License Management
This section describes the supported licensing methods, and license deactivation.
Ensure that you have a valid PrivX license code for taking PrivX into use. For license-subscription-related enquiries, please contact SSH Communications Security at [email protected]. For license issues, please contact SSH Licensing team [email protected].
Online License
Online licensing is the recommended way to license PrivX. This method is easy to set up, and after setup the license is automatically updated according to your subscription.
For online licensing to work, your PrivX servers must be able to connect to the licensing server, for the following operations:
- Initial license activation: PrivX contacts license servers to fetch your license.
- License refresh: PrivX contacts license servers to automatically fetch your new license.
- License deactivation: PrivX contacts license servers to deactivate your license.
For online licensing, PrivX servers must be able to connect to license servers. License-server addresses are described under Network Requirements in Preparing for Deployment.
Note
Note that if PrivX servers do not have access to the license servers when their license expires, the license will enter the grace period mode and expire after the grace period ends.
To activate a PrivX online license:
-
Access the PrivX GUI and navigate to the Administration→License.
-
Under the License code section, enter your license code, and click Update License.
In online licensing mode, PrivX checks for license updates every 6 or 12 hours and automatically applies any new changes found for your subscription. To trigger an immediate license refresh, click menu to the Last refreshed section, then click Refresh.
Using Online License Through HTTPS Proxy
If PrivX has no internet access, you can set up an HTTPS proxy for enabling connectivity to license servers. To enable a license proxy, perform the following:
-
Set up an HTTPS proxy that forwards traffic to the license server.
-
On all your PrivX servers, enable the license proxy:
-
Edit
/opt/privx/scripts/local-env
. Specify the proxy address with thehttps_proxy
setting, with the following syntax (replaceproxy.example.com
and8443
with your proxy address and port respectively):https_proxy=proxy.example.com:8443
-
Restart PrivX services to apply the changes.
systemctl restart privx
-
Deactivating Online License
PrivX licenses can be activated only a limited number of times. To free up activations you must first deactivate a license. This is important when moving PrivX installation from a host to another. Deactivating online license requires access to the license servers from PrivX deployments.
To deactivate a PrivX license, go to the Administration→License. Next to Status, click menu, then click Deactivate.
Converting From Online License to Offline License
To change from online license to offline license.
- Deactivate the current license using PrivX GUI.
- Copy the offline license file to the license path to every PrivX server.
- Restart license-manager service on every PrivX server.
Offline License
Offline licensing is an optional licensing method for PrivX deployments which are completely unable to access licensing servers. The offline license is file-based and requires more manual actions for setup and maintenance. Offline licenses can be requested from the SSH Licensing team [email protected].
To install/refresh file-based an offline license:
-
Copy the file to PrivX server, under the file-license path. The path is configured on /opt/privx/etc/license-config.toml, default /opt/privx/license/privx.lic.
-
Restart license-manager service
To deactivate the file-based offline license, remove the license file from the path and restart license-manager service.
In case of offline High-Availability deployment, all of the PrivX instances requires the license file to be in place.
The offline license file is not part of the backups and won't be restored in case a backup is restored.
Converting From Offline License to Online License
To change from an offline license to an online license:
-
On all PrivX servers, remove the offline license file from the license path.
-
Restart the license-manager service.
systemctl restart license-manager
-
Insert the online license code via the PrivX GUI.
Converting to New License Format
If your initial PrivX deployment was set up before version 16.0, you may be using the old license format. For upgrade compatibility with future releases, ensure that you are using the new license format.
New licenses are in UUID format: f9ef3d6f-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Old licenses are purely numbers: 4961xxxxxxxxxxxxxx
To convert to new license format:
-
Get a new license code from the SSH Licensing team at [email protected].
-
Ensure your PrivX servers can connect to the new licensing server at https://privx.license.privx.io.
-
From the PrivX GUI Settings→License page, deactivate the old license. Your PrivX deployment should now be unlicensed.
-
On all PrivX servers, restart the
license-manager
service.# systemctl restart license-manager
-
On the Settings→License page, insert the new license code to PrivX. Your PrivX deployment should now be licensed with the new license.
Updated about 3 years ago