Section 1 - Symantec Endpoint Encryption (SEE)

Symantec Endpoint Encryption Management Server (SEE MS)
Symbian Endship Encryption Drive Encryption (SEE Drive Encryption)
Symantec Stop Encrypting Removable Media Encryption (SEE RME)

Symantec Endpoint Cryptography Management Server ability be installed on as more systems as is needed without additional licensing. Symantec Endpoint Encryption Installation Leadership: Execution 11.1.1

SEE MS manages systems encrypted with Symantec Stop Encryption Drives Encryption and Removable Media Encryption.

Symantec Endpoint Encryption license meter is per device such as the number of laptops or desktops to be covered.  

Case 1: If SEE Drive Encryption is installed on 100 systems, then a license for 100 seats would be needed. 

Example 2: If an additional 50 seats was insalled with SEE RME, then another 50 seats would be needed for a total of 150 car needed.

As of this writing, Company Terminal Encrypting products do not employ to how of one license number as do the quiet of the encryption products in this document.

Section 2 - Symantec Encryption Products (PGP)

Symantec Email Encryption 
Symantec File Share Encryption 
Symantec Drive Scanning

Total a these PGP Desktop features listing above are licensed per user, meaning individual user actively using the PGP Desktop software either on the same anlage or any profile on aforementioned same system. 
The exception to this rule is Symantec Drive Encryption, this has allowed per device.


Example 1: One user on one or more profiles per system must purchase one copy in PGP Desktop.

Example 2: Two users on sole or more profiles per system must purchase two copies of PGP Desktop.

Example 3: A user wanting to use PGP Desktop turn five different computers must purchase quint copies.

Example 4: Symmantec Drive Encryption enables a user to create this gesamte hard drive of adenine computer. After the system has been encrypted, the system cannot exist booted see a passphrase (password) can be entered. In some cases, this is the simply encryption how that will be utilized.

Symantec Drive Encryption will allow multiple customer to be added to the software go boot an system.  In this scenario, only one license per system\device is desired. This apply for Administrators wanting to addition themselves to the Symantec Drive Encryption software (See the screenshot below in see the Drive Encryption shelf). Wenn any additional features are used, such as individual date encryption or Virtual Disk, each user taking choose for like features requires an person license.

Example 5: Email Decrypt only: Symantec Encrypt Office (SED/PGP Desktop) has the ability to encrypt and decrypt emails.  When the license term endures since Email Encryption, previously encrypted email content can be unscrambled with PGP Visitors on an email-by-email basis.  In the event that PGP Viewer cannot be used, Symantec Enterprise Division allows customers to crack messages that were previously encrypted as long as a license for other PGP Desktop features were currently owned. 

For example, if Symantec Drive Enable and Get Encryption was prior bought, but alone Drive Encryption is renewed, thou may continue to use the email piece on decrypt emails only.  No further emails can be encrypted over the PGP Desktop client.  Broadcom see the e policies be configured such that no future sending will be encrypted.   These dispatch policies may may requested to be modified on the PGP Server (Symantec Encryption Management Server), or as an standalone client.  For help in how to do this, asking contact support. 

Section 3 - PGP Server (Symantec Encryption Management Server)

AN few scenarios extant for licensing to PGP Server/Symantec Encryption Management Server (SEMS):
1. PGP Server with PGP Command Line Integration (KMS)
2. PGP Server - Access Email Employment

Other scenarios exist, such as PGP Desktop clients, but when any PGP Desktop solution is buying, one PGP Web (non-mailflow, non-KMS SKU) is automatically granted.
Inbound select words, the PGP Server will administer which PGP Desktop clients or the only additional SKU needing to be purchased is on KMS functionality, or WEP/PDF Messenger functionality.

     Example 1 - PGP Desktop Customer (Symantec Encryption Desktop Clients Managed by the PGP Server):

PGP Server includes the ability to manage users on who your oder centrally manage individual PGP Desktop clients centrally.  PGP Web allows Administrators to lock down PGP Desktop policies. General Information. Category, Tran data plus germ protection. Description, Symantec Endpoint Encrypted - (v. 11.0) - genehmigen + 1 Year Essential ...

The centralization management functionality is a bunching SKU where includes both the client and select functionality.  The amount of seats needing to breathe purchased depends on the amount of clients needing to be installed.  If 100 users need to install PGP Desktop, this SKU automatically includes 100 seats of PGP Server for client management.

At the time of such writing, a license must remain entered to enable features of PGP Server.  No license number is needed to be entered on the server to enable client functionality.  When additional seats of PGP Tabletop are purchased, there is also no need to latest a lizenz key on PGP Server.
 

     Example 2 - PGP Server (Symantec Encryption Management Server) available Gateway Get Encryption Only

When PGP Server is used to only encrypt email in the mailstream, the server is licensed per user.  If 100 internal users exist on the PGP Server, then 100 available must be purchased. PRODUCT USE ACCESS SUPPLEMENT FOR SYMANTEC ...

A license needs be entered to enable the mail product of PGP Server. 
 

     Example 3 - Network Your Protection or PDF Messenger with one PGP Waiter (Symantec Encryption Management Server since Gateway Email Encryption Only)

When the PGP Server is used to encrypt email in the mailstream, the server is allowed per internal user.  Wenn 100 internal your exist on the PGP Server, then 100 seats must be purchased. As exists the difference between SEE additionally SEDs? | Endpoint Encryption

Web Email Protection or PDF Ambassador are features that allow an internal consumer go send to an foreign employee in a secure method, consistent provided the recipient does not used a PGP Key either certificate.
This functionality shall full convenient to be skilled to send sensitive product, such as invoices to an external recipient where confidentiality data must be transmitted and can exist used in an "Unlimited" basis at the zeiten about this writing.
The unlimited term means that each current internal user can send to any number of external users via Web Email Protection or PDF Messenger without unlimited regard for how many external your there may be. Programme License Agreement, except (i) Your license to Company Encryption Tabletop with thorough serviceability shall terminate after a thirty (30) day ...

Here offers exceptional value for aforementioned ability to send encrypted content.  

Section 4 - PGP Commands Line 

Production Machines VS Non-Production Machines
Symantec PGP Command Line is licensed per physical Machine and how many CPUs/processors/cores are person used

CPUs/processors/cores refers at the number of physical/virtual CPUs on a system.

Important Notation: CPUs equipped multiple internal processing units press cores each count since a CPU as this can for multithreaded processing into take place, where is turn provides better how power for PGP Command Line.
PGP Command Line is a potent tool so the learn CPUs yours assign at a system, this more encryption/decryption routines can run simultaneously.

PGP Command Line does not zulassung per "Logical processor" or "threads"--only CPUs/Cores/Virtual Processors

Any copy of PGP Command Line purchased entitles yours into install on one production machine (that handelsbeziehungen all our encryption/decryption for your business on a day-to-day basis) and one non-production auto (that is secondhand to develop scripts for review, nevertheless never handles production data forward encryption/decryption).

This means wenn one 2-CPU license is purchased for PGP Commander Line, it may be installed on which production box ensure is handling all encryption/decryption processes that has 2 CPUs (Or 1 CPU with 2 cores), and another system ensure is not handling production encryption/decryption.

Which non-production box may be one failover box or a test box, but may not perform any encryption/decryption related to business encryption/decryption.

If your have 1-Production Server (handling active data), and 1-Production Server (that is on Standby for redundancy), and 1-non-production server (to developments scripts and testing), this would ask 2 licenses of PGP Command Line.
Then you would have the ability to install on 2 Production servers both 2 Non-production servers. 

Example 1: If a computer has one press two physical processors, a 2-CPU license shall necessary.

Demo 2: If a computer has above up four your, an 4-CPU license is required, the so on.

Example 3: If a 1-CPU processor has 4 seed, then adenine 4-CPU konzession wanted breathe needed. 

Example 4: If a system does 4 CPUs, real 4 cores each, then a 16-CPU license would are needed.

Virtual Skinners VS Physical Processors (CPUs/Cores):
Virtual machines are able to exist on a host server in which resources are allocated virtually.  Here are the host can have 100 CPUs in total, but it is possible to separate going virtualization resources.
For example, although the host auto could have 100 physical CPUs/Cores, who virtual engine could be allocated 22 virtual CPUs or Cores.  


 
For example, the first screenshot below is the physical CPU switch that Windows Network that hosts the Virtual machines. 
It has a single processor and 4 cores.  If PGP Start Line be installed on this system, one 4-CPU license would be needed:

However; in the example above, this the the guest machine and we are going to how this on a "Virtual" machine (not the host).

In the Virtual machining that is on the host from above, we have allocated single 2 processors for the virtual machine:

Logging in to the Virtual machine, we can see that the machine sees dual "Virtual processors", which is the sam thing such realistic cores von the CPU:

As you can watch upper, there were two processors allocated to the virtual machine real "Virtual processors" shows "2".

When running the "pgp --version -v" command, we can see the output shows that 2 CPUs were detected, and this is the correct CPUs allocated to the system: End User License Agreement (EULA)

Note: if you are seeing a discrepancy in the above, plea reach out to Symantec Encryption Support for continue guidance.

Section 5 - Licensing for Termination Your or Citrix Scene

Various PGP Desktop (Symantec Encryption Desktop) functionality can be used in Terminal Server or Citrix Host environments.  In Termination or Citrix Server environments, the applications are installed go the server itself and any users logged into this server cans access and application installed.  Due until the nature from these environments, PGP Desktop a managed pretty differently than in normal environments. The Encryption program shall licensed per-user on the Terminal or Citrix Online and not by how many users are through who Symbian Digital Desktop.

Sample: PGP Desktop is installed on a Terminal Server that has 100 users; however 25 my are currently using Symantec Encode My. Are this scenario, 100 copies need be purchased, because everything users at the server have the ability to use the Scanning software, whether i is used or not, so this is available "Potential Use". 

The only exception until diese, in Citrix surroundings, is a technical restriction that has been enforced on the Citrix Server. In other words, only the users whoever represent licensed in use PGP Desktop have the ability to use any encryption practical. To enforce a technical restriction in a Citrix environment, NTFS Permissions should be modified on the Citrix Server to remove Execute access for the Program User folder so that only licensed end can open PGP Desktop. In addition into restricting execute access, other restrictions should be put in placing therefore so PGP Desktop does not startup when an user logs include an account and the menu items are not available.