How Cloud Control Plane Licensing and Usage are Determined
- 21 Jun 2024
- 3 Minutes to read
- PDF
How Cloud Control Plane Licensing and Usage are Determined
- Updated on 21 Jun 2024
- 3 Minutes to read
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Red Canary licenses MDR Cloud Control Planes by cloud resources.
Usage calculation
There are eight types of resources which are counted as billable resources in a cloud environment. Based on the total number of resources in your environment, billable resources are calculated using the following ratios, based on monthly averages.
Red Canary scans your environment four times per day, counting the number of each type of resource which exists at the time of the scan.
To get the monthly average for each resource type, we average the total count of that resource type across that month’s scan, and then divide appropriately to determine the overall number of billable workloads for the month. For serverless functions, for example, the monthly total would be divided by 50.
Red Canary analyzes risks associated with both VMs and any containers that they host. Thus, container hosts represent two separate sources of risk, and two separate levels of analysis with Red Canary. For this reason, each VM that hosts containers is counted once as a VM and a second time as a container host.
Resource Type | Definition | Monitored: Billable Resource Ratio | AWS example | GCP example | Azure example |
Virtual machines | A virtual machine (VM) is a compute resource that uses software instead of a physical computer to run programs and deploy apps. | 1:1 | EC2 instances | Compute instances | Scale Set VMs, Compute VMs |
Container hosts | The container host is the system that runs the containerized processes, often simply called containers. | 1:1 | AWS EC2 Instances used by EKS | GCP VMs running containers | Azure VMs running containers |
Serverless functions | A serverless function is a single-purpose, programmatic function that is hosted on managed infrastructure. | 50:1 | Lambda | Cloud Function | Function, Azure App Service |
Serverless containers | Serverless containers are compute engines that run containers without requiring customers to deploy or manage the underlying container instances. | 10:1 | AWS ECS Tasks | GKE Autopilot, Cloud Run Revision | Azure Container Instances |
Buckets | Buckets are logical containers of files and metadata about that file. | 2:1 | S3 Buckets | Cloud Storage Buckets | Storage Accounts |
Container Registry Images | A container image within a container registry. A container image is a packaged, self-contained unit of software that contains all the necessary dependencies, libraries, and configuration files required to run a specific application within a containerized environment such as Kubernetes or Docker. | 5:1 | ECR container images | GCR container images | Container Registry images |
Non-OS disks | Non-OS disks (also known as non-root volumes) are additional storage resources for storing block-level data separate from the operating system and applications. | 3:1 | EBS volumes | VM storage disks | VM data disks |
Databases | Databases provide scalable and highly available storage solutions that allow for efficient retrieval and manipulation of information. | 1:1 | AWS Aurora, DynamoDB, RDS | GCP Cloud SQL | Azure SQL |
Billing highly ephemeral environments
Red Canary scans your environment four times per day, taking a snapshot of the resources observed at the time of the scan. As one example, the longer an ephemeral VM exists, the more likely it is to be captured (and vice versa). If your environment has 5,000 persistent VMs and you spin up (and tear down) 5,000 ephemeral VMs, then the average number of VMs that Red Canary detects will be between 5,000 and 10,000. If each ephemeral VM exists for only 5 minutes per day, then the monthly average will be very close to 5,000; if each ephemeral VM exists for 23 hours per day, then the monthly average will be very close to 10,000.
Viewing recent license usage
The count of cloud resources is recorded on a monthly basis and is reported in the Red Canary portal.
Click your user icon at the top right of your Red Canary, and then click License Usage.
Select the required usage tab.
Click View Data Table and then click to download a CSV of your endpoint usage.
Exceeding my license amount
When you exceed your license amount, Red Canary continues processing data received from all your accounts. We do not want an increase in usage to harm your security.
Red Canary then reviews your usage every three months and trues everything up at that time. If you had an overage, we calculate that overage and you can either increase your license amount (prorated for the remainder of your contract) or you can pay a one time overage fee. Increasing your license count is a good way to take advantage of volume discounts when available.
Inconsistent numbers
Sometimes you encounter an edge case: your engineering team launches a new application in AWS at the end of the month, and the numbers just don't look right. To make it easier to identify those oddities, the download links let you obtain the data that you need to run these to ground.
If something still doesn't look right, let us know and we'll get to the bottom of it.
Was this article helpful?
