Versions Compared

Old Version 29

changes.mady.by.user Bruno Miretti (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Bruno Miretti (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Update for PDF export

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

Table of Contents

Table of Contents
excludeTable of Contents

General description

The CHARON-VAX / CHARON-PDP products are protected by licenses issued on a customer basis by STROMASYS Inc. The CHARON-VAX / CHARON-PDP license defines all the specifics of a particular CHARON-VAX / CHARON-PDP distribution and its usage.

...

The CHARON-VAX / CHARON-PDP license is read upon the start of each instance of CHARON VM and at a specified interval (defined by the license content) during the emulated system execution (default is 1 hour). If CHARON VM detects the absence (or malfunction) of the license key or software license, CHARON VM will try to use a backup license (if specified in the configuration file). If the license is not available or not specified, CHARON VM displays a warning message in the log file requesting the license key reconnection or software license reactivation. If the license is not reconnectedor reactivated within a given period of time (the check interval), CHARON VM exitsreconnected or reactivated within 12 hours, CHARON-VAX exits. For more, see 481988514 chapter.

(info) The CHARON-VAX / CHARON-PDP main license is time restricted or unlimited, the backup license is limited by the number of executions (1 execution = 1 interval check)

...

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

...

classpagebreak

...

Parameters defined by CHARON VM license

The following table represents all the parameters defined by the CHARON VM license:

...

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

CHARON-VAX / CHARON-PDP licensing models

CHARON-VAX / CHARON-PDP licensing models are divided into 3 groups:
 

Regular Sentinel HASP keys

This is the most common way of CHARON-VAX / CHARON-PDP licensing. 

The CHARON-VAX / CHARON-PDP license is embedded in a Sentinel HASP dongle. This license is available only on the host where the dongle is physically installed.

The CHARON-VAX / CHARON-PDP installation procedure takes care of the Sentinel HASP run-time (driver) installation. Once the CHARON-VAX / CHARON-PDP product has been installed, it is possible to plug in the regular license key and proceed with using CHARON-VAX / CHARON-PDP without additional configuration steps.

Info

The number of CHARON VMs allowed to run on a particular host may be restricted by the license content (see above).


Network Sentinel HASP keys

The Network Sentinel HASP key (red dongle) can be shared between several hosts running CHARON virtual machines (including the host on which the network license is installed).

...

Info

CHARON-AXP/VAX version 4.7 build 171-01 introduced a change with respect to network licenses. In previous versions of CHARON-AXP/VAX a network license controlled the maximum number of client host systems and CHARON instances per host system (station/instance mode).

In the current CHARON-AXP/VAX versions a network license controls the maximum overall number of active instances, which can be distributed across client host systems according to the preference of the customer.


Software licenses

The CHARON-VAX / CHARON-PDP Software License (SL) is a "virtual" key with exactly the same functionality as the hardware dongle. It does not require any hardware but the installation of the Sentinel run-time environment is required.

Note

The Software Licenses (SL) are best suited for stable environments because their correct function depends on certain characteristics of the host system. Changing any of these characteristics will invalidate the license.

  • If the CHARON host runs on real hardware, the software licenses are by default tightly bound to the hardware for which they were issued. If major hardware characteristics of the system are changed, the license will be disabled.
  • If the CHARON host runs in a virtual environment (e.g. VMware), software licenses are normally bound to the virtual machine ID and a set of additional characteristics of the virtual machine. If any of these parameters are changed, the license will be disabled.

For a more detailed description of the restrictions, please refer to Software Licensing restrictions or contact your Stromasys representative.

Software licenses are always network-wide on Windows, so they behave the same way as Network HASP keys.

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

Div
classpagebreak


Multiple licenses configuration and backup license

For any type of licensing, a CHARON VM can use only one valid ("active") license (of given vendor code) at a time.

The "HASP License details" utility (it can be started from CHARON Virtual Machines Manager) displays a range of available licenses but note that, by default, a CHARON VM may use any of them as the "active" one - unless it is directly specified by the "license_key_id" parameter (see below). The utility provides the license numbers and ID / IP addresses of the hosts where the licenses are installed.

The general recommendation is to avoid the usage of multiple keys in one network segment. Use only one locally installed license per host or one network license per local network segment containing several CHARON hosts.

When needed, it is possible to use a special parameter in the CHARON VM configuration files to specify exactly which license must be used by each particular CHARON VM:

Parameter

license_key_id

TypeText string
Value

A set of Sentinel Key IDs that specifies the license keys to be used by CHARON. It is also possibly to use a keyword "any" to force CHARON to look for a suitable license in all available keys if the license is not found in the specified keys.

