Fortinet black logo

Online Help

License Overview

Copy Link
Copy Doc ID cf00dcb1-0886-11ed-bb32-fa163e15d75b:135990

License Overview

Kubernetes Clusters generally have an average of 4 nodes, and every node would have 1 Kubernetes agent installed for monitoring and security protection from FortiCNP Container Protection.

Each node uses 1 license seat from FortiCNP Container Protection.

FortiCNP Container Protection not only provides container protection, but also provides Cloud Protection for the same host(VM).

For Example, if the FortiCNP Container Protection has 200 license seats capacity, it will also provide Cloud Protection service for 200 virtual machines.

FortiCNP Container Protection License Detail

Click Company at the top right hand side from the main dashboard to access the Company Info.

In the example below, under License Purchased section, the FortiCNP Container Protection license has 200 nodes capacity or 200 license seats.

In Service Info section, it shows that it still has 27 in use out of 200 nodes, so there are still 173 nodes available.

FortiCNP Container Protection Configuration

Go to Configure > Kubernetes Cluster page, under Total Node # column, it shows the total number of nodes used from each cluster.

The FortiCNP Container Protection Status column shows the status of each cluster.

Click on the Action button to turn On/Off the FortiCNP Container Protection.

When FortiCNP Container Protection is turned off, all license seats used by the cluster will be released and become available for other clusters.

In the example above, there are 4 nodes used by the GKE Kubernetes cluster, when the FortiCNP Container Protection is turned off, all 4 nodes' license seats will be released, and the total number of license seats available would increase to 177.

FortiCNP Container Protection Status

FortiCNP Container Protection Status Description
On FortiCNP Container Protection manually turned on by user.
Off by User FortiCNP Container Protection manually turned off by user.
Off by System FortiCNP Container Protection automatically turned off by the system due to insufficient license seat.

Off by System Selection

In the case when the number of available license seats are used up, and there are not enough license seats for the newly added Kubernetes cluster. FortiCNP Container Protection will optimize resource distribution by turning off 1 or more clusters. The clusters that are turned off will have Off by System status, but are still awaiting in queue to have license seats assigned to them when become available.

When a cluster is turned off, all the license seats assigned are free up and made available for other clusters.

The system determines which cluster(s) to turn off following the precedence below:

  1. Unhealthy Kubernetes Agent Status - the clusters with unhealthy status would take first precedence to be turned off over other clusters with healthy status.
  2. Number of nodes - the clusters with the least number of nodes will take second precedence to be turned off to minimize the number of clusters that need to be turned off

FortiCNP Container Protection checks every 30 minutes to determine which Kubernetes cluster that needs to be turned off to optimize resource distribution.

For example, the cluster below that is unhealthy and at the same time only has 1 node would be turned off first by the system when all license seats are used up.

To avoid getting cluster(s) turned off by system, turn off the unhealthy clusters or clusters that are not in priority for FortiCNP Container Protection service.

License Overview

Kubernetes Clusters generally have an average of 4 nodes, and every node would have 1 Kubernetes agent installed for monitoring and security protection from FortiCNP Container Protection.

Each node uses 1 license seat from FortiCNP Container Protection.

FortiCNP Container Protection not only provides container protection, but also provides Cloud Protection for the same host(VM).

For Example, if the FortiCNP Container Protection has 200 license seats capacity, it will also provide Cloud Protection service for 200 virtual machines.

FortiCNP Container Protection License Detail

Click Company at the top right hand side from the main dashboard to access the Company Info.

In the example below, under License Purchased section, the FortiCNP Container Protection license has 200 nodes capacity or 200 license seats.

In Service Info section, it shows that it still has 27 in use out of 200 nodes, so there are still 173 nodes available.

FortiCNP Container Protection Configuration

Go to Configure > Kubernetes Cluster page, under Total Node # column, it shows the total number of nodes used from each cluster.

The FortiCNP Container Protection Status column shows the status of each cluster.

Click on the Action button to turn On/Off the FortiCNP Container Protection.

When FortiCNP Container Protection is turned off, all license seats used by the cluster will be released and become available for other clusters.

In the example above, there are 4 nodes used by the GKE Kubernetes cluster, when the FortiCNP Container Protection is turned off, all 4 nodes' license seats will be released, and the total number of license seats available would increase to 177.

FortiCNP Container Protection Status

FortiCNP Container Protection Status Description
On FortiCNP Container Protection manually turned on by user.
Off by User FortiCNP Container Protection manually turned off by user.
Off by System FortiCNP Container Protection automatically turned off by the system due to insufficient license seat.

Off by System Selection

In the case when the number of available license seats are used up, and there are not enough license seats for the newly added Kubernetes cluster. FortiCNP Container Protection will optimize resource distribution by turning off 1 or more clusters. The clusters that are turned off will have Off by System status, but are still awaiting in queue to have license seats assigned to them when become available.

When a cluster is turned off, all the license seats assigned are free up and made available for other clusters.

The system determines which cluster(s) to turn off following the precedence below:

  1. Unhealthy Kubernetes Agent Status - the clusters with unhealthy status would take first precedence to be turned off over other clusters with healthy status.
  2. Number of nodes - the clusters with the least number of nodes will take second precedence to be turned off to minimize the number of clusters that need to be turned off

FortiCNP Container Protection checks every 30 minutes to determine which Kubernetes cluster that needs to be turned off to optimize resource distribution.

For example, the cluster below that is unhealthy and at the same time only has 1 node would be turned off first by the system when all license seats are used up.

To avoid getting cluster(s) turned off by system, turn off the unhealthy clusters or clusters that are not in priority for FortiCNP Container Protection service.