Network Security
Activate a Quantum-Safe Security License
Table of Contents
Activate a Quantum-Safe Security License
Activate Quantum-Safe Security app in SCM to provide cryptographic inventory of your
digital assets and provides recommendations and remediation steps for your quantum-safe
journey.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Quantum-Safe Security is an app that is integrated with Strata Cloud Manager (SCM) to
provide comprehensive cryptographic inventory of your digital assets: applications,
user devices, infrastructure and IoT devices . This becomes the starting point of
your quantum-safe journey, enabling you to understand which cryptographic ciphers
and algorithms are in use across your environment. It also provides asset specific
recommendations and remediation steps to enable post-quantum cryptography (PQC).
This will ensure your sensitive traffic and data is not vulnerable to harvest now,
and decrypted later (HNDL) attacks when quantum computers become powerful enough to
decrypt information encrypted with today’s classical public key cryptography.
Quantum-safe Security relies on several core architectural components:
- Quantum-safe Security service—Provides cryptographic inventory of your digital assets and recommendations for remediation to enable quantum-safe cryptography.
- Strata Cloud Manager (SCM)—Serves as the central management plane for service activation, device association, and license consumption monitoring.
- Strata Logging Service (SLS)—Bundled with your Quantum-safe Security license, it acts as the foundational service for associating NGFW devices and tracking Management Unit (license) consumption.
- Cloud Identity Engine (CIE) Optional—Provides User-ID (user identity) context for your security framework, provisioned as part of the activation bundle. Enables identification of User Devices and associate ciphers used by end-user devices.
Activation of Quantum-Safe Security provisions a bundle including the Quantum-Safe
Security service, Strata Logging Service, and a Cloud Identity Engine (CIE)
instance. This ensures all dependencies are available, linking these services under
a single tenant within Strata Cloud Manager. You associate your NGFW devices with
Quantum-Safe Security capabilities by explicitly associating them with Strata
Logging Service (SLS) within Strata Cloud Manager. This links your device to the
Quantum-Safe Security features provisioned with that SLS instance, enabling your
NGFW to consume licenses from the available SLS license pool. The total license
quantity available for your tenant determines how many devices you can
associate.
You can activate the Quantum-Safe Security app license on an existing SCM
Essentials or SCM Pro tenant. If you don’t have an SCM instance, the activation
process deploys an instance of SCM Essentials.
The total license quantity available for your tenant determines how many devices you
can associate.
This procedure guides you through activating Quantum-safe Security in
Strata Cloud Manager, provisioning necessary services, and associating your NGFW
devices.
- Click the activation link provided in the email you received from Palo Alto Networks. This initiates the activation workflow for Quantum-Safe Security.Select your Customer Support Portal (CSP) account.
![]()
Create a new tenant or select an existing tenant where your NGFWs are already associated. Cryptographic inventory is based on NGFW traffic logs. Additional settings will be required on the NGFWs to extract detailed cipher information. See documentation or the onboarding steps in SCM for Quantum-Safe Security app.![]()
Select the deployment region.Select None or Create New. CIE is optional, so you do not need to attach an instance.Agree to the terms and conditions.Select Activate. This provisions the Quantum-safe Security service and bundled components within your selected tenant and region.Associate NGFW Devices
- In Strata Cloud Manager, navigate to the Device Associations page.Add the desired firewall device to your tenant.
- Select Add Device.Select the device.Select Save. This register your firewall with the SCM tenant.Select the newly added device from the list, the Associate products.Select Strata Logging Service.Review the available license units and the consumption of the selected device.Select Save to associate the device.
Utilize Licensing Pooling for Additional Devices
This procedure demonstrates hot to leverage license pooling to associate more NGFW devices when initial license capacity is insufficient. - Optional Attempt to associate an additional device. Observe the failure message indicating insufficient license units.Activate an additional SLS for NGFW license with higher license capacity on the same tenant.
- Navigate to the provided magic link URL for the additional SLS license.Select the same CSP account.Select the same tenant.Select Activate. This pools the new license with existing ones, increasing overall license capacity.Associate additional NGFW devices with Strata Logging Service.
- In Strata Cloud Manager, navigate to the Device Associations Page.Select the unassociated device from the list.Select Associate products.Select Strata Logging Service. The system now shows increased license availability due to license pooling.Select Save. The device now associates successfully.
Validate Quantum-Safe Security app Deployment
- In Strata Cloud Manager, navigate to the Insights section.Select the Quantum-safe Security tab to confirm its presence and functionality.
