Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Small clarification

...

This section describes some information that could become relevant during the operation of a VE license server and the corresponding Charon -SSP emulator products.

Contents

Table of Contents
excludeContents
stylesquare

Sentinel/Gemalto

...

Tools not Applicable to the VE License Server

...

Any Sentinel/Gemalto-specific license tools provided with the emulator installation are not applicable to the VE license server configuration.

Sentinel/Gemalto-specific tools and configuration options on Charon-SSP:

In Charon-SSP

...

, the Sentinel/Gemalto-specific license tools and configuration options are available when installing the management packages for the VE-capable Charon-SSP emulator packages. These tools and options are in particular the following:

  • HASP Viewer, HASP Updater, and HASP Manager in the Tools > HASP Tools menu of the Charon Manager
  • The Regular and Backup License parameter in the emulator license configuration section
  • The command-line tools in /opt/charon-agent/ssp-agent/utils/license

The above tools cannot be used for managing Charon-SSP VE licenses. Please ignore them if you have a VE license.

Actions that can Invalidate a VE License

pagebreak
Excerpt
class

A For cloud deployments: if supported by the cloud provider, the VE license server in a supported cloud environment instance can be moved to a different subnet or zone in the same virtual private cloud environment. , as long as the original instance can be moved.

It is also possible to backup and restore (to the same instance) the license server data. Please note: it is not possible to use such a backup to revert to a previous license version.

However, the following actions will invalidate the license:

Changing the number of CPU cores of the license server system.
  1. All supported environments:
    • Copying the license server data to a different instance.
    • Seriously damaging the root filesystem of the license server system.
    • Re-installing the license server system
Div
    • .
    • Copying the virtual machine on which the license server runs. This includes cloning a virtual machine, or recovering a backup into a new virtual machine.
    • Changing the number of CPU cores of the license server system.
  1. VMware environments:
    • Restrictions from point 1 above. 
    • If the license server is bound to the ESXi host: using vMotion on the VM in which the VE license server runs
    • Changes to the API interface of the ESXi host or vCenter Server
    • The license can become temporarily unavailable if the user credentials or address information recorded by esxi_bind are changed. In this case, esxi_bind must be run again to define the correct user credentials and address information.


Starting and Stopping the License Server

Please note: In versions before 1.0.17, the license server can only be started if a valid license is installed.

...

  • Starting the license server:     # systemctl start licensed
  • Stopping the license server:   # systemctl stop licensed
  • Restarting the license server: # systemctl restart licensed

The licensed service logs information to its log file in /opt/license-server/log/license.log and to journalctl.

Primary and Backup License Server

General Information

Charon -SSP emulators for VE licenses supports support a backup license server to ensure service continuity should the primary backup license server become temporarily unavailable. Backup licenses are typically limited to a certain number of emulator runtime hours.

The example below shows the output of such a time-limited license:

Code Block
languagetext
# /opt/license-server/license_viewer 
<<License Viewer>> Current license:
KEYSEC
K_FINGER=123db1ec91a1526c40da028b9e68e5abaadc70c62719af0f6ef1f2cfd2c85bba
K_LICENSE_ID=License fingerprint: 07792211fc8ce3fdc085 <truncated>
Customer name: Stromasys
License ID: 01.00000001.002.045
K_TYPE=COUNTDOWN
K_EXPIRED=100
K_CUSTOMER=Stromasys/Testing
K_PLATFORM=amazon.aws
K_R_DATE=1593308906
K_INTERVAL=60
KEYEND
PRODSEC
P_NAME=Charon-SSP/4U020
Key type: COUNTDOWN
Expiration date: 100 hour(s)
Platform: amazon.aws
Release date: 2021-06-17 13:08:01
Grace period: 120 minutes
License check interval: 60 minutes

Virtual Hardware: Charon-SSP/4M,Charon-SSP/4U+,
Product code: Charon-SSP/4V,Charon-SSP/4V+
P_CODE=test
P_MAJV=4
P_MINV=2
P_CPU_NUM=4
P_MAX_MEM=4096MB
P_INSTANCE=4
PRODEND
PRODSEC
P_NAME=Charon-SSP/4M
P_CODE=test
P_MAJV=4
P_MINV=2
P_CPU_NUM=4
P_MAX_MEM=512MB
P_INSTANCE=4
PRODEND

...

ALL
Expiration date: 2021-12-22 23:55:00
Major Version: 5
Minor Version: 3
Maximum CPU: 64
Maximum virtual memory: 1048576MB
Instances allowed: 3

The above sample is a backup license with 100 hours of emulator runtime. The remaining hours can be checked via the web interface.

Backup License Server Operation

Should the primary license server become unavailable, the emulator tries to connect to the backup license server. If this succeeds, the emulator continues to run without interruption. If no connection to a valid license can be established within 2 hours after the loss of the license has been detected, the emulator will stop. The grace period is defined on the license.

