Anchor | ||||
---|---|---|---|---|
|
Include Page | ||||
---|---|---|---|---|
|
A license can be installed locally on the system or—in case of a network license—it can be served to clients on the network by a license server. To use the products, you must have one of the following:
Valid physical license key (HASP dongle)
Valid Sentinel HASP software license
Valid VE license
Insert excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
|
The complete licensing documentation can be found in the Licensing Documentation section of the Stromasys Product Documentation page. Please refer to this documentation for any topics not covered in this overview guide and for more detailed information on the topics discussed here.
This page provides an overview of the basic steps to set up the licensing environment on for a system running Charon-PAR for Linux :
Table of Contents |
---|
...
class | pagebreak |
---|
General Description
Note |
---|
Important information for software upgrades: Charon-PAR version 2.0 and higher is incompatible with licenses of earlier versions. Earlier product versions are incompatible with licenses for Charon-PAR 2.0 and higher. Software licenses may have to be newly created from a fingerprint file during an upgrade from versions before Charon-PAR 1.10. |
A Charon emulator product will not run without a valid license. This license can be provided on a USB hardware dongle (a Sentinel HASP key) or as a software license bound to the hardware of the host system or the network license server. A loss or defect of a license will cause the emulator to stop.
To check the validity of a license, Charon performs the following steps:
- The Charon emulator checks the text block of the license to determine if it is allowed to run (if there is a product section which corresponds to the emulator).
- Then Charon checks the feature associated with the product to see if the feature is valid - that is, not expired, runtime not counted to 0, and if there are still some instance-slots available to run the emulator.
- If there is no matching product section or if the feature is not valid, Charon reports the problem in the log and shuts down.
Charon products check the availability of a valid license under several conditions:
1. At startup:
If no license is found, an error message will be written to the emulator log file and the emulator will not start.
In some emulator products it is possible to configure the number of retries and the waiting time between them by adding parameters to the emulator configuration file. Please refer to the product documentation for the details regarding the relevant parameters: license_retry_period
and license_retry_count
parameters (obsolete starting with version 1.10)
2. At regular intervals during the runtime of the emulator (the default license check period of 1 hour can be changed by Stromasys using the appropriate license parameters):
- If the previously used valid license has disappeared, is defect, or has become invalid, the emulator will report the missing license in the log file and continue operation for a limited amount of time as described below.
- If there is another valid license, for example a backup license defined in the configuration file, it will be used.
- Starting Charon-PAR 1.10, Charon allows for a grace period of 12 hours during which the software checks for the presence of a valid license every 10 minutes until a valid license is found. If no valid license is found after the grace period has expired, the emulator will stop.
- Earlier versions: should there still be no valid license at the next regular license check (this default interval may be changed by individual Charon products), the emulator will stop.
- If a time-restricted license is used and it expires, the Charon instance tries to find its replacement automatically and, if found, proceeds using the replacement license.
Under certain circumstances existing licenses must be updated.
License updates are required for:
...
using either Sentinel HASP licensing, or Virtual Environment (VE) licensing.
Table of Contents |
---|
General Licensing Aspects
Creating and updating a license prior and during the operation of Charon emulators involves the following basic steps:
Generate a C2V (customer-to-vendor) file. It contains the data required to generate a license.
Submit the C2V information to Stromasys Orders Administration.
Receive one or more V2C (vendor-to-customer) license file. It contains the new or updated license data.
Apply the V2C files to the local system or the license server.
The following sections describe how to perform these tasks using the different tools available.
Sentinel HASP Licensing
General Description
Please note:
- Upgrading to this Charon-PAR from an older version requires a license update. Please contact your VAR or Stromasys representative to plan the update.
- Applicable to HASP licensing only: Charon-PAR version 3.0.0 and higher is incompatible with licenses of earlier versions. Earlier product versions are incompatible with licenses for Charon-PAR 3.0.0 and higher. Charon-PAR licenses of version 2.1.0 are not compatible with emulators running Charon-PAR version 2.0.0.
A Charon emulator product will not run without a valid license. This license can be provided on a USB hardware dongle (a Sentinel HASP key) or as a software license bound to the hardware of the host system or the network license server. A loss or defect of a license will cause the emulator to stop.
To check the validity of a license, Charon performs the following steps:
- The Charon emulator checks the text block of the license to determine if it is allowed to run (if there is a product section which corresponds to the emulator).
- Then Charon checks the feature associated with the product to see if the feature is valid - that is, not expired, runtime not counted to 0, and if there are still some instance-slots available to run the emulator.
- If there is no matching product section or if the feature is not valid, Charon reports the problem in the log and shuts down.
Charon products check the availability of a valid license under several conditions:
1. At startup:
If no license is found, an error message will be written to the emulator log file and the emulator will not start.
In some emulator products it is possible to configure the number of retries and the waiting time between them by adding parameters to the emulator configuration file. Please refer to the product documentation for the details regarding the relevant parameters: license_retry_period
and license_retry_count
parameters (obsolete starting with version 1.10)
2. At regular intervals during the runtime of the emulator (the default license check period of 1 hour can be changed by Stromasys using the appropriate license parameters):
- If the previously used valid license has disappeared, is defect, or has become invalid, the emulator will report the missing license in the log file and continue operation for a limited amount of time as described below.
- If there is another valid license, for example a backup license defined in the configuration file, it will be used.
- Starting Charon-PAR 1.10, Charon allows for a grace period of 12 hours during which the software checks for the presence of a valid license every 10 minutes until a valid license is found. If no valid license is found after the grace period has expired, the emulator will stop.
- Earlier versions: should there still be no valid license at the next regular license check (this default interval may be changed by individual Charon products), the emulator will stop.
- If a time-restricted license is used and it expires, the Charon instance tries to find its replacement automatically and, if found, proceeds using the replacement license.
Under certain circumstances existing licenses must be updated.
License updates are required for:
- Charon product version upgrade
- Product change
- License validity (time) extension
...
The license check for Charon-PAR will pass if the version on the license is higher than the one of the running Charon instance, as long as the major version (e.g., the 2 in 2.00) is the same. Please note that license are not compatible between product versions 1.x, 2.x, and 23.x.
...
License Type Overview
Depending on customer requirements, Stromasys can provide several different license types.
Local Hardware License
...
Local hardware licenses are USB dongles and work on the system they are physically connected to. For Windows systems supporting AnywereUSB®, hardware licenses can also be connected over the network. They can easily be moved to a different system, if required. The content of the dongle can be updated if a change to the license or an extension of a time-based license is required. The necessary steps will be described later in this document.
...
Please note:
- Hardware dongles require the Sentinel HASP run-time (driver) installation before the dongle can be connected to and used by the system.
...
- Hardware dongles
...
- , apart from HL-MAX dongles
...
- , are equipped with a battery and a clock, which makes them independent of the host clock.
...
- The battery is not rechargeable. However, the dongle can use the power provided by the host system while it is plugged in. By doing this, the depletion of the battery can be slowed down. Check the dongle at regular intervals if it is not permanently connected to a system
...
- . If the battery becomes completely depleted, the dongle will be permanently unusable and must be replaced. See also: How long does the license USB dongle battery last upon a full charge.
Software License
...
A software license is a "virtual" key with functionality very similar to a HASP network-enabled hardware dongle.
A software license does not require any special hardware but it still requires installation of the Sentinel runtime environment.
Please note:
- To avoid unexpected problems, do not use any Sentinel runtime software that was not provided by Stromasys without being advised to do so by your Stromasys representative.
...
- Software licenses are best suited for stable environments, because their correct function depends on certain characteristics of the host system. Changing any of these characteristics will invalidate the license.
- If the Charon host runs on real hardware, software licenses are by default tightly bound to the hardware for which they were issued. If major hardware characteristics of the system are changed, the license will be disabled.
- If the Charon host runs in a virtual environment (e.g., VMware), software licenses are normally bound to the virtual machine ID and a set of additional characteristics of the virtual machine. If any of these parameters are changed, the license will be disabled
...
- .
...
- Software licenses are very sensitive to even small changes on the host system. Therefore, it is especially important to provide for a backup license that will ensure continued operation should there be a problem with the software license. See Handling Multiple License Keys and Product Licenses for details.
...
class | pagebreak |
---|
Network License
...
For a more detailed description of the restrictions, please refer to HASP Software Licensing restrictions or contact your Stromasys representative.
Div | ||
---|---|---|
| ||
Network License
The network Sentinel HASP key (red USB dongle) can be shared between several hosts running a Charon emulator product (including the host on which the network license is installed).
...
All software licenses are also network licenses.
If the Charon emulator product is installed on the host where the network license is connected, no additional steps are required. The Sentinel driver is installed as part of the Charon product installation. If the host does not have a Charon emulator product installed, the host can still distribute the connected network license to emulator instances running on other hosts.
The Sentinel HASP runtime software must be installed on such a "license server" and on the client system. For details regarding the installation, please refer to the software installation section in this document. Once both the Sentinel runtime software and the network license are installed, the Charon emulator product can be started on any appropriate client host on the LAN, provided access to the license is enabled.
- The network license will be visible to all hosts that can access the license server over IP. Access to the license server must be possible on port 1947 via UDP (discovery process) and TCP (actual access to license). Further information (e.g., use of additional UDP ports) can be found in the section Firewall Considerations.
- The license server and the client must both allow access to the network license using the appropriate management tools.
The maximum number of concurrently active Charon instances is determined by the parameters of the license.
...
If you need to install a standalone license server, please refer to the installation section of the Licensing Handbook.
...
Overview of Initial License Installation Steps
Each Charon emulator product requires a valid license to run. To access the license, the emulator needs the Sentinel runtime software. This software is part of the Charon-PAR for Linux installation kits. Refer to the software installation section of the Charon product user's guide for software installation instructions.
...
- Add a password for the Sentinel Admin Control Center (ACC).
- If you purchased a hardware license, you can simply plug the dongle into a free USB port on the system.
- If you purchased a software license, you need to create a fingerprint file in C2V (customer-to-vendor) format containing the system characteristics. Use this file to request a license for your Charon product from Stromasys.
- If your license is a network license served by a license server, make sure that the access of the client system to the license server is not blocked by the configuration or a firewall.
- Optionally, define how multiple licenses will be used (selecting primary/backup license, defining license priorities).
- If you have an existing license that needs to be updated, you need to create a customer-to-vendor (C2V) file and use this file to request a license update from Stromasys.
Overview of License Management Tools
The following list shows the main tools used to manage licenses on Linux:
- Sentinel Admin Control Center (ACC): A web-based interface providing important configuration options with respect to licenses.
- The hasp_srm_view program: A command-line tool to display the detailed license contents and generate C2V and fingerprint files. Cannot be used over a remote connection when using local hardware licenses.
- The hasp_update program: A command-line tool to install new and update existing licenses.
Accessing the License Management Tools
The command-line tools are installed under /opt/charon/bin/
. If this directory is not part of your PATH variable, you have to specify the full path to access the command.
...
The Sentinel ACC on the local system is accessed by starting a web-browser and pointing it to the URL: http://localhost:1947.
...
Sentinel Admin Control Center (ACC) Security Settings
...
Stromasys strongly recommends performing the steps described below to reduce the risk of unauthorized access to the Sentinel ACC.
Define a Password for the Sentinel ACC
By default, anyone on the local system with access to port 1947 can access the GUI. If remote access is enabled, users on the network with access to port 1947 can also access the GUI. To protect access to the GUI with a password, perform the following steps:
Step | Description |
---|---|
1 | Open a web browser and navigate to http://localhost:1947/. |
2 | Click on the left-hand menu item labeled Configuration. |
3 | Click on the Basic Settings tab. |
4 | Under the entry labeled Password Protection, click the Change Password button. |
5 | At the Change Password window:
|
6 | Back at the Basic Settings tab:
|
7 | Optional: to allow remote access to the Sentinel HASP GUI:
Additional information: For remote access to the Sentinel HASP GUI,
If required, remote access can also be enabled on Linux by editing the filefile /etc/hasplm/hasplm.ini and setting the parameter ACCremote toto 1. Should the file not yet exist, refer to the Sentinel ACC selected hasplm.ini parameters chapter in the Tools Reference section of the licensing handbook. |
...
Please note: With these settings, when you connect to the HASP GUI from a remote system, you may be prompted for a username and password. It is enough to just enter the configured password and leave the username field empty.
Div | ||
---|---|---|
| ||
Setting Linux File Protections
To prevent unprivileged access and modifications to the Sentinel HASP configuration file on Linux, enter the following commands:
|
Please note:
- The file hasplm.ini on Windows is readable by normal users but cannot be modified. Password information is encrypted.
- Should it not be possible to open a local browser on a Linux server, the remote access setting can also be modified by editing the file
/etc/hasplm/hasplm.ini
and changing the value of the parameter ACCremote from 0 (access disabled) to 1 (access enabled). The parameter to enable network visibility is bind_local_only. It must be set to 0. Changed settings are recognized automatically by aksusbd.
Viewing Existing Licenses
It is important to know which licenses are visible on a system. For example, the user can
...
- Sentinel ACC: shows important information, but not the product specific license parameters.
- Command-line tool hasp_srm_view: shows all product details contained on the license. Can only be run from a local connection for local hardware licenses.
Div | ||
---|---|---|
| ||
Viewing a License with Sentinel ACC
To view available licenses using Sentinel ACC, start the web interface as described above.
...
A C2V file can only be extracted if the license in question is local to the current license manager, i.e., the license manager to which the web browser is connected. In the example above, the network license on a different host does not have the option to create a C2V file. You can connect to the remote license manager clicking on the hostname in the Location column (if connections are allowed).
...
Please note:
- The option to create a C2V file is not available in older versions of the Charon emulator software.
...
- Starting with ACC version 7.60, the option to create C2V files for USB dongles is only available if it has been enabled in the basic configuration section (under the Configuration menu item).
The menu options Products, Features and Sessions on the left-hand side provide the same information as the buttons. However, they show the information for all licenses.
Viewing a License with hasp_srm_view
On Linux, the license content is displayed using the hasp_srm_view command. For displaying the license, the following parameters are relevant:
- Display the default license: run the command without options or with
-l
- Display all licenses: run the command with the option
-all
- Display a license with a specific ID: run the command with the option
-key
Please note
...
: Local hardware licenses can only be displayed from a local connection to the system, for example via the console. If you are connected via a remote connection, for example via ssh, the hasp_srm_view command will return an error. Network licenses do not have this problem.
...
A workaround is described below.
Workaround when logged in via a remote connection:
When connected to the system via a remote connection, the command to display a local hardware license will return an error. As a workaround, you can display the license contents with the following command (adapt the path of the command if your installation location is different):
$ ssh localhost
/opt/charon/bin/hasp_srm_view
...
Please note: Starting with Charon-PAR 1.10, the hasp_srm_view utility on Linux does not follow the settings in the Sentinel ACC with respect to querying remote license servers and network visibility. The utility performs
...
a broadcast search for network licenses even if this has been disabled in the Sentinel ACC. If this behavior has to be prevented for specific reasons, the network access of the system must be temporarily restricted or disabled, for example by blocking the relevant traffic with a firewall. Alternatively, access to the network license at the license server side can be blocked.
...
Note that such methods can negatively impact other functions of the system or, in case of blocking access to a network license on the server, even the functions on other client host systems.
Div | ||
---|---|---|
| ||
The following shows sample output of the hasp_srm_view command on Linux (to display all available licenses, use the -all
parameter):
...
|
Div | ||
---|---|---|
| ||
Installing the License
This section provides a short overview of the initial license installation. For more in-depth information, please refer to the licensing handbook.
...
Please note: If a conflicting or obsolete license is visible to the system, it can be (temporarily) removed or disabled. If you need to remove a hardware license, simply unplug it. If you need to remove a software license or disable access to a network license, please refer to the relevant chapter in the licensing handbook.
...
Before removing a license or disabling access to it ensure that it is not required by another currently active product.
Installing a Local Hardware License
A local hardware license (USB dongle) is installed by inserting the USB license key into a free USB port of the host system.
After this step, verify that the license is visible to the system by following the steps for viewing a license as described above. Please bear in mind that a local hardware license cannot be read when connected to the system via a remote connection (for example, ssh).
Installing a Software License
To install a new software license, perform the following steps:
...
# /opt/charon/bin/hasp_srm_view -fgp <filename.c2v> |
The fingerprint will be written to the filename specified.
Please note:
- Charon-PAR before 1.10: the above command will terminate with the error message "
Can not retrieve the C2V (host fingerprint mode) data"
or with "Can not retrieve the C2V (host fingerprint mode) data"
if a network-wide software license is visible to the system. Access to such a license needs to be temporarily disabled before creating the fingerprint file.
...
- Charon-PAR versions 1.10 and higher can create a fingerprint file even in the presence of a network-wide software license.
The fingerprint will be written to the filename specified.
Step 2: Send the resulting fingerprint file to Stromasys orders administration using the email address that Stromasys will provide to you.
...
# /opt/charon/bin/hasp_update u /path/filename.v2c |
...
This section describes the installation of a new software license. However, the commands to install a V2C file are identical when updating a hardware license.
Important caveat:
- When updating a hardware license you will in most cases receive two V2C files, a *_fmt.v2c file and a *.v2c file. The *_fmt.v2c file formats the dongle and the *.v2c file contains the updated license data. In such cases the *_fmt.v2c file must be applied first.
Div | ||
---|---|---|
| ||
Installing a Network License
For a network license to be provided to a client host on the network, a license server must have been set up either with a network-enabled hardware license (red dongle) or a software license (software licenses are always network enabled).
...
- Any firewall between license server and client must permit the necessary communication.
- The license server must be configured to allow access from the client.
- The client must be configured to allow access to the license server.
Firewall Considerations
The following ports are used for the communication between license server and client hosts:
...
For details on how to configure the firewall in your network, please consult your operating system documentation and make sure to adhere to your company's security policies.
Div | ||
---|---|---|
| ||
Allowing Client Access on the License Server
The Sentinel license manager on the license server can be configured to allow or disallow access from remote clients to the network licenses installed on the license server. To access this configuration option, perform the following steps on the license server:
...
- To allow access from remote clients, activate the check-box next to the field Allow Access from Remote Clients and press Submit at the bottom of the page.
To Please note: to allow access from remote clients, network visibility on the "Network" tab must be set to All Network Adapters. - To refuse access from remote clients, clear the check-box next to the field Allow Access from Remote Clients and press Submit at the bottom of the page.
- Access Restrictions allow refining access rules, e.g., by specifying IP addresses. Please refer to Sentinel ACC help for details.
- To allow access from remote clients, activate the check-box next to the field Allow Access from Remote Clients and press Submit at the bottom of the page.
Div | ||
---|---|---|
| ||
Allowing Access to a License Server on the Client
The Sentinel ACC can be configured to enable or prevent that the client host discovers network licenses and to change the options used to discover and access network licenses provided by a license server.
...
- Activate the check-box next to the field Allow Access to Remote Licenses to enable access to license servers. Press Submit to save the setting.
- Clear the check-box next to the field Allow Access to Remote Licenses to disable access to license servers. Press Submit to save the setting.
- The option Broadcast Search for Remote Licenses, when activated, enables a broadcast search for license servers on the local network without having to enter the address of a license server.
...
Please note:
- If the option Broadcast Search for Remote Licenses is not enabled or cannot be used in the customer specific setting, you can enter specific IP addresses or host names that should be queried for network licenses in the Remote License Search Parameters field. Please refer to the Sentinel ACC help function for more information.
...
- To allow access to remote license managers, network visibility on the "Network" tab must be set to All Network Adapters.
...
Starting with Charon-PAR 1.10, the Charon emulator products do not follow the settings in the Sentinel ACC with respect to querying remote license servers and network visibility. They perform a broadcast search for network licenses even if this has been disabled in the Sentinel ACC. If this behavior has to be prevented for specific reasons, the network access of the system has to be temporarily restricted or disabled, for example by blocking the relevant traffic in a firewall. Another possibility would be to block access to the network license at the license server side.
...
Note that such methods can negatively impact other functions of the system or, in the case of blocking access to a network license on the server, even the functions on other license clients.
Verifying License Availability
After installing a license on the system, verify the availability of the license as described in the section View Existing Licenses.
Check if the license shows the correct product, expiration date etc.
Div | ||
---|---|---|
| ||
Handling Multiple License Keys and Multiple Products per License
A Charon host system can have access to several local and remote license keys. Each license key can contain one or more product licenses.
...
The following sections describe the options available to achieve a more deterministic license selection. If only one license is available, either locally installed or via the network, this section does not apply.
Please note
...
: For Charon-PAR before version 1.10: the parameters described in this section can only be used to define a primary key and a backup key, or to specify the correct key if there is a conflicting license for a different Charon product on the same system. It is not possible with these versions of Charon to combine a local license (black dongle) with other licenses (local or network) to increase the number of concurrent instances of the same Charon product on one host system.
...
Newer versions allow a more flexible use of multiple licenses. Both variants are described in the following sections.
Backup License Characteristics
Backup license keys are provided by Stromasys in addition to standard license keys.
...
- The runtime is typically limited to 720 hours (30 days). This is the time available to get a replacement license from Stromasys.
- A backup license key may be valid only until a certain date.
...
- If you start and stop the emulator frequently (e.g., frequent runs with a duration of under one hour), the runtime may be significantly less than 30 days, because the license check during the start of an emulator will reduce the counter by one.
Primary and Backup License for Charon-PAR prior to Version 1.10
If more than one key is visible to the system, you can define which is the primary and which the backup key. To do this, add the following parameters to the configuration file of the Charon instance:
...
To identify the relevant key IDs, display the available licenses as described in section View Existing Licenses.
To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.
Div | ||
---|---|---|
|
...
Prioritizing Licenses - Charon-PAR Version 1.10 and Higher
Prioritized List of License Keys
If more than one key is visible to the system, you can define a prioritized list of license keys. To do this, add the following parameter to the configuration file of the Charon instance:
...
To identify the relevant key IDs, display the available licenses as described in section View Existing Licenses.
To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.
Prioritized List of Product License IDs
Every license key can contain one or more product sections. Newer licenses can contain a product license ID identifying each product section. A prioritized list of product license IDs can be added to the emulator instance configuration file to specify which product sections to use and which should have the highest priority. To do this, add the following parameter to the configuration file of the Charon instance:
...
The emulator instance will scan the available license keys for the listed product license IDs. Then it will try to use the first defined product section. If it is not available, it will try the next and so on. If none of the listed product license IDs are found, the emulator will stop.
Please note: without this parameter, the emulator will try to use the first applicable product section found. If this is not the correct one, the emulator may not start.
To identify the relevant product license IDs, display the available licenses as described in section View Existing Licenses.
To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.
Div | ||
---|---|---|
| ||
Updating an Existing License
If you need to update an existing hardware or software license, for example because the time limit on the license has expired or to upgrade to a new product versions, perform the following tasks:
...
The C2V file will be written to the filename specified.
Please note
...
: The license content cannot be read if you are connected to the system via a remote connection (e.g., via ssh). The hasp_srm_view command will return an error. You can use the following workaround:
$ ssh localhost /opt/charon/bin/hasp_srm_view -c2v <filename>
Step 2: Send the resulting C2V file to Stromasys orders administration using the email address that Stromasys will provide to you.
...
Step 3: After receiving the V2C file(s) from Stromasys, copy the file(s) to the system where the license needs to be installed and install the new license:
...
Important caveat:
- If a hardware USB key is to be updated, in most cases you will have received two files: a *_fmt.v2c file and a *.v2c file. The *_fmt.
...
The following example shows the use of the hasp_update command:
...
- v2c file formats the dongle and the *.v2c file contains the updated license data. In such cases the *_fmt.v2c file must be applied first.
On Linux, the command hasp_update can be used to apply V2C files.
The following example shows the use of the hasp_update command:
# /opt/charon/bin/hasp_update u /path/filename.v2c |
Alternatively, you can use the Sentinel ACC to apply V2C files (use the section Update/Attach). Refer to the license handbook for more details.
Div | ||
---|---|---|
| ||
Virtual Environment (VE) Licensing
The Charon emulator kit itself does not include VE license management tools. The following actions must be performed on the VE license server. However, the VE license server can be on the same system as the Charon emulator.
Please note:
If you have not installed the license server yet (and for any more in-depth information), please refer to the VE license server user's guide (see Licensing Documentation).
The information below shows the command-line tools for license management. Starting with version 1.1.16 of the VE license server, these activities can also be performed using a web-based management GUI. Please refer to the appropriate VE license server user's guide (see chapter VE License Server Web-based Management GUI in the VE license server documentation under Licensing Documentation).
VE Licensing Certificates Overview
This section applies to Charon-PAR version 3.0.11 and later.
This section provides a short overview of the certificates used by the VE license server and Charon-PAR. Please refer to the VE license server documentation for details.
The VE license server uses certificates for different purposes:
License server operation: encrypted communication between license server and license clients (emulators).
New certificate support in the VE license server started with version 2.1.3. Changed certificate names starting with VE license server 2.2.2.
New certificate support for Charon-PAR started with version 3.0.11.
Web-based management GUI: encrypted (HTTPS) communication between the integrated license server web server and web browsers. Starting with VE license server version 2.1.4, the name of the certificate and its management changed. Please refer to the VE license server documentation.
Important information:
General VE license server configuration:
The VE license server will – by default – use the old certificates. Therefore, compatibility with existing Charon clients will be maintained during an upgrade of the license server.
If the new certificates (using pre-defined names) are present in /opt/license-server/certs, these will be used and clients will have to use matching certificates. Please refer to the VE license server documentation for information how to activate the new certificates and, if desired, create custom certificates.
Checking if the new certificates are enabled in a Charon-PAR installation:
Certificate location: /opt/charon/bin/certs
Sample certificate names: ca.crt.sample, charon.crt.sample, and charon.key.sample
If the directory contains the above files without the .sample suffix (e.g., ca.crt, charon.crt, charon.key), the new certificates have been enabled. On the license server, the sample files (for root CA and license server) are in /opt/license_server/certs. Please see the VE License Server guide in License Documentation for more information.
Make sure you understand the implications and possible side-effects before changing the certificate configuration. Incorrect configurations can lead to the loss of license access and interruptions in operation.
Firewall Considerations
Excerpt | ||
---|---|---|
| ||
If the VE license server is not installed on the same system as the emulator, any intermediate firewall must allow at least the port on which the license is served. Optionally, the firewalls must allow the port on which the web-based GUI is available. These ports are configurable on the VE license server. The default values are the following:
|
Div | ||
---|---|---|
| ||
Creating a C2V File on a VE License Server
Running esxi_bind before First C2V Creation on VMware
Insert excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
|
Div | ||
---|---|---|
| ||
Creating a VE C2V File and Sending it to Stromasys
The fingerprint is collected on the license server using the c2v utility.
Perform the following steps to collect the fingerprint on the license server and (if applicable) the backup license server:
Use ssh to log in on the license server instance.
# ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
where<mykey> is the private key of the key-pair you associated with your cloud instance
(for an on-premises VMware installation where login with username/password is allowed, it is not needed)<user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or physical server; for an instance installed from a prepackaged Charon VE marketplace image, use sshuser)
<license-server-ip> is the ip address of your license server system
Become the privileged user and run the c2v program.
Become the root user: # sudo -i
Run the c2v program: # /opt/license-server/c2v --filename <my-file>.c2v --platform <my-platform>
where<my-file>.c2v is the path and name under which you want to store the fingerprint. The file type is C2V (customer-to-vendor)
<my-platform> indicates the platform on which the license server runs (possible values: physical, aws, oci, gcp, azure, ibm, nutanix, or esxi).
Copy the resulting C2V file to your local system (unless you can send email from the license server system).
- Send the C2V file to the Stromasys orders department (email address will be provided by Stromasys).
Div | ||
---|---|---|
| ||
Installing a VE V2C File on a VE License Server
In response to the C2V file, Stromasys will send you a V2C file. This file contains the license data and is installed on the license server using the v2c utility.
Perform the following steps to install the license on the license server:
Copy the V2C file to the license server (e.g., with SFTP).
Use ssh to log in on the license server instance.
# ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
where<mykey> is the private key of the key-pair you associated with your license server instance
(for an on-premises VMware installation where login with username/password is allowed, it is not needed)<user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or your physical server; for an instance installed from a prepackaged Charon VE marketplace image, use sshuser)
<license-server-ip> is the ip address of your license server system
Become the privileged user and run the v2c program.
Become the root user: # sudo -i
Run the v2c program: # /opt/license-server/v2c -f <my-file>.v2c
where <my-file>.v2c is the path and name under which you want to store the fingerprint. The file type is V2C (vendor-to-customer).
After the installation of the V2C file, the license server will be restarted.
Viewing the License on a VE License Server
The license data can be viewed via the web-based GUI of the VE license server (see Licensing Documentation). It can also be viewed with the license_viewer
program using the following steps:
Use ssh to log in on the license server instance.
# ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
where<mykey> is the private key of the key-pair you associated with your license server instance
(for an on-premises VMware installation where login with username/password is allowed, it is not needed)<user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or your physical server; for an instance installed from a prepackaged Charon VE marketplace image, use sshuser)
<license-server-ip> is the ip address of your license server system
Become the privileged user and run the license_viewer program.
Become the root user: # sudo -i
Run the license_viewer program: # /opt/license-server/license_viewer
Charon-PAR Emulator License Configuration
The license server must be added to the Charon-PAR emulator configuration. Please refer to the section Initial Emulator License Configuration.
Updating an Existing License
If you need to update an existing license, for example because the time limit on the license has expired or to upgrade to a new product versions, perform the following tasks:
- Generate the C2V file for the existing license. This Customer-to-Vendor (C2V) file contains the license characteristics necessary for creating the license update.
- Send the C2V file to Stromasys. Stromasys will use the data to create the necessary license update. You will receive a V2C file (the Vendor-to-Customer file).
- Apply the license data from the V2C file(s) on the license server. This will install and activate the update for your license.
Div | ||
---|---|---|
| ||
License Troubleshooting
The most important tool for identifying a license problem are the log files of the Charon emulator, the VE license server, and the Linux system. Always check them first in case of a problem.
Log Files for License Troubleshooting
Charon emulator log file location:
The default location of the emulator log files is the directory in which the emulator was started.
Please note: the path of the log emulator log files can be configured by the user to a non-default value.
VE license server log file location:
The path to the VE license server log on the license server is /opt/license-server/log/license.log.
The path to the VE integrated web server is /opt/license-server/log/webserver.log.
Linux system log:
The Linux logs can be viewed with the journalctl program. Examples:
Identify VE license server entries (newest first): journalctl -r -t license_server
Identify HASP runtime daemon entries (newest first): journalctl -r -t aksusbd
System Processes for Licensing
Correct license operation requires the corresponding system processes.
Sentinel HASP System processes
HASP licenses require the aksusbd process and the hasplmd process. In aksusbd version 7.63, both processes are started and stopped by the same service (/etc/init.d/aksusbd). In aksusbd version 8.13, there are two systemd services:
- the aksusbd service
- the hasplmd service
Checking the status of the services:
# systemctl status aksusbd
# systemctl status hasplmd
Starting and stopping the services:
- The two services have a dependency such that starting one of them will start the other, stopping one of them will stop the other, and restarting one of them will restart the other.
- Starting the services:
# systemctl start aksusbd
# systemctl start hasplmd - Stopping the services:
# systemctl stop aksusbd
# systemctl stop hasplmd
Div | ||
---|---|---|
| ||
VE License Server Process
VE licensing requires that the licensed service must run on the license server.
Checking the status of the service:
# systemctl status licensed
Starting and stopping the service:
- Starting the service:
# systemctl start licensed - Stopping the service:
# systemctl stop licensed
Further Information
Sentinel HASP licenses:
Should there be a failure when trying to display or load the license key, review the error codes listed on the Stromasys website and the associated solutions.
VE Licenses:
Refer to the VE license server guide.
If the problem cannot be solved, please contact your VAR or the Stromasys Customer Support Center (maintenance contract required) using the details in the section Obtaining Technical Assistance.
Include Page | ||||
---|---|---|---|---|
|
...