License Management

To activate a PrivX online license:

  1. Access the PrivX GUI and navigate to the Administration→License.

  2. Under the License code section, enter your license code, and click Update License.

In online licensing mode, PrivX checks for license updates every 6 or 12 hours and automatically applies any new changes found for your subscription. To trigger an immediate license refresh, click menu to the Last refreshed section, then click Refresh.

Using Online License Through HTTPS Proxy

If PrivX has no internet access, you can set up an HTTPS proxy for enabling connectivity to license servers. To enable a license proxy, perform the following:

  1. Set up an HTTPS proxy that forwards traffic to the license server.

  2. On all your PrivX servers, enable the license proxy:

    1. Edit /opt/privx/scripts/local-env. Specify the proxy address with the https_proxy setting, with the following syntax (replace proxy.example.com and 8443 with your proxy address and port respectively):

      https_proxy=proxy.example.com:8443
      
    2. Restart PrivX services to apply the changes.

      systemctl restart privx
      

Deactivating Online License

PrivX licenses can be activated only a limited number of times. To free up activations you must first deactivate a license. This is important when moving PrivX installation from a host to another. Deactivating online license requires access to the license servers from PrivX deployments.

To deactivate a PrivX license, go to the Administration→License. Next to Status, click menu, then click Deactivate.

Converting From Online License to Offline License

To change from online license to offline license.

  1. Deactivate the current license using PrivX GUI.
  2. Copy the offline license file to the license path to every PrivX server.
  3. Restart license-manager service on every PrivX server.

Offline License

Offline licensing is an optional licensing method for PrivX deployments which are completely unable to access licensing servers. The offline license is file-based and requires more manual actions for setup and maintenance. Offline licenses can be requested from the SSH Licensing team licensing@ssh.com.

To install/refresh an offline license perform the following on your PrivX server(s):

  1. Copy the license file to the license-file path. The path is configured in /opt/privx/etc/license-config.toml, default is /opt/privx/license/privx.lic.

  2. Set license-file ownership:

    chown root:privx /opt/privx/license/privx.lic
    
  3. Restart the license-manager service to apply the new license:

    systemctl restart license-manager
    

To deactivate the file-based offline license, remove the license file from the path and restart license-manager service.

In case of offline High-Availability deployment, all of the PrivX instances requires the license file to be in place.

The offline license file is not part of the backups and won't be restored in case a backup is restored.

Converting From Offline License to Online License

To change from an offline license to an online license:

  1. On all PrivX servers, remove the offline license file from the license path.

  2. Restart the license-manager service.

    systemctl restart license-manager
    
  3. Insert the online license code via the PrivX GUI.

Converting to New License Format

If your initial PrivX deployment was set up before version 16.0, you may be using the old license format. For upgrade compatibility with future releases, ensure that you are using the new license format

New licenses are in UUID format: f9ef3d6f-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Old licenses are purely numbers: 4961xxxxxxxxxxxxxx

PrivX versions 19.0 and later no longer support the old license format.

To convert to new license format:

  1. Get a new license code from the SSH Licensing team at licensing@ssh.com.

  2. Ensure your PrivX servers can connect to the new licensing server at https://privx.license.privx.io.

  3. From the PrivX GUI Administration→License page, deactivate the old license. Your PrivX deployment should now be unlicensed.

  4. On all PrivX servers, restart the license-manager service.

    systemctl restart license-manager
    
  5. On the Settings→License page, insert the new license code to PrivX. Your PrivX deployment should now be licensed with the new license.

Licensable Features

Some features in PrivX must be explicitly enabled by license, otherwise the corresponding features will not be available for use or configuration. You can check enabled features in PrivX GUI Administration→License.

If you have any questions, please contact licensing@ssh.com.

Exceeding License Limitations

Any hosts that exceed your license limit will be marked as disabled (by license). These disabled hosts cannot be used for connections and are not visible under Connections→Available Hosts.

When you have disabled (by license) hosts, PrivX periodically raises audit events indicating the disabled (by license) host count. Administrator users can search for disabled hosts to see which hosts have been disabled.

To include additional hosts in your PrivX license, contact licensing@ssh.com.

Users

Users include all directory users and API clients. When number of users exceed the limitation, a 30-day grace period is activated. During the grace period, all user accounts function normally. However, we recommend you to take immediate actions. You could purchase more users in the PrivX license or reduce the number of users in PrivX.

It is crucial to bring the number of users within the license limit during the grace period. The grace period is deactivated when the number of users comply with the license limits for 24 hours. If the issue remains unresolved after grace period, PrivX will randomly disable users.

PrivX will not disable user of privx-admin role.

You can check number of users in PrivX GUI Administration→License. To include additional users in your PrivX license, contact licensing@ssh.com.

Was this page helpful?