IBM Cloud Pak for Security License Guide
This document provides information about licensing and entitlements for IBM Cloud Pak for Security.
Listing of licenses by type
These licenses are used when creating instances of the IBM Cloud Pak for Security components in the spec.license.license field of each custom resource:
- Full License
- Full Licenses include OpenShift® Container Platform support entitlements. These licenses can be deployed in the Production or Non-production environment. See IBM Cloud Pak for Security for more details on Red Hat® OpenShift Container Platform support entitlements.
The following table shows license versions.
License | Usage | Description |
---|---|---|
L-PKXB-T3CUYG | Production or Non Production | IBM Cloud Pak for Security |
What do you get with your purchase of IBM Cloud Pak for Security and what is your entitlement?
IBM Cloud Pak for Security helps your organization detect and investigate threats, orchestrate, and automate actions; and respond faster to security incidents across hybrid multi-cloud environments. IBM Cloud Pak for Security Program includes enterprise ready, containerized and non-containerized software products. The containerized software requires Red Hat OpenShift. Containerized software is supported on Linux® 64-bit (X86_64) only today.
The following containerized and non-containerized software are bundled in the IBM Cloud Pak for Security Program.
Bundled programs | Deployment in containerized format | Deployment in non-containerized format |
---|---|---|
QRadar SOAR + Breach Response Add-on | QRadar SOAR + Breach Response Add-on |
IBM Security SOAR Platform
IBM Security SOAR Breach Response Add-onIBM Security QRadar SOAR Team Management Add-on IBM Security QRadar SOAR MSSP Add-on IBM Security QRadar SOAR Actions Enterprise IBM Security QRadar SOAR App Host QRadar SOAR Breach Response Add-on |
When deploying any of the bundled offerings under the IBM Cloud Pak for Security, licensee must not exceed the maximum entitlement at any time. Deployments can include a mix of different deployed products, either deployment in containerized format, or deployment in non-containerized format, or a combination of both. Licensee can change the deployed offerings at any time as long as they never exceed their maximum entitlement. See Products that can be deployed on Red Hat OpenShift to learn more about which deployments require the Red Hat OpenShift Container Platform.
All deployments of IBM Cloud Pak for Security that are deployed on Red Hat OpenShift Container Platform must have sufficient support entitlement for the Red Hat OpenShift Container Platform cores that are used.
License ratios
Deployed instances of capabilities in IBM Cloud Pak for Security are charged at different rates based on their ratios.
Entitlements of IBM Cloud Pak for Security that are deployed can be redeployed to other products, as long as the total entitlement is not exceeded, using the ratios to calculate your total entitlements. There is no limit to the number of times that entitlements can be used in different combinations.
The following table shows the license ratios.
Product | MVC ratio |
---|---|
Data Explorer | 1:1 |
QRadar SOAR + Breach Response Add-on | 1:10 |
Red Hat OpenShift Container Platform entitlements
For the purpose of this section “entitlement” to the Red Hat OpenShift Container Platform means the software subscription and support for the Red Hat OpenShift Container Platform. “Restricted license entitlement” means that software subscription and support for the Red Hat OpenShift Container Platform acquired pursuant to your IBM Cloud Pak for Security license is only provided for use of the Red Hat OpenShift Container Platform specifically for IBM Cloud Pak for Security and not non-IBM Cloud Pak for Security workloads.
When deploying programs under the containerized deployment, as part of an IBM Cloud Pak for Security deployment, deployment of Red Hat OpenShift is required. Restricted license entitlement for the Red Hat OpenShift is provided as follows:
- 12 VPCs of Red Hat OpenShift Container Platform if Licensee obtains 100-16,500 MVS entitlement(s) of the Program
- 16 VPCs of Red Hat OpenShift Container Platform if Licensee obtains 16,600-41,800 MVS entitlement(s) of the Program
- 24 VPCs of Red Hat OpenShift Container Platform if Licensee obtains 41,900 or more MVS entitlement(s) of the Program
The above licenses can be used only for deployments of IBM Cloud Pak for Security instances, not for other third-party deployments or custom code. If you deploy other code or components (such as agents used for monitoring IBM Cloud Pak for Security capabilities), you must purchase separate Red Hat OpenShift entitlements to make available to the cluster, or the deployment of the non-IBM Cloud Pak for Security workload on those Red Hat OpenShift licenses will result in those Red Hat OpenShift cores, and potentially the workload itself, being unsupported. These additional Red Hat OpenShift entitlements for running non-IBM Cloud Pak for Security workload must be procured separately from the Red Hat OpenShift entitlements granted through IBM Cloud Pak for Security. The workload that you run on separately purchased Red Hat OpenShift entitlement doesn’t need to be deployed separately from IBM Cloud Pak for Security workload running on IBM Cloud Pak for Security -procured Red Hat OpenShift cores. But the number of separately purchased Red Hat OpenShift cores must be equal to or greater than the number of cores of non-IBM Cloud Pak for Security workloads deployed on them in order to receive support for the complete deployment of non-IBM Cloud Pak for Security workloads.
An example of IBM Cloud Pak for Security workload might be agents for monitoring. These agents, which run alongside the IBM Cloud Pak for Security components and then send the monitoring data out to a separate monitoring server component, can be run in the same nodes or namespaces as components running in Red Hat OpenShift cores using entitlements under IBM Cloud Pak for Security. For all non-IBM Cloud Pak for Security workloads, not just monitoring agents, you are recommended to ensure you have separately-procured software subscription and support entitlements
The number of cores of Red Hat OpenShift entitled with IBM Cloud Pak for Security varies by the number of Resource Units purchased & doesn’t vary by the ratio of the bundled offerings, which are deployed under IBM Cloud Pak for Security entitlement. Therefore, the number of cores that are required for deployment of bundled offerings in IBM Cloud Pak for Security can, in some scenarios, exceed the number of Red Hat OpenShift cores available as part of the entitlement for IBM Cloud Pak for Security. In such cases, the customer should acquire additional entitlement for Red Hat OpenShift to ensure that they are always correctly licensed. Only Red Hat OpenShift cores that are deployed as worker nodes count against the Red Hat OpenShift entitlement.
IBM Security QRadar SOAR + QRadar Breach Response
Licensee has the choice of installing QRadar SOAR and QRadar Breach Response using one of the following options:
- Install the containerized application on Red Hat OpenShift Platform
- Install stand-alone on a virtual appliance.
- Install stand-alone on RHEL - Bring Your Own License (BYOL).
Important: Red Hat OpenShift is not a prerequisite for the installation of the stand-alone installation option of QRadar SOAR + QRadar Breach Response. However, it is a prerequisite for the SOAR deployment on the IBM Security Platform.
The following capabilities - Data Explorer, Threat Investigator, and Threat Intelligence Insights are included as part of the QRadar SOAR Entitlement. If the licensee plans to install any of these capabilities, the licensee will need to deploy the Red Hat OpenShift Container Platform.
A license key is required to access QRadar SOAR and Breach Response capabilities. Once the installation is complete, the licensee must install the SOAR license Key. For more information, see Installing the Orchestration & Automation license.
To acquire a license key for QRadar SOAR or QRadar Breach Response entitlements, send an email to q1pd@us.ibm.com and include the following information in your request:
- IBM Customer Number (IBM Content Navigator)
- Site ID or your Proof of Entitlement (POE)
To acquire a License key for our Enterprise Licensing Agreement (ELA) Customers, contact your IBM Sales Representative.
Under the Cloud Pak for Security Entitlements, QRadar SOAR and QRadar Breach Response are licensed only on Enterprise Pricing Model. For more information, see License options and pricing models for QRadar Suite Software. Pricing Metric for Enterprise Model is Managed Virtual Server.