Professional Documents
Culture Documents
Licensing Guidelines For Kaspersky Products
Licensing Guidelines For Kaspersky Products
products
Date: May 2023
Contents
1. Disclaimer ........................................................................................................................................... 3
2. Glossary ............................................................................................................................................. 4
Security for Home and SOHO (small office, home office) .......................................................................................... 6
Sandbox ...................................................................................................................................................................22
CyberTrace ...............................................................................................................................................................35
xSP ...........................................................................................................................................................................35
Appendix 1. Reference list of Kaspersky license types (as SKU attribute) ................................................46
Appendix 5. Examples of KEDR licensing options basing on specific customer cases .............................50
Appendix 7. The daily licensed traffic volume has been exceeded or not completely used .......................53
This guidebook includes description of general licensing principles of Kaspersky as well as licensing
schemes specified by products. This document states global guidelines for commercial licensing of Kaspersky
products and does not incorporate any guidance on sales of Kaspersky Services.
This document can be distributed among partners (distributors, resellers, etc.) in order to provide them with
clear outline of current licensing practices in Kaspersky.
Please be advised that the actual commercial product availablity and actual commercial SKU set availability
in each regional market is provided in accordance with a price-list effective for a particular sales territory.
Licensing – a set of commercial rules, according to which Kaspersky as a Vendor distributes its products to
partners.
License – internal term for the purpose of this document used for indication of end-user right to use the
product purchased and installed on one license object.
Product – one or several applications along with key files/activation codes to be delivered to an end user and to be
activated.
Application – the software released by Kaspersky which is intended for distribution outside the company.
License object – physical or virtual entity that is intended to be protected by Kaspersky product. The number of
license objects are calculated in order to count the required number of licenses to be sold.
Factor – tool that allows to adjust percentage of licenses objects assigned to one product.
For example, Kaspersky Total Security for Business includes 6 license objects – nodes, MDM-nodes, SM-
nodes, nodes under gateway and mail users.
Market Sector – a category of customers who have the same needs in product functionality, and are similar in their
buying behavior:
• Consumer sector (B2C, Business-to-Customer) – products included in this group are targeted to end-
consumers, and business activities are aimed at selling products basically through retail and online channel.
• Corporate sector (B2B, Business-to-Business) – products included in this group are targeted to companies, and
business activities are aimed at selling products basically through distribution channel.
Kaspersky provides various licensing schemes of its products. These schemes are differed by package (e.g.,
user license, download pack, box), by purchase rotation (initial and renewal licenses), by license period (e.g., 1, 2, 3
years), by quantity of license objects (e.g., 1 desktop, 100 MB per day, 250 nodes), by deal type (e.g., add-on), by
customer segment (e.g., Public Sector), by maintenance type (e.g., Standard, Premium) etc.
Please note that for one SKU only one listed price can be set.
KORM – Kaspersky Order Management System, where authorized accounts can place orders on specific SKUs.
Key file is a binary file that allows the user to activate an application.
Activation code – unique code of a certain format that enables Kaspersky product activation.
If a customer needs additional protection of the same functionality during license period the new key
file/activation code is to be issued. This key file/activation code should be co-termed with the initial key file/activation
code, unless the customer is explicitly requesting not to co-term. Co-terming means aligning expiration dates of
original and additional licenses so they expire simultaneously.
Generally speaking, this is a technical process of combining additional key file/activation code with existing
key file/activation code in order to create one combined key file/activation code for the total quantity of protected
license objects. Only identical product functionality can be combined through consolidation process.
Consolidation is an exceptional approach to specific products that are clearly stated in this policy.
If a customer is buying SKU with Add-on license type, the expiration date of the license for this Add-on SKU
will be aligned with the expiration date of the license for the main product to which Add-on license is purchased. It is
not possible to sell SKU with Add-on license type for the license term shorter or longer than the license term of the
main product.
Kaspersky Security Cloud – Personal Device 100% Only 3- and 5-device licenses
(KSCP) + are available
1 KPM Account
Kaspersky Security Cloud – Family Device 100% Only 10-device licenses are
(KSCF) + available
5 KPM Accounts
+
1 Safe Kids Account
During the license period, a user can upgrade to a product with a wider functionality (e.g., upgrade from
Kaspersky Anti-Virus to Kaspersky Internet Security). Special upgrade SKUs exist in price-list.
Kaspersky Small Office Security for Desktop 100% the license period for the products will start on
Desktops and Mobiles + the day of activating the code by the customer,
Mobile Device 100% and the expiration date will be set in accordance
+ with this activation date. Orders can be placed
User 100% both individually per each customer and as a
pool of codes. Co-terming of additional licenses
Kaspersky Small Office Security for Desktop 100% is not available
Desktops, Mobiles and File Servers +
Mobile Device 100%
+
File Server 10%
+
User 100%
Kaspersky Small Office Security for Desktop 100% the license period starts for the product is
Desktops and Mobiles (fixed-date) + starting on the day of placing order (i.e.,
Mobile Device 100% expiration date of the license is automatically set
+ at the moment of placing the order since
User 100% activation code starts to expire immediately).
Orders are placed for each customer
Kaspersky Small Office Security for Desktop 100% individually. Co-terming of additional licenses is
Desktops, Mobiles and File Servers + available
(fixed-date) Mobile Device 100%
+
File Server 10%
+
User 100%
The number of KSOS licenses to be issued is calculated basing on the total number of desktops (incl. laptops)
to be protected.
The number of other license objects included in KSOS products (mobile devices, users and file servers) is
calculated basing on the percentage of the total number of protected desktops (basing on the factor). KSOS license
objects and the factors assigned are indicated in the table above.
Please see Appendix 2 for detailed description of calculation of quantity of KSOS licenses required.
• from earlier versions of Kaspersky Small Office Security to the newest one;
• from Kaspersky Small Office Security to Kaspersky Endpoint Security for Business products;
• from Kaspersky Endpoint Security for Business products to Kaspersky Small Office Security.
Renewal license type should be used for this purpose.
Upgrade from Kaspersky Small Office Security to KES Cloud, KES Cloud Plus or KES Cloud Pro is allowed.
Please note that if upgrade is being done at the time of renewal, the customer is entitled to renewal pricing.
Purchase of additional licenses (up-sell) is available during the licensing period of the original licenses or at
the time of renewal.
Minimum up-sell order quantity is 5 licenses (or 1 license pack per 5 desktops/5 mobile devices/1 file
server/5users).
Up-sell order is recommended to place through the same channel where the initial licenses were purchased
and within the very same set of SKUs related to this channel (considering co-term limitations mentioned previously).
The number of licenses for any of KES Cloud product tiers is calculated based on the total number of users
to be protected. 10 users license of KES Cloud covers 10 workstation, laptop or file server and 20 mobile devices. 10
users license of KES Cloud Plus or KES Cloud Pro covers 10 workstation, laptop or file server, 20 mobile devices and
15 mailboxes of Microsoft Office365.
KES Cloud, KES Cloud Plus and KES Cloud Pro can be purchased together to protect users in 1 company
and can be managed in 1 account. Please be informed that creating of separate workspaces in that account is required
for managing various tiers of KES Cloud products.
Kaspersky Endpoint Security Cloud Plus Kaspersky Endpoint Security Cloud Pro
Kaspersky Small Office Security for Desktops, Mobiles Kaspersky Endpoint Security Cloud /
and File Servers / Kaspersky Endpoint Security Cloud Plus /
Kaspersky Small Office Security for Desktops, Mobiles Kaspersky Endpoint Security Cloud Pro
and File Servers (fixed-date)
Please note that if upgrade is being done at the time of renewal, the customer is entitled to renewal pricing.
Customer can migrate from KESB products (Select, Advanced or Total), or KEDR Optimum to KES Cloud,
KES Cloud Plus or KES Cloud Pro. Please be advised that if the migration is processed at the time of renewal, the
customer is entitled to renewal pricing. Please note that migration from KEDR Optimum to KES Cloud, KES Cloud
Plus or KES Cloud Pro is allowed at a time of renewal only. In that case the customer is entitled to renewal pricing.
Migration from KEDR Expert to KES Cloud products is not allowed. However, the customer can purchase KES Cloud
product at initial (i.e., base) pricing.
There are no any technical specifics of migrating from previous version of KES Cloud. Re-installation of KES
for Windows is not required.
Technical migration from other endpoint products (on premises or cloud based) to KES Cloud or KES Cloud
Plus requires re-deployment and re-setup of the entire customer’s infrastructure.
Total Security
Product License objects and license Comments, limitations
count
1 But not more than number of mobile devices protected by Kaspersky product. Please refer to Licensing of
Kaspersky Security Center Mobile Device Management functionality
2 But not more than number of mobile devices protected by Kaspersky product. Please refer to Licensing of
The number of KESB licenses to be issued is calculated based on the total number of nodes (workstations,
laptops, mobile devices and servers) to be protected.
The number of other license objects included in KESB products (e.g., MDM-node, SM-node, mail user, etc.)
is calculated based on the percentage of the total number of protected endpoints (i.e., based on the factor). License
objects assigned to each product and their factors are indicated in the above tables.
Please see Appendix 3 for detailed description of calculation of quantity of KESB licenses required.
Please be advised that if a customer wants to use Kaspersky Security Center Cloud Console (KSC Cloud
Console), the customer would need effective KESB licenses (Select, Advanced or Total). Please note that this
functionality is available for the number of KESB licenses starting from 300 nodes only.
Factor for Vulnerability and Patch Management (VPM) functionality of Security Center (SC) is 100%. This
factor is applied to the whole number of licenses purchased.
VPM functionality of SC can be applied independently from the endpoint protection. VPM functionality of SC
may be distributed on endpoints that are not protected by KESB.
Mobile Device Management (MDM) functionality of SC is applied to the number of mobile devices due to be
protected with Kaspersky Endpoint Security. This number is calculated by SC as the total number of KESB licenses
purchased less the number of KESB licenses installed on workstations and servers.
SC may manage iOS devices and provide MDM capabilities even if those devices don’t use Kaspersky's threat
protection capabilities. Please note that in these cases, a full license of KESB should be assigned to the mobile device.
Kaspersky Endpoint Security for Business - Select Kaspersky Endpoint Security for Business - Advanced
Kaspersky Endpoint Security for Business - Select Kaspersky Total Security for Business
Kaspersky Endpoint Security for Business - Advanced Kaspersky Total Security for Business
The number of KEDR Optimum Add-On licenses sold to the customer should be the same or less than the
number of KESB/KHCS licenses the customer already has. For example, if a customer has 400 nodes protected with
KESB-Select and wants to have an additional layer of KEDR Optimum protection for the critical 250 nodes, the
customer can buy 250 licenses of KEDR Optimum Add-on. Please be advised that when adding KEDR Optimum Add-
On licenses to KHCS with CPU licensing scheme, the number of KEDR Optimum Add-On licenses should be equal
to the number of virtual machines a customer wants to protect with KEDR Optimum functionality.
The number of KEDR Optimum licenses is calculated based on the total number of nodes (workstations,
laptops, mobile devices and servers) to be protected.
4 Butnot more than the number of mobile devices protected by Kaspersky product. Please refer to Licensing of
Kaspersky Security Center Mobile Device Management functionality. Only applies to Kaspersky Endpoint Security
for Business
Kaspersky Endpoint Security Cloud Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Security Cloud Plus Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Security Cloud Pro Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Security for Business - Select Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Security for Business - Advanced Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Detection and Response Optimum Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Response Optimum Kaspersky Endpoint Detection and Response Expert /
Add-on (on top of KESB product – Select, Advanced or Kaspersky Endpoint Detection and Response Expert
Total) Add-on5 (on top of KESB product – Select, Advanced
or Total)
As to the last migration scenario mentioned in the table above, in case a customer is using KESB-Select
together with KEDR Optimum Add-On, the customer can upgrade KEDR Optimum Add-on licenses to KEDR Expert
Add-On licenses while continuing using KESB-Select licenses. Or, the customer can upgrade KESB-Select and KEDR
Optimum Add-on licenses to KEDR Expert licenses so to upgrade both EDR and KESB functionality.
Please note that upgrades from KEDR Optimum to KEDR Expert has to be validated by Kaspersky local
presales team.
Please be advised that if the upgrade is processed at the time of renewal, the customer is entitled to renewal
pricing.
Migration from KEDR Optimum to KESB products (Select, Advanced, or Total), KES Cloud products is
allowed at a time of renewal only. In that case the customer is entitled to renewal pricing.
Please be advised that in case a customer is using Kaspersky Total Security for Business and wants KEDR
Optimum functionality for its workstations/laptops, it is recommended to offer to the customer licenses of KEDR
Optimum Add-On. Please note that at the time of renewal a customer can migrate from KESB Total to Optimum
Security at renewal pricing.
Please note that if a customer wants to use Kaspersky Security Center Cloud Console (KSC Cloud Console)
and KEDR Optimum functionality, the customer would need effective KEDR Optimum licenses (the license quantity
starting from 300 nodes) or effective KESB-licenses together with effective KEDR Optimum Add-on licenses (starting
5 Please be advised that KEDR Expert Add-On licenses should be co-termed with KESB licenses
Kaspersky Endpoint Detection and Node 100% KEDR Expert functionality requires
Response Expert + consolidation
MDM-Node 100%6
(KEDR Expert) +
SM-Node 100%
+
Node (EDR functionality) 100%
+
Alerts & incidents retention period =
360 days
+
Telemetry retention period = 30 days
Kaspersky Endpoint Detection and Node 100% KEDR Expert functionality requires
Response Expert Add-On + consolidation
Alerts & incidents retention period = The KEDR Expert Add-On is not
(KEDR Expert Add-on) 360 days sold as a stand-alone product. It
+ can be purchased only in addition
Telemetry retention period = 30 days to effective licenses of KESB
product (Select, Advanced, or
Total) or Kaspersky Hybrid Cloud
Security product in on-premise
scenario (KHCS Standard or
Enterprise edition)
Kaspersky Endpoint Detection and Node 100% Kaspersky Endpoint Detection and
Response Expert Telemetry + Response Expert Telemetry
Retention 60 days Alerts & incidents retention period = Retention 60 days is not sold as a
360 days stand-alone product. It can be
+ purchased only in addition to
Telemetry retention period = 60 days effective licenses of KEDR Expert
or KEDR Expert Add-on
Kaspersky Endpoint Detection and Node 100% Kaspersky Endpoint Detection and
Response Expert Telemetry + Response Expert Telemetry
Retention 90 days Alerts & incidents retention period = Retention 90 days is not sold as a
360 days stand-alone product. It can be
+ purchased only in addition to
Telemetry retention period = 90 days effective licenses of KEDR Expert
or KEDR Expert Add-on
6 Butnot more than the number of mobile devices protected by Kaspersky product. Please refer to Licensing of
Kaspersky Security Center Mobile Device Management functionality. Only applies to Kaspersky Endpoint Security
for Business
The number of KEDR Expert licenses is calculated based on the total number of nodes (workstations, laptops
and servers) due to be protected. This number may be less than the overall number of nodes in the organization.
The number of KEDR Expert Add-On licenses sold to the customer should be the same or less than the
number of KESB/KHCS licenses the customer already has. For example, if a customer has 400 nodes protected with
KESB-Select and wants to have an additional layer of KEDR Expert protection for the critical 250 nodes, the customer
can buy 250 licenses of KEDR Expert Add-on. Please be advised that when adding KEDR Expert Add-On licenses to
KHCS with CPU licensing scheme, the number of KEDR Expert Add-On licenses should be equal to the number of
virtual machines a customer wants to protect with KEDR Expert functionality.
