Licenses and entitlements
Your IBM Guardium® Data Security Center license determines the components and services that you are entitled to use.
License Types
Bundle | Entitlement | License |
---|---|---|
IBM Security Guardium Package (software) |
|
http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?li_formnum=L-GBLK-CDVHGZ |
IBM Cloud Pak for Security 1.10.0 (Gen 3) |
|
http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?li_formnum=L-GBLK-CEYGU9 |
License type
License | Environment Type | Description |
---|---|---|
Latest License File; for example, L-GBLK-CDVHGZ | Production or Nonproduction | IBM Guardium Data Security Center Software |
Specific to the Red Hat OpenShift Kubernetes environment, the license is used when creating instances of Package components in the spec.license.license field of each custom resource, with spec.license.use based on applicable environment type.
What do you get with your purchase of the Guardium Package, and what is your entitlement?
IBM Guardium helps your organization protect data across the hybrid cloud. The following bundled programs are included in the Guardium Package.
Bundled program | Related entitlement |
---|---|
|
Guardium Data Protection |
IBM Security Guardium Vulnerability Assessment for Databases | Guardium Vulnerability Assessment |
When you deploy any of the bundled programs under the Guardium Package, the licensee must not exceed the maximum entitlement at any time. See License ratios for details. Deployments can include a mix of different deployed bundled programs. Licensee can change the deployed programs at any time if the maximum entitlement is not exceeded.
Select programs run on IBM Guardium Data Security Center, an enterprise-ready, containerized software solution environment that runs on Red Hat OpenShift. The IBM Guardium Data Security Center is supported on Linux® 64-bit(X86_64) only today. See Programs that can be deployed on Red Hat OpenShift to learn more about which deployments require the Red Hat OpenShift Container Platform and how those entitlements need to be handled.
Differences in license terms
The license terms for the Guardium Package supersede the license terms of the bundled programs and related programs. However, this policy applies only when there is a conflict of terms. Terms that apply to the bundled programs and related programs still apply, if not superseded.
License options and pricing models for the Guardium Package
The Guardium Package is available as either a perpetual or subscription license.
For more information about IBM perpetual and subscription licenses, see Passport Advantage® Licensing Overview.
Licensee can purchase Resource Units and apply them to the programs of their choice.
Asset Metric
The unit of measure is Asset which counts the number of assets accessed, scanned or managed by the software program.
- For Guardium Data Protection and Guardium DDR the number of data sources that the Guardium programs protect are counted.
- For Guardium Vulnerability Assessment the number of data sources that the Guardium program scans are counted.
- For Guardium Quantum Safe the number of objects that the Guardium program scans are counted.
License ratios
Entitlements for deployed instances of programs in the Guardium Package are calculated based on Resource Unit (RU) ratios to Assets. The following table shows the ratios:
Conversion Entitlement Ratios | RU Ratio |
---|---|
Guardium DDR | 1 Asset : 100 RU |
Guardium Quantum Safe | 5 Asset : 1 RU |
Guardium Data Protection | 1 Asset : 300 RU |
Guardium Vulnerability Assessment | 1 Asset : 40 RU |
The Conversion Entitlement Ratio “n:m” means that a Licensee can convert some number (‘n’) entitlements of the indicated metric for the listed program for every specified number of (‘m’) entitlements of the specific metric for the Program. Once converted, the Licensee may use only such converted entitlements for the listed program. The specified conversion does not apply to any entitlements for the Program that are not of the required metric type.
As an example, if 5,000 Guardium Package RU entitlements are converted by an organization for Guardium Data Compliance (based on 100 Asset to protect 50 data sources), those RU entitlements are then used for Guardium Data Compliance, not other programs. If the RU entitlements deployed to Guardium Data Compliance are no longer needed, they can be redeployed to another program in Guardium Package, by using the applicable RU ratio for that program.
If Licensee is using the Program to manage IBM Security Guardium S-TAP on z/OS, then entitlements will be calculated by converting managed IBM Security Guardium S-Tap Value Units (VU) of Million Server Units (MSU) to Assets at a ratio of 1 Asset for every 5 VU.
RU program entitlements of Guardium Package deployed can be redeployed to other bundled programs under the Guardium Package, as long as the total entitlement is not exceeded, using the ratios by program to calculate your total entitlements. There is no limit to the number of times that program entitlements can be used in different combinations.
Programs that can be deployed on Red Hat OpenShift
The following programs are containerized and require the deployment of Red Hat OpenShift Container Platform:
- Guardium Data Compliance (entitled through Guardium Data Protection)
- Guardium DDR
- Guardium Quantum Safe
Red Hat OpenShift Container Platform entitlements
For the purpose of this section “entitlement” to the Red Hat OpenShift Container Platform means the software subscription and support for the Red Hat OpenShift Container Platform. “Restricted license entitlement” means that software subscription and support for the Red Hat OpenShift Container Platform acquired pursuant to your Guardium Package license is only provided for use of the Red Hat OpenShift Container Platform) specifically for Guardium Package and not non-Guardium Package workloads.