Please note: If you do not have a valid backup license and the primary license server is unavailable for more than 2 hoursthe grace period, make sure to shut down the Solaris guest operating system cleanly before the end of the grace period. Failure to do so may cause data loss or corruption.

If the primary license server becomes available again after the emulator has switched to the backup server, the emulator will automatically switch back to the primary server to avoid unnecessary depletion of the backup license runtime hours in VE license server mode.

Div
classpagebreak


Log Files

Log files provide important information about the operation of the license server and the Charon -SSP emulator software. In case of problems, this is the first place to check.

License Server Log File

Log File Location

The license License server log file is stored under /opt/license-server/license_logThe log file is called log/license.log.

At every license server start, a new version of the log file is created and the previous file is rotated to license.log.1. Other existing versions are rotated accordingly.

Log File Samples

Normal startup:

Code Block
languagetext
2020-01-16 09:00:43 INFO    MAIN     Build time: Jan 16 2020 10:54:15
2020-01-16 09:00:44 INFO    MAIN     License server is ready to serve.

...

Code Block
languagetext
2020-01-10 12:17:19 INFO    MAIN     Build time: Jan 10 2020 17:22:12
2020-01-10 12:17:19 ERROR   License  license is not available.
2020-01-10 12:17:19 INFO    MAIN     The program is terminated.


Switch to backup license serverClient connection log (new in 1.0.28):

Code Block
languagetext
2020-0610-2902 1821:08:25 ERROR VE 46:29 INFO    MAIN    Failed toLicense connectserver withis theready licenseto server!serve.
2020-0610-2903 1801:0831:2509 INFO  VE  Server   Trying to login to license server:CHARON-SSP/4U v4.1.32 has logged in from 127.0.0.1
2020-06-29 18:08:34 ERROR VE     Failed to connect with the license server!
2020-06-29 18:08:43 WARN  VE     Charon will be terminated within 2 hours!
2020-06-29 19:08:57 INFO  VE     Connected with license server: 172.31.40.62
2020-06-29 19:08:57 INFO  VE     Found available license ID: 01.00000001.002.045.
:40704.
2020-10-03 01:45:21 INFO    Server   CHARON-SSP/4U v4.1.32 from 127.0.0.1:40704 has been disconnected


Div
classpagebreak


Charon-SSP Emulator Log Files

Log File Location

The default emulator log file location is /opt/charon-agent/ssp-agent/ssp/<architecture/<vm-name>/.

...

Please note: The log file path can be changed by the user to a non-default value.

Log File Samples

Working license found during emulator start:

...

Please note: The output shows a 2 hour grace period. The grace - period . This is applicable to Charon-SSP versions implementation changed several times. In VE versions before version 4.1.21 and later. In earlier versions , the grace - period was 24 hours. This is no longer needed because a backup license server can now be configured (since Charon-SSP version It was shortened to two hours after the introduction of the backup license server feature in 4.1.19). Since version 1.1.12, the grace period is determined by the corresponding license parameter. If a valid license has not become available before the end of the grace period, the emulator will be stopped.

License Server version mismatch:

The following message is logged in older versions. Newer versions may have a more descriptive error message.

Div
classpagebreak


Switch to backup license server:

Code Block
languagetext
2020-01-16 11:24:38 WARN  VE  Failed to get data from license server!

...

2020-06-29 18:08:25 ERROR VE     Failed to connect with the license server!
2020-06-29 18:08:25 INFO  VE     Trying to login to license server: 127.0.0.1
2020-06-29 18:08:34 ERROR VE     Failed to connect with the license server!
2020-06-29 18:08:43 WARN  VE     Charon will be terminated within 2 hours!
2020-06-29 19:08:57 INFO  VE     Connected with license server: 172.31.40.62
2020-06-29 19:08:57 INFO  VE     Found available license ID: 01.00000001.002.045.


License Server version mismatch:

The software checks for compatible protocol versions between license server and emulator software. It logs an error if the versions are not compatible. Compatible versions are required for the emulator to verify the license and to run.

The following messages may logged in older versions:

Code Block
languagetext
2020-01-16 11:24:38 WARN  VE  Failed to get data from license server!


Code Block
languagetext
2021-08-10 17:03:42 FATAL VE       License server is unavailable!


Newer versions have a more descriptive error message:

Code Block
languagetext
2021-08-10 17:16:41 ERROR VE       License protocol version is invalid.

Management GUI Web Server Log File

This log file contains errors encountered by the web server providing the management GUI of the VE license server.

Log file location: /opt/license-server/error.log

Sample content:

Code Block
languagetext
$ cat /opt/license-server/error.log

<attempt to start the license server a second time>
[1636549131] [error] [client ] cannot bind to 80: 98 (Address already in use)
[1636549131] [error] [client ] cannot bind to 8084s: 98 (Address already in use)
[1636549131] [error] [client ] Failed to setup server ports

<restart of the license server>
[1636551531] [error] [client 192.168.2.80] SSL syscall error 104
[1636551532] [error] [client 192.168.2.80] SSL syscall error 104


Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc