Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

...

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

Multiple licenses configuration

...

For any type of licensing, CHARON-VAX can use only one valid ("active") license (of given vendor code) at a time.

...

The utility provides the license number and ID / IP address of the host where the active license is installed.

...

CHARON-VAX cannot:

...

.

The general recommendation is to avoid usage of multiple keys in one network segment. Use only one locally installed license per host or one network license per local network segment containing several CHARON-VAX hosts.

...

When needed, it is possible to use a special parameter in the CHARON-VAX configuration file to specify exactly which license must be used by each particular instance of CHARON-VAX:


Parameter

license_key_id

TypeText string
Value

A set of Sentinel Key IDs that specifies the license keys to be used by CHARON. It is also possibly to use a keyword "any" to force CHARON to look for a suitable license in all available keys if the license is not found in the specified keys.

Example:


set session license_key_id = "1877752571,354850588,any"


Based on the presence of this parameter in the configuration file, CHARON behaves as follows:
 

  1. No keys are specified (the parameter is absent)
    CHARON performs an unqualified search for any suitable key in unspecified order. If no key is found, CHARON exits.

  2. One or many keys are specified
    CHARON performs a qualified search for a regular license key in the specified order. If it is not found, CHARON exits (if the keyword "any" is not set).

If the keyword "any" is specified then if no valid license has been found in the keys with specified ID’s all other available keys are examined for valid license as well.

The order in which keys are specified is very important. If a valid license was found in the key which ID was not the first one specified in configuration file, then available keys are periodically re-scanned and if the key with the ID earlier in the list than the current one is found CHARON tries to find a valid license there and in case of success switches to that key.


Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

License installation

Installation of Regular and Network license keys

Installation of CHARON-VAX regular and network licenses consists of:


  1. Installation of the Sentinel run-time environment on the CHARON-VAX host (regular and network keys) or on the host that will distribute CHARON-VAX licenses over a local network segment (network key only). The Sentinel software (the “aksusbd” RPM package) is installed automatically by CHARON-VAX for Linux.

  2. Physical connection of the HASP license dongle to the CHARON-VAX host or to the host distributing the CHARON-VAX license over the local network segment.

When manual installation of Sentinel run-time is required (in the case of the network license server that does not have CHARON-VAX installed), open the CHARON-VAX kit folder and proceed the following way:

# rpm --nodeps -ihv aksusbd-7.63-1.i386.rpm charon-license-4.8-19401.el74.x86_64.rpm


Info

In case of network-wide license (red dongle) do the following:

  • On the server side (where the network license will reside): open port 1947 for both TCP and UDP
  • On the client side, if broadcast search for remote licenses is to be used, UDP traffic from port 1947 of the license server to ports 30000-65535 of the client must be permitted.
  • Both on server and client sides: setup default gateway

Please consult with your Linux User's Guide on details.

If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.


Div
classpagebreak



Info

Some additional packages may be needed in certain cases, for example "glibc.i686"

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

...

Disable remote keys access 

A helpful feature of the Sentinel Admin Control Center is the ability to disable access to remote keys. If the network key is installed locally, access to the key from remote hosts can be disabled. The following examples demonstrate how this can be done.

To disable access to remote keys, switch to the "Access to Remote License managers" tab, uncheck the "Allow Access to Remote Licenses" checkbox and press the "Submit" button to apply this setting:

To disable access to the locally installed license key from remote hosts, switch to the "Access from Remote Clients" tab, uncheck the "Allow Access from Remote Clients" checkbox and press the "Submit" button to apply this setting:

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

Accessing Sentinel Admin Control Center from remote hosts

By default, the Sentinel Admin Control Center forbids accessing its web interface from remote machines. To allow access, configure the ACC for remote management.

The first step is to edit the "hasplm.ini" file:

# vi /etc/hasplm/hasplm.ini


Allow remote access by changing the "ACCremote" parameter from "0" to "1" then restart the Sentinel Admin Control Center run-time:

# /etc/init.d/aksusbd restart

If the CHARON-VAX host firewall is blocking remote access to the Sentinel Admin Control Center, please configure the firewall to open the port 1947 (TCP protocol). Refer to the Linux documentation for details on how to configure the firewall. It is also possible to use SSH port forwarding with the following command (replace "CHARON_MACHINE" by the real CHARON-VAX host name):

# ssh -L8080:CHARON_MACHINE:1947 root@CHARON_MACHINE

This will expose the Sentinel Admin Control Center on port 8080 to any computer and it will believe commands are coming from the local host.

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

License management utilities

CHARON-VAX for Linux provides a specific utility for license management - "hasp_srm_view". This utility is used to display the license(s) content, to collect key(s) status information and host fingerprint (C2V) files.


Info

Applying updates (".v2c" files) is typically done using the Sentinel Admin Control Center (see above) but alternatively it is also possible to use the specific "hasp_update" utility.

Please refer to the Utilities section of this Guide for more details.

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

Removing CHARON-VAX software licenses

The following procedure must be applied to remove software license:
 

  1. Using your web browser, open the http://localhost:1947 page to access the "Sentinel HASP Admin Control Center" (ACC).
  2. In the "Sentinel HASP Admin Control Center" (ACC), locate the target "Sentinel SL AdminMode" license.
  3. Press the "Certificates" button at the right side of the SL description: 
     
  4. Note the name of the corresponding certificate and path to the certificates base in the "Certificates" section.
  5. Remove the target certificate file from the specified directory, in most cases: "/var/hasplm/installed/68704/".
  6. Reboot the CHARON host.
  7. Start the "Sentinel HASP Admin Control Center" (ACC) again to ensure that the SL has been removed.
Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

License Deinstallation 

To completely remove a CHARON-VAX license from a host, it is enough to remove the Sentinel run-time daemon (and the package "charon-license-<...>.rpm" containing the run-time customization) using the following command:

# rpm --nodeps -e aksusbd charon-license-<...>

Then just physically disconnect the license key (in the case of protection by dongles).

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc


Special "backup" license keys

Backup keys are provided by STROMASYS along with standard license dongles. It is strongly recommended to order a backup key to recover immediately from damage or loss of the main license key. Backup keys use a counter (integer) value hardcoded inside the key. This integer value is a number of hours CHARON-VAX is allowed to run. Each time CHARON-VAX checks the license (every hour), the value is decreased (by 1 hour).Please note that backup keys have restricted functionality:

  • CHARON run time is typically limited to 720 hours (30 days). This should be more than enough time to get a replacement from STROMASYS.
  • A backup license may be valid only until a certain date. Please check with STROMASYS management.
Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc