Managing the KeyControl License

Your KeyControl license determines the number of KeyControl nodes you can have in a cluster, the number of VMs that you can manage, the length of time for which you can use KeyControl, and any entitlements that you purchased.

Beginning with KeyControl 5.4, we now support the following license entitlements: 

  • Secrets Vault—Whether Secrets Vault support is enabled.

  • KMIP Server—Whether the KMIP Server is enabled.

  • BYOK—Whether KeyControl support for BYOK is enabled.

Beginning with KeyControl 5.5, details are also shown about KMIP and BYOK:

  • KMIP Server—The number of KMIP tenants in use out of the maximum number of allowed KMIP tenants for the license. For example, 2/5 means that 2 tenants are in use out of the maximum of 5 tenants.

  • BYOK—The number of CSP accounts connected to a Key Set. For example, 0/1 means that at most 1 CSP account can be connected but no account is connected at the moment.

If your license expires, you can still access or decrypt your VMs using the keys managed by KeyControl. You can also continue to manage KeyControl or your VMs using the KeyControl webGUI or hicli. However, you cannot:

  • Register a new VM with KeyControl.
  • Encrypt any new data, root, or swap disks, even if they have already been registered with KeyControl.

If your license is about to expire, or if you have registered the maximum number of VMs allowed by your license, KeyControl sends the following alerts:

  • If your license will expire in 7 to 60 days, KeyControl sends an alert once per week.
  • If your license will expire in less than 7 days, or if your license has already expired, KeyControl sends an alert once per day.
  • If you have registered the maximum number of VMs allowed by your license, KeyControl sends an alert once per week.

KeyControl licensing can be used online or offline. If your KeyControl nodes have internet access, they will access the license server at https://my.nalpeiron.com (port 443). This avoids requiring you to manually update your license when you renew it. The license update should occur seamlessly. If it does not, contact Support for assistance.

If you do not have internet access, you can apply the license manually. For more information, see Upgrading Your License.

Note: If your KeyControl does not have direct access to the internet, but you have a proxy server, please review Enabling an HTTP Proxy Server for the Vitals Service and Licensing Service.