When bundled offerings (such as Guardium Data Compliance) are deployed as part of a Guardium deployment, deployment of Red Hat OpenShift is required. Restricted license entitlement for the Red Hat OpenShift is provided as follows:
- 136 Cores of Red Hat OpenShift Container Platform if Licensee obtains 0-25,000 RU entitlements of the Program
- 208 Cores of Red Hat OpenShift Container Platform if Licensee obtains 25,001-100,000 RU entitlement(s) of the Program
- 532 Cores of Red Hat OpenShift Container Platform if Licensee obtains 100,001 or more RU entitlement(s) of the Program
The entitlements for Red Hat OpenShift that are included in the Guardium Package entitlement are restricted license entitlements. They can be used only for deployments of Guardium Package instances, not for other third-party deployments or custom code. If you deploy other code or components (such as agents used for monitoring Guardium Package capabilities), you must purchase separate Red Hat OpenShift entitlements to make available to the cluster, or the deployment of the non-Guardium Package workload on those Red Hat OpenShift licenses will result in those Red Hat OpenShift cores, and potentially the workload itself, being unsupported. These additional Red Hat OpenShift entitlements for running non-Guardium Package workload must be procured separately from the Red Hat OpenShift entitlements granted through Guardium Package. The workload that you run on separately purchased Red Hat OpenShift entitlement doesn’t need to be deployed separately from Guardium Package workload running on Guardium Package-procured Red Hat OpenShift cores. But the number of separately purchased Red Hat OpenShift cores must be equal to or greater than the number of cores of non-Guardium Package workloads deployed on them in order to receive support for the complete deployment of non-Guardium Package workloads.
The number of cores of Red Hat OpenShift entitled with Guardium Package doesn’t vary by the ratio of the bundled offerings, which are deployed under Guardium Package entitlement. Therefore, the number of cores that are required for deployment of bundled offerings in Guardium Package can, in some scenarios, exceed the number of Red Hat OpenShift cores available as part of the entitlement for Guardium Package. In such cases, the customer should acquire additional entitlement for Red Hat OpenShift to ensure that they are always correctly licensed. Only Red Hat OpenShift cores that are deployed as worker nodes count against the Red Hat OpenShift entitlement.
Guardium Package includes foundational services as well as bundled programs. These foundational services, when deployed will also consume the Red Hat OpenShift entitlements.
IBM Guardium DDR
- IBM Security Guardium Aggregator Software Appliance
- IBM Security Guardium Collector Software Appliance
- IBM Security Guardium Data Protection for Databases
- Additional Flat Entitlement: 6 Terabtyes (TB) each of IBM Primary Storage, IBM Backup Storage, and Metadata Management.
- Use Limitation: Licensee’s license to the listed programs is only available for first-time Cloud Pak purchases and terminates 12 calendar months after Licensee’s initial purchase of entitlements to the Program, or upon the termination or expiration of the Program to the extent such termination or expiration occurs prior to 12 months after initial purchase. Upon termination of the listed programs, Licensee agrees to promptly discontinue use of and destroy all of Licensee’s copies of the listed programs.
Red Hat OpenShift Data Foundation Essentials
- Additional Flat Entitlement: 48 Virtual Processing Cores (VPC)
- Use Limitation: Licensee’s entitlement to support for the listed program is limited to 6TB usable (18TB raw) capacity. Licensee’s entitlement to support for the listed program terminates 12 calendar months after Licensee’s initial purchase of entitlements to the Program. Upon termination, Licensee agrees that any support Licensee obtains for the Principal Program beyond that period of time, will not include support for the listed program.
Guardium Data Protection includes Data Compliance which is a containerized program and hence requires deployment of the Red Hat OpenShift Container Platform.
The Licensee must obtain sufficient quantity of Assets needed to protect their data.
Licensee is not required to obtain entitlements to the following supporting programs:
- IBM Security Guardium Aggregator Software Appliance
- IBM Security Guardium Collector Software Appliance
Nonproduction activities for IBM Guardium Data Protection are defined as anything other than actively monitoring or protecting data. For clarity, monitoring or protecting data in a nonproduction environment is considered productive use, and therefore requires sufficient entitlements.
For details on how to report on Guardium Data Protection license usage see the Guardium Data Protection Usage Reporting Guide.
Data sources | Assets | Ratio | # of RU |
---|---|---|---|
100 on-premises database servers | 100 databases | 1 Asset : 300 RU | 30,000 RU |
12 Azure data sets totaling 96 vCPUs | 12 data sets | 3,600 RU | |
Total RUs | 33,600 RU | ||
Result: 336 license entitlements needed (packs of 100 RUs) |
IBM Guardium Vulnerability Assessment
Guardium Vulnerability Assessment is available as a virtual appliance only. It is not available on the IBM Guardium Data Security Center and hence does not require deployment of the Red Hat OpenShift Container Platform.
An Append license key is required to access Guardium Vulnerability Assessment capabilities and is provided in the software download. For more information, see https://www.ibm.com/docs/en/guardium/12.0?topic=system-license-keys.
Licensee must obtain sufficient quantity of Assets needed to protect their data.
Nonproduction activities for Guardium Vulnerability Assessment are defined as anything other than running scans to harden the environment. For clarity, scanning data in a nonproduction environment is considered productive use, and therefore requires sufficient entitlements.
For details on how to report on Guardium Vulnerability Assessment license usage see the Guardium Data Protection Usage Reporting Guide.
For example, applied to Guardium Vulnerability Assessment, consider the following scenario:
Data sources | Assets | Ratio | # of RU |
---|---|---|---|
100 on-premises database servers | 100 databases | 1 Asset : 40 RU | 4,000 RU |
15 Cloud DbaaS instances/nodes | 15 instances | 600 RU | |
Total RUs | 4,600 RU | ||
= 46 license entitlements needed (packs of 100 RUs) |
Other Resource Unit Entitlements
Customers may have existing RU entitlements through other Guardium license part numbers. For example, IBM Security Guardium Package (Software) referenced in the license options guide here Guardium Package Software License Guide. RU entitlements from other Licenses cannot be applied to this Guardium Package License entitlements.
Obtaining Red Hat OpenShift Container Platform
You can use your entitlement for Guardium Data Security Center to install Red Hat OpenShift Container Platform on the environment of your choice. You can download Red Hat OpenShift either from IBM Passport Advantage or directly from the https://access.redhat.com/.