RSA NetWitness Suite version 11.0 entitlement uses a trust-based licensing model. Appliances continue to function even if they are out-of-compliance with current licensing.
Choosing a License Type
The type of license you choose is based on your network requirements. If you want a license that is based on a throughput per day of logs (SIEM) or network packets (Network Monitoring and Network Malware), Metered licensing is your best bet.
The following types of licenses are available in RSA NetWitness Suite 11.0:
- Metered Licensing
- Service-based Licensing
- Out-of-the-box Trial Licensing
Metered licensing is based on a throughput per day of logs (SIEM) or network packets (Network Monitoring and Network Malware), combined with the separate purchase of the hardware needed to deploy the system and meet customers' retention requirements.
The throughput per day for logs is measured in Gigabytes per day and in Terabytes per day for packets. Customers can then acquire the amount of Gigabytes per day of logs, or Terabytes per day of packets that they require in order to meet their needs. The total amount of throughput per day is selected from one of five volume tiers of license levels, based on the total amount of throughput per day that is being licensed across the customer's entire enterprise deployment of NetWitness.
With this licensing system, organizations can scope their throughput per day capacity independently from their hardware infrastructure components, optimizing specifically for their network environment. A customer effectively licenses NetWitness software from RSA based on their network or log throughput and then purchases the infrastructure components (servers to deploy the Decoders, Concentrators, Brokers, and so on) that are required for their particular deployment.
RSA NetWitness Suite version 11.0 supports service-based licensing. Support for service-based licensing is applicable for all appliances that require a license. This is a per-service permanent license that has no expiration date. You do not need to activate any version 11.0 services manually.
The following list includes services that can have service-based licenses:
- Log Decoder
- Event Stream Analysis
- Malware Analysis
Out-of-the-Box Trial Licensing
Out-of-the-Box Licensing for RSA NetWitness Suite version 11.0 ships with a default Trial out-of-the-box license that enables customers to use the product with full functionality for 90 days. The 90-day time period begins when the NetWitness Suite user interface is configured and used for the first time.
You are given a choice to include appliances under an Out-of-the-Box (OOTB) Trial Metered License, or a Service- based License. Metered licenses are only supported for Decoder, Log Decoder, and Malware Analysis.
Version 11.0 provides the flexibility to move your license to an Out-of-the-Box Trial service-based License. An Out-of-Compliance banner notifies you when you need to take action on your license.
Licensing at a Glance
Service-based licenses are applicable to the following services:
- Log Decoder
- Malware Analysis
- License usage is based on the amount of data throughput per day.
- Only applies to Log Decoder, Packet Decoder, and Malware Analysis (standalone) services.
- Throughput per day is measured in Gigabytes per day for Log Decoders and Packet Decoders, and is measured in Terabytes per day for Malware Analysis.
- Metered license usage statistics are captured hourly and made available in CSV or PDF formats for export.
License is based on aggregate usage, as opposed to a per-appliance service. There is no specified end date; the Metered license works indefinitely
License is purchased for a specific period of time, such as 12 months, 24 months, or 36 months. Use of the software is discontinued at the end of your subscription period.
- Usage stats reflect daily average usage.
- Perpetual and service-based licenses, such as Netmon or Network, or Decoder are offered in 1 TB increments
- SIEM or Log Decoder offered in 50 GB increments
- Malware Analysis offered in 1 TB increments on a per-day average usage.
Contracted daily usage can be exceeded three times in a calendar month. Fourth spike puts the customer in an out-of- compliance state. If you are able to keep your usage within compliance for seven consecutive days until the end of the calendar month, the Out-of-Compliance banner disappears.
For example, if the fourth spike occurs on November 23, 2017, the Grace Period ends on December 31, 2017 and the Out-of-Compliance banner disappears.
Breach period starts immediately after Grace Period ends.
Red banner cannot be dismissed.
- Customer pays for hardware.
Usage is measured as an aggregate of all metered appliances.
For example, a Decoder can be licensed for 10 GB per day. Customers are allowed to use multiple Decoders under the same license.
Services are licensed automatically under the following conditions:
- When services are resolved.
- When a scheduled task runs every hour.
- License Refresh is triggered by the user.
- Subscription-based licenses are billed yearly.
The Out-of-Compliance banner is displayed when one of the following conditions occurs:
- License is tampered with during the out-of-the-box trial period.
- A service is not licensed.
- A license has expired, or is due to expire within the next two weeks.
- Usage exceeds entitled limit.
- Usage is approaching entitled limit.
To resolve an out-of-compliance state:
- Reduce usage, or
- Adjust contracted usage amount