Table of Contents
General description
The CHARON-VAX / CHARON-PDP products are protected by licenses issued on a customer basis by STROMASYS Inc. The CHARON-VAX / CHARON-PDP license defines all the specifics of a particularCHARON-VAX / CHARON-PDP distribution and its usage.
The license is implemented in the form of a hardware dongle (a Sentinel HASP key) or a software license. Please be careful with your license key, in case of loss or damage, the CHARON VMs will not run or start until the license key is replaced. For extra protection, STROMASYS recommends the use of a backup license key (purchased separately) that can replace the main license key for a restricted period of time. It is possible to specify the backup license in the CHARON VM configuration file to prevent CHARON VM from stopping in case the main license dongle is no longer accessible.
The CHARON-VAX / CHARON-PDP license is read upon the start of each instance of CHARON VM and at a specified interval (defined by the license content) during the emulated system execution (default is 1 hour). If CHARON VM detects the absence (or malfunction) of the license key or software license, CHARON VM will try to use a backup license (if specified in the configuration file). If the license is not available or not specified, CHARON VM displays a warning message in the log file requesting the license key reconnection or software license reactivation. If the license is not reconnectedor reactivated within a given period of time (the check interval), CHARON VM exits.
The CHARON-VAX / CHARON-PDP main license is time restricted or unlimited, the backup license is limited by the number of executions (1 execution = 1 interval check)
Note that if the time-restricted license is used and it expires, CHARON VM tries to find its replacement automatically and, if found, CHARON VM proceeds using the replacement license.
The present CHARON-VAX / CHARON-PDP implementation requires that the expired license be removed to allow the running CHARON VM instance to switch to a valid one.
The CHARON-VAX / CHARON-PDP software license is not distributed for Proof-of-Concept and evaluation installations. Only hardware dongles are used in this cases.
It is important to connect the HASP license keys to the computer, even if CHARON VM is not running, because the keys contain a built-in accumulator that needs to be charged. If the accumulator is completely discharged, the license key can be irreparably damaged.
Update of the CHARON VM license can be performed on the fly without stopping CHARON VM. All the parameters including the expiration date and time can be updated w/o any restrictions.
At the next license check, CHARON VM will use the updated license normally.
CHARON supports the "driverless" mode of the new generation Sentinel protection keys ("Sentinel HL"). Note that installation of Sentinel drivers is still required if the new generation HASP network key is going to be used to serve CHARON instances running on other hosts.
The following sections list all the main parameters of the CHARON-VAX / CHARON-PDP licensing mechanism.
Parameters defined by CHARON VM license
The following table represents all the parameters defined by the CHARON VM license:
General | Products relevant | Optional |
---|---|---|
|
|
|
CHARON-VAX / CHARON-PDP licensing models
CHARON-VAX / CHARON-PDP licensing models are divided into 3 groups:
Regular Sentinel HASP keys
This is the most common way of CHARON-VAX / CHARON-PDP licensing.
The CHARON-VAX / CHARON-PDP license is embedded in a Sentinel HASP dongle. This license is available only on the host where the dongle is physically installed.
The CHARON-VAX / CHARON-PDP installation procedure takes care of the Sentinel HASP run-time (driver) installation. Once the CHARON-VAX / CHARON-PDP product has been installed, it is possible to plug in the regular license key and proceed with using CHARON-VAX / CHARON-PDP without additional configuration steps.
The number of CHARON VMs allowed to run on a particular host may be restricted by the license content (see above).
Network Sentinel HASP keys
The Network Sentinel HASP key (red dongle) can be shared between several hosts running CHARON VM (including the host on which the network license is installed).
If CHARON-VAX / CHARON-PDP is installed on the host where the network key is connected, no additional steps are required. The Sentinel driver is activated as part of the CHARON-VAX / CHARON-PDP installation. If the host does not have CHARON-VAX / CHARON-PDP installed, the host can still distribute the connected network license to CHARON VMs running on other hosts. In this case the Sentinel driver must be installed on the host manually.
The Sentinel run-time driver is distributed as a part of the CHARON-VAX / CHARON-PDP kit. Please see the "License installation" section of this chapter for details.
Once the Sentinel run-time driver is installed and the network license is connected, CHARON VM can be started on any appropriate host on the LAN network segment.
The Network license key contains a specific parameter to restrict the number of hosts allowed to run CHARON VM at the same time. Together with a parameter defining the number of CHARON VMs that may run at the same time, the network license sets the total number of running CHARON VMs on the allowed number of hosts.
Software licenses
The CHARON-VAX / CHARON-PDP Software License is a "virtual" key with exactly the same functionality as the hardware dongle.
The CHARON-VAX / CHARON-PDP Software License does not require any hardware but it requires installation of the Sentinel run-time environment.
Software licenses are always network-wide on Windows, so they behave the same way as Network HASP keys.
Multiple licenses configuration and backup license
For any type of licensing, CHARON VM can use only one valid ("active") license (of given vendor code) at a time.
The "HASP License details" utility (it can be started from CHARON Virtual Machines Manager) displays a range of available licenses, but note that by default CHARON VM may use any of them as the "active" one - unless it is directly specified by the "license_key_id" parameter (see below). The utility provides the license numbers and ID / IP addresses of the hosts where the licenses are installed.
CHARON VM cannot:
- check all the available license keys / software licenses,
- choose one,
- automatically switch from one key to another.
The general recommendation is to avoid usage of multiple keys in one network segment. Use only one locally installed license per host or one network license per local network segment containing several CHARON VM hosts.
When needed, it is possible to use a special parameter in the CHARON VM configuration file to specify exactly which license must be used by each particular CHARON VM:
Parameter | Type | Value | ||
---|---|---|---|---|
license_key_id[N], N=0 or 1 | Numeric | A number (decimal Sentinel key ID) that specifies regular (N=0) and backup (N=1) license keys to be used by CHARON VM. Example:
It is also possible to specify both regular and backup key in one line. Example:
Depending on the presence of the regular and/or backup license key IDs in the configuration file, CHARON VM behaves differently:
|
This parameter also specifies the license which will be used as backup if the active license expires.
License installation
Installation from scratch
Before installation of license make sure that the Sentinel run-time (driver) to be installed is collected from your CHARON kit or provided by STROMASYS on request for your particular product. Do not update the Sentinel run-time (driver) from online or any other sources, including the Sentinel web site.
In case of several CHARON kits containing different versions of Sentinel run-time (driver) the last one (having more recent version) must be installed. CHARON installation performs this operation automatically.
At the moment CHARON supports Sentinel HASP keys, Sentinel HL and Sentinel Software Licenses (SL).
Installation of Sentinel run-time (driver) described below is needed for Sentinel HASP keys (both regular and network), Sentinel HL keys (both regular and network) without "driverless" mