...
Starting with VE license server version 1.1.13, the previous information-only web interface has been changed to a management interface. It provides the following functions:
- Displaying license information
- Displaying client information
- Creating C2V (fingerprint) files
- Updating a license using a V2C file provided by Stromasys
- Managing web GUI users
The following section describe this in detail:
Table of Contentstoc |
---|
Prerequisites:
- The TCP port used by remote systems to web-based management interface must be permitted on the license server, and by any intermediate firewall.
Default: TCP/8084; an alternative port can be configured in /opt/license-server/config.ini. - TCP port 80 must be available to the license server to redirect HTTP requests to HTTPS. For remote connections, the port must also be permitted through intermediate firewalls. Starting with version 1.1.25, redirection (and thereby use of TCP port 80) can be enabled or disabled in /opt/license-server/config.ini.
- Important: at the time of writing, the web-server component of the license server applications will not start if a port required by the web server is already used by another application. This will also prevent the licensing component from starting.
Div | ||
---|---|---|
| ||
Accessing the Management GUI and Logging in
...
Use the following URL in any web browser to access the management GUI:https://<host>:<port>/
wherewhere
- host is the name or address of the VE license server, and
- port is the TCP port (8084 by default).
Use localhost as the hostname for accessing the GUI of a license server running on the local system. Example: https://localhost:8084
. Using just http://<license-server-ip>
will redirect to the configured HTTPS port.
Please note: any intermediate firewall must allow the TCP port ports used for the management GUI.
...
When connecting to the VE license server web-based management GUI for the first time, the web browser will issue a NET::ERR_CERT_AUTHORITY_INVALID warning and inform the user that the connection is not private. This is due to the fact that Stromasys, when creating the installation kit, cannot foresee the actual customer environment. Thus, the SSL certificate included with the license server kit includes a dummy hostname that does not match the real hostname of the customer license server system, and it also contains Stromasys as the certificate authority which is unknown to web-browsers by default.
It is possible to override the warning and connect to the page. Otherwise, users must
- either obtain a certificate for the host from one of the commercial certification authorities, or
- they must create their own self-signed certificate and add it to the web browser.
The new certificates replace the certificates server.pem certificate in /opt/license-server/certs (move the old certificates certificate to a save place).
Steps to create a self-signed certificate:
- Log in as the root user.
- Stop the license server (
# systemctl stop licensed
) - Go to /opt/license-server/certs.
- Move the existing content of the directory to a backup directory.
- Create a root certificate (each command must be entered on one command-line - irrespective of necessary line breaks in this document):
# openssl genrsa -out ca.key.pem 2048
# openssl req -new -key ca.key.pem -out ca.csr -subj "/C=CN/ST=GD/O=STROMASYS/OU=LICENSE/CN=STROMASYS.COM"
# openssl x509 -req -days 7300 -sha256 -extensions v3_ca -signkey ca.key.pem -in ca.csr -out ca.cer
- Create a server certificate (each command must be entered on one command-line - irrespective of necessary line breaks in this document):
# openssl genrsa -out servercert.key.pem 2048
# openssl req -new -key servercert.key.pem -out servercert.csr \
-subj "/C=CN/ST=GD/O=STROMASYS/OU=LICENSE/CN=hostname.domain"# openssl x509 -req -extfile <(printf "subjectAltName=DNS:hostname.domain,DNS:hostname.domain") \
-days 7300 -sha256 -CA ca.cer -CAkey ca.key.pem -CAserial ca.srl -CAcreateserial \
-in servercert.csr -out servercert.cer
Replace hostname.domain with the real name of the VE license server system.
- Create the combined server certificate for the license server:
# cp servercert.cer server.pem
# cat servercert.key.pem >> server.pem
- Restart the license server (
# systemctl start licensed
) Import the root CA (ca.cer) into your browser’s Trusted Root Certification Authorities Certificate Store.
Please note: at the time of writing, the custom certificate was overwritten by upgrading or downgrading the license server software. Therefore, make sure to back up you certificate and to restore it after an upgrade or downgrade of the license server.
Div | ||
---|---|---|
| ||
Displaying the License Information
...
It can be selected via the menu on the left (License Information).
Div | ||
---|---|---|
| ||
Displaying the
...
List of Connected Clients
The client list can be displayed by selecting the Client List option on the left pane. A sample with one connected client is displayed below:
Please note: Charon-PAR license clients cannot inform the license server about the configured number of CPUs and amount of memory. Hence, for these clients, the corresponding fileds in the display will be empty.
Displaying the List of Registered Clients (AutoVE mode)
This option shows clients registered with the AutoVE license servers independent of whether the instance is active.
Div | ||
---|---|---|
| ||
Updating a License
The license management section can be opened by selecting Update License on the left pane. This will open the license management screen as shown below:
...
As an alternative to the command-line program for C2V export, you can create your C2V file via the management GUI. The section for C2V export has two input fields described below:
Field | Description |
---|---|
License Type | Options:
|
General VE license mode and AutoVE mode are mutually exclusive. | |
Platform | Drop-down menu to select platform on which the license server runs. This list is different depending on the mode in which the VE license server runs: Platforms supported by general VE license mode:
The platform selected must match the platform on which the license server host system runs. |
Platforms supported by AutoVE mode:
The platform selected must match the platform on which the license server host system runs. |
Div | ||
---|---|---|
| ||
Steps to export a C2V file:
- Enter the correct License Type.
- Select the correct Platform.
- If the chosen platform is VMware ESXi, there will be an additional menu indicated by three dots. Click on this option to open the esxi_bind configuration window.
Enter the IP address and the login information of the ESXi host or vCenter Server to which the license server should bind.
Then press Submit.Insert excerpt PDC:__Include: Installing a License on the VE License Server PDC:__Include: Installing a License on the VE License Server name VEesxiUserInfo nopanel true
- If the chosen platform is VMware ESXi, there will be an additional menu indicated by three dots. Click on this option to open the esxi_bind configuration window.
- Click on Export to create the C2V file.
- After a successful export, a download option will be displayed that allows you to download the created file to your local system (see below).
Send the C2V file to Stromasys for them to create a license.
...
Importing a V2C File
In response to the C2V file sent, you will receive two files from Stromasys. One text file containing the license content in human-readable form, and the V2C license file.
...