Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Layout reviewed for PDF export

Anchor
TopLicPage
TopLicPage

...

General description

CHARON-VAX products are product is protected by licenses, issued by STROMASYS for each customer individually. The CHARON-VAX license defines all the specifics of the particular CHARON-VAX distribution and its usage.

...

Regular Sentinel HASP keys

This is most common way of CHARON-VAX licensing. 

The CHARON-VAX license is embedded in a Sentinel HASP dongle. This license is available only on the host where the dongle is physically installed.

The CHARON-VAX installation procedure takes care of the Sentinel HASP run-time (driver) installation. Once the CHARON-VAX product has been installed, it is possible to plug-in the regular license key and proceed with CHARON-VAX usage without additional configuration steps.

Info

The number of CHARON-VAX instances allowed to run on a particular host may be restricted by the license content (see above).

 

Network Sentinel HASP keys

The Network Sentinel HASP key (red dongle) can be shared between several hosts running CHARON-VAX (including the host on which the network license is installed).

If CHARON-VAX is installed on the host where the network key is connected, no additional steps are required. The Sentinel driver is activated as part of the CHARON-VAX installation. If the host does not have CHARON-VAX installed, the host can still distribute the connected network license to CHARON-VAX instances running on other hosts. In this case the Sentinel driver must be installed on the host manually.

The Sentinel run-time driver is distributed as a separate RPM package in the CHARON-VAX kit. Please see the "

License installation" section of this chapter for details.

Once the Sentinel run-time driver is installed and the network license is connected, CHARON-VAX can be started on any appropriate host on the LAN network segment.

Info

The Network license key contains a specific parameter to restrict the number of hosts allowed to run CHARON-VAX at the same time. Together with a parameter defining the number of CHARON-VAX instances that may run at the same time, the network license sets the total number of running CHARON-VAX instances on the allowed number of hosts.

 

...

For any type of licensing, CHARON-VAX can use only one valid ("active") license (of given vendor code) at a time.

The The "hasp_srm_view" utility  utility displays the "active" license only. by default, but it is able to display all available licenses with "-all" parameter. It is also possible to check some specific license by its number using "-key" parameter.

The utility provides the license number and ID / IP address of the host where the active license is installed.

...

The general recommendation is to avoid usage of multiple keys in one network segment. Use only one locally installed license per host or one network license per local network segment containing several CHARON-VAX hosts.VAX hosts.

Div
classpagebreak

 

When needed, it is possible to use a special parameter in the CHARON-VAX configuration file to specify exactly which license must be used by each particular instance of CHARON-VAX:

ParameterTypeValue
license_key_id[N], N=0 or 1Numeric

A number (decimal Sentinel key ID) that specifies regular (N=0) and backup (N=1) license keys to be used by CHARON-VAX.

Example:

set session license_key_id[0]=1877752571
set session license_key_id[1]=354850588

It is also possible to specify both regular and backup key in one line.

Example:

set session license_key_id[0]=1877752571 license_key_id[1]=354850588

Depending on the presence of the regular and/or backup license key IDs in the configuration file, CHARON-VAX behaves differently:

  1. No keys are specified
    CHARON-VAX behaves as usual (performs unqualified search for any suitable key). If no keys are found, CHARON-VAX exits.

  2. Both keys are specified
    CHARON-VAX performs qualified search for regular license key. If it is not found, CHARON-VAX performs qualified search for backup license key. If it is not found, CHARON-VAX exits.

  3. Only regular key is specified
    CHARON-VAX performs qualified search for regular license key. If it is not found, CHARON-VAX performs unqualified search for any suitable key. If it is not found, CHARON-VAX exits.

  4. Only backup key is specified
    CHARON-VAX behaves as usual (performs unqualified search for any suitable key). If no keys are found, CHARON-VAX exits.

Back to Table of Contents

License installation

Installation of Regular and Network license keys

Installation of CHARON-VAX regular and network licenses consists of:

 

  1. Installation of the Sentinel run-time environment on the CHARON-VAX host (regular and network keys) or on the host that will distribute CHARON-VAX licenses over a local network segment (network key only). The Sentinel software ( the “aksusbd” RPM package) is installed automatically by CHARON-VAX for Linux.

  2. Physical connection of the HASP license dongle to the CHARON-VAX host or to the host distributing the CHARON-VAX license over the local network segment.

When manual installation of Sentinel run-time is required (in the case of the network license server that does not have CHARON-VAX installed), open the CHARON-VAX kit folder and proceed the following way:

# rpm # rpm --nodeps -ihv aksusbd-2.45-1.i386.rpm charon-hasplicense-4.67-1680217101.68704.el65el71.x86_64.rpm

Info

In case of network-wide license (red dongle) do the following:

  • On server side (where network license will reside): open port 1947 for both TCP and UDP
  • On clients side: open UDP ports 30000-65535
  • Both on server and client sides: setup default gateway

Please consult with your Linux User's Guide on details.

If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.

Div
classpagebreak

 

Info

Some additional packages may be needed in certain cases, for example "glibc.i686"

Back to Table of Contents

...

Replacement of currently installed Sentinel run-time

Replacement of currently installed Sentinel Run-time may be needed in case of:

  • Upgrade to a newer version of CHARON-VAX
  • Installation of a specific CHARON-VAX license Run-time provided by STROMASYS
Run-time replacement is a two step process:
  • Remove the current run-time (and the package "charon-hasplicense-<...>.rpm" containing the run-time customization) with the command

    # rpm --nodeps -e aksusbd charon-hasplicense-<...>
  • Change to the directory where the new run-time RPM resides (along with the corresponding "charon-hasplicense-<...>.rpm" customization package) and issue the command:

    # rpm --nodeps -ihv aksusbd<…>.rpm charon-hasplicense-<...>.rpm

Installation and update of CHARON-VAX Software License or HL/HASP dongle License

CHARON-VAX software licenses can be installed according to the following procedure:

  • Install CHARON-VAX together with Sentinel run-time (Sentinel run-time is an essential part of CHARON-VAX for Linux distribution)

  • Reboot host system

  • In case of Software License installation and if there are already installed network-wide SL's in local network disable access to network licenses in the following way:
    • Go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC).
    • Select "Configuration" option at the left panel, then "Access to Remote License Managers" tab.
    • Uncheck the highlighted options:
       
    • Press "Submit" button to apply settings
    • Select "Network" tab.
    • Switch "Network visibility" to "None":
       
    • Press "Submit" button to apply setting.
    • Do not forget to return these settings back after SL installation.
  • Connect HASP dongle to host system (in case of update of a license in a dongle)
  • Collect CHARON-VAX host fingerprint file (".c2v") - in case of first installation of Software License:

    # hasp_srm_view -fgp my_host.c2v

    or collect ".c2v" file in case if already installed Software License or connected HL/HASP dongle needs updating:

    # hasp_srm_view -c2v current_license.c2v
  • Send the ".c2v" file ("my_host.c2v" / "current_license.c2v" in the examples above) to STROMASYS

  • Receive a ".v2c" file  in return and put it somewhere on the CHARON-VAX host.

  • Start any web browser on this system and go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC) or configure ACC for remote access (see the details below).

  • In ACC, under the Options menu, select Update/Attach, "Browse" for the "*.v2c" file and then "Apply File".

  • Ensure that the license appears in the “Sentinel Keys” menu.

     

Info

Alternatively it is also possible to use "hasp_update" utility for applying ".v2c" file.

Info

Content of the installed software license is not shown by the Sentinel HASP Admin Control Center.To see it please run "hasp_srm_view" utility from local console or configure remote access according to the instructions given in the "hasp_srm_view" utility section

Info

In case of network-wide software license do the following:

  • On server side (where network license will reside): open port 1947 for both TCP and UDP
  • On clients side: open UDP ports 30000-65535
  • Both on server and client sides: setup default gateway

Please consult with your Linux User's Guide on details.

If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.

Back to Table of Contents


License management 

CHARON-VAX license management is performed by the Sentinel Admin Control Center and specific utilities. These are described in the sub-sections below.

Sentinel Admin Control Center

...

To access the ACC, start any web browser and go to http://localhost:1947 

Info

Sentinel Admin Control Center is not able to display CHARON-VAX licenses - to view key contents, use the "hasp_srm_view" utility.

To access Sentinel Admin Control Center start any web browser, enter enter http://localhost:1947 and press  and press Enter.   Web interface of the Sentinel Admin Control Center will appear.

 The screenshot below gives an example of its interface:

 

Disable remote keys access 

A helpful feature of Sentinel Admin Control Center is the ability to disable access to remote keys. If the network key is installed locally, access to the key from remote hosts can be disabled. The following examples demonstrate how this can be done.

To disable access to remote keys switch to the "Access to Remote License managers" tab and uncheck the "Allow Access to Remote Licenses" checkbox. Then Then press "Submit" button to apply this setting:

Image Modified

Back to Table of Contents

Accessing Sentinel Admin Control Center from remote hosts

By default, Sentinel Admin Control Center forbids accessing its web interface from remote machines. To allow access, configure ACC for remote management.

