The NAICE network access control system is distributed under a commercial license. This means that access to the system functionality requires purchasing and activating a license.
Licensing may be performed using one of the following models:
Using the Eltex License Manager server (ELM), which provides licensing for software and hardware products of Eltex. This model requires periodic communication with the license server. It may use:
the Eltex license server (hereinafter referred to as Online ELM). No additional software installation is required. The centralized license server is available at https://elm.eltex-co.ru:8099, and network access to this address must be ensured. Connection to the ELM license server via an HTTP proxy is supported (HTTPS proxy is not supported);
an ELM server deployed within the customer’s infrastructure (hereinafter referred to as Offline ELM).
In both cases, the ELM server address is specified during NAICE installation and must be accessible at the time of license activation. Operation with the ELM server via an HTTP proxy is supported (with login/password authentication or without authentication).
File-based licensing (hereinafter referred to as PLR — Permanent License Request) — a licensing model tied to the physical parameters of the host on which NAICE is installed. If the host parameters are changed, re-activation is required. This model is also suitable for operation in isolated environments.
After installation, NAICE operates in demonstration mode with limited functionality. The limitations of demonstration mode are described below.
Upon purchasing access to a specific licensing level, a product key file is generated, unique for each NAICE instance. To unlock the NAICE functionality corresponding to the purchased license, the file must be uploaded and activated on the Licensing page. For a PLR license, after uploading the product key file, the customer will receive a license activation file, which must be sent to Eltex via their sales manager. After processing, the license will be activated and provided to the customer.
After successful upload of the activation file, access to the product functionality corresponding to the license level will be granted.
The set of functional capabilities provided by a license is divided into levels. This allows access only to the functionality actually required, without increasing costs for features that are not needed.
In the current version, two licensing levels are implemented — BASIC and ADVANCED.
At this level, upon license activation, access is granted to the basic NAICE functionality and its primary service — endpoint authorization. An endpoint, hereinafter, refers to a client device that connects to the network via an authenticator device and undergoes authentication and authorization. Examples of endpoints include a personal computer, laptop, smartphone, IP phone, IP camera, etc.
At this level, the licensed parameter is the number of successfully authorized unique endpoints per 24-hour period. This parameter determines how many unique client devices can be authorized in the system simultaneously. The calculation is performed as follows:
To determine endpoint uniqueness, the RADIUS request must include the Calling-Station-Id RADIUS attribute containing the MAC address of the client device;
A device is considered active for exactly 24 hours from the moment of its last successful connection. If re-authorization occurs within this period, the 24-hour countdown is reset.
An endpoint was authorized on June 10 at 13:31:10. The endpoint will “release a slot” in the licensed limit on June 11 at 13:31:11. If the endpoint was re-authorized on June 10 at 20:20:10, the time will shift to June 11 at 20:20:11. |
The value of this parameter is agreed upon at the time of license purchase and depends on the number of client devices in the network. The methodology for calculating this parameter is described below.
When the licensed daily limit for connected endpoints is reached, endpoints exceeding this limit will not be authorized. Devices authorized within the last 24 hours may still be successfully re-authorized. |
At this license level, the functionality required for configuration and operation of portal-based authorization (Captive Portal) is activated. For licenses of this level, the number of guest endpoints is unlimited. Portal authorization is therefore available for any number of guest users and does not affect the connection limit of non-guest endpoints.
This option enables the TACACS+ server functionality within NAICE. If the option is not purchased, the corresponding configuration settings are hidden in the system interface. The option is purchased in addition to the main license of any level, and this must be specified when purchasing the license. Purchasing the TACACS+ functionality separately without a main license is not permitted.
When this option is purchased, there are no limitations on the number of network devices or the number of TACACS+ sessions.
Licenses of any level may be issued for a period of 1, 3, or 5 years.
A time-limited license may be renewed upon expiration.
When the license validity period expires, the licensed NAICE functionality will be blocked. |
To select a license, it is first necessary to calculate the number of endpoints. The number of client devices can be determined by summing the number of users and the number of “auxiliary” devices.
Company “A” employs 1000 staff members, each of whom has one laptop for work. Employees of Company “A” do not connect using personal devices. In addition, the company network includes 10 cameras, 5 printers, and 2 televisions. All of these devices require authorization in the NAC system. Calculation of the number of unique endpoints in the network: 1000 × 1 (number of devices per employee) + 10 (cameras) + 5 (printers) + 2 (televisions) = 1017 unique devices in the organization. |
If the above calculation method is not applicable, an alternative approach may be used:
After installation, if no license has yet been uploaded to the system, NAICE operates in demonstration mode. In this mode, the number of network devices, endpoints, and guest endpoints is limited to 15 units each.
After successful license activation, demonstration mode is disabled. Returning to demonstration mode without complete removal of NAICE is not possible.
For inquiries regarding license purchase, please contact us at: foreign.sales@eltex-co.ru. |
A short-term license with extended limits is available for solution testing.
For inquiries regarding obtaining a demo license, please contact us at: foreign.sales@eltex-co.ru. |
To activate a license, you must have the license key file received from your sales manager when purchasing the product. |
The license activation process is described in detail in the NAICE built-in documentation in the section Licensing → Actions for license activation. Instructions on how to access the built-in documentation are provided in v1.0_4. Built-in documentation.
The current license status can be monitored on the dedicated Licensing page in the NAICE web interface. A description of the elements on this page is available in the built-in documentation under Licensing → License management and monitoring. Instructions on how to the built-in documentation are provided in v1.0_5. Built-in documentation.
In addition, license status over a selected period of time can be monitored using the system monitoring tools.
If it is necessary to modify license parameters (for example, to increase the number of successfully authorized unique endpoints per 24-hour period), contact your sales manager or send a request to foreign.sales@eltex-co.ru.
After approval, the parameters of the current license will be updated. The update of parameters in NAICE will occur automatically after a certain period of time. To accelerate the process, a manual update may be performed. The procedure for manual license parameter update is described in the built-in documentation under Licensing → License composition modification (see v1.0_4. Built-in documentation for instructions on accessing the built-in documentation).
In rare cases, it may be necessary to replace the current license with a new one. In this case, a new product key corresponding to the new license must be uploaded. The license replacement process is also described in the built-in documentation under Licensing → Full license replacement.
If you have additional questions regarding licensing, please contact your sales manager or send a request to foreign.sales@eltex-co.ru. |