Renew a Security Center subscription instance - Security Center

Renew your Security Center subscription before it expires to maintain protection for your servers. An expired subscription increases the risk of malicious intrusions and data breaches. This topic describes how to renew your Security Center subscription.

Instance expiration

Expiration reminders

Seven days before your Security Center subscription instance expires, the system sends renewal reminders by email, or internal message.

Impact of expiration

Upon expiration, the service instance is released. This means the paid edition is downgraded to the Free Edition. Your servers lose the protection of Security Center, which increases the risk of malicious intrusions and data breaches.

Data and configuration retention

After the instance expires, the system provides a 7-day grace period. After 7 days, the service instance is released, and data is cleared according to the rules in the following table.

Scenario	Data cleanup policy
Within 7 days of expiration	The service authorization information, configuration policies, and service data for all features are retained.
7 days after expiration	The following authorization information is immediately purged: Container Protection - Image security scan. Container Protection - CI/CD integration settings. Log analysis: The data in the `sas-log` Logstore is immediately purged. This Logstore belongs to the Project that Security Center creates in Simple Log Service (SLS). The Project is named `sas-log-<Alibaba Cloud account ID>-<region ID>`. Host Protection - Anti-ransomware: All backup policies and backup data are immediately purged.
15 days after expiration	The following Agentic SOC data is immediately purged: Security alerts: All alert information except for alerts under CWPP. Security event handling: Event information generated by Agentic SOC predefined rules and custom rules (Agentic SOC security events). Note Security events generated from alerts under CWPP (CWPP security events) are retained. Response orchestration: Custom playbooks and custom response rules. Log Management: Standardized integration logs and Security Center logs. Rule management: Custom rules. Integration Center: Custom items such as standardized integration rules, data sources, watchlists, and integration policies. Agentic SOC - Response Center: Response policies and response tasks are automatically purged by the system 90 days after they expire. This is not affected by unsubscription.

Renewal methods and scenarios

You can renew your Security Center instance at any time from the date of purchase until seven days after it expires.

Renewal method	Renewal type	Description	Scenarios
Manual renewal	Renew with original configuration	Manually renew your instance with its current configuration.	You do not want to change the current configuration or enable auto-renewal.
Manual renewal	Renewal with configuration change	You can change the configuration during renewal. The current configuration is not affected. The new configuration takes effect when the renewal order becomes active. To change the configuration immediately, you can upgrade or downgrade it. For more information, see Upgrade and downgrade. Important You cannot make another configuration change until the pending renewal order takes effect.	You want to keep the configuration for the current billing cycle and adjust it for the next one.
Auto-renewal	Auto-renewal	If you enable auto-renewal, the service is automatically renewed upon expiration. Note The auto-renewal fee will be charged to your account 3 days before the service expires. Please ensure that your account has a sufficient balance. If your instance expires tomorrow, please renew it manually. If you manually renew before the payment processing date, the system schedules the next auto-renewal based on the new expiration date. If you enable auto-renewal today, it takes effect the next day. Coupons can be used.	If you plan to use Security Center for a long time, enable auto-renewal to avoid frequent manual renewals.

Manual renewal

Prerequisites

If you use the Full protection mode, ensure that the number of servers and vCPU cores that you purchased for your Alibaba Cloud account is greater than or equal to the number of servers and vCPU cores under your account.

If you have an insufficient quota, you can upgrade Security Center or reduce the number of protected assets by detaching servers or releasing Alibaba Cloud ECS instances. This ensures your asset count matches your purchased quotas (Number of servers and Number of vCPU cores). For more information, see Upgrade and downgrade. To protect only some of your servers, you can switch from Full protection mode to On-demand protection mode. For more information, see How do I manually switch from Full protection mode to On-demand protection mode?.

Renew with original configuration

Log on to the Security Center console.
On the Overview page, click Renew Subscription > Standard Renewal.
On the Standard Renewal tab, select a renewal duration, read and accept Security Center Terms of Service, and then click Order Now.

Renew with configuration change

The number of servers and vCPU cores cannot be less than the quota that you have attached to your servers. If you want to decrease the number of servers or vCPU cores, you must first detach the servers from the corresponding quotas. For more information, see Manage protection versions for servers.

Important

In Full protection mode, the number of servers and vCPU cores cannot be less than the number of servers and their vCPU cores that are connected to Security Center. If you want to decrease the number of servers or vCPU cores, you must release the Alibaba Cloud servers or detach the non-Alibaba Cloud servers that you no longer need to protect. This must be done before you renew with a configuration change.
- To detach non-Alibaba Cloud servers, see Unbind a non-Alibaba Cloud server.
- To release Alibaba Cloud servers, see Release an instance.
You cannot submit another configuration change until the pending change takes effect.

Log on to the Security Center console.
On the Overview page, click Renew Subscription > Standard Renewal.
On the Upgrade/Downgrade Renewal tab, select an edition, set the Number of servers or Number of vCPU cores, select the value-added services and specify their quantity, read and select Security Center Terms of Service, and then click Order Now.
When you renew a service with a new configuration and metrics such as Protected Assets, Purchased Quota, and Remaining Anti-ransomware Capacity on the Overview page change, the data on the Overview page is not immediately updated. The data is refreshed at the beginning of the next billing cycle.
In the upper-right corner of the Security Center console, choose Expenses > Orders. On the Product Orders tab, find the order for renewal with a configuration change. Click Details in the Actions column to open the Order Management page. On this page, you can view the start and end time of the order and the new configuration.

Auto-renewal

When you purchase Security Center, you can enable auto-renewal by selecting Monthly, Quarterly, or Semiannual in the Subscription Duration area. If you did not enable auto-renewal at the time of purchase, you can enable it by following these steps.

Log on to the Security Center console.
In the top menu bar, choose Expenses > Renewal Management.
On the Manual Renewal tab of the Renewal Management page, find the Security Center instance for which you want to enable auto-renewal and click Enable Auto-renewal in the Actions column.
In the Enable Auto-renewal dialog box, set the auto-renewal period and click Enable Auto-renewal.
Important
Payment processing for auto-renewals begins three days before the expiration date. Ensure that your account has a sufficient balance to ensure a successful renewal.

Security Center:Renewal policy (subscription)