Info: Venafi Licensing Model for version 18.1

Applies to:

Version 18.1


The release of 18.1 brings a new product to the Venafi Trust Protection Platform portfolio:

NEW: Venafi Advanced Key Protect 

Venafi Advanced Key Protect is a new product add-on module (priced separately) designed to provide remote and centralized HSM key generation.

  • Remote HSM Key Generation 
    Prior to this release, Venafi Platform could do HSM remote key generation on Gemalto SafeNet HSM only.  New in 18.1, Venafi Advanced Key Protect add-on module can perform remote generation of private keys for Thales nShield Connect HSMs for Apache, CAPI (IIS), and JKS. @6522
  • Central HSM Key Generation
    For improved entropy and audit compliance, private keys for certificates and SSH keys can be centrally generated on Gemalto SafeNet and Thales nShield Connect HSMs. Centrally generated private keys are exported from an HSM and stored as ciphertext in the Venafi database.

Any customer who has purchased Licensed Products from Venafi has the right to use as many copies of the Licensed Products as reasonably necessary for evaluation or testing purposes ("Test Copies").  There shall be no charge for use of such Test Copies unless the Test Copies are used to actually manage/protect keys or certificates.

Venafi Advanced Key Protect joins the following three Venafi product lines:

  • TrustAuthority for SSL (Monitoring & Enrollment), TrustForce for SSL (Provisioning)
  • TrustAuthority for SSH (Monitoring), TrustForce for SSH
  • Enterprise Mobility is now called 'Enterprise Mobility Protect'

More Info:

Licensing Model

Venafi TrustAuthority & TrustForce for SSL/TLS are licensed on a per certificate instance basis (“Certificate Instances”).  A Server (SSL) Certificate is defined as a digital certificate used to identify a server that is typically issued to hostnames (i.e. a machine name or domain name).  For example, one (1) certificate (or associated private key) protected by TrustAuthority on ten (10) servers counts as 10 Certificate Instances; and Ten (10) certificates (or associated private keys) protected by TrustAuthority on one server counts as 10 Certificate Instances.

Venafi TrustAuthority & TrustForce for SSH are licensed on a per Host basis.  A Host is defined as a device (client, server, or appliance, or virtual instance), running its own operating system with its own unique IP address.  For example, a server or a cloud deployment running three (3) virtual machines counts as three (3) hosts.

Venafi Enterprise Mobility Protect is licensed on a per Certificate basis.  A mobile certificate (user or device) is defined as a digital certificate that provides information about the user and/or the user's device and is used to identify that individual or device for a variety of purposes such as web authentication, WiFi authentication, VPN authentication, email encryption and message signing, and device authentication, across different mobile and personal platforms – including but not limited to laptops, desktops, smartphones and tablets.


Was this article helpful?
0 out of 0 found this helpful