Example:


set session license_key_id = "1877752571,354850588,any"

Based on the presence of this parameter in the configuration file, CHARON behaves as follows:


  1. No keys are specified (the parameter is absent)
    CHARON performs an unqualified search for any suitable key in unspecified order. If no key is found, CHARON exits.

  2. One or many keys are specified
    CHARON performs a qualified search for a regular license key in the specified order. If it is not found, CHARON exits (if the keyword "any" is not set).

If the keyword "any" is specified then if no valid license has been found in the keys with specified ID’s all other available keys are examined for valid license as well.

The order in which keys are specified is very important. If a valid license was found in the key which ID was not the first one specified in configuration file, then available keys are periodically re-scanned and if the key with the ID earlier in the list than the current one is found CHARON tries to find a valid license there and in case of success switches to that key.

This parameter also specifies the license which will be used as backup if the active license expires.

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

Div
classpagebreak


License installation

Installation from scratch

Info

Before installing the license make sure that the Sentinel run-time (driver) to be installed is collected from your CHARON kit or provided by STROMASYS on request for your particular product. Do not update the Sentinel run-time (driver) from online or any other sources, including the Sentinel web site.

In case of several CHARON kits containing different versions of Sentinel run-time (driver), the last one, having the most recent version, must be installed. The CHARON installation performs this operation automatically.

...

  1. Installation of the Sentinel run-time environment on the CHARON-VAX / CHARON-PDP host (regular and network keys) or on the host that will distribute CHARON-VAX / CHARON-PDP licenses over a local network segment (network key only). The Sentinel software is installed automatically by CHARON-VAX / CHARON-PDP for Windows.
  2. Physical connection of the HASP license dongle to the CHARON-VAX / CHARON-PDP host or to the host distributing the CHARON-VAX / CHARON-PDP license over the local network segment.
  3. Collecting the system fingerprint (*.c2v file), sending it to STROMASYS and applying the update (*.v2c file) in case of software license (and in case of updating HASP dongle license). See the details below.

When a manual installation of the Sentinel run-time is required (in the case of the network license server that does not have CHARON-AXP installed):

  1. Login as Administrator
  2. Open the CHARON-VAX/PDP kit folder
  3. Switch to the "hasp_install" subfolder
  4. Unzip the archive "haspdinst.zip" located in this folder
  5. Open "cmd.exe" and switch to the folder where the files were unzipped

  6. Execute the following commands:


    ...> haspdinst.exe -fr -kp -nomsg

    ...> haspdinst.exe -install -cm


  7. Extract the contents of this archive "hasplib.zip" to the same directory.
  8. Copy the file "haspvlib_68704.dll" to "C:\Program Files (x86)\Common Files\Aladdin Shared\HASP" (in case of x64 host) or "C:\Program Files\Common Files\Aladdin Shared\HASP" (in case of x86 host)


Info

Note that the following operations have to be performed on installation phase for network licenses:

  • On the server side (where the network license will reside): open port 1947 for both TCP and UDP
  • On the client side, if broadcast search for remote licenses is to be used, UDP traffic from port 1947 of the license server to ports 30000-65535 of the client must be permitted.
  • Both on server and client sides: setup default gateway

Please consult with your Windows User's Guide on details.

If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "Sentinel HASP License Manager" (hasplms.exe) service (it will be installed by CHARON-VAX / CHARON-PDP).


Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc


Div
classpagebreak



Replacement of currently installed Sentinel run-time

Replacement of the currently installed Sentinel Run-time can be needed in case of installation of specific run-time provided by STROMASYS.


  • To proceed, remove the current version of Sentinel run-time:

    • Login as Administrator
    • Extract the content of the unique ZIP file residing in “hasp_install” directory of the CHARON distribution to the same folder.
    • Run “cmd.exe” from the “Start” menu of host computer
    • “cd” to the “hasp_install” directory

    • Issue the following command:


      ...haspdinst.exe -fr -kp -nomsg


    Install the other Sentinel run-time:

    • “cd” to the directory where the target run-time resides

    • Issue the following command:


      ...> haspdinst.exe -install -cm


    • “cd” to the “hasp_install” directory
    • Extract the contents of this archive "hasplib.zip" to the same directory.
    • Copy the file "haspvlib_68704.dll" to "C:\Program Files (x86)\Common Files\Aladdin Shared\HASP" (in case of x64 host) or "C:\Program Files\Common Files\Aladdin Shared\HASP" (in case of x86 host)

    .


Info

You do not need to perform this procedure for Sentinel HL keys - local and network ones (red dongle) used as local.


Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc


Div
classpagebreak



Installation and update of CHARON-VAX/PDP Software License or HL/HASP dongle License

The CHARON-VAX / CHARON-PDP software licenses can be installed / updated according to the procedure described below:

...

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

Div
classpagebreak


License management

CHARON-VAX / CHARON-PDP license management is performed by the Sentinel Admin Control Center and specific utilities.

Sentinel Admin Control Center

General Description

The Sentinel Admin Control Center (ACC) is the web-interface to the Sentinel run-time environment. It allows the viewing and managing of any available keys, enabling and disabling them, controlling usage of remote keys etc.

...

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

Disable remote keys access

...

A helpful feature of the Sentinel Admin Control Center is the ability to disable access to remote keys. If the network key is installed locally, access to the key from remote hosts can be disabled. The following examples demonstrate how this can be done.

...

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

Accessing Sentinel Admin Control Center from remote hosts

By default, the Sentinel Admin Control Center forbids accessing its web interface from remote machines.

To allow access, configure the ACC for remote management:

Image Modified

License management utility

CHARON-VAX / CHARON-PDP for Windows provides two specific utilities for license management:

...

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc


Div
classpagebreak


Removing CHARON-VAX / CHARON-PDP software licenses

The following procedure must be applied to remove the software license (SL):


  1. Open the CHARON Virtual Machines Manager, switch to the "Host Information & Utilities" tab and press the "Sentinel Admin Control Center" button:

    or - alternatively - start any web browser on this system and go to the http://localhost:1947 page.

  2. In the "Sentinel HASP Admin Control Center" (ACC), select the "Sentinel Keys" option in the left pane and locate the target "Sentinel SL AdminMode" license.

  3. Press the "Certificates" button at the right side of the SL description:


    .

    Div
    classpagebreak



  4. Note the name of the correspondent certificate in the "Certificates" section. The name is in the form of <KeyID>_base.v2c
  5. Remove the corresponding certificate file in the "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel LDK\installed\68704" folder.
  6. Reboot Restart the "Sentinel LDK License Manager" service (hasplms) either using the services.msc program or via a command line (as administrator) then enter the "sc stop hasplms" command followed by "sc start hasplms" or reboot the CHARON host.
  7. Start the "Sentinel HASP Admin Control Center" (ACC) again to ensure the SL has been removed.
Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc

License

Deinstallation

deinstallation

To completely remove a CHARON-VAX / CHARON-PDP license from a host, remove the Sentinel run-time driver using the following procedure:

...

Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc


Special "backup" license keys

Backup keys are provided by STROMASYS along with the standard license dongles. It is strongly recommended to order a backup key to recover immediately from damage or loss of the main license key. The backup keys use a counter (integer) value hardcoded inside the key, this integer value is a number of hours CHARON-VAX / CHARON-PDP is allowed to run. Each time CHARON-VAX / CHARON-PDP checks the license (every hour), the value is decreased (by 1 hour). Please note that the backup keys have restricted functionality:
 

  • The run time is typically limited to 720 hours (30 days). This is the time alloted to get a replacement dongle from STROMASYS.
  • A backup license may be valid only until a certain date.


Emulator Behavior

Charon products check the availability of a valid license under several conditions:

1. At startup:

  • If no valid license is found, an error message will be written to the emulator log file and the emulator will not start.
  • In some emulator products it is possible to configure the number of retries and the waiting time between them by adding parameters to the emulator configuration file. Please refer to chapter General Settings/license_key_lookup_retry the details.

2. At regular intervals during the runtime of the emulator (the default license check period of 1 hour can be changed by Stromasys using the appropriate license parameters):

  • If the previously used valid license has been removed, has disappeared, is defect, or has become invalid, the emulator will report the loss of the license in the log file and continue operation for a limited amount of time as described below.
  • If there is another valid license, for example a backup license defined in the configuration file, it will be used.
  • Charon allows for a grace period of 12 hours during which the software checks for the presence of a valid license every 10 minutes until a valid license is found. If no valid license is found after the grace period has expired, the emulator will stop. 
  • If a time-restricted license is used and it expires, the Charon instance tries to find its replacement automatically and, if found, proceeds using the replacement license


Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc