Versions Compared

Old Version 120

changes.mady.by.user W.Erber

Saved on

compared with

New Version Current

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: IAM information for newer VE license server versions

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

Contents

Table of Contents
excludeContents
stylesquare

Div
classpagebreak


Prerequisites

The Charon VE License Server has a number of prerequisites:

  1. The VE license server package
  2. A suitable Linux instance to be used as the VE license server. This instance must run
    1. in a supported cloud environment,
    2. in a supported VMware environment, or
    3. on a supported physical server.
  3. Correct firewall settings
  4. The VE-capable Charon emulator software running on a Charon host with appropriate network access to the VE license server (see restrictions for VMware environments in the section Charon VE-Capable Emulator and Management Software below).

These requirements are described in detail below.

VE License Server Package

The Charon VE License Server package is delivered as an RPM package. Stromasys or your Stromasys VAR will provide you with the software or a download link.

...

Where <version> indicates the version of the software, for example, 2.0.1

Div
classpagebreak


Linux Instance for License Server

The license server package must be installed on a supported Linux instance. This instance can run in a supported cloud, in a supported VMware environment, or on a physical host.

Currently Supported Cloud Providers

At the time of writing, the following cloud providers are supported by the VE license server:

...

Depending on the cloud environment, Stromasys may offer prepackaged Charon VE images on selected cloud marketplaces. Such images include the Charon VE-enabled emulator software (already installed) and the VE License Server RPM package (can be installed optionally). An instance launched from a prepackaged image can also be used as a VE license server.

Currently Supported VMware Platforms and Requirements

At the time of writing, the following VMware Platforms are supported by the VE license server:

  • Requirements for direct ESXi host binding:
    • The VE license server must run in one of the VMs on the ESXi server.
    • ESXi/vSphere version 6.5 and above.
    • Valid license that supports the vSphere API feature. Otherwise the license server fails to start with the message
      Failed to detect ESXi/vCenter Server.
    • Ports 443 (TCP) and 902 (TCP, UDP) must be accessible to the VE license server host.
    • 100 MB of free disk space on the ESXi server to be used by the VE license server host.
    • Administrative user (and password) on the ESXi/vSphere host used for the binding between license server and ESXi/vSphere host.
    Requirements for vCenter Server binding:
    • The VE license server must run in a VM on one of the ESXi systems managed by the vCenter Server

      User and password on the ESXi/vSphere host used for the binding between license server and ESXi/vSphere host. This user must have at least the following permissions assigned to the user via a custom role definition (please note that the permission paths/names can be slightly different depending on the vSphere version):

      Excerpt
      nameESXiPermissions
      • Datastore > Allocate Space
      • VirtualMachine > Config > AddNewDisk
      • VirtualMachine > Config > RemoveDisk


  • Requirements for vCenter Server binding:
    • The VE license server must run in a VM on one of the ESXi systems managed by the vCenter Server.
    • vCenter Server version 6.5 and above.
    • Ports 443 (TCP) and 902 (TCP, UDP) must be accessible to the VE license server host.
    • 100 MB of free disk space on the vCenter Server to be used by the VE license server host.
    • Administrative user (User and password ) on the vCenter Server used for the binding between license server and vCenter Server. This user must have at least the following permissions assigned to the user via a custom role definition (please note that the permission paths/names can be slightly different depending on the vSphere version) :
      • Datastore > Allocate Space
      • VirtualMachine > Config > AddNewDisk
      • VirtualMachine > Config > RemoveDisk

Please note: vMotion for the virtual machine running the VE license server can only be used if the license server binds to the vCenter Server. The target system must be managed by the same vCenter Server.

The VE license server for VMware environments has also been tested successfully in a Google GCVE (Google Cloud VMware Engine) environment. Please contact Stromasys to discuss your requirements if you need this product combination.

Div
classpagebreak


Currently Supported Physical Servers

At the time of writing, the following physical platforms are supported by the VE license server:

  • Modern Intel x86 or AMD platform with sufficient resources for the required Linux operating system

...

...

Linux Host Requirements for the VE License Server

The Linux system on which the VE license server runs must fulfill the requirements described below.

Linux Hardware and Software requirements

Software requirements for the VE License Server itself:

...

  • For Charon-SSP, refer to the Charon-SSP user's guide of your emulator version for details (see CHARON-SSP for Linux).

Additional Linux Host Requirements for AWS cloud

...

(for VE license server versions < 1.1.23)

Only required for VE license server versions earlier than 1.1.23.

In the AWS cloud, an IAM role allowing the ListUsers action (IAMReadOnlyAccess in the example below) must be attached to the instance. This can be done during the launch of the instance as shown in the sample below.

Alternatively, the role can be set/changed by selecting the instance, right-clicking on it, and selecting Security > Modify IAM Role (in the older AWS console, use the Action menu). If such a role has not yet been defined, please refer to Creating and Attaching an AWS IAM Role and to the documentation provided by AWS for additional information.

Additional Linux Host Requirements for IBM cloud

For the license server to work properly in the IBM cloud, an API key must be created and installed. Please refer to Creating and Installing an IBM API Key.

Div
classpagebreak


Firewall Settings

Communication Between License Server and Client Systems

Any intermediate firewall as well as the cloud-specific subnet and instance security settings must permit the necessary ports for the appropriate source systems:

  • Basic license operation
    The TCP port that is used by the license client to access the license must be permitted on the license server, and by any intermediate firewall.
    Default: TCP/8083; an alternative port can be configured in /opt/license_server/config.ini.
  • Access to license server web interface
    The TCP port used by remote systems to web-based management interface must be permitted on the license server, and by any intermediate firewall.
    Default: TCP/8084; an alternative port can be configured in /opt/license_server/config.ini.

...

  • The default zone name can be found with the command firewall-cmd --get-default-zone, a list of all zones can be displayed with the command firewall-cmd --get-zones.
  • The parameter --permanent writes the command to the respective firewalld configuration files. To add the command to the running firewall, re-run it without the parameter --permanent.
  • The simplified sample above does not limit the source IP address to the addresses of the license clients. This would require a more sophisticated configuration. Please refer to the documentation of your Linux system.

Communication Between License Server and Cloud Infrastructure

The license server must be able to access information provided by the cloud infrastructure. In particular, it must be able to communicate with the following addresses/systems:

  • The metadata server of the cloud environment (169.254.169.254) on AWS, Azure, OCI, and GCP
  • If running a VE license server version before 1.1.23 on AWS, the host iam.amazonaws.com
  • If running on GCP, the host www.googleapis.com
  • If running on the IBM cloud, the hosts iam.cloud.ibm.com and resource-controller.cloud.ibm.com

Any intermediate firewall as well as the cloud-specific subnet and instance security settings must permit communication with these systems for the VE license server to function properly. See Cloud-Specific Firewall Information for an overview about the mechanisms used in the different cloud environments, and your Linux firewall documentation for any Linux specific questions.

Communication Between License Server and ESXi Host / vCenter Server

The license server must be able to access the following ports on the ESXi host or vCenter Server it binds to: ports 443 (TCP) and 902 (TCP and UDP).


Div
classpagebreak


Charon VE-Capable Emulator and Management Software

The VE license server software requires matching Charon emulator software. At the time of writing this support was available for Charon-SSP emulator products.

Please note:

  • The protocol versions used by the

...

  • emulator software and the license server must be compatible. The software checks for compatible protocol versions and reports an error should there be a mismatch.
  • The Charon-SSP VE emulator software can run on the same system as the license server or on a separate system with appropriate network access to the VE License Server. However, there are restrictions in a VMware environment.
  • Restrictions for VMware environments:
    • If the license server binds to the ESXi host on which the license server VM runs, any Charon emulator using the VE license server must run either on the same VM as the VE license server or on a VM running on the same ESXi host.
    • If the license server binds to the vCenter Server that manages the ESXi host on which the license server VM runs, any Charon emulator using the VE license server must run either on the same VM as the VE license server or on a VM on an ESXi host managed by the same vCenter Server.

Charon-SSP Emulator Packages for VE Licenses

The necessary features are available in Charon-SSP 4.2.x and later. Stromasys or your Stromasys VAR will provide you with the software or a download link. In certain cloud environments, Stromasys may offer prepackaged Charon-SSP VE images on selected cloud marketplaces. If you use a Charon host in the cloud and the instance was launched from such a prepackaged image, the required VE-capable emulator software is already installed (refer to the respective cloud-specific Getting Started Guide for more information).

...

  • Unless there is GUI access to the Charon-SSP host system (or an option to use X11-Forwarding via SSH), Charon Manager and Charon Director must be installed on a remote management system that will be used to configure and manage the Charon-SSP software. The Charon-SSP emulator software can also be run from the command-line, in which case Charon Manager and Director are not required.
  • The Charon Agent package contains the RPM and Debian packages for the Charon Manager on Linux and a ZIP file for the Charon Manager on Microsoft Windows (charon-manager-ssp-<version>.zip).The Charon-SSP VE emulator software can run on the same system as the license server or on a separate system with appropriate network access to the VE License Server.


Div
classpagebreak


VE License Server Software Installation

If you are not familiar with the installation of RPM packages, please refer to the general Charon user's guide of your product, or your Linux system documentation.

...

  • In versions before 1.0.17, the license server will not start automatically after the initial installation. It will be started once a valid license has been installed (see Installing a License on the VE License Server).
  • When upgrading to version 1.0.24 or above from an older version of the license server, a license update is required due to a change in the license schema.
  • If you plan to use a primary and a backup license server, the license server software must be installed on both systems.

VE License Server Installation Steps

Perform the following steps to install the VE License Server software:

...

Code Block
languagetext
# dnf install license-server-1.1.5.rpm 
Last metadata expiration check: 1:14:52 ago on Fr 29 Jan 2021 09:46:32 CET.
Dependencies resolved.
================================================================================
 Package               Architecture  Version          Repository           Size
================================================================================
Installing:
 license-server        x86_64        1.1.5-1          @commandline         52 M

Transaction Summary
================================================================================
Install  1 Package

Total size: 52 M
Installed size: 79 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: license-server-1.1.5-1.x86_64                          1/1 
  Installing       : license-server-1.1.5-1.x86_64                          1/1 
  Running scriptlet: license-server-1.1.5-1.x86_64                          1/1 
Created symlink /etc/systemd/system/multi-user.target.wants/licensed.service → /etc/systemd/system/licensed.service.

  Verifying        : license-server-1.1.5-1.x86_64                          1/1 

Installed:
  license-server-1.1.5-1.x86_64                                                 

Complete!

VE License Server Post-Installation Tasks

After the installation, it is strongly recommended to change the default password of the web GUI. Please refer to VE License Server Web-based Management GUI for more information.

Div
classpagebreak


Charon VE-Capable Emulator Software Installation

The installation of the Charon emulator software is described in detail in the user's guides of the respective products and versions. This section provides a short overview.

Installing Charon-SSP for VE Licenses

General Information

The Charon-SSP packages are RPM packages that are installed using the yum (Linux 7.x), dnf (Linux 8.x), or rpm command. They can be copied to the Charon host system using SFTP as shown in the example for copying the license server RPM, or using other methods.

...

Please note: To use the graphical user interface (Charon Manager for SSP) the Charon Manager package typically is installed on your local Linux or Windows PC that will be used for management purposes. Running the Charon Manager in a non-graphical cloud or VMware instance and export it via X11-Forwarding is possible, but will require additional configuration and installation steps (with access to a package repository) - this is outside the scope of this document. It is also possible to manage Charon-SSP via the command-line only. This is described in the general Charon-SSP user's guide.

Possible Additional Requirements

Many Linux server instances are missing packages that are typically available on workstation installations. Such packages may have to be installed, for example, if Charon-SSP graphics device emulation or audio emulation are to be used.  The same applies to the Charon-SSP Manager, the Server JIT feature, and some non-critical functions of the Charon Agent. On prepackaged Charon-SSP cloud marketplace images, the necessary packages are preinstalled.

...

The packages above have their own dependencies. Install the above packages with the yum (or dnf) command in order to have their dependencies automatically installed. If your server does not have access to the standard operating system repositories, refer to this document for instructions on setting up a local repositories.

Div
classpagebreak


Sample Installation

Only the Charon-SSP emulator packages (4M, 4U(+), 4V(+)) are specific to the license model used. The packages required for managing Charon-SSP (Charon Agent, Manager, and Director) are the same as in the conventional product of the same version.

...