Enterprise Recon 2.4
Licensing
This section covers the following topics:
- Subscription License
- Master Server License
- Target Licenses
- License Usage and Calculation
- Download ER2 License File
- View License Details
- Upload License File
Subscription License
Enterprise Recon 2.4 software is available as a subscription in three editions - Enterprise Recon PRO, Enterprise Recon PII, and Enterprise Recon PCI.
Each licensing option offers access to certain features and services in ER 2.4, as described in the Feature Comparison table below.
Feature Comparison
Key Features / Capability | |||
---|---|---|---|
Built-in PCI Data Types | ✓ | ✓ | ✓ |
Full Suite of Built-in Data Types | ✓ | ✓ | |
Custom Data Types | ✓ | ✓ | |
OCR & Audio Scanning | ✓ | ✓ | ✓ |
All Target Types | ✓ | ✓ | ✓ |
Remediation | ✓ | ✓ | ✓ |
Basic Reporting | ✓ | ✓ | ✓ |
Access Control Lists | ✓ | ✓ | ✓ |
Notification & Alerts | ✓ | ✓ | ✓ |
API Framework | ✓ | ✓ | |
Investigate Page | ✓ | ✓ | |
Data Access Management | ✓ | ||
ODBC Reporting | ✓ | ||
Risk Mapping | ✓ | ||
Data Classification with MIP | ✓ | ||
Delegated Remediation | ✓ |
Master Server License
For more information, see our End User License Agreement.
Target Licenses
There are two Target licensing models for ER 2.4:
For information on the legacy licensing model, see ER 2.0.31: Target Licenses.
Sitewide License
A Sitewide License specifies the maximum data volume that can be scanned cumulatively across all Targets per ER2 instance. This license model permits an unlimited number of Targets to be scanned with ER2 and applies to all Server & DB License and Client License Targets.
The total Sitewide License data usage is calculated as the sum of scanned data across all Targets. See License Usage and Calculation for more information.
Non-Sitewide License
A Non-Sitewide License specifies the maximum number of Targets and the maximum data volume that can be scanned cumulatively across all Server & DB License and Client License Targets per ER2 instance.
Server & DB License
Server & DB Licenses specify the maximum number of Targets and the maximum data volume that can be scanned cumulatively across all locations on Server & DB License Targets.
Category | Target |
---|---|
Server Operating Systems |
A server is a local computer running on any of the Server Operating Systems
on a physical host machine or virtual machine. The same license terms apply to any accessible storage that can be scanned remotely with
ER2.
|
Databases |
Database Targets require only one Server & DB License per host machine.
"My-DB-Server" is a Windows Server that hosts a MariaDB and
a PostgreSQL database. Only one Server & DB License is consumed as both databases
reside on the same host machine.
|
Cloud Enterprise |
|
Other |
|
The total Server & DB License data usage is calculated as the sum of scanned data across all Server & DB License Targets. See License Usage and Calculation for more information.
Client License
Client Licenses specify the maximum number of Targets and the maximum data volume that can be scanned cumulatively across all locations on Client License Targets.
Each Client License permits the scanning of one Target from each category (e.g. desktop / workstation operating systems, email, and cloud storage) as described in the table below.
Category | Target |
---|---|
Desktop / Workstation Operating Systems |
|
|
|
Cloud Storage |
|
- One desktop / workstation Target (e.g. Windows Desktop),
- One user email account (e.g. Google Mail), and
- One user cloud storage account (e.g. G Suite)
Client License usage is taken as the maximum number of consumed Client Licenses across all categories.
The total Client License data usage is calculated as the sum of scanned data across all Client License Targets. See License Usage and Calculation for more information.
License Usage and Calculation
License Assignment
Adding Targets in the Web Console or via the API does not consume licenses or data allowance. Data usage is calculated only after a scan has completed successfully, and Non-Sitewide Licenses are only assigned to a Target when it is scanned.
Data Usage
Data usage is the maximum scanned data volume on a Target or Target location, and is based on the actual file size in bytes. This applies to all Target types and file formats. A detailed log of data usage across all ER2 Targets can be obtained from the Data Allowance Usage section in the System > License Details page.
Data usage will only count towards the data allowance limit for successfully scanned locations. Erroneous locations (e.g. inaccessible locations) do not contribute to the data allowance limit. See Data Allowance Limit for more information.
Example 1
The actual file size for the PDF file "My-File.pdf" is 3 MB, while the size on disk for "My-File.pdf" on a compressed drive is 1 MB. When "My-File.pdf" is scanned, the data usage count is 3 MB.
