Anchor | ||||
---|---|---|---|---|
|
...
Replacement of currently installed Sentinel run-time
Replacement of currently installed Sentinel Run-time may be needed in case of:
- Upgrade to a newer version of CHARON-VAX
- Installation of a specific CHARON-VAX license Run-time provided by STROMASYS
Remove the current run-time (and the package "charon-hasp-<...>.rpm" containing the run-time customization) with the command
# rpm -e aksusbd charon-hasp-<...> --nodeps
Change to the directory where the new run-time RPM resides (along with the corresponding "charon-hasp-<...>.rpm" customization package) and issue the command:
# rpm -ihv aksusbd<…>.rpm charon-hasp-<...>.rpm --nodeps
Installation and update of CHARON-VAX Software License or HL/HASP dongle License
CHARON-VAX software licenses can be installed according to the following procedure:
Install CHARON-VAX together with Sentinel run-time (Sentinel run-time is an essential part of CHARON-VAX for Linux distribution)
Reboot host system
- Connect HASP dongle to host system (in case of update of a license in a dongle)
- In case of Software License installation and if there are already installed network-wide SL's in local network disable access to network licenses in the following way:
- Go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC).
- Select "Configuration" option at the left panel, then "Access to Remote License Managers" tab.
- Uncheck the highlighted options:
- Press "Submit" button to apply settings
- Select "Network" tab.
- Switch "Network visibility" to "None":
- Press "Submit" button to apply setting.
- Do not forget to return these settings back after SL installation.
- Connect HASP dongle to host system (in case of update of a license in a dongle)
Collect CHARON-VAX host fingerprint file (".c2v") - in case of first installation of Software License:
# hasp_srm_view -fgp my_host.c2v
or collect ".c2v" file in case if already installed Software License or connected HL/HASP dongle needs updating:
# hasp_srm_view -c2v current_license.c2v
Send the ".c2v" file ("my_host.c2v" / "current_license.c2v" in the examples above) to STROMASYS
Receive a ".v2c" file in return and put it somewhere on the CHARON-VAX host.
Start any web browser on this system and go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC) or configure ACC for remote access (see the details below).
In ACC, under the Options menu, select Update/Attach, "" for the "*.v2c" file and then "".
Ensure that the license appears in the “
” menu.
Collect CHARON-VAX host fingerprint file (".c2v") - in case of first installation of Software License:
# hasp_srm_view -fgpInfo |
---|
Alternatively it is also possible to use "hasp_update" utility for applying ".v2c" file. |
Info |
---|
Content of the installed software license is not shown by the Sentinel HASP Admin Control Center.To see it please run "hasp_srm_view" utility from local console or configure remote access according to the instructions given in the "hasp_srm_view" utility section |
Info |
---|
In case of network-wide software license do the following:
Please consult with your Linux User's Guide on details. If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon. |
License management
CHARON-VAX license management is performed by the Sentinel Admin Control Center and specific utilities. These are described in the sub-sections below.Sentinel Admin Control Center
...
Disable remote keys access
A helpful feature of Sentinel Admin Control Center is the ability to disable access to remote keys. If the network key is installed locally, access to the key from remote hosts can be disabled. The following examples demonstrate how this can be done.
To disable access to remote keys switch to the "Access to Remote License managers" tab and uncheck the "Allow Access to Remote Licenses" checkbox. Then press "Submit" button to apply this setting:
Accessing Sentinel Admin Control Center from remote hosts
By default, Sentinel Admin Control Center forbids accessing its web interface from remote machines. To allow access, configure ACC for remote management.
The first step is to edit the "hasplm.ini
" file:
|
Allow remote access by changing the "ACCremote" parameter from "0" to "1".Then restart Sentinel Admin Control Center run-time:
# /etc/init.d/aksusbd restart |
# ssh -L8080:CHARON_MACHINE:1947 root@CHARON_MACHINE |
License management utilities
Info |
---|
Applying updates (".v2c" files) is typically done using Sentinel Admin Control Center (see above), but alternatively it is also possible to use a specific "hasp_update" utility for that. |
Transferring and removing CHARON-VAX software licenses
Software Licenses Transfer
Software Licenses (SL) can be transferred from one host to another using the "hasp_srm_view" utility and "Sentinel Admin Control Center" (ACC).
