Monday, October 24, 2016

Software Blade licensing is no more

Check Point has quite rough and dramatic history of changing the licensing models. We have seen licensing per feature and then licensing bundles. Not so long ago Check Point had put in place so called "Software Blade" licensing model, where each security device required so-called container and blade licenses.

As some experts predicted, that licensing model did not last.

Just a few days ago Check Point has renewed the price list that renders Software Blade licensing model obsolete.

Effectively, there are no more licensing blades and containers. Instead, the new licenses exist as a set of simplified and bundled functionality packages, breaking  down for management, gateways and endpoint security.

Let's have a quick look on what's changed for management and gateway functionality.

1. Management

Management licenses allow customers to manage only a limited amount of gateways: 5, 10, 25, 50 and 150. These licenses are not additive, except for 150 GWs option, where add-ons of 50 GWs are available.

Multi-domain options have 5 and 10 domains variants and allow adding more domains with additional license.

All management features (software blades) are available for any of the management license out of the box. It is also important to mention that both Compliance and SmartEvent features are not based on subscription. Just one year is included in the original MGMT license.

2. Security Gateway

There are no significant changes for GW appliances, but open server licenses are now mimicking appliance licensing model.

Although licensing does not have container notion anymore, it actually defined amount of allowed CPU cores for open servers. According to CP, total amount of CPU cores on your open server is now enforced by license. It will be impossible to use 16-core machine with 8-core license. Of course, amount of CPU cores is not additive.

GW functionality is no longer flexible and comes with two packages (NGTP and NGTX)*. NGTX package is mandatory for all variants of inline Threat Extraction implementations.

The new licensing is already in the price list, although the license guide document is not updated.

According to some semi-official information, Check Point will allow customers to run on pre-existing licenses for some time. It is unclear if current implementations will have to go through license conversion. It is also likely that such conversion will be compulsory in case of extending existing functionality with some new features and licenses.

Personally, I am wondering if Check Point has any plans to retire Software Blades terminology once and for all. Without licensing component, it is very unreasonable to call security features and functionalities Software Blades.

*there is an exception for 2 core open server licensing, where FW only option is also available.