The license term of KEDR Expert Add-On can be equal or less than the license term of the main product.
The number of KEDR Expert Telemetry Retention licenses is calculated based on the total number of nodes
that requires extended telemetry storage time. This number should be equal to the number of nodes protected by
KEDR Expert or KEDR Expert Add-on. The license term of KEDR Expert Telemetry Retention should be equal or
less than the license term of the main product.
Please be advised that it is not allowed to mix KEDR Expert Telemetry Retention 60 days and 90 days
licenses for 1 customer.
Kaspersky Endpoint Security Cloud Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Security Cloud Plus Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Security Cloud Pro Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Security for Business - Select Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Security for Business - Advanced Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Response Optimum Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Response Optimum Kaspersky Endpoint Detection and Response Expert /
Add-on (on top of KESB product – Select, Advanced or
Total)
Kaspersky Endpoint Detection and Response Standard Kaspersky Endpoint Detection and Response Expert /
Edition Kaspersky Endpoint Detection and Response Expert
Add-on
Kaspersky Endpoint Detection and Response Kaspersky Endpoint Detection and Response Expert /
Advanced Edition Kaspersky Endpoint Detection and Response Expert
Add-on
Please note that upgrades from KEDR Optimum to KEDR Expert has to be validated by the local presales
team.
Please be advised that if the upgrade is processed at the time of renewal, the customer is entitled to renewal
pricing.
Migration from KEDR Expert to KES Cloud products is not allowed. However, the customer can purchase
KES Cloud product at initial (i.e., base) pricing.
Please be advised that in case a customer is using Kaspersky Total Security for Business and wants KEDR
Expert functionality for its nodes, it is recommended to offer to the customer licenses of KEDR Expert Add-On.
For recommendations regarding the product/s needed for each particular customer’s infrastructure please
contact ESIG@kaspersky.com.
Please note that if a customer wants to use Kaspersky Security Center Cloud Console (KSC Cloud Console)
and KEDR Expert functionality, the customer would need effective KEDR Expert licenses (starting from 50 nodes) or
effective KESB (Select, Advanced or Total) licenses (starting from 300 nodes) together with effective KEDR Expert
Add-on licenses (starting from 50 nodes). Please be informed that the minimum license qty of KESB licenses, i.e., 300
licenses, is the obligatory requirement to access KSC Cloud Console functionality even when the customer has 50
licenses of KEDR Expert Add-on. KEDR Standard/Advanced Edition licenses will not be accepted by KSC Cloud
Console.
7 Please be advised that KEDR Expert Add-On licenses should be co-termed with KESB licenses
Kaspersky Managed Detection and Response Optimum The MDR functionality requires
Add-On / consolidation.
Kaspersky MDR Optimum Add-on (for STAN region only) Node
100% Kaspersky will not process
Kaspersky Managed Detection and Response Expert orders from 1 customer that are
Add-On / split across 2 Kaspersky MDR
Add-On products (Optimum and
Kaspersky MDR Expert Add-on (for STAN region only) Expert)
Kaspersky MDR Optimum / Expert Add-on is not sold as a stand-alone service. It can be purchased only in
addition to effective license of the following products:
This number may be equal or less than the overall number of nodes protected by KESB product (Select,
Advanced or Total), by KEDR Optimum or by Kaspersky Hybrid Cloud Security products. For example, if a customer
has 1000 nodes protected by Kaspersky Total Security for Business and 150 virtual machines protected by Kaspersky
Hybrid Cloud Security and wants to have an additional layer of MDR protection for the critical 500 nodes and all 150
virtual machines, the customer should buy a certificate of MDR Optimum / Expert Add-On for 650 nodes.
In case of purchasing MDR Optimum / Expert Add-On for Kaspersky Hybrid Cloud, CPU or Kaspersky Hybrid
Cloud Security Enterprise, CPU, MDR licenses should be counted based on the total number of virtual machines
on the corresponding server/s.
The license term of Kaspersky MDR service can be equal or less than the license term of the main product.
Kaspersky MDR Optimum / Expert includes EDR Optimum functionality. If a customer is willing to purchase
MDR Optimum / Expert and wants to add EDR Optimum protection as well, the customer should be offered Kaspersky
MDR service only. There is no need to purchase EDR Optimum Add-On in this case. If a customer already has EDR
Optimum and is willing to purchase MDR Optimum / Expert Add-On, he is entitled for an additional discount. Please
send your request for such a discount to intelligence@kaspersky.com.
Customer can upgrade from Kaspersky MDR Optimum Add-On to Kaspersky MDR Expert Add-On.
The number of Kaspersky Optimum Security licenses is calculated based on the total number of non-mobile
nodes (workstations, laptops and servers) due to be protected. Two licenses for mobile device protection are provided
for each license free of charge, and therefore are not included in the number of licenses to be purchased.
Please be advised that KESB/KEDRO licenses installed to protect mobile devices should be subtracted from
the license count while upgrading to Kaspersky Optimum Security. For example, a customer has 400 KESB-
Advanced licenses installed on workstations and servers together with 100 KESB-Advanced licenses installed on
mobile devices, and it wants to upgrade to Kaspersky Optimum Security. This customer should be offered 400 licenses
of Kaspersky Optimum Security. Thus the customer will be able to protect up to 400 non-mobile nodes and up to 800
mobile devices.
Please be advised that in case a customer is using Kaspersky Total Security for Business and wants Optimum
Security functionality for its nodes, it is recommended to offer to the customer licenses of Kaspersky MDR Optimum
Add-On. Please note that at the time of renewal a customer can migrate from KESB Total to Optimum Security at
renewal pricing.
Migration from Kaspersky Optimum Security to KESB products (Select, Advanced, or Total) and to Kaspersky
EDR Optimum is allowed at a time of renewal only. In that case, the customer is entitled to renewal pricing.
In case a customer wants to upgrade MDR Optimum functionality included in Optimum Security to MDR Expert
functionality level, the customer should be offered Kaspersky MDR Expert Add-on. The number of Kaspersky MDR
Expert Add-On licenses should be equal to the overall number of nodes protected by Optimum Security. The license
term of Kaspersky MDR Expert service can be equal or less than the license term of Kaspersky Optimum Security.
In case of any questions please contact intelligence@kaspersky.com.
Kaspersky Sandbox, Node can not be sold as a stand-alone product, unless it will be used with 3rd party
products through an API. It can purchased in addition to the effective license of the following products:
The license term of Kaspersky Sandbox, Node can be equal or less than the license term of the main
product.
Please note that Kaspersky Sandbox, Node is available for integration with 3rd party (non-Kaspersky)
solutions, which can send files for analysis to and receive verdicts from Kaspersky Sandbox through RESTful API. For
recommendations on licensing scenarios for Kaspersky Sandbox integration with 3rd party solutions, please contact
ESIG@kaspersky.com.
Please be informed that Kaspersky Sandbox, Node is currently under end-of-sales process. Only renewal
licenses are available for purchase. For the valid end-of-life date please refer to
https://support.kaspersky.com/corporate/lifecycle. After the end-of-life date Kaspersky Sandbox, Node won’t be
available for purchase.
The migration recommendation for customers using Kaspersky Sandbox, Node is to upgrade either to KEDR
Optimum or to KEDR Expert. For the exact sandbox technology scope offered by each of KEDR product please refer
to corresponding product materials at https://www.kaspersky.com/enterprise-security. Please be advised that if such
an upgrade is being done at the time of renewal, the customer is entitled to renewal pricing.
8 But not less than the minimum band available in the price-list
Mail users – the number of mailboxes to be monitored (through mail traffic monitoring).
Throughput – the total bandwidth of all customer Internet connections to be monitored. Where the customer
has two or more Internet connections, the total required bandwidth should be calculated in order to determine the
appropriate Kaspersky Anti Targeted Attack Platform level for purchase (Standard, Advanced, or Enterprise).
