Versions Compared

Old Version 35

changes.mady.by.user W.Erber

Saved on

compared with

New Version Current

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Clarification regarding dongle battery

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

...

In some emulator products it is possible to configure the number of retries and the waiting time between them by adding parameters to the emulator configuration file. Please refer to the product documentation for the details regarding the relevant parameters: license_retry_period and license_retry_count parameters (obsolete starting with version 1.10)

2. At regular intervals during the runtime of the emulator (the default license check period of 1 hour can be changed by Stromasys using the appropriate license parameters):

...

  • Hardware dongles require the Sentinel HASP run-time (driver) installation before the dongle can be connected to and used by the system.
  • Hardware dongles (with the exception of , apart from HL-MAX dongles) , are equipped with a battery and a clock, which makes them independent of the host clock. To keep the battery charged, the dongle should occasionally be The battery is not rechargeable. However, the dongle can use the power provided by the host system while it is plugged in. By doing this, the depletion of the battery can be slowed down. Check the dongle at regular intervals if it is not permanently connected to a system even if it is not currently needed. If the battery becomes completely depleted, the dongle will be permanently unusable and must be replaced. See also: How long does the license USB dongle battery last upon a full charge.

Software License

A software license is a "virtual" key with functionality very similar to a HASP network-enabled hardware dongle.

A software license does not require any special hardware but it still requires installation of the Sentinel runtime environment

Please note:

  • To avoid unexpected problems, do not use any Sentinel runtime software that was not provided by Stromasys without being advised to do so by your Stromasys representative.
  • Software licenses are best suited for stable environments, because their correct function depends on certain characteristics of the host system. Changing any of these characteristics will invalidate the license.
    • If the Charon host runs on real hardware, software licenses are by default tightly bound to the hardware for which they were issued. If major hardware characteristics of the system are changed, the license will be disabled.
    • If the Charon host runs in a virtual environment (e.g., VMware), software licenses are normally bound to the virtual machine ID and a set of additional characteristics of the virtual machine. If any of these parameters are changed, the license will be disabled.
  • Software licenses are very sensitive to even small changes on the host system. Therefore, it is especially important to provide for a backup license that will ensure continued operation should there be a problem with the software license. See Handling Multiple License Keys and Product Licenses for details.

For a more detailed description of the restrictions, please refer to HASP Software Licensing restrictions or contact your Stromasys representative.

...

classpagebreak

...

After installing a license on the system, verify the availability of the license as described in the section View Existing Licenses.

Check if the license shows the correct product, expiration date etc.

...

To identify the relevant key IDs, display the available licenses as described in section View Existing Licenses.

To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.

...

To identify the relevant key IDs, display the available licenses as described in section View Existing Licenses.

To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.

...

To identify the relevant product license IDs, display the available licenses as described in section View Existing Licenses.

To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.

...

  • If you have not installed the license server yet (and for any more in-depth information), please refer to the VE license server user's guide (see Licensing Documentation).

  • The information below shows the command-line tools for license management. Starting with version 1.1.16 of the VE license server, these activities can also be performed using a web-based management GUI. Please refer to the appropriate VE license server user's guide (see chapter VE License Server Web-based Management GUI in the VE license server documentation under Licensing Documentation).

Firewall Considerations

Excerpt
nameVEFWconsiderations

If the VE license server is not installed on the same system as the emulator, any intermediate firewall must allow at least the port on which the license is served. Optionally, the firewalls must allow the port on which the web-based GUI is available. These ports are configurable on the VE license server. The default values are the following:

  • Default port on which licenses are served by the VE license server: TCP 8083.
  • Default port on which the web-based GUI runs: TCP 8084.

Creating a C2V File on a VE License Server

Running esxi_bind before First C2V Creation on VMware

The esxi_bind command sets up the necessary communication connection between the VE license server and the ESXi host / the vCenter server.

It must be run on the license server (and the backup license server, if applicable)

  • once before the first license is requested,

  • and again, should the user for the access to the ESXi host / the vCenter server change.

Perform the following steps:

  1. Use ssh to log in on the license server instance.
    # ssh <user>@<license-server-ip>
    where

    1. <user> is the user for interactive login associated with your license server system

    2. <license-server-ip> the ip address of your license server system

  2. Become the privileged user and run the esxi_bind program.

    1. Become the root user: # sudo -i

    2. Run the esxi_bind program: # /opt/license-server/esxi_bind -a <address> -u <username> -p <password>
      where

      1. <address> is the IP address of the ESXi host or vCenter server

      2. <username> is a user on the ESXi host or vCenter server. Make sure the user has at least the following permissions:

        • Datastore > Allocate Space
        • VirtualMachine > Config > AddNewDisk
        • VirtualMachine > Config > RemoveDisk

      3. <password> is the password of the user.

  3. If the command is successful, it will create the file /opt/license-server/config.ini containing the connection data (the password is encrypted).

...

classpagebreak

Creating a VE C2V File

The fingerprint is collected on the license server using the c2v utility.

Perform the following steps to collect the fingerprint on the license server and (if applicable) the backup license server:

  1. Use ssh to log in on the license server instance.
    # ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
    where

    1. <mykey> is the private key of the key-pair you associated with your cloud instance
      (for an on-premises VMware installation where login with username/password is allowed, it is not needed)

    2. <user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or physical server; for an instance installed from a prepackaged Charon VE marketplace image, use centos)

    3. <license-server-ip> is the ip address of your license server system

  2. Become the privileged user and run the c2v program.

    1. Become the root user: # sudo -i

    2. Run the c2v program: # /opt/license-server/c2v --filename <my-file>.c2v --platform <my-platform>
      where

      1. <my-file>.c2v is the path and name under which you want to store the fingerprint. The file type is C2V (customer-to-vendor)

      2. <my-platform> indicates the platform on which the license server runs (possible values: physical, aws, oci, gcp, azure, ibm, nutanix, or esxi).

  3. Copy the resulting C2V file to your local system (unless you can send email from the license server system).

...

classpagebreak

Installing a VE V2C File on a VE License Server

The license data is installed on the license server using the v2c utility.

Perform the following steps to install the license on the license server:

...

Copy the V2C file to the license server (e.g., with SFTP).

Use ssh to log in on the license server instance.
# ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
where

...

<mykey> is the private key of the key-pair you associated with your license server instance
(for an on-premises VMware installation where login with username/password is allowed, it is not needed)

...

VE Licensing Certificates Overview

This section applies to Charon-PAR version 3.0.11 and later.

This section provides a short overview of the certificates used by the VE license server and Charon-PAR. Please refer to the VE license server documentation for details.

The VE license server uses certificates for different purposes:

  • License server operation: encrypted communication between license server and license clients (emulators).

    • New certificate support in the VE license server started with version 2.1.3. Changed certificate names starting with VE license server 2.2.2.

    • New certificate support for Charon-PAR started with version 3.0.11.

  • Web-based management GUI: encrypted (HTTPS) communication between the integrated license server web server and web browsers. Starting with VE license server version 2.1.4, the name of the certificate and its management changed. Please refer to the VE license server documentation.

Important information:

  • General VE license server configuration:

    • The VE license server will – by default – use the old certificates. Therefore, compatibility with existing Charon clients will be maintained during an upgrade of the license server.

    • If the new certificates (using pre-defined names) are present in /opt/license-server/certs, these will be used and clients will have to use matching certificates. Please refer to the VE license server documentation for information how to activate the new certificates and, if desired, create custom certificates.

  • Checking if the new certificates are enabled in a Charon-PAR installation:

    • Certificate location: /opt/charon/bin/certs

    • Sample certificate names: ca.crt.sample, charon.crt.sample, and charon.key.sample

    • If the directory contains the above files without the .sample suffix (e.g., ca.crt, charon.crt, charon.key), the new certificates have been enabled. On the license server, the sample files (for root CA and license server) are in /opt/license_server/certs. Please see the VE License Server guide in License Documentation for more information.

  • Make sure you understand the implications and possible side-effects before changing the certificate configuration. Incorrect configurations can lead to the loss of license access and interruptions in operation.

Firewall Considerations

Excerpt
nameVEFWconsiderations

If the VE license server is not installed on the same system as the emulator, any intermediate firewall must allow at least the port on which the license is served. Optionally, the firewalls must allow the port on which the web-based GUI is available. These ports are configurable on the VE license server. The default values are the following:

  • Default port on which licenses are served by the VE license server: TCP 8083.
  • Default port on which the web-based GUI runs: TCP 8084.


Div
classpagebreak


Creating a C2V File on a VE License Server

Running esxi_bind before First C2V Creation on VMware

Insert excerpt
PDC:__Include: Installing a License on the VE License Server
PDC:__Include: Installing a License on the VE License Server
nameVEesxi_bind
nopaneltrue

Div
classpagebreak


Creating a VE C2V File and Sending it to Stromasys

The fingerprint is collected on the license server using the c2v utility.

Perform the following steps to collect the fingerprint on the license server and (if applicable) the backup license server:

  1. Use ssh to log in on the license server instance.
    # ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
    where

    1. <mykey> is the private key of the key-pair you associated with your cloud instance
      (for an on-premises VMware installation where login with username/password is allowed, it is not needed)

    2. <user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or physical server; for an instance installed from a prepackaged Charon VE marketplace image, use sshuser)

    3. <license-server-ip> is the ip address of your license server system

  2. Become the privileged user and run the c2v program.

    1. Become the root user: # sudo -i

    2. Run the c2v program: # /opt/license-server/c2v --filename <my-file>.c2v --platform <my-platform>
      where

      1. <my-file>.c2v is the path and name under which you want to store the fingerprint. The file type is C2V (customer-to-vendor)

      2. <my-platform> indicates the platform on which the license server runs (possible values: physical, aws, oci, gcp, azure, ibm, nutanix, or esxi).

  3. Copy the resulting C2V file to your local system (unless you can send email from the license server system).

  4. Send the C2V file to the Stromasys orders department (email address will be provided by Stromasys).
Div
classpagebreak


Installing a VE V2C File on a VE License Server

In response to the C2V file, Stromasys will send you a V2C file. This file contains the license data and is installed on the license server using the v2c utility.

Perform the following steps to install the license on the license server:

  1. Copy the V2C file to the license server (e.g., with SFTP).

  2. Use ssh to log in on the license server instance.
    # ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
    where

    1. <mykey> is the private key of the key-pair you associated with your license server instance
      (for an on-premises VMware installation where login with username/password is allowed, it is not needed)

    2. <user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or your physical server; for an instance installed from a prepackaged Charon VE marketplace image, use centos sshuser)

    3. <license-server-ip> is the ip address of your license server system

  3. Become the privileged user and run the v2c program.

    1. Become the root user: # sudo -i

    2. Run the v2c program: # /opt/license-server/v2c -f <my-file>.v2c
      where <my-file>.v2c is the path and name under which you want to store the fingerprint. The file type is V2C (vendor-to-customer).

...

  1. Use ssh to log in on the license server instance.
    # ssh -i ~/.ssh/<mykey> <user>@<license-server-ip>
    where

    1. <mykey> is the private key of the key-pair you associated with your license server instance
      (for an on-premises VMware installation where login with username/password is allowed, it is not needed)

    2. <user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine or your physical server; for an instance installed from a prepackaged Charon VE marketplace image, use centos sshuser)

    3. <license-server-ip> is the ip address of your license server system

  2. Become the privileged user and run the license_viewer program.

    1. Become the root user: # sudo -i

    2. Run the license_viewer program: # /opt/license-server/license_viewer

...

  • Identify VE license server entries (newest first): journalctl -r -t license_server

  • Identify HASP runtime daemon entries (newest first): journalctl -r -t aksusbd

System Processes for Licensing

Correct license operation requires the corresponding system process:

  • HASP licenses: the aksusbd service must run. You can check the status with
    # systemctl status aksusbd

  • VE licenses: t aksusbd

System Processes for Licensing

Correct license operation requires the corresponding system processes.

Sentinel HASP System processes

HASP licenses require the aksusbd process and the hasplmd process. In aksusbd version 7.63, both processes are started and stopped by the same service (/etc/init.d/aksusbd). In aksusbd version 8.13, there are two systemd services:

  • the aksusbd service
  • the hasplmd service

Checking the status of the services:

# systemctl status aksusbd
# systemctl status hasplmd

Starting and stopping the services:

  • The two services have a dependency such that starting one of them will start the other, stopping one of them will stop the other, and restarting one of them will restart the other.
  • Starting the services:
    # systemctl start aksusbd
    # systemctl start hasplmd
  • Stopping the services:
    # systemctl stop aksusbd
    # systemctl stop hasplmd
Div
classpagebreak


VE License Server Process

VE licensing requires that the licensed service must run on the license server.

...

Checking the status

...

of the service:

# systemctl status

...

licensed

Starting and stopping the service:

  • Starting the service:
    # systemctl start licensed
  • Stopping the service:
    # systemctl stop licensed

Further Information

Sentinel HASP licenses:

...