Encryption Licensing Guide

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 12

DownloadEncryption-licensing-guide
Open PDF In BrowserView PDF
Symantec Encryption Licensing Guide

Symantec Encryption Licensing
Guide
December 7, 2017

1

Symantec Encryption Licensing Guide

Contents

Symantec Encryption Licensing Guide 1
Chapter 1: Product Overview 3
Endpoint Encryption

3

Email Encryption 3
File and Folder Encryption 3
Managed by Symantec Endpoint Encryption Management Server (SEE-MS) 3
Managed by Symantec Encryption Management Server (SEMS)

4

Stand-alone Capability 4
Chapter 2: General Encryption Licensing

5

Step 1: Determine License Type

5

Step 2: Determine Product Sub-Type 5
Step 3: Determine License Quantity

6

Step 4: Determine Pricing for Selected Buying Options
Chapter 3: PGP Command Line Licensing

7

Step 1: Determine # of CPU cores

7

Step 2: Rules on Stacking or Splitting CPU Licenses
Example

7

8

8

Other PGP Command Line Licensing Considerations 8
Managing PGP Command Line (Optional Add-On)

9

Step 1: Determine the # of Client Access Licenses Needed

9

Step 2: Determine the # of Key Management Server Licenses Needed
Chapter 4: Trials and Evaluations

10

Chapter 5: License Migrations Summaries from Oct. 2014
Symantec Product Bundle Migrations
Chapter 6: Additional Resources
Chapter 7: Key Contacts

10

11

11

12
2

9

Symantec Encryption Licensing Guide

Chapter 1: Product Overview
Symantec’s encryption portfolio provides flexible data protection through a range of offerings including endpoint, file and
folder, and email encryption. Integration with Symantec Data Loss Prevention delivers added protection by automatically
encrypting sensitive data being moved onto removable media devices or residing in emails and files.
Robust management features include individual and group key management, automated policy controls, and out-of- thebox, compliance-based reporting.

Endpoint Encryption
Protection for laptops, desktops, servers, and removable media from loss or theft.

Email Encryption
Protection for email at various stages in a message’s journey.

File and Folder Encryption
Protection for batch transfers, collaboration and file sharing in an organization, and in the cloud.

Currently, our solution is managed by different management servers depending on the needs of the customer. See below to
better understand which products fall under which platform.
PLEASE NOTE: Starting October 6, 2014, there was a large shift in license entitlements and all encryption products, with the
exception of PGP Command Line, include their respective management platform with their license. Symantec Endpoint
Encryption also includes entitlements for Symantec Drive Encryption and Symantec Encryption Management Server. See
Chapter 5 for more information on the October 2014 migrations.

Managed by Symantec Endpoint Encryption Management Server (SEE-MS)
Endpoint Encryption
Endpoint
Encryption

•Consolidated endpoint encryption solution to secure data on laptops, desktops, servers and
removable media.
• Includes entitlements for Drive Encryption and Symantec Encryption Management Server

3

Symantec Encryption Licensing Guide

Managed by Symantec Encryption Management Server (SEMS)
Endpoint Encryption
Drive Encryption

• Endpoint Encryption for laptops and desktops.
• NOTE: Cannot be purchased individually; Drive Encryption and Symantec Encryption
Management Server are included in the Endpoint Encryption license.

Email Encryption
Desktop Email
Encryption

•Secure outbound email immediately from the user’s laptop/desktop. Email is encrypted on
internal mail servers as well.

Gateway Email
Encryption
Mobile Encryption
for iOS

•Email encryption at the gateway without the need for client software.

PGP Command
Line

•Automated encryption for file transfer and data-processing applications
• NOTE: PGP Command Line SKU does not include management. Key Management Server
and Client Access are licensed separately for this product.