Current KATA (Standard, Advanced, or Enterprise) customer wants to extend mail traffic monitoring on
additional mail users – over 2500 existing ones. 1 KATA Extension Module should be offered to cover each
increment of a further 5000 mail users. Please refer to the table below.
KATA
KATA KATA KATA
Up to 2500 Extension
Standard Advanced Enterprise
Module/s
Over 4 Gbit/s
Between Between
(1 Module for
Up to 1 Gbit/s 1 Gbit/s and 2 Gbit/s and
each additional
2 Gbit/s 4 Gbit/s
2 Gbit/s)
Throughput
Please note that the purchase of a separate KATA Extension Module is necessary for each additional
functionality (extra mail users, additional throughput, additional sandbox). A customer requiring both 5,000 additional
mail users and 2 Gbit/s of extra traffic to KATA Enterprise, for example, must purchase 2 KATA Extension Modules,
1 module per each functionality required. A single KATA Extension Module can’t be used to cover both requirements.
For technical guidance regarding the actual number of KATA Extension Modules required please contact
ESIG@kaspersky.com.
Please be advised that the license term of KATA Extension Module add-on SKU should be consistent with
that of the initial order for the main KATA Platform product. For example, a customer who has purchased KATA
Standard for 2 years, and who 6 months later wants to add a KATA Extension Module to cover additional mail users
over 2,500, should be offered a 2-year add-on SKU for KATA Extension Module. This should then be co-termed with
the initial license for KATA Standard.
A customer can upgrade within the Kaspersky Anti Targeted Attack Platform product family (please see
below):
Kaspersky Anti Targeted Attack Platform Standard Kaspersky Anti Targeted Attack Platform Advanced
Kaspersky Anti Targeted Attack Platform Standard Kaspersky Anti Targeted Attack Platform Enterprise
Kaspersky Anti Targeted Attack Platform Advanced Kaspersky Anti Targeted Attack Platform Enterprise
Please note that upgrading within the KATA product family provides only extended internet bandwidth and
availability of additional sandboxes. The number of mail users is set at the same level of 2 500 for all product levels.
To add extra mail users, KATA Extension Module/s should be offered, as in the table above.
For technical guidance regarding the actual number of KATA Extension Modules required please contact
ESIG@kaspersky.com.
Examples of typical migration scenarios for existing Kaspersky Anti Targeted Attack Platform customers
Kaspersky Anti Targeted Attack Platform Standard Kaspersky Anti Targeted Attack Platform Standard
Kaspersky Anti Targeted Attack Platform Advanced Kaspersky Anti Targeted Attack Platform Standard
(<2500 mail users, <1Gbit/s)
Kaspersky Anti Targeted Attack Platform Advanced Kaspersky Anti Targeted Attack Platform Standard
(2500-5000 mail users, <1Gbit/s) +
1 KATA Extension Module Add-on (for additional mail users
over 2500)
Kaspersky Anti Targeted Attack Platform Enterprise Kaspersky Anti Targeted Attack Platform Advanced
(<2500 mail users; <2Gbit/s)
Kaspersky Anti Targeted Attack Platform Enterprise Kaspersky Anti Targeted Attack Platform Advanced
(2500-7500 mail users; <2Gbit/s) +
1 KATA Extension Module Add-on (for additional mail users
over 2500)
Kaspersky Anti Targeted Attack Platform Enterprise Kaspersky Anti Targeted Attack Platform Enterprise
(<2500 mail users; 2–4 Gbit/s)
Kaspersky Anti Targeted Attack Platform Enterprise Kaspersky Anti Targeted Attack Platform Enterprise
(2500-7500 mail users; 2–4 Gbit/s) +
1 KATA Extension Module Add-on (for additional mail users
over 2500)
Kaspersky Anti Targeted Attack Platform Enterprise Kaspersky Anti Targeted Attack Platform Enterprise
(7500-12500 mailbox users; 2–4 Gbit/s) +
2 KATA Extension Module Add-ons (for additional mail users
over 2500, 1 module per each additional 5000 mail users)
For recommendations on the best migration scenarios for existing Kaspersky Anti Targeted Attack Platform
customers, please contact ESIG@kaspersky.com.
The number of KEDR Standard / Advanced Edition and KATA EDR Agent licenses required is calculated
based on the total number of nodes (workstations, laptops and servers) due to be protected. This number may be less
than the overall number of nodes in the organization. Also, it should not necessarily be equal to the number of nodes
protected by Kaspersky Endpoint Security.
The KATA EDR Agent is not sold as a stand-alone product. It can be purchased in addition to the KATA
Platform product line (Standard, Advanced, or Enterprise) and to Kaspersky Anti Targeted Attack Platform Enterprise
EDR Edition (please see product information below).
Please note that there is no need to install an additional Central Node to manage KATA EDR agents and/or
Sandbox. KATA Central Node and Sandbox can be used for this purpose.
9 A Central Node has a limitation of the number of nodes under its management – the maximum number is 10 000
nodes. If the number of nodes exceeds 10 000, additional Central Node/s should be installed accordingly.
10 A Central Node has a limitation of the number of nodes under its management – the maximum number is 10 000
nodes. If the number of nodes exceeds 10 000, additional Central Node/s should be installed accordingly.
Customer can upgrade from KEDR Standard Edition to KEDR Advanced Edition. Please note that if upgrade
is being done at the time of renewal, the customer is entitled to renewal pricing.
Renewal from KEDR Standard / Advanced Edition to KATA Enterprise EDR is allowed (for customers with no
more than 10 000 protected nodes).
Renewal from KATA Enterprise EDR to KATA Platform Advanced or Enterprise purchased together with KATA
EDR Agent is allowed. Please note that in this case the additional purchase of KATA Extension Module/s may be
necessary.
For recommendations regarding the product/s needed for each particular customer’s infrastructure please
contact ESIG@kaspersky.com.
For examples of KEDR licensing options basing on specific customer cases please refer to Appendix 5.
For customers that require up-sell for the effective license of KSV, additional licenses of KHCS Standard
Edition can be sold. The up-sell with the KHCS product should be processed within the same licensing model as per
the initial KSV deal.
The renewing and up-selling from KSV, Core to KHCS, CPU should be processed based on the exact
number of CPUs to be protected. Please note that for renewal deals we also suggest to take into consideration the
amount previously paid by the customer and to calculate renewal deal amount in accordance with it.
Kaspersky Hybrid Cloud Security, Desktop covers migration scenario from physical desktops to virtual
desktop infrastructure (VDI). Thus, current KESB - Select customers may renew KESB - Select to KHCS Dt. Current
KESB - Advanced and Total customers may renew to KHCS Dt, but there will be a loss of functionality (i.e., such
functionality as Vulnerability Assessment and Patch Management, SIEM connectors and such) and therefore is not
recommended.
Kaspersky Hybrid Cloud Security Enterprise, Desktop covers migration scenario from physical
desktops to VDI. Thus current KESB (all editions) customers may renew KESB - Select, - Advanced or Total to KHCS
Enterprise, Dt.
Mixing licensing models of KHCS products (within one product edition – Standard or Enterprise)
Mixing per workload (physical servers, virtual servers, and virtual desktops) licensing model and per CPU
licensing model is allowed in case each licensing model is deployed in a separate infrastructure (e.g., activating CPU
licenses on virtualization platforms and Server/Desktop on physical or cloud workloads).
Mixing Server KHCS Standard and Enterprise licenses requires approval from product management.
Mixing Desktop KHCS Standard and Enterprise licenses requires approval from product management.
Any edition of KHCS Desktop may be purchased along with any edition of KHCS Server and does not require
an additional approval.
Mixing CPU KHCS Standard and Enterprise licenses requires approval from product management.
Kaspersky Hybrid Cloud Security Desktop Kaspersky Hybrid Cloud Security Enterprise, Desktop
Kaspersky Hybrid Cloud Security, Server Kaspersky Hybrid Cloud Security Enterprise, Server
Kaspersky Hybrid Cloud Security, CPU Kaspersky Hybrid Cloud Security Enterprise, CPU
Kaspersky Endpoint Security for Business - Select Kaspersky Hybrid Cloud Security, Desktop
Kaspersky Endpoint Security for Business - Advanced Kaspersky Hybrid Cloud Security Enterprise, Desktop
For recommendations regarding the product/s needed for each particular customer’s infrastructure please
contact Global Presales team.
For examples of KHCS licensing options basing on specific customer cases please refer to Appendix 6.
Kaspersky Vulnerability and Patch Management is the successor of Kaspersky Systems Management. So
current customers of Kaspersky Systems Management can renew to Kaspersky Vulnerability and Patch Management.
For customers that require up-sell for the effective license of Kaspersky Systems Management, additional
licenses of Kaspersky Vulnerability and Patch Management can be sold.
Kaspersky Encryption for Node Kaspersky Encryption for Endpoint is not sold as a
Endpoint 100% stand-alone product. It can be purchased only in
addition to Kaspersky Endpoint Security for
Business – Select
Please be informed that the product is currently
under end-of-sales process
Kaspersky Mail user (i.e., mail Add-on SKUs can’t be purchased as stand-alone. They can be
Security for Mail boxes/addresses under purchased only in addition to:
Server mail server, mail • Kaspersky Endpoint Security for Business – Select,
gateway) • Kaspersky Endpoint Security for Business – Advanced,
100%
• Kaspersky Total Security for Business,
(150% for Add-on • Kaspersky Endpoint Detection and Response Optimum11,
SKUs)
• Kaspersky Hybrid Cloud Security, Desktop,
Kaspersky Node (i.e., nodes under • Kaspersky Hybrid Cloud Security Enterprise, Desktop,
Security for Internet gateway) • Kaspersky Optimum Security12.
Internet Gateway 100%
Mail protection functionality requires consolidation.
(110% for Add-on
SKUs) Gateway protection functionality requires consolidation.
Kaspersky Security for Microsoft Office 365 (KS for Office 365) provides protection for Microsoft Office 365
services (Exchange Online, OneDrive, etc.).
In general, the number of KS for Office 365 licenses required is calculated based on the total number of
mailboxes to be protected. Please be advised that by buying N licenses of KS for Office 365, the customer will be able
to protect N mailboxes (licensed by Office 365), unlimited number of unlicensed mailboxes (e.g., Shared mailboxes)
and N users of OneDrive.
Please note that the purchase of KS for Office 365 is necessary even if a customer is using fewer that all
Microsoft Office 365 services (for example, the customer is using OneDrive only). The number of licenses required is
calculated based on the maximum number of customer’s users connected to the service/s used.
Renewal, migration, cross-sell and upgrade policy for KS for Office 365
A customer is entitled to renewal pricing while renewing from Kaspersky Security for Mail Server (purchased
either as a stand-alone product or as add-on to KESB) to KS for Office 365.
11Please note that EDR Optimum functionality does not cover email or web traffic from gateways.
12Please note that MDR Optimum and EDR Optimum functionality does not cover email or web traffic from
gateways.
Customers with effective licenses of KS for Mail Server can migrate to KS for Office 365 and get KS for Mail
Server remaining value back (if applicable).
Cross-sell of KS for Mail Server and KS for Office 365 is available in case customers use both the on-premises
and online versions of Exchange in their infrastructure to protect mailboxes.
The upgrade from KS for Office 365 to any of Kaspersky products or vice versa is NOT allowed.
Technical migration from KS for Mail Server to KS for Office 365 requires re-setup of the entire customer’s
infrastructure in KS for Office 365 console. Please note that migration to KS for Office 365 is possible only if customer’s
mailboxes are also migrated to Microsoft Office 365.
Storage Security
Product License objects and license count Comments, limitations
For technical details to choose between two licensing models for Kaspersky Security for Storage please refer to Sizing
recommendations (the document is available on per request to Global Presales team).
Kaspersky Embedded Systems Node (i.e., ATM/POS Kaspersky will not process orders from 1
Security devices) customer that are split across 2 Kaspersky
100% Embedded Systems Security products
(KESS)
Research Sandbox
Product License objects and license count Comments, limitations
Kaspersky Research Sandbox Queries per day Each protection server with
100% Kaspersky Research Sandbox
software installed on it requires a
separate Research Sandbox
license pack
Kaspersky Research Sandbox is licensed by the maximum number of queries that customer is going to make
per day.
Please note that if Research Sandbox product is going to be installed on more than one server (e.g., needs to
be deployed in several network segments or in different geolocations) than a customer should purchase a separate
Research Sandbox license pack per each server.
The number of Kaspersky Research Sandbox licenses sold per each server may not be necessarily equal
to each other. For example, the customer can purchase a license pack of Research Sandbox for 100-Queries per day
for one server, and a license pack of Research Sandbox for 250-Queries per day for its other server.
Please be advised that Kaspersky Research Sandbox does not require Kaspersky Private Security Network
product (KPSN) to be in operation. However, integration with KPSN is highly recommended, since KPSN
significantly increases the detection rate of Research Sandbox by providing global reputational data. In case KPSN
product is requested by a customer, it must be purchased separately as KPSN functionality is not included in Research
Sandbox license pack.
CyberTrace
Product License objects and license count Comments, limitations
xSP
Product License object and license count Comments, limitations
There are 4 levels of Kaspersky technical support (applicable to B2B products only):
• Standard support. It is provided for any commercial license for a particular B2B product (excluding license
types that specifically identify the support level that is different from Standard, e.g., “Plus”). The scope of this
support can be found at https://support.kaspersky.com.
• Premium support tier 1 is included in “Plus” license types (Base Plus, Renewal Plus, Successive Plus) for a
particular list of products13.
• Premium support tier 2 is sold as a separate service Kaspersky Enhanced Support that can be purchased in
addition to “ Plus” license type for a particular product only.
• Premium support tier 3 is sold as a separate service Kaspersky Enhanced Support with TAM that can be
purchased in addition to “Plus” license type for a particular product only.
For detailed information regarding Kaspersky premium technical support levels please refer to
https://support.kaspersky.com.
Customers who want to get premium support tier 1 for the products should purchase Base Plus, Renewal Plus
or Successive Plus license types for these products14.
Pease be advised that mixing licenses with Standard support included and licenses with “Plus” (i.e., tier
1) support included for the same product is not allowed. In such cases the customer will get Standard support for
all the licenses purchased.
However, the customer can mix different products with different support levels attributed for each product. For
example, if a customer is purchasing KESB-Select and Hybrid Cloud Security products and wants premium support
tier 1 for KESB-Select only, then he should purchase “Plus” license for KESB-Select only. For Hybrid Cloud Security
products, the customer can purchase licenses with Standard support included.
Please note that “Plus” license types are not available as add-on licenses. Support level for add-on licenses
will be set in accordance with the support level provided for the main product. For example, if a customer is purchasing
KESB-Advanced licenses with premium support tier 1 together with EDR Optimum add-on licenses, than EDR
Optimum add-on product will get premium support tier 1 as well.
A customer that has effective product licenses with Standard support included can upgrade them to product
licenses with “Plus” support included (in case they are available in the price-list). If upgrade is being done at the time
13 For commercial availability of “Plus” license types for a specific list of products please refer to regional price-lists
14 For commercial availability of “Plus” license types for a specific list of products please refer to regional price-lists
Please be advised that if a customer wants to purchase product licenses with “Plus” support included as an
up-sell to effective licenses with Standard support for the same product than the customer should upgrade all its
current product licenses to “Plus” ones. In case of any questions on such upgrade scenario please contact
msa@kaspersky.com.
