In this installment of the Tips and Insights series, Dan Smithson reviews the license update process for FireEye appliances.
Hello my name is Dan Smithson and I am a Systems Engineer with FireEye. Today we are going to review the process involved in updating licenses for FireEye appliances. For today’s illustration we’re going to start at the main dashboard of our Endpoint Security 4.5 instance. This can be a virtual, a physical or a cloud based appliance deployment. As you can see on the main dashboard there’s a number of hosts that have alerts crossing exploits other forms such as malware as well as factors from our indicator of compromise pool out of our database of intel. For today’s purposes we’re going to specifically look at the function of applying a license or updating a license to this appliance. This is done by clicking on the admin hover tab there and then going to the appliance settings at the bottom. As you can see the interface changes somewhat when you go to this interface. And this is because we’re actually bombing out to the command system that is administering multiple appliances. This is an efficient way to manage licenses on multiple appliances. If I go to appliance licenses I can actually see there are multiple licenses involved. I have my primary appliance license. This activates the core appliance itself. I also have my FireEye support. I also have content updates. Content is basically the DTI cloud. Our global Dynamic Threat Intelligence cloud that distributes intel from appliances globally deployed and basically tells you what’s happening elsewhere so that you don’t have to wait for the pain before you know what to look for. We also have the HX Advanced license. This is related to forensics type features and this would be associated with some of the components you can actually acquire from the endpoint. If you wanted to remove a license you just click remove. If you need to apply a license you just type the product key into the field here. You would do it similar to this. And then you would just hit add license. Now since this box is fully licensed we don’t need to do this today. But how do we know if it’s licensed properly. So let’s take a look at the data that’s reflected on this appliance license screen. Starting from the top we can see our HX Advanced license is listed as valid and active. Valid means that the license is actually a legitimate license. Active just means that it’s currently viable and turned on. If we look at the advanced license description it tells us the start date as well as the end date. The end date is extremely important to keep an eye on because this will help you to plan in advance for renewals of your licensing. If you happen to get to the end of the duration of the licensing period and you haven’t renewed your licenses your box will cease to function. If your box ceases to function then you will cease to have the protection it affords you. So we do highly recommend keep an eye on the end date and try to get ahead of it in terms of your renewal cycle. You’ll also notice it’s tied to a specific appliance ID. This appliance ID is often associated with the MAC address of the appliance. But it’s basically a unique identifier through which we can assign a license to a box effectively preventing that license from being moved from box to box to box. In a virtual appliance environment we actually assign a unique identifier like a MAC address to the virtual machine in order to tie the license to it as well. Looking at the FireEye appliance license, the main license that activates this box, you can see a few things that are of interest. One, the product itself is okay status. Basically it’s operating as expected. You can see that it’s running in production and you can also see that the end user licensing agreement has been signed off and agreed to. Most importantly you can actually see that the role that this particular appliance is running in is the master role. This is related to the fact that when you deploy our Endpoint Security there are often multiple boxes involved. You may have multiple boxes across different physical sites for management reasons and administrative. Or you may have multiple boxes in the form of one inside your core network to provide core function management and policy enforcement across your endpoints. While having a secondary one sitting in your DMZ allowing extensible control and access to those endpoints that are not within your confines of your existing corporate network. And that concludes our walk through of the license update process for FireEye appliances. Thank you for watching and check back for more tips and insights.