The following example demonstrates the transfer procedure.Let's suppose a Software License must be transferred from a host "SourceHost" to a host "RecipientHost":Collect the specific information about the "RecipientHost" to issue a transfer license. To do that run "hasp_srm_view" utility on the "RecipientHost" with the following parameters:
$ hasp_srm_view -idf
The file "recipient.id" will be created in the current directory.
Copy the "recipient.id" file to the "SourceHost".
Info "recipient.id" file is an ASCII file, so use "ascii" option in case of FTP transfer. - On "SourceHost", open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Note the number of the software license you are going to transfer.
Run the "hasp_srm_view" utility in the following way to create a transfer license for the host "RecipientHost":
$ hasp_srm_view -tfr <license number> recipient.id
The "license number" is the value collected at step 3.Example of collecting a transfer license:
$ hasp_srm_view
-tfr 12345678
recipient.id
The file "<license number>.v2c" will then be created in the current directory. In the example above the name of the transfer license will be "12345678.v2c"Copy the resulting will be "12345678.v2c"
Copy the resulting "<license number>.v2c" file to the "RecipientHost".
Info "<license number>.v2c" file is an ASCII file, so use "ascii" option in case of FTP transfer. - On "RecipientHost", open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Apply the "<license number>.v2c" file to the "RecipientHost".
Info "<license number>.v2c" file is an ASCII file, so use "ascii" option in case of FTP transfer. - On "RecipientHost", open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Apply the "<license number>.v2c" file as described above
Software License Removal
It is also possible to remove Software License completely from a host, the license will then be dumped to a specific license file "*.v2c", so it can be re-applied if needed.
To remove the Software License completely from a host, do the following::Open "Sentinel Admin Control Center" (ACC) (browse
- file as described above
Software License Removal
It is also possible to remove Software License completely from a host, the license will then be dumped to a specific license file "*.v2c", so it can be re-applied if needed.
- Open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Note the number of the software license you are going to remove.
Run the "hasp_srm_view" utility in the following way to remove the license:
$ hasp_srm_view -tfr <license number>
The "license number" is the value collected at the step 1.Example:
$ hasp_srm_view -tfr 12345678
The "<license number>.v2c" file will then be created in the current directory. In the example above the name of the transfer license will be "12345678.v2c"
- It is always possible to re-apply the created ".v2c" file to restore the deleted software license.
- Go to http://localhost:1947
Run the "hasp_srm_view" utility in the following way to remove the license:
$ hasp_srm_view -tfr <license number> |
The "license number" is the value collected at the step 1.Example:
$ hasp_srm_view -tfr 12345678 |
The "<license number>.v2c" file will then be created in the current directory. In the example above the name of the transfer license will be "12345678.v2c"
- to access the "Sentinel HASP Admin Control Center" (ACC).
- In the "Sentinel HASP Admin Control Center" (ACC), locate the target "Sentinel SL AdminMode" license.
- Press the "Certificate" button at the right side of the SL description:
- Note the name of the correspondent certificate and path to the certificates base in the "Certificates" section.
- Remove the target certificate file from the specified directory (in most cases it is "/var/hasplm/installed/68704/").
- Reboot CHARON host.
- Start "Sentinel HASP Admin Control Center" (ACC) again to ensure that the SL has been removed.
- To apply SL again, proceed with the SL installation procedure described above.
License Deinstallation
To completely remove a CHARON-VAX license from a host, it is enough to remove the Sentinel run-time daemon (and the package "charon-hasp-<...>.rpm" containing the run-time customization) using the following command:
# rpm -e aksusbd charon-hasp-<...> --nodeps |
Special "backup" license keys
Backup keys are provided by STROMASYS along with standard license dongles. It is strongly recommended to order a backup key to recover immediately from damage or loss of the main license key.Backup keys use a counter (integer) value hardcoded inside the key. This integer value is a number of hours CHARON-VAX is allowed to run. Each time CHARON-VAX checks the license (every hour), the value is decreased (by 1 hour).Please note that backup keys have restricted functionality:
- CHARON run time is typically limited to 720 hours (30 days). This should be more than enough time to get a replacement from STROMASYS.
- Backup license may be valid only until a certain date. Please check with STROMASYS management.