Please be informed that Kaspersky Enhanced Support and Kaspersky Enhanced Support with TAM can
be purchased only in addition to product licenses with “Plus” support included. If a customer has product licenses
with Standard support included and wants to get Kaspersky Enhanced Support with TAM, he should first upgrade its
product licenses with Standard support to product licenses with “Plus” support included. And afterwards he can
purchase a certificate for Kaspersky Enhanced Support with TAM.
Pease be advised that in case the customer has a set of Kaspersky products with “Plus” support included,
there is no need to purchase Enhanced Support certificates for each product separately. The customer can purchase
1 certificate of premium support tier required (Enhanced Support or Kaspersky Enhanced Support with TAM) for the
whole set of products so to get the required technical support level for these products. For example, a customer has
KESB-Select, Hybrid Cloud Security and Storage Security products (all of them with premium support tier 1 included)
and wants premium support tier 3 for all of these products, then he should purchase 1 certificate for Kaspersky
Enhanced Support with TAM. That will be enough to upgrade support level for all products customer has. It is
recommended to align expiration date of the certificate with the product license which expiration date is being last to
occur.
The customer can upgrade from Kaspersky Enhanced Support to Kaspersky Enhanced Support with TAM.
For detailed information regarding matching previous technical support model to the current one please refer
to https://support.kaspersky.com/corporate/msa_bundled.
In case of any questions on migrating current customers to the new premium support model please contact
msa@kaspersky.com or eos@kasperksy.com.
Please be informed that for certain product-lines separate MSA levels are offered. Please see below.
For Kaspersky Anti Targeted Attack Platform and Kaspersky Endpoint Detection and Response
(Standard and Advanced Edition) the following MSA levels are offered:
• Kaspersky Maintenance Service Agreement for Kaspersky Anti Targeted Attack Platform (priority technical 24/7
support service),
• Security Account Manager for Kaspersky Anti Targeted Attack Platform (priority technical 24/7 support service +
dedicated Security Account Manager).
For Kaspersky Threat Intelligence product line:
• Kaspersky Maintenance Service Agreement for Threat Intelligence (priority 24\7 technical support service +
dedicated Security Account Manager).
For Kaspersky Industrial CyberSecurity product line:
Kaspersky Endpoint Security Cloud, Kaspersky Endpoint Security Cloud Plus or Kaspersky Endpoint Security
Cloud Pro (per user licensing model) are the successors of Kaspersky Endpoint Security Cloud (per node licensing
model). So current customers can renew to KES Cloud per user products.
Customers that require up-sell for the effective license of KES Cloud per node should be offered a full trade-
in migration to the new KES Cloud per user product/s. It is also recommended to offer to such customers an early
renewal to KES Cloud per user product/s (if applicable). Please be advised that in case the licenses of KES Cloud
per user are sold in addition to the effective licenses of KES Cloud per node, two separate workspaces under same
account are required to manage different KES Cloud products. No consolidation will be performed for different KES
Cloud products in this case as well.
The default migration recommendation for customers using Kaspersky Security for Mobile is to offer
Kaspersky Endpoint Security for Business – Select.
Also the customer can be offered an upgrade to Kaspersky Endpoint Security for Business – Advanced or to
Kaspersky Total Security for Business.
Additional migration recommendation is to switch the customer to Kaspersky Endpoint Security Cloud
product/s. Please note that such migration scenario requires re-deployment and re-setup of the entire customer’s
infrastructure. The recommendation for renewing Kaspersky Security for Mobile (per mobile device) to KES Cloud (per
user) is to offer 1 user license per 1 mobile device license.
Please be advised that if migration is being done at the time of renewal, the customer is entitled to renewal
pricing (applicable to all migration options listed above, including upgrade).
The default migration recommendation for customers using Kaspersky Security for File Server is to offer
Kaspersky Hybrid Cloud Security Enterprise, Server.
Please be advised that if migration is being done at the time of renewal, the customer is entitled to renewal
pricing (applicable to all migration options listed above).
In order to provide smooth removal of the product from the market, 1-year renewals will be available on per
request basis under special approval procedure. For detailed information please contact eos@kaspersky.com.
Please be informed that only renewal licenses are available for purchase for Kaspersky Endpoint Detection
and Response products (Standard, Advanced editions) till the end-of-life date for these products. The renewing can
be processed for the exact number of nodes a customer wants to protect. For the valid end-of-Life date please refer
to https://support.kaspersky.com/corporate/lifecycle.
After the end-of-life date Kaspersky Endpoint Detection and Response products (Standard, Advanced
editions) won’t be available for purchase. The customers should migrate to Kaspersky Endpoint Detection and
Response Expert.
Customers that require up-sell for the effective license of Kaspersky Endpoint Detection and Response
(Standard, Advanced editions) should be offered a full trade-in migration to Kaspersky Endpoint Detection and
Response Expert.
Please contact eos@kaspersky.com in case of any questions concerned each product recently discontinued.
Please be advised that Vendor reserves the right to verify the eligibility of issuing a renewal license (e.g., by
checking prior license key file/activation code information, prior license certificate etc.).
The customer can buy a renewal Late renewals of consumer products can
license before the current one is expired. The be placed without any limitations on a time period
activation code/key file of the renewal license past from the date of expiration of the previous
Consumer should be activated right after an expiration of license.
the initial license.
products
Early renewal is available if 90 or less The right of a client to place a late renewal
days are left prior to the expiration of a is limited by 60 days past from the date of
previous license. No approvals are required expiration of the previous license. At the end of this
for processing this early renewal. All other time period the product is no longer offered on
Corporate
requests should be approved by Vendor. conditions of renewal. License can be purchased
products Please contact Kaspersky local office for only at full price without renewal discounts. Any
details. extension of the late renewal “window” should be
approved by Vendor. Please contact Kaspersky
local office for details.
Public sector license can be offered as a generic license for both types of institutions, governmental and
educational.
Cross-grade licensing
Please be advised that cross-grade licensing is applicable to B2B products only and is effective if cross-grade
licenses are available in a regional price-list.
Cross-grade licensing is available for the same type of competitor’s corporate anti-malware software products
and the same license quantity, which are specified in the end-user’s license agreement with the vendor of this product
to be replaced with Kaspersky product.
Trial licenses of competitor’s product are not accepted for cross-grade licensing.
Cross-grade license is available for purchase during the effective period of end user license agreement with
any vendor of anti-malware software product and within definite period after this end user license agreement expiration.
For additional regional specifics and practice in cross-grade policy please refer to Addendum to General
Licensing Principles.
After Kaspersky cross-grade license is expired customer should be sold renewal license, not cross-grade.
Local offices reserve the right to check and verify the correctness of selling cross-grade licenses to customers.
Please contact Kaspersky local office for any regional specifics of cross-grade procedures.
• A customer is swapping a product/s purchasing earlier to the other product/s, or a customer is swapping license
types for the same product while upgrading the level of technical support for this product.
• This product/support switch can done during the effective license period of the product/s purchased initially.
Operationally wise, in this case the swap is processed in a form of a trade-in discount applied to the order/s of
the new product/support level.
• The customer is able to swap a product/support level purchasing earlier to the other product/support level at the
time of renewal as well. Generally speaking, in this case a customer is entitled for renewal pricing 15. Please be
advised that no trade-in discount is applicable to product switch at the time of renewal.
15Renewal pricing herein refers to all customer types incorporating such pricing offer (e.g., Governmental Renewal,
Educational Renewal, etc.).
The actual list of valid trade-in and upgrade product swapping scenarios can be found in this document. Valid
migration scenarios stated in the document can be processed as trade-in deal. Please note this list of these
product/support swapping scenarios is a subject to change as per product marketing and management decision.
The license types used in trade-in order/s should be consistent with the license types of the initial orders. For
example, if the customer has purchased previously licenses at educational renewal pricing, it is entitled to get the
same pricing offer (i.e., educational renewal) for the new product/s. Please note that the customer can be also offered
Base pricing for the upgrade deal if this is an established sales practice in a regional market.
The exception concerns Add-on16 license types since not all products under trade-in scenarios are intended
to offer add-on pricing. In case the customer is going to swap Add-on licenses and the trade-in product does not has
Add-on licenses, it is recommended to align the swap with the license type of the main product purchased. For
example, a customer purchased KESB-Select Renewal licenses + KS for Mail Server Add-on licenses. Now it wants
to shift from KS for Mail Server to KS for Microsoft Office 365. The licenses for KS for Microsoft Office 365 should be
offered at renewal pricing.
The upgrade license type (if available in a price-list) is applicable to upgrades at the time of renewal only. This
case is mainly relevant for the deals when a customer is renewing+upgrading its Base licenses.
With regard to the license term of trade-in product, the order for it can be either co-termed with the licenses
that are being swapped (in case the customer asks for this), or be processed for any option of the full license period
available in the price-list (1, 2, 3 years).
As for the quantity of licenses for trade-in product, generally, it should be either equal or exceed the license
quantity of the product being swapped (in case licensing models of the products included in the trade-in deal are the
same). The price for the trade-in product should be taken from the band consistent with the actual license quantity to
be ordered.
Please be advised that for some trade-in paths the partial migration is available. Partial migration means that
the customer switches only part of its licenses initially purchased to the new ones, remaining the other part of initial
licenses as effective ones. The order for trade-in product should be co-termed with the initial order. Volume discount
is not applied to trade-in product. Specifically, it is not allowed to use band from the initial order in the trade-in order.
The price for the trade-in product should be taken from the band consistent with the actual license quantity to be
ordered.
16 Add-on is a license for associated purchases of products (for products under special incentive program, for
products that can’t be sold as standalone etc.). Add-on license can be issued only in association to the effective
license for the main product. E.g., KS for Mail Server Add-on license can be purchased if a customer has effective
license for the main product (KESB-Select, KESB-Advanced or KTSB)
Minimum up-sell order quantity for corporate products is 5 licenses (or 1 license pack for 5 workstations for
KSOS product). The only exception concerns products with the starting band – 1 license. (e.g., KS for Storage, Server,
KHCS, CPU, KPSN products etc.). For these products the minimum up-sell order quantity is 1 license.
Please note that band selection rules should be followed while processing up-sell deals (see the rules
hereinafter). In case there were one-time discounts or special time-limited marketing actions that influenced the price
of the original order, such price conditions are not effective for additional purchase.
Basically, the license type used in up-sell order/s should be consistent with the license type of the initial order.
For example, if the customer has purchased previously licenses at educational pricing, it is entitled to get the same
pricing offer (i.e., educational) for the additional licenses. Please be advised that in case of up-sell at the time of
renewal it is allowed to purchase the total number of licenses (i.e., licenses previously purchased and to be renewed
+ additional licenses) at renewal pricing. Please note that the customer can be also offered Base pricing for the up-
sell/additional licenses if this is an established sales practice in a regional market.
The license term used in up-sell order/s should be consistent with the license term of the initial order. Please
note that a customer can be also offered pricing for the shorter license term (which means that the customer is paying
higher price per 1 year TCO17 that it has paid initially) for the up-sell/additional licenses if this is an established sales
practice in a regional market. Please be advised that such up-sell licenses (with non-consistent license term) should
not be extended in its term, only decreasing of SKU term is allowed. For example, initial order has 3-year SKU term.
Upsell takes place while 15 months are left prior to expiration date. There are 2 available options:
• Option 1 – consistent license term, i.e., 3-year SKU with term discount.
• Option 2 – shorter license term, i.e., 2-year SKU with term discount (only if this is an established sales practice
in regional market).
The use of 1 Year SKU in this example is not allowed because the upsell term may not exceed the SKU term.
Please be advised that the instructions mentioned above (i.e., on choosing license type and license term) is
also applicable to corresponding cases of add-on sales scenarios stated in the policy (e.g., MDR add-on to KESB).
The second valid scenario is to purchase additional licenses from the pricing band corresponding to the
number of licenses of Kaspersky product the customer has and/or is planning to purchase. Please be advised that
Vendor reserves the right to check and verify the eligibility of such deals. Please contact Kaspersky local office for
details.
• purchase plan for a group of companies. These entities should not be necessarily affiliated legally;
• purchase plan for 1 customer.
This purchase plan should include information regarding the total number of licenses to be purchased by the
customer/s for each product sold, the timeframe of the purchase/s as well as the pricing level agreed per each product.
Each purchase within this plan can be arranged through pricing band that is consistent with the pricing level agreed.
All such deals require approval by Vendor. Please contact Kaspersky local office for details.
Grace period
Grace period is a timeframe added to the license term for installation purposes on customer’s side. The default
grace period for all initial licenses is 15 days18, for renewal licenses is 0 days. Any request of changing the grace
period should be approved by Vendor. Please contact Kaspersky local office for details.
18Please be informed that for regions with grace period set-up for initial licenses shorter than 15 days their current
set-up remain intact
A Base Premium license for initial purchase (with Premium technical support incl.)
Public Sector license for repeated purchase of the same product by non-profit public organizations
D Renewal
license for associated purchases of products (for products under special incentive program, for products that can’t
H Add-on be sold as standalone etc.)
Cross-Grade special license offer to the client in order to transfer it from competitors product to Kaspersky product (with Premium
K Premium technical support incl.)
L Renewal Premium license for repeated purchase of the same product (with Premium technical support incl.)
Educational Renewal license for repeated purchase of the same product by educational organizations (with Premium technical support
M Premium incl.)
Not For Resale license – a free license intended to be provided to partners to enable them to use Kaspersky
N NFR products. It is also used for promo, trade shows, product knowledge trainings, industry-, press- and other events
O Educational Premium license for initial purchase by educational organizations (with Premium technical support incl.)
Q Educational Renewal license for repeated purchase of the same product by educational organizations
R Renewal license for repeated purchase of the same product that resumes the end-user’s right to use this product
U Upgrade purchase of a product with wider quantity of applications/wider functionality that will replace current one
W Cross-grade special license offer to a client in order to transfer it from competitors product to Kaspersky product
For regional specific naming of license types please refer to Addendum to General Licensing Principles.
Example 1:
A Company has 7 desktops and 5 mobile devices. It needs to protect them all.
The Company should be offered 7 licenses of KSOS or 1 license pack of KSOS per 7 desktops/7 mobile
devices/1 file server/7 users. Thus the customer will be able to protect up to 7 desktops, up to 7 mobile devices,
1 file server and to provide password manager up to 7 users.
Example 2:
A Company has 6 desktops, 6 mobile devices and 1 file server. It needs to protect them all.
The Company should be offered 6 licenses of KSOS or 1 license pack of KSOS per 6 desktops/6 mobile
devices/1 file server/6 users. Thus the customer will be able to protect up to 6 desktops, up to 6 mobile devices,
1 file server and to provide password manager up to 6 users.
Example 3:
A Company has 5 desktops and 7 mobile devices. It needs to protect them all.
The Company should be offered 7 licenses of KSOS or 1 license pack of KSOS per 7 desktops/7 mobile
devices/1 file server/7 users. Thus the customer will be able to protect up to 7 desktops, up to 7 mobile devices,
1 file server and to provide password manager up to 7 users.
Example 4:
A Company has 12 desktops and 2 file servers. It needs to protect them all.
The Company should be offered 2 license packs of KSOS per 6 desktops/6 mobile devices/1 file server/6 users
or 2 sets of 6 licenses of KSOS each. Thus the customer will be able to protect up to 12 desktops, up to 12 mobile
devices, up to 2 file servers and to provide password manager up to 12 users.
or as possible workaround in case the customer wants 1 activation code for the total number of nodes to be
protected:
The Company should be offered 15 licenses of KSOS or 1 license pack of KSOS per 15 desktops/15 mobile
devices/2 file servers/15 users. Thus the customer will be able to protect up to 15 desktops, up to 15 mobile devices,
up to 2 file servers and to provide password manager up to 15 users.
The number of KESB licenses to be issued is calculated based on the total number of nodes (workstations,
laptops, mobile devices and servers) to be protected.
The number of other license objects included in KESB products (e.g., MDM-node, SM-node, mail user, etc.)
is calculated basing on the percentage of the total number of protected endpoints (factor).
For example, if a customer purchases 100 licenses for Kaspersky Total Security for Business, it will be able:
Example 1:
A Company has 50 workstations, 2 servers, and 10 smartphones. It needs to protect and to manage all the
workstations, servers and smartphones it has.
The Company should be offered 62 licenses of Kaspersky Endpoint Security for Business - Select (endpoint
protection for all 62 nodes and MDM-module for 10 smartphones) + 52 licenses of Kaspersky Vulnerability and
Patch Management (for managing workstations and servers). Or it can be offered 62 licenses of Kaspersky Endpoint
Security for Business – Advanced (endpoint protection for all 62 nodes, MDM-module for 10 smartphones and PM-
module for 52 nodes + 10 extra nodes).
Example 2:
A Company has 320 workstations, 4 servers, and 50 smartphones. It wants to protect 250 workstations and 4
servers + to manage all smartphones, all workstations and servers that it has.
The Company should be offered 304 licenses of Kaspersky Endpoint Security for Business - Select (for endpoint
protection of 254 nodes and for management of 50 smartphones) + 324 licenses of Kaspersky Vulnerability and Patch
Management (for managing all workstations and servers). Or it can be offered 324 licenses of Kaspersky Endpoint
Security for Business – Advanced (endpoint protection for 304 nodes + extra 20 nodes, MDM-module for 50
smartphones and PM-module for 324 nodes).
Example 3:
A Company has 300 workstations, 4 servers, and 50 smartphones. It wants to protect, to encrypt and to manage
all endpoints that it has.
The Company should be offered 354 licenses of Kaspersky Endpoint Security for Business - Advanced. It will get
protection and encryption functionality for all endpoints + it will activate PM-module for all endpoints + it will activate
MDM-module for 50 smartphones.
A company already has KATA product (Standard, Advanced or Enterprise) and is considering EDR capabilities.
Option 1: The customer can purchase KATA Platform EDR Agent based on the number of nodes to be protected.
Option 2: The customer can upgrade to KATA Enterprise EDR (if not more than 10 000 nodes are to be protected).
Example 2:
A company is interested in EDR protection for its 10 000+ nodes.
Option 1: The customer can purchase KEDR Standard or Advanced Edition for the total number of nodes it wants
to protect with EDR.
Option 2: The customer can purchase KATA Advanced or Enterprise together with KATA EDR Agent for the total
number of nodes it wants to protect with EDR.
Example 3:
A company uses KATA Enterprise EDR to protect 10 000 nodes. And now the company wants to increase its EDR
protection to an additional 500 nodes.
Option: The customer can purchase KATA Platform EDR Agent licenses for 500 additional nodes to be protected.
A Company needs standard security capabilities for 10 x VMware ESXi hosts (2 CPU each) with 100 virtual servers
and 300 virtual desktops in total. Plus, 100 physical servers (80 with Windows Server OS and 20 with CentOS 7.2).
Option 1: The Company should be offered 200 licenses of KHCS SVR + 300 licenses of KHCS Dt.
Option 2: The Company should be offered 20 licenses of KHCS, CPU + 100 licenses of KHCS SVR.
A Company needs enterprise security capabilities for workloads hosted in Telefonica cloud: 75 virtual servers and
25 virtual desktops. They also buy a collocation service from Telefonica for 30 physical servers with Windows Server
OS and 20 physical servers with Linux OS.
Option: The Company should be offered 125 licenses of KHCS Enterprise, SVR + 25 licenses of KHCS Dt.
A Company needs enterprise security capabilities for 175 virtual servers running on Amazon Web Services (AWS)
cloud.
Option: The Company should be offered 175 licenses of KHCS Enterprise, SVR.
A Company needs standard security capabilities for 100 virtual servers and 125 virtual desktops hosted in
RackSpace. Plus, they also have 200 virtual servers and 125 virtual desktops hosted in MS Azure cloud.
Option: The Company should be offered 300 licenses of KHCS SVR + 250 licenses of KHCS Dt.
A Company needs enterprise security capabilities for a complex hybrid cloud environment that is distributed across
multiple cloud environments. They have 12 MS Hyper-V hypervisors (4 CPUs each) with 60 virtual servers and 200
virtual desktops in total. They also buy a collocation service from 3rd-party Managed Hosting provider to store 4
additional MS Hyper-V hypervisors (with 2 CPUs each) inside remote data center with 80 virtual servers in total. Finally,
a company is using the MS Azure cloud to run 30 virtual servers.
Option 1: The Company should be offered 170 licenses of KHCS Enterprise, SVR + 200 licenses of KHCS Dt.
Option 2: The Company should be offered 56 licenses of KHCS Enterprise, CPU + 30 licenses of KHCS Enterprise,
SVR.
A Company migrates 500 physical workstations to VDI. Currently, the physical workstations are covered with
KESB - Advanced.
Option: The company needs to upgrade 500 KESB - Advanced licenses to KHCS Enterprise, Desktop. With KHCS
Ent, Dt, the company will be able to apply each license to a physical machine or a VM thus allowing for gradual
migration and roll-back scenarios for the duration of the license as needed.
Such deals are qualified as Trade-in deals and require creating quote/s in CRM (SFDC).
Please note that the following product swaps are qualified as upgrades:
Kaspersky Endpoint Security for Business - Select Kaspersky Hybrid Cloud Security, Desktop
Kaspersky Endpoint Security for Business - Advanced Kaspersky Hybrid Cloud Security Enterprise, Desktop
Current KESB customers can switch to KHCS products fully or partially.
Full upgrade/migration means that the customer switches the total number of its KESB licenses to KHCS.
The existing key files/activation codes for KESB product, that should be replaced, are blocked in a certain period
of time.
Partial upgrade/migration means that the customer switches only part of its KESB licenses to KHCS, remaining
the other KESB licenses as effective ones.
The order/s for KHCS licenses should be co-termed with the initial KESB order.
Volume discount is not applied to KHCS partial migration. Namely, it is not allowed to use total band for placing
KHCS migration orders. Each order for KHCS products should be processed separately for the exact number of license
objects to be protected. For each separate order there is a possibility to apply all discounts available for it.
The existing key files/activation codes for KESB product are not blocked.
Licensing is based on 24-hour periods starting from any moment of time rather than the calendar 24-hour day.
If the daily amount of traffic specified in the license was scanned before the end of the day, emails are still
scanned, regardless of how much the licensed amount of traffic was exceeded. The administrator is notified that the
licensed traffic volume has been exceeded.
If the total amount of traffic scanned in the past 24 hours is smaller than the daily traffic allowed by the license,
the unused traffic is ignored, i.e., in the next 24 hours the user is not allowed to scan more traffic than specified in the
key file.
Cross-grade licensing
META practice: Cross-grade licensing is available for purchase during the effective period of end user license
agreement with any vendor of anti-malware software product and within 1 month after this end user license agreement
expiration.
Additional licenses of Kaspersky product (up to 150%) can be purchased at cross-grade pricing within 3
months (a period of 6 months for Middle East & Saudi Arabia & Bahrain as well as for Turkey Region) after the original
order.
North America practice: Cross-grade licensing is available for purchase during the effective period of end user
license agreement with any vendor of anti-malware software product.
Down-sell practice
USA practice: approval for down-sell deal is required
Base Comm.Lic.+Maint.