General questions customers have about Licensing, MX SoM and more
- License are applied to the MX and SoM
- There is no license on the GW
- There are two types of licenses - perpetual and Flex-Protect
- A perpetual license is for a fixed amount of devices and services and typically cover 1 calendar year, and are deployment specific
- A Flex-Protect license can cover a variety of devices depending on the requirements, and cover multiple deployments – on-prem, AWS/AZURE, or hybrid
What are Activation's and how are they used?
- Activation's are for virtual deployments
- An activation is the ability to create a new license on demand
- Under Flex-Protect you have 100 activation's
- Under perpetual you have 5
- The reason is the Flex-Protect must be able to cover more devices, the perpetual is specific MX or SoM
- An activation is used when you move an instance to another VM
- When you do that it will change the challenge and you will need a new license
- An activation allows you to make these moves and generate a new license on your own
- An activation under Flex-Protect also allows you to create a new instance and then generate a new license
What is a challenge?
- A challenge is a unique string that is only associated with one MX or SoM
- There are no duplicate Challenges
- A license is generated based the challenge
- A license can only be applied to a MX or SoM with the corresponding challenge
- Why am I always asked for my challenge when opening a case
- The challenge is also associated with a site record
- Support uses it to ensure that a case is being opened by an active customer and help ensure that it is not an attempt to manipulate the Support process.
Migration to the Public Cloud
- When does Imperva recommend you move to the public cloud through AWS?
- Imperva recommends a hybrid deployment which allows the current on-prem deployment to remain while creating a private cloud deployment.
- Using Flex-Protect one MX can manage both the on-prem and AWS gateways
- Business can be moved to AWS at a pace that is comfortable for you
- Contact your account team for details on Flex-Protect and hybrid deployments
Currently have on-prem WAF inline, why should we go to KRP
- There are two main reason to convert form inline to KRP
- The first is compliance
- In bridge or inline mode the gateway cannot decrypt Diffie Hellman based ciphers
- This leans to non-compliance as more and more applications standardize on DHE ciphers
- The second is an additional layer of protection
- By deploying KRP the gateway will receive any malicious activity first
- This allows the application to remain untouched as the gateway mitigates the threat
Need to deploy DAM on my MS-SQL servers, anything I should know
- For the most part deploying an agent on an SQL server is the same as deploying an agent on any other OS
- The primary difference is that MS has standardized on Diffie Hellman ciphers for DB connection encryption
- In order to decrypt these connections and subsequently inspect them you will need to configure Advanced monitoring
- It is specifically for MS SQL server
- The DB Users Guide has the details on how to set this up
#WebApplicationSecurity
#ADC
#AWS
#DataRiskAnalytics(formerlyCounterBreach)#ADC