IBM Cloud Pak for Security Gen 2 License Guide

Listing of licenses by type

These licenses are used when creating instances of the IBM Cloud Pak for Security Gen 2 components in the spec.license.license field of each custom resource:

Full License

Full Licenses include OpenShift® Container Platform support entitlements. These licenses can be deployed in the Production or Non-production environment. See Products that can be deployed on Red Hat OpenShift for more details on Red Hat® OpenShift Container Platform support entitlements.

Disaster Recovery License

Disaster Recovery Licenses include OpenShift Container Platform support entitlements. These licenses are meant to be deployed for use in Disaster Recovery environments. See Products that can be deployed on Red Hat OpenShift for more details on Red Hat OpenShift Container Platform support entitlements.

The following table shows license versions.

What do you get with your purchase of IBM Cloud Pak for Security Gen 2 and what is your entitlement?

IBM Cloud Pak for Security Gen 2 helps your organization detect and investigate threats, orchestrate, and automate actions; and respond faster to security incidents across hybrid multi-cloud environments. It includes enterprise ready, containerized and non-containerized software products. The containerized software requires Red Hat OpenShift. Containerized software is supported on Linux® 64-bit (X86_64) only today.

The following containerized and non-containerized software are bundled in with the IBM Cloud Pak for Security Gen 2 Program.

When deploying any of the bundled offerings under the IBM Cloud Pak for Security Gen 2, licensee must not exceed the maximum entitlement at any time. Deployments can include a mix of different deployed products, either deployment in containerized format, or deployment in non-containerized format, or a combination of both. Licensee can change the deployed offerings at any time as long as they never exceed their maximum entitlement. See Products that can be deployed on Red Hat OpenShift to learn more about which deployments require the Red Hat OpenShift Container Platform.

License ratios

Deployed instances of products in IBM Cloud Pak for Security Gen 2 are charged at different rates based on their ratios.

Entitlements of IBM Cloud Pak for Security Gen 2 that are deployed can be redeployed to other products, as long as the total entitlement is not exceeded, using the ratios to calculate your total entitlements. There is no limit to the number of times that entitlements can be used in different combinations.

The following table shows the license ratios.

Red Hat OpenShift Container Platform entitlements

For the purpose of this section “entitlement” to the Red Hat OpenShift Container Platform means the software subscription and support for the Red Hat OpenShift Container Platform. “Restricted license entitlement” means that software subscription and support for the Red Hat OpenShift Container Platform acquired pursuant to your IBM Cloud Pak for Security Gen 2 license is only provided for use of the Red Hat OpenShift Container Platform specifically for IBM Cloud Pak for Security Gen 2 and not non-IBM Cloud Pak for Security Gen 2 workloads.

When deploying programs under the containerized deployment, as part of an IBM Cloud Pak for Security Gen 2 deployment, deployment of Red Hat OpenShift is required. Restricted license entitlement for the Red Hat OpenShift is provided as follows:

• 50 VPCs of Red Hat OpenShift Container Platform if Licensee obtains 100-99,999 MVS entitlement(s) of the Program
• 100 VPCs of Red Hat OpenShift Container Platform if Licensee obtains 100,000-999,900 MVS entitlement(s) of the Program
• 200 VPCs of Red Hat OpenShift Container Platform if Licensee obtains 1,000,000 or more MVS entitlement(s) of the Program

The above licenses can be used only for deployments of IBM Cloud Pak for Security Gen 2 instances, not for other third-party deployments or custom code. If you deploy other code or components (such as agents used for monitoring IBM Cloud Pak for Security Gen 2 capabilities), you must purchase separate Red Hat OpenShift entitlements to make available to the cluster, or the deployment of the non-IBM Cloud Pak for Security Gen 2 workload on those Red Hat OpenShift licenses will result in those Red Hat OpenShift cores, and potentially the workload itself, being unsupported. These additional Red Hat OpenShift entitlements for running non-IBM Cloud Pak for Security Gen 2 workload must be procured separately from the Red Hat OpenShift entitlements granted through IBM Cloud Pak for Security Gen 2. The workload that you run on separately purchased Red Hat OpenShift entitlement doesn’t need to be deployed separately from IBM Cloud Pak for Security Gen 2 workload running on IBM Cloud Pak for Security Gen 2-procured Red Hat OpenShift cores. But the number of separately purchased Red Hat OpenShift cores must be equal to or greater than the number of cores of non-IBM Cloud Pak for Security Gen 2workloads deployed on them in order to receive support for the complete deployment of non-IBM Cloud Pak for Security Gen 2 workloads.

