PGP Product Licensing

Article:TECH149022  |  Created: 2007-06-26  |  Updated: 2011-03-24  |  Article URL http://www.symantec.com/docs/TECH149022
Article Type
Technical Solution


Issue




PGP Corporation offers many different products, each with its own licensing requirements. To learn how PGP Corporation licenses its products see, "Licensing Concepts." 
  

Licensing Concepts
PGP Licensing

PGP Corporation uses a licensing system to enable product functionality for purchased products.

PGP Product functionality may be fully or partially disabled until a valid license number is entered. The process of entering a license number into PGP software is called License Authorization and enables one or more seats (or users) of PGP software.

Sample License Numbers:

DWDK0-ABCD-12345-ABC12-ABCDE-123

CKDLT-12345-ABCDE-ABC12-12345-ABC

 


Solution



Section 1 - PGP Desktop Products: 

PGP Desktop Email
PGP Whole Disk Encryption
PGP NetShare
PGP Desktop Professional
PGP Desktop Storage
PGP Desktop Enterprise
PGP Workgroup Desktop
PGP Corporate Desktop:

All of these PGP Desktop bundles listed above are licensed per user, meaning individual users actively using the PGP software either on the same system or any profile on the same system. PGP Desktop Home is licensed differently than these PGP Desktop bundles and is explained in the next section.


Example 1: One user on one or more profiles per system must purchase one copy of a PGP Desktop product.

Example 2: Two users on one or more profiles per system must purchase two copies of a PGP Desktop product.

Example 3: One user wanting to use PGP on five different computers must purchase five copies of a PGP Desktop product.

Example 4: PGP Whole Disk Encryption enables a user to encrypt the entire hard drive of a computer. After the system has been encrypted, the system cannot be booted until a passphrase (password) has been entered. In some cases, this is the only PGP functionality that will be used. PGP Whole Disk Encryption will allow multiple users to be added to the PGP Whole Disk Encryption software to boot a system.

In this scenario, only one license per system is required. This applies for Administrators wanting to add themselves to the Whole Disk Encryption software (See the screenshot below to see the PGP Whole Disk Encryption shelf). If any additional features are used, such as individual file encryption or Virtual Disk, each user taking advantage of these features requires an individual license.

 

Section 2 - PGP Desktop Home: 

PGP Desktop Home is unique to licensing of PGP Desktop products in that each license of PGP Desktop Home can be installed on one computer and can be used by as many users who are part of the same residence.

Example 1: One purchased copy of PGP Desktop Home can be used on one computer.One or more users in the same residence can use the PGP Desktop Home software. This includes any profile on the computer.

Example 2: If a user has more than one computer, a copy of PGP Desktop Home must be purchased to use on each computer. There is no limit to the number of PGP Desktop Home users on each of the computers, provided they are all members of the same residence.

 

PGP Desktop Limited Use (Unlicensed use)

PGP Desktop Limited Use is approved only for:
Individuals at home for not-for-profit activities
Students at educational institutions for not-for-profit use
Charitable nonprofit institutions or organizations

PGP Desktop Limited Use is not approved for:
Business communications of any kind
Communications among government/education organizations of any kind
Communications that financially benefit the user

PGP Desktop Limited Use product capabilities/limitations:
Does not include PGP Virtual Disk (also known as PGP Disk)
Does not include automatic encryption of emails or email plug-ins
Does not integrate with any server products such as PGP Admin or PGP Universal Server
 


 

Section 3 - PGP Universal Server: 

PGP Universal Server includes the ability to manage users on the server or centrally manage individual PGP Desktop clients centrally.  This allows an Administrator to lock down PGP Desktop policies from the Universal Server. Each user managed by the Universal Server counts as one license.

Example 1: If 100 users exist on a PGP Universal Server, 100 licenses of PGP Universal Server must be owned. The only exception to this is if the account on the PGP Universal Server is an Administrator account, purely used for booting a PGP Whole Disk Encryption client. In this situation, the Administrator user would not be counted as the license.

