Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Update re. changed emulator release planning

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

...

In some emulator products it is possible to configure the number of retries and the waiting time between them by adding parameters to the emulator configuration file. Please refer to the product documentation for the details regarding the relevant parameters: license_retry_period and license_retry_count parameters (obsolete starting with version 1.10)

2. At regular intervals during the runtime of the emulator (the default license check period of 1 hour can be changed by Stromasys using the appropriate license parameters):

...

A software license does not require any special hardware but it still requires installation of the Sentinel runtime environment

Please note:

  • To avoid unexpected problems, do not use any Sentinel runtime software that was not provided by Stromasys without being advised to do so by your Stromasys representative.
  • Software licenses are best suited for stable environments, because their correct function depends on certain characteristics of the host system. Changing any of these characteristics will invalidate the license.
    • If the Charon host runs on real hardware, software licenses are by default tightly bound to the hardware for which they were issued. If major hardware characteristics of the system are changed, the license will be disabled.
    • If the Charon host runs in a virtual environment (e.g., VMware), software licenses are normally bound to the virtual machine ID and a set of additional characteristics of the virtual machine. If any of these parameters are changed, the license will be disabled.
  • Software licenses are very sensitive to even small changes on the host system. Therefore, it is especially important to provide for a backup license that will ensure continued operation should there be a problem with the software license. See Handling Multiple License Keys and Product Licenses for details.

...

  • If you have not installed the license server yet (and for any more in-depth information), please refer to the VE license server user's guide (see Licensing Documentation).

  • The information below shows the command-line tools for license management. Starting with version 1.1.16 of the VE license server, these activities can also be performed using a web-based management GUI. Please refer to the appropriate VE license server user's guide (see chapter VE License Server Web-based Management GUI in the VE license server documentation under Licensing Documentation).

VE License Server Certificates Overview

Custom certificate support for VE licensing is planned for Charon-PAR version 3.0.9.

This section provides a short overview of the certificates used by the VE license server and Charon-PAR. Please refer to the VE license server documentation for details.

The VE license server uses certificates for different purposes:

  • License server operation: encrypted communication between license server and license clients (emulators).

    • New certificate support in the VE license server started with version 2.1.3. Changed certificate names starting with VE license server 2.2.2.

    • New certificate support for Charon-PAR is planned for version 3.0.9 (only new certificate names are applicable).

  • Web-based management GUI: encrypted (HTTPS) communication between the integrated license server web server and web browsers. Starting with VE license server version 2.1.4, the name of the certificate and its management changed. Please refer to the VE license server documentation.

Important information:

  • General VE license server configuration:

    • The VE license server will – by default – use the old certificates. Therefore, compatibility with existing Charon clients will be maintained during an upgrade of the license server.

    • If the new certificates (using pre-defined names) are present in /opt/license-server/certs, these will be used and clients will have to use matching certificates. Please refer to the VE license server documentation for information how to activate the new certificates and, if desired, create custom certificates.

  • Checking if the new certificates are enabled in a Charon-PAR installation:

    • Certificate location: /opt/charon/bin/certs

    • Sample certificate names: ca.crt.sample, charon.crt.sample, and charon.key.sample

    • If the directory contains the above files without the .sample suffix (e.g., ca.crt, charon.crt, charon.key), the new certificates have been enabled. On the license server, the sample files (for root CA and license server) are in /opt/license_server/certs. Please see the VE License Server guide in License Documentation for more information.

  • Make sure you understand the implications and possible side-effects before changing the certificate configuration. Incorrect configurations can lead to the loss of license access and interruptions in operation.

Firewall Considerations

...

nameVEFWconsiderations

...

Firewall Considerations

Excerpt
nameVEFWconsiderations

If the VE license server is not installed on the same system as the emulator, any intermediate firewall must allow at least the port on which the license is served. Optionally, the firewalls must allow the port on which the web-based GUI is available. These ports are configurable on the VE license server. The default values are the following:

  • Default port on which licenses are served by the VE license server: TCP 8083.
  • Default port on which the web-based GUI runs: TCP 8084.

...

  1. Use ssh to log in on the license server instance.
    # ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
    where

    1. <mykey> is the private key of the key-pair you associated with your cloud instance
      (for an on-premises VMware installation where login with username/password is allowed, it is not needed)

    2. <user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or physical server; for an instance installed from a prepackaged Charon VE marketplace image, use centos sshuser)

    3. <license-server-ip> is the ip address of your license server system

  2. Become the privileged user and run the c2v program.

    1. Become the root user: # sudo -i

    2. Run the c2v program: # /opt/license-server/c2v --filename <my-file>.c2v --platform <my-platform>
      where

      1. <my-file>.c2v is the path and name under which you want to store the fingerprint. The file type is C2V (customer-to-vendor)

      2. <my-platform> indicates the platform on which the license server runs (possible values: physical, aws, oci, gcp, azure, ibm, nutanix, or esxi).

  3. Copy the resulting C2V file to your local system (unless you can send email from the license server system).

  4. Send the C2V file to the Stromasys orders department (email address will be provided by Stromasys).

...

  1. Copy the V2C file to the license server (e.g., with SFTP).

  2. Use ssh to log in on the license server instance.
    # ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
    where

    1. <mykey> is the private key of the key-pair you associated with your license server instance
      (for an on-premises VMware installation where login with username/password is allowed, it is not needed)

    2. <user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or your physical server; for an instance installed from a prepackaged Charon VE marketplace image, use centos sshuser)

    3. <license-server-ip> is the ip address of your license server system

  3. Become the privileged user and run the v2c program.

    1. Become the root user: # sudo -i

    2. Run the v2c program: # /opt/license-server/v2c -f <my-file>.v2c
      where <my-file>.v2c is the path and name under which you want to store the fingerprint. The file type is V2C (vendor-to-customer).

...

  1. Use ssh to log in on the license server instance.
    # ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
    where

    1. <mykey> is the private key of the key-pair you associated with your license server instance
      (for an on-premises VMware installation where login with username/password is allowed, it is not needed)

    2. <user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or your physical server; for an instance installed from a prepackaged Charon VE marketplace image, use centos sshuser)

    3. <license-server-ip> is the ip address of your license server system

  2. Become the privileged user and run the license_viewer program.

    1. Become the root user: # sudo -i

    2. Run the license_viewer program: # /opt/license-server/license_viewer

...