An example of IBM Cloud Pak for Security Gen 2 workload might be agents for monitoring. These agents, which run alongside the IBM Cloud Pak for Security Gen 2 components and then send the monitoring data out to a separate monitoring server component, can be run in the same nodes or namespaces as components running in Red Hat OpenShift cores using entitlements under IBM Cloud Pak for Security Gen 2. For all non-IBM Cloud Pak for Security Gen 2 workloads, not just monitoring agents, you are recommended to ensure you have separately-procured software subscription and support entitlements

The number of cores of Red Hat OpenShift entitled with IBM Cloud Pak for Security Gen 2 varies by the number of Resource Units purchased & doesn’t vary by the ratio of the bundled offerings, which are deployed under IBM Cloud Pak for Security Gen 2 entitlement. Therefore, the number of cores that are required for deployment of bundled offerings IBM Cloud Pak for Security Gen 2 can, in some scenarios, exceed the number of Red Hat OpenShift cores available as part of the entitlement for IBM Cloud Pak for Security Gen 2. In such cases, the customer should acquire additional entitlement for Red Hat OpenShift to ensure that they are always correctly licensed. Only Red Hat OpenShift cores that are deployed as worker nodes count against the Red Hat OpenShift entitlement.

IBM Storage Fusion additional flat entitlement

Limited entitlements of IBM Storage Fusion are included with IBM Cloud Pak for Security Gen 2. Max usable capacity of 12 Terabytes (TB) per Red Hat OpenShift cluster is included. Use of IBM Storage Fusion as part of IBM Cloud Pak for Security Gen 2 entitlement is limited to Fusion Data Foundation in internal deployment mode only, and when in internal deployment mode, also excludes disaster recovery, backup components, data cataloguing, and advanced encryption with KMS.

IBM Security QRadar SOAR

Licensee has the choice of installing QRadar SOAR using one of the following options:

• Install the containerized QRadar SOAR application on Red Hat OpenShift
• Install stand-alone QRadar SOAR on a virtual appliance.
• Install stand-alone QRadar SOAR on RHEL - Bring Your Own License (BYOL).

The following capabilities - Data Explorer, Threat Investigator, and Threat Intelligence Insights are included as part of the QRadar SOAR Entitlement. If the licensee plans to install any of these capabilities, the licensee will need to deploy the Red Hat OpenShift Container Platform.

A license key is required to access QRadar SOAR capabilities.

To acquire a license key for QRadar SOAR or SOAR Breach Response entitlements, send an email to q1pd@us.ibm.com and include the following information in your request:

• IBM Customer Number (IBM Content Navigator)
• Site ID or your Proof of Entitlement (POE)

To acquire a License key for our Enterprise Licensing Agreement (ELA) Customers, contact your IBM Sales Representative.

Licensee must have entitlement for QRadar SOAR to use the QRadar SOAR Breach Response add-on. Licensee must license a matching set of entitlements for QRadar SOAR and QRadar SOAR Breach Response.

QRadar SOAR and QRadar SOAR Breach Response are licensed on Enterprise Pricing Model only. For more information on the Enterprise Model, see License options and pricing models for QRadar Suite Software. Pricing Metric for Enterprise Model is Managed Virtual Server.

IBM Security QRadar SIEM and QRadar NDR

QRadar SIEM or QRadar NDR is available as a virtual appliance only. It is not available on the IBM Security Platform and hence does not require deployment of the Red Hat OpenShift Container Platform.

A license key is required to access IBM QRadar SIEM or QRadar NDR capabilities.

To acquire a license key, contact q1pd@us.ibm.com and include the following information in your request:

• IBM Customer Number (ICN).
• Site ID or your Proof of Entitlement (POE).
• For QRadar SIEM, include the quantity of Multiple Virtual Storage (MVS™) or Events per Second (EPS) purchased.
• For QRadar NDR, include the quantity of MVS or flows per minute (FPM) purchased.

QRadar SIEM and QRadar NDR are licensed on either Enterprise Pricing Model or Usage Model. For more details, see License options and pricing models for QRadar Suite Software. Pricing Metric for Enterprise Model is Managed Virtual Server (MVS) & the Pricing Metric for the Usage model is Events per Second (EPS) for SIEM and Flow Per Minute (FPM) for NDR.

Physical and Virtual Servers exclude Network Infrastructure and Client Devices, even if the IP address appears in QRadar SIEM as a log source.

The following image is an example of what is counted as an MVS.

The following capabilities - Data Explorer, Threat Investigator, and Threat Intelligence Insights are included as part of the QRadar SIEM or QRadar NDR entitlement. If the licensee plans to install any of these capabilities, the licensee will need to deploy the IBM Security Platform.