Example 2
The file size for the archive file "My-Data.zip" is 5000 bytes, while the
size of the uncompressed file content is 7000 bytes.
When "My-Data.zip" is scanned, the data usage count is 5000 bytes, and the
scanned bytes value is 7000 bytes.
Data Usage Calculation
The total data usage for a Target is defined as the peak scanned data volume for the Target, and is obtained by adding the total data usage for each scan root path within a Target. Scanning a sub-location that is contained wholly within a scan root path does not consume additional data allowance.
Take for example the following directory structure in D:\ drive on a Windows desktop:
Windows desktop (host name: My-Windows-Machine)
+-- D:\ (data size: 5 GB)
+-- D:\FolderA (data size: 3 GB)
+-- D:\FolderA\FolderA-1 (data size: 2 GB)
+-- D:\FolderA\FolderA-2 (data size: 1 GB)
+-- D:\FolderB (data size: 1 GB)
+-- D:\FolderC (data size: 1 GB)
"My-Windows-Machine" is added as a new Target in ER2 and the following scans are executed on the Target.
# | Scanned Locations | Scan Root Path | Total Data Usage | Comments |
---|---|---|---|---|
1 |
|
|
3 GB | - |
2 |
|
|
3 GB | The scan root path and total data usage is unchanged as D:\FolderA\FolderA-1 is a sub-location that is contained wholly within D:\FolderA. |
3 |
|
|
4 GB | D:\FolderA and D:\FolderB are two distinct scan root paths and the total data usage is the sum of data usage for D:\FolderA and D:\FolderB. |
4 |
|
|
5 GB | The new scan root path is D:\ as all previously scanned locations are contained wholly within D:\ drive. The total data usage is now 5 GB as additional data is scanned in the D:\FolderC. |
Re-scans of the same locations and data do not count towards additional data usage.
You can view a detailed log of data usage in the Data Allowance Usage section of the System > License Details page.
Data Allowance Limit
Each Target licensing model specifies the maximum data volume that can be scanned across all applicable Targets. This is also known as the data allowance limit.
For Sitewide Licenses, all scanned Targets consume data from the Sitewide License data allowance limit.
For Non-Sitewide Licenses, data is consumed from the Server & DB License or Client License data allowance limit, depending on the scanned Target platform.
For example, a scan is completed successfully for the following Targets:
Target | Non-Sitewide License Type | Data Size (GB) |
---|---|---|
1 MySQL database | Server & DB License | 4 |
1 SharePoint Server | Server & DB License | 8 |
1 Google Mail account | Client License | 1 |
1 Dropbox Personal cloud storage account | Client License | 1 |
For a Sitewide License, total of 14 GB data is consumed from the Sitewide License data allowance limit.
For a Non-Sitewide License, a total of 12 GB data is consumed from the Server & DB License data allowance limit, and a total of 2 GB data is consumed from the Client License data allowance limit.
Exceeding License Limits
The following scenarios will cause ER2 license limits to be exceeded:
Scenario | Impacted Licensing Model |
---|---|
Scanned data volume exceeds the data allowance limit available for the corresponding license pool. |
|
Scanned Targets exceeds the maximum number of allowed Targets or platforms that can be scanned per ER2 instance. |
|
When the license limit has just been exceeded:
- Scan results for the scan that caused the license limit to be exceeded will be processed and available for viewing.
- All ongoing scans will be completed but scan results are added to a backlog and will not be processed.
Once the license limit is exceeded, ER2 will operate in reduced-functionality state as below:
- Scans that were scheduled prior to exceeding the license limit will continue
to be executed. However, scan results are added to a backlog and will not be processed
until a new, valid license is uploaded to ER2.
See Processing Blocked for more information. - Users are able to set up and schedule new scans but scan results are added to a backlog and will not be processed.
- Users are able to view and download existing compliance reports but reports will include a watermark to reflect the exceeded license limit state.
- Users are able to view match results for all scans that were processed before or when ER2 license limit was exceeded.
- All remediation actions will be disabled.
ER2 will continue to run in reduced-functionality state until a new, valid license is uploaded to ER2.
Example 1
User A adds a MySQL database and workstation Target to a scan schedule and sets the scan to "Scan Now". The scan for the workstation Target completes first and causes the data allowance license limit to be exceeded. The scan results for the workstation Target will be processed fully. However, results for the MySQL database scan will be blocked from being processed and added to a backlog as the scan completed after the license limit had been exceeded.
Example 2
User A starts a scan for 11 Windows Server Targets for an ER2 instance that has 10 Server & DB Licenses and 10 Client Licenses. This causes the ER2 license limit to be exceeded.
The scan for the 11 Windows Server Targets will run to completion, and results will be processed and available for viewing.
However all other scan results will stop being processed, even for scan schedules that only contain Client License Targets.
Processing Blocked
When the license limit is exceeded and ER2 operates in reduced-functionality mode, all scheduled scans will continue to be executed according to schedule. However, results for completed scans will be blocked from being processed until a valid license is uploaded.
Indicator
Targets that have unprocessed scan results will be indicated by the "Processing blocked" status in the Targets page.
Notifications and Alerts
You can create a notification policy to receive alerts and/or emails for the Processing Blocked event, which is triggered when ER2 license limit is exceeded and unprocessed scan results are added to the backlog.
See Notification Policy for more information.
Suppress Scheduled Scans
To prevent building up a huge backlog of unprocessed scan results once the ER2 license limit is exceeded, you can stop all scheduled scans from being executed by enabling the Suppress scans setting from the Scans > Schedule Manager.
Once a new, valid license is assigned to ER2, all scheduled scans will resume starting from the next scheduled date and time.
Download ER2 License File
You must download a license file to activate ER2.
- Go to Ground Labs Services Portal and log in.
- In the Home tab, scroll down to the Enterprise Recon 2 Licenses section.
- Find Enterprise Recon 2.4 in the Product column and click Download License.
-
(Optional) If you have enabled the Services Portal Complex UI, download the ER2 license by going to License > Enterprise Recon 2.4 in the navigation menu at the top of the page.
Do not click on manually assign | download to download your license file. This downloads a general license file which does not work with ER2.
View License Details
You can view the licensee details, get data allowance usage information and manage licensed Targets in ER2 from the System > License Details page in the Web Console.
License Information
The top left of the License Details page displays information on the current
ER2 license:
- Licensed To: The name of the company or organization that the ER2 license is registered to. This is also the name of the Ground Labs Services Portal account.
- Contact: The full name of the primary contact person for the company or organization.
- Expires: Date on which the subscription license expires.
License Summary
The License Summary table displays a list of Master Server and Target licenses that are available for this installation of ER2.
Column | Description |
---|---|
Type | Describes the Target license pool. |
Total | "x/y" where - x is the consumed data allowance, and - y is the total data allowance available. |
License Usage
The License Usage table displays a list of Targets and the license pools they are assigned to. This section is not applicable for Sitewide licensing model.
Column | Description |
---|---|
License | License pool from which the Target is assigned a license (e.g. "server", "client"). |
Target Name | Licensed Target name. |
Target Type | Target type or platform (e.g. "Dropbox Business", "G Suite"). |
Location | Target location path. |
Release License | Releases the license for a Target or Target location back to the corresponding license pool (e.g. Client or Server & DB License).
The Release License function does not reset or nullify the already-consumed data allowance associated with the Target or Target location.
Releasing the license for a Target, Target location, or scan root permanently
removes all scan data and records associated with the corresponding Target, Target location,
or scan root from ER2.
Releasing the license for a host Target permanently removes all scan data and records for
The Ground Labs End User License Agreement only allows
you to delete or release the license for a Target if it has been permanently decommissioned.
|
You can display specific license usage records by using the following filter options:
- License
- Target
- Type
- Location
Data Allowance Usage
The Data Allowance Usage table provides a detailed log of data allowance usage in ER2. Each record in the table describes the data usage or total scanned data volume for a distinct Target, Target location, or scan root.
Column | Description |
---|---|
License | Data allowance license pool. |
Target Name | Licensed Target name. |
Target Type | Target Type (e.g. "All local files", "OneDrive Business", "Amazon S3", etc). |
Location | Target, Target location, or scan root for which the data usage is calculated. |
Data Used | Total amount of data allowance consumed for the corresponding Target, Target location or scan root. |
You can display specific data usage records by using the following filter options:
- License
- Target
- Type
- Location
To download the Data Allowance Usage log in CSV file format, click Download Data Usage Log.
See Data Usage Calculation for more information.
Upload License File
Expired or expiring licenses must be replaced by uploading a new license file.
To upload a new license file:
- On the top right of the License Details page, click + Upload License File.
- In the Upload License File dialog box, click Choose File.
- In the Open window, locate and select the License File and click Open.
- In the Upload License File dialog box, click Upload.