Example 2: When PGP Universal Server is used to manage a PGP Desktop client license, the quantity of each product must match. If 100 users of PGP Desktop Professional are purchased to be managed by the PGP Universal Server, then 100 copies of PGP Universal Server must also be purchased.

Example 3: PGP Universal Server has the ability to share replicate information to other Universal Servers. This process is called clustering. In clustering, multiple PGP Universal Servers are used.  PGP does not limit the amount of clusters that can be used within the environment as long as the user count does not exceed the quantity of licenses purchased.

 

Section 4 - PGP Command Line 

PGP Command Line is licensed (i) per physical CPUs/processors, (ii) Keys and (iii) Functionality.

CPUs/processors refers to the number of physical CPUs on a system. If a computer has one or two physical processors, a 2-CPU license is required. If a computer has up to four processors, a 4-CPU license is required, and so on. For CPUs with multiple internal processing units (e.g., cores), each processing unit counts as a single processor.

 
Keys: PGP Command Line options offer either one-key or unlimited-key licensing for local keyring management.

One-key licensing means that one public key may be used in the local keyring, other than your own key. This licensing option is used when encryption/signing-only functionality or decryption/verification-only functionality is required.

Unlimited-keys licensing means that more than one public key may be used in the local keyring, other than your own key. An Unlimited-key license should be purchased if encrypting/signing to more than one recipient is needed.

Functionality: Three options are available: Send only, Receive only, and Send/Receive. "Send Only" provides encrypting and signing functions. "Receive Only" provides decrypting and verifying only. "Send/Receive" provides both encryption/signing and decrytpion/verification.

For each seat of PGP Command Line, PGP Corporation allows installation on one production and one non-production system. This means if one 2-CPU license is purchased for PGP Command Line, it may be installed on the production box that is handling all encryption/decryption processes, and another system that is not handling production encryption/decryption. The non-production box may be a failover box or a test box, but may not perform any encryption/decryption related to business encryption/decryption.

 

Section 5 - PGP Support Package for BlackBerry

The PGP Support Package for Blackberry requires one license for each BlackBerry device with a minimum purchase of 10 seats.
 

Section 6 - Licensing for Terminal Server or Citrix Environments:

Various PGP Desktop functionality can be used in Terminal Server or Citrix Server environments.  In Terminal or Citrix Server environments, the applications are installed on the server itself and any users logged into this server can access the application installed.  Due to the nature of these environments, PGP Desktop is managed quite differently than in normal environments. PGP is licensed per-user on the Terminal or Citrix Server and not by how many users are using the PGP Desktop.

Example: PGP Desktop is installed on a Terminal Server that has 100 users; however 25 users are currently using PGP. In this scenario, 100 copies of PGP must be purchased, because all users on the server have the ability to use the PGP Desktop software.

The only exception to this, in Citrix environments, is a technical restriction that has been enforced on the Citrix Server. In other words, only those users who are licensed to use PGP have the ability to use any PGP Desktop functionality. To enforce a technical restriction in a Citrix environment, NTFS Permissions should be modified on the Citrix Server to remove Execute access for the PGP Program Files folder so that only licensed users can open PGP Desktop. In addition to restricting execute access, other restrictions should be put in place so that PGP Desktop does not startup when a user logs into an account and the PGP Desktop menu items are not available.

 

Due to the nature of licensing with Terminal Server or Citrix environments, licensing is per user on the Terminal or Citrix server where PGP Desktop is installed as is listed in the example above. The only exception to this licensing is by implementing a technical lockdown of the PGP Desktop software for non-licensed users in this type of environment. This means the non-licensed users are technically unable to utilize any PGP Desktop features. When such a technical lockdown has been implemented, PGP Corporation will only require licenses for the users who will be using PGP Desktop and are legally authorized to do so.


 



Legacy ID



743


Article URL http://www.symantec.com/docs/TECH149022


Terms of use for this information are found in Legal Notices