This applies for Administrators wanting to add themselves to the Symantec Drive Encryption software (See the screenshot below to see the Drive Encryption shelf). If any additional features are used, such as individual file encryption or Virtual Disk, each user taking advantage of these features requires an individual license.
Section 3 - Symantec Encryption Management Server:
Symantec Encryption Management Server includes the ability to manage users on the server or centrally manage individual Symantec Encryption Desktop clients centrally. This allows an Administrator to lock down Symantec Encryption Desktop policies from the Symantec Encryption Management Server. Each user managed by the Symantec Encryption Management Server counts as one license.
Example 1: If 100 users exist on a Symantec Encryption Management Server, 100 licenses of Symantec Encryption Management Server must be owned. The only exception to this is if the account on the Symantec Encryption Management Server is an Administrator account, purely used for booting a Symantec Drive Encryption client. In this situation, the Administrator user would not be counted as the license.
Example 2: When Symantec Encryption Management Server is used to manage a Symantec Encryption Desktop client license, the quantity of each product must match. If 100 users of Symantec Encryption Desktop are purchased to be managed by the Symantec Encryption Management Server, then 100 copies of Symantec Encryption Management Server must also be purchased.
Example 3: Symantec Encryption Management Server has the ability to share\replicate information to other Symantec Encryption Management Servers. This process is called clustering. In clustering, multiple Symantec Encryption Management Servers are used. Symantec does not limit the amount of clusters for licensing purposes that can be used within the environment as long as the user count does not exceed the quantity of licenses purchased (The technical limitation is 6 nodes).
Section 4 - Symantec PGP Command Line
Symantec PGP Command Line is licensed (i) per physical CPUs/processors, (ii) Keys and (iii) Functionality.
CPUs/processors refers to the number of physical CPUs on a system. If a computer has one or two physical processors, a 2-CPU license is required. If a computer has up to four processors, a 4-CPU license is required, and so on. For CPUs with multiple internal processing units (e.g., cores), each processing unit counts as a single processor.
Keys: Symantec PGP Command Line options offer either one-key or unlimited-key licensing for local keyring management.
One-key licensing means that one public key may be used in the local keyring, other than your own key. This licensing option may be used for PGP Command Line to (i) send files to and receive files from one Server which uses PGP Command Line and is not subject to the “1 Key” limitation; (ii) sign or decrypt a file with Your private key; (iii) encrypt a file or verify a signature on a file with a public key from one Server which uses PGP Command Line and is not subject to the “1 Key” limitation; and (iv) create self-decrypting archives. For purposes of this section, “Key” means either or both components of a public/private cryptographic key pair.
Unlimited-keys licensing means that more than one public key may be used in the local keyring, other than your own key. An Unlimited-key license should be purchased if encrypting/signing to more than one recipient is needed.
For each seat of Symantec PGP Command Line, Symantec allows installation on one production and one non-production system. This means if one 2-CPU license is purchased for Symantec PGP Command Line, it may be installed on the production box that is handling all encryption/decryption processes, and another system that is not handling production encryption/decryption. The non-production box may be a failover box or a test box, but may not perform any encryption/decryption related to business encryption/decryption.
Section 5 - Licensing for Terminal Server or Citrix Environments:
Various Symantec Encryption Desktop functionality can be used in Terminal Server or Citrix Server environments. In Terminal or Citrix Server environments, the applications are installed on the server itself and any users logged into this server can access the application installed. Due to the nature of these environments, Symantec Encryption Desktop is managed quite differently than in normal environments. The Encryption software is licensed per-user on the Terminal or Citrix Server and not by how many users are using the Symantec Encryption Desktop.
Example: Symantec Encryption Desktop is installed on a Terminal Server that has 100 users; however 25 users are currently using Symantec Encryption Desktop. In this scenario, 100 copies must be purchased, because all users on the server have the ability to use the Symantec Encryption software, whether it is used or not.
The only exception to this, in Citrix environments, is a technical restriction that has been enforced on the Citrix Server. In other words, only those users who are licensed to use Symantec Encryption Desktop have the ability to use any encryption functionality. To enforce a technical restriction in a Citrix environment, NTFS Permissions should be modified on the Citrix Server to remove Execute access for the Program Files folder so that only licensed users can open Symantec Encryption Desktop. In addition to restricting execute access, other restrictions should be put in place so that Symantec Encryption Desktop does not startup when a user logs into an account and the menu items are not available.
|Due to the nature of licensing with Terminal Server or Citrix environments, licensing is per user on the Terminal or Citrix server where Symantec Encryption Desktop is installed as is listed in the example above. The only exception to this licensing is by implementing a technical lockdown of the Symantec Encrypt in Desktop software for non-licensed users in this type of environment. This means the non-licensed users are technically unable to utilize any features. When such a technical lockdown has been implemented, Symantec will only require licenses for the users who will be using Symantec Encryption Desktop and are legally authorized to do so.|
Rate this Article