The first step is to edit the "hasplm.ini" file:

# vi /etc/hasplm/hasplm.ini

 

Allow remote access by changing the "ACCremote" parameter from "0" to "1".Then restart Sentinel Admin Control Center run-time:

# /etc/init.d/aksusbd restart

If the CHARON-VAX host firewall is blocking remote access to the Sentinel Admin Control Center, please configure the firewall to open the port 1947 (TCP protocol). Refer to Linux documentation for details on how to configure the firewall.It is also possible to use SSH port forwarding with the following command (put the real CHARON-VAX host name instead of "CHARON_MACHINE"):

# ssh -L8080:CHARON_MACHINE:1947 root@CHARON_MACHINE

This will expose Sentinel Admin Control Center on port 8080 to any computer, and Sentinel Admin Control Center will believe commands are coming from the local host.

License management utilities

CHARON-VAX for Linux provides a specific utility for license management - "hasp_srm_view". This utility is used to display CHARON-VAX license content, and to collect key status information and host fingerprint (C2V) files.

 

Info

Applying updates (".v2c" files) is typically done using Sentinel Admin Control Center (see above), but alternatively it is also possible to use a specific "hasp_update" utility for that.

Please refer to the Utilities section of this Guide for more details.

Transferring and removing CHARON-VAX software licenses

Software Licenses Transfer 

Software Licenses (SL) can be transferred from one host to another using the "hasp_srm_view" utility and "Sentinel Admin Control Center" (ACC).

The following example demonstrates the transfer procedure.Let's suppose a Software License must be transferred from a host "SourceHost" to a host "RecipientHost":

  1. Collect the specific information about the "RecipientHost" to issue a transfer license. To do that run "hasp_srm_view" utility on the "RecipientHost" with the following parameters:

    $ hasp_srm_view -idf

    The file "recipient.id" will be created in the current directory.

  2. Copy the "recipient.id" file to the "SourceHost".

    Info
    "recipient.id" file is an ASCII file, so use "ascii" option in case of FTP transfer.

      

  3. On "SourceHost", open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Note the number of the software license you are going to transfer.

  4. Run the "hasp_srm_view" utility in the following way to create a transfer license for the host "RecipientHost":

    $ hasp_srm_view -tfr <license number> recipient.id

    The "license number" is the value collected at step 3.Example of collecting a transfer license:

    $ hasp_srm_view -tfr 12345678 recipient.id

    The file "<license number>.v2c" will then be created in the current directory. In the example above the name of the transfer license will be "12345678.v2c"

  5. Copy the resulting "<license number>.v2c" file to the "RecipientHost".

    Info
    "<license number>.v2c" file is an ASCII file, so use "ascii" option in case of FTP transfer.
  6. On "RecipientHost", open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Apply the "<license number>.v2c" file as described above

Software License Removal

It is also possible to remove Software License completely from a host, the license will then be dumped to a specific license file "*.v2c", so it can be re-applied if needed. 

To remove the Software License completely from a host, do the following:

:

  1. Open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Note the number of the software license you are going to remove.
  2. Run the "hasp_srm_view" utility in the following way to remove the license:

    $ hasp_srm_view -tfr <license number>

    The "license number" is the value collected at the step 1.Example:

    $ hasp_srm_view -tfr 12345678

    The "<license number>.v2c" file will then be created in the current directory. In the example above the name of the transfer license will be "12345678.v2c"

  3. It is always possible to re-apply the created ".v2c" file to restore the deleted software license.

Back to Table of Contents

Cloned Software License Removal

In certain situations Software License may become "Cloned" (disabled). In this case the following procedure must be applied to remove the cloned license:
 

  1. Go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC).
  2. In the "Sentinel HASP Admin Control Center" (ACC), locate the target "Sentinel SL AdminMode" license.
  3. Press the "Certificates" button at the right side of the SL description: 
    Image Modified 
  4. Note the name of the correspondent certificate and path to the certificates base in the "Certificates" section.
  5. Remove the target certificate file from the specified directory (in most cases it is "/var/hasplm/installed/68704/").
  6. Reboot CHARON host.
  7. Start "Sentinel HASP Admin Control Center" (ACC) again to ensure that the SL has been removed.

 

Div
classpagebreak

 

License Deinstallation 

To completely remove a CHARON-VAX license from a host, it is enough to remove the Sentinel run-time daemon  (and the package "charon-

hasp

license-<...>.rpm" containing the run-time customization) using the following command:

# rpm --nodeps -e aksusbd charon-
hasp
license-<...>

Then just physically disconnect the license key (in the case of protection by dongles).

 

Special "backup" license keys

Backup keys are provided by STROMASYS along with standard license dongles. It is strongly recommended to order a backup key to recover immediately from damage or loss of the main license key.Backup keys use a counter (integer) value hardcoded inside the key. This integer value is a number of hours CHARON-VAX is allowed to run. Each time CHARON-VAX checks the license (every hour), the value is decreased (by 1 hour).Please note that backup keys have restricted functionality:

  • CHARON run time is typically limited to 720 hours (30 days). This should be more than enough time to get a replacement from STROMASYS.
  • Backup license may be valid only until a certain date. Please check with STROMASYS management.