•Email encryption for iOS devices to both send and receive messages (encryption and
decryption).
• NOTE: PGP Viewer for Android is available for free from the Google Play Store but cannot
send/reply to email (decryption only).
File and Folder Encryption
File Share
•Policy-enforced file encryption for collaborating teams, including Dropbox integration
Encryption
• NOTE: File Viewer for iOS is available for free via Apple iTunes Store.

Stand-alone Capability
Customers looking to run disk encryption without the use of a deployment/management server should use Drive Encryption.
At this time, Endpoint Encryption v11.x is only meant to be operated using a deployment server with management
capability.

4

Symantec Encryption Licensing Guide

Chapter 2: General Encryption Licensing
Step 1: Determine License Type
License Type

Description

Perpetual

• Grant customers the right to use product version indefinitely

Subscription

• Grant a limited-time right to use the software
• Renew at end of each term, otherwise the software must be uninstalled

Step 2: Determine Product Sub-Type
Term Type

Description

Initial

• Available in one year, two year, and three year options

Additional User

• Available in one year, two year, and three year options

Renewal

• Available in one year option

5

Symantec Encryption Licensing Guide

Step 3: Determine License Quantity
Products

Meter

Meter Description

Endpoint Encryption
Endpoint Encryption

Device • # of laptops/desktops/servers

Email Encryption
Desktop Email Encryption Gateway Email
Encryption
Mobile Encryption for iOS

User

• # of users who can encrypt email

File Share Encryption

User

• # of users who can encrypt files

PGP Command Line

CPU

• # of CPU Cores on each server
• See “Chapter 3: PGP Command Line Licensing”

File and Folder Encryption

Command Line Management
Key Management Server

Server • # of servers communicating with PGP Command
Line

Client Access and CLI API
Device • Total # of PGP Command Line licenses
Client Access and C++ API

6

Symantec Encryption Licensing Guide

Step 4: Determine Pricing for Selected Buying Options
Prices shown below are Corporate USD pricing for single Perpetual License. Note, from Sept 2017 Encryption products need
to be purchased with maintenance (the “Support & Maintenance Pricing” tab of the Corporate Price Book notes the
maintenance SKU of “SW-TIER-1X”: )
Product

MSRP (USD)

Endpoint Encryption

$150 Per Device

Desktop Email
$139 Per User
Encryption
Gateway Email
$40 Per User
Encryption
Mobile Encryption
$78 Per User
for IOS
File, Folder, and Cloud Encryption
File Share
Encryption

$139 Per User

PGP Command Line

$7,119 for 2 CPU cores
See Chapter 3 for more specific information about PGP Command Line licensing

Chapter 3: PGP Command Line Licensing
Note: PGP Command Line may be managed via Key Management Server with appropriate Client Access licenses. The most
common use case for PGP Command Line is for the unmanaged use case.

Step 1: Determine # of CPU cores
The number of CPU cores on the machine which will run PGP Command Line determines which PGP Command Line SKU to
license. The number of CPUs on the machine running PGP Command Line may not exceed the number of CPU cores
licensed. A dual-core processor is considered a 2 CPU machine, while a quad-core processor is considered a 4 CPU machine.
• CPUs partitioned via hyper-threading do not require additional licenses beyond the count of the physical CPU cores.
• In virtualized deployments, the quantity of CPUs is determined by the actual CPUs accessed by PGP Command Line. If
a core is inaccessible by PGP Command Line due to a virtual machine or logical partitioning (LPAR) configuration, the
CPU/core does not need to be licensed.
7

Symantec Encryption Licensing Guide

Step 2: Rules on Stacking or Splitting CPU Licenses
•

•

There is the ability to stack CPU licenses. If a customer already has a “2 CPU license” and upgrades their system to a
4-CPU system, the customer may purchase an additional "2 CPU license“ to reach the required 4 CPU licenses
(equivalent of 2 CPU license + 2 CPU license = 4 CPU license)
However, customers cannot break up CPU licenses. For example, a customer could not use a single “8 CPU license”
for two 4-CPU systems. To cover two 4-CPU machines would require two 4-CPU licenses.

Again, Symantec PGP Command Line continues to be priced per CPU core of the server which will have Symantec PGP
Command Line installed on it.

Example
The customer wants new perpetual license for two servers with 8 CPU cores and 25 servers with 2 CPU cores on which he
wants to run Symantec PGP Command Line.
The SKUs to license would be:
2 licenses of ENC-CMD-NEW-8
Command Line Powered By PGP Technology, License, 8 CPUs Per Server
25 licenses of ENC-CMD-NEW-2
Command Line Powered By PGP Technology, License, 2 CPUs Per Server

Other PGP Command Line Licensing Considerations
Licensing For Redundancy
Customers may install additional “non-production” copies of software for redundancy, staging and testing purposes at nocost provided they own at least an equal number of production licenses. These “non-production” licenses may only be used
when their production counterparts are not in use (that is, the production and non-production licenses may not be used
simultaneously).
1-Key License
There are a number of restrictions for using this license, and a customer’s planned usage must comply with all of the
following restrictions:
•

use no more than one asymmetric Key pair (excluding the Additional Decryption Key “ADK” as described in the
Documentation)
• use PGP Command Line to (i) send files to and receive files from one Server which uses PGP Command Line and is not
subject to the “1 Key” limitation; (ii) sign or decrypt a file with Your private key; (iii) encrypt a file or verify a signature
on a file with a public key from one Server which uses PGP Command Line and is not subject to the “1 Key” limitation;
and (iv) create self-decrypting archives.
For purposes of this section, “Key” means either or both components of a public/private cryptographic key pair.

8

Symantec Encryption Licensing Guide

Mainframe Platform Support
PGP Command Line Mainframe (for IBM System i and IBM System z platforms), for license and maintenance/support, are
available directly from Townsend Security. New sales opportunities can be registered via Townsend’s dedicated partner
portal: https://www.townsendsecurity.com/product/pgp-enterprise-encryption-IBM . Townsend will respond within one
business day. If a more immediate response or direct support is needed, contact:
Robbn Miller, Partner Manager
robbn.miller@townsendsecurity.com
360-359-4405

Managing PGP Command Line (Optional Add-On)
For keys to be managed with Key Management Server, customers need licenses for Key Management Server and
appropriate Client Access Licenses. Key Management Server comes with Encryption Management Server and a license key to
use within Encryption Management Server to unlock this capability.

Step 1: Determine the # of Client Access Licenses Needed
The number of client access licenses should match the number of PGP Command Line licenses. The licenses may be for:
• Symantec PGP Key Management Client Access and CLI API – Command Line Interface (most common use case)
• Symantec PGP Key Management Client Access and C++ API – Software Development Kit (SDK)

Step 2: Determine the # of Key Management Server Licenses Needed
The number of Key Management Server licenses is determined by how many servers are communicating with PGP
Command Line. For most customers, this will only be one server, however some customers may have multiple, often for
redundancy.

9

Symantec Encryption Licensing Guide

Chapter 4: Trials and Evaluations
Evaluation keys and links to trialware for Symantec Encryption products are posted in the “Internal Tools” section of the
Encryption page on SalesCentral 1. If our prospective customer needs to extend their evaluation time, the Extended
Evaluation Period Keys are posted on the same SalesCentral document.
Please note, Symantec Endpoint Encryption (SEE) does not require a license key.

Chapter 5: License Migrations Summaries from Oct. 2014
Following the acquisition of PGP and GuardianEdge in June 2010, Symantec maintained two distinct endpoint encryption
platforms. In October 2014, Symantec combined these two solutions into one best-of-breed offering that included endpoint
and removable media encryption with management.
With this move, Symantec greatly simplified the licensing process, rolling up many products previously licensed separately
into a single license and entitling customers to the following:
Symantec Endpoint Encryption Migrations
PLEASE NOTE: More detailed license migration information can be found here
http://www.symantec.com/docs/HOWTO101492
Customers current on maintenance of the below product categories were automatically migrated to Symantec Endpoint
Encryption on a 1:1 ratio:
• Symantec Drive Encryption
• Symantec Drive and Removable Storage Encryption FlexChoice
with Encryption Server Limited
• Symantec Drive Encryption with Encryption
Management Server Limited
• Symantec Endpoint Encryption Removable Storage Edition
• Symantec Drive Encryption with Encryption
• Symantec CAPS Activation Package for Whole Disk Encryption
Management Server
• Symantec PGP Universal Server and Whole Disk Encryption for
• Symantec Drive Encryption FlexChoice with
Servers
Encryption Server Limited
• Symantec Drive Encryption FlexChoice with
Encryption Server

1

https://syminfo.symantec.com/content/salescentral/SalesCentralHome/products-services/information-protection/encryption.html

10

Symantec Encryption Licensing Guide

Symantec Product Bundle Migrations
PLEASE NOTE: More detailed license migration information can be found here
http://www.symantec.com/docs/HOWTO101493
Previously, Symantec offered bundle licenses that included multiple encryption products. In October 2014, customers with
current maintenance of these licenses saw their bundles broken into their respective component products and Symantec
Encryption Management Server was included with each new component license entitlement.
Old License
Symantec Encryption Desktop Corporate

New License Entitlement
Symantec Endpoint Encryption
Symantec Desktop Email Encryption
Symantec File Share Encryption

Old License
Symantec Encryption Desktop Professional

New License Entitlement
Symantec Endpoint Encryption
Symantec Desktop Email Encryption

Old License
Symantec Encryption Desktop Storage

New License Entitlement
Symantec Endpoint Encryption
Symantec File Share Encryption

Chapter 6: Additional Resources
PartnerNet: https://www.symantec.com/partners
Sales Central Encryption page:
https://syminfo.symantec.com/content/salescentral/SalesCentralHome/products-services/informationprotection/encryption.html

11

Symantec Encryption Licensing Guide

Chapter 7: Key Contacts
If you are a Symantec Partner, please contact your Symantec Partner Account Manager with any questions.
If you are a Symantec employee, contact Sales Support (contact details below) or the Encryption Product Management
Team using the distribution list DL-SYMC-Encryption-Ask-PM.
Americas: salessupportamericas@symantec.com
EMEA:
https://symantecb2b.my.salesforce.com/_ui/core/chatter/groups/GroupProfilePage?g=0F950000000L1Sc
APJ:
Japan: xrm-slssuptjp@symantec.com
ASEAN: salessupportasr@symantec.com
Korea: XRM-SLSSPTKOREA@symantec.com
Pacific: salessupportpac@symantec.com
India: salessupportindia@symantec.com
Greater China Region: Salessupportgcr@symantec.com

12



Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : No
Author                          : Doug Frost
Company                         : Symantec
Created                         : D:20141028
Create Date                     : 2017:06:27 16:37:35+01:00
Last Saved                      : D:20170510
Modify Date                     : 2017:12:07 16:52:26Z
Source Modified                 : D:20170627153708
Has XFA                         : No
Tagged PDF                      : Yes
XMP Toolkit                     : Adobe XMP Core 5.6-c015 84.159810, 2016/09/10-02:41:30
Metadata Date                   : 2017:12:07 16:52:26Z
Creator Tool                    : Acrobat PDFMaker 17 for Word
Document ID                     : uuid:6de26f83-8bb4-4b66-b678-8e8f62bacccf
Instance ID                     : uuid:d6b68e9a-09f5-4f8f-bae2-78493197e16c
Subject                         : 8
Format                          : application/pdf
Creator                         : Doug Frost
Producer                        : Adobe PDF Library 15.0
Page Layout                     : OneColumn
Page Count                      : 12
EXIF Metadata provided by EXIF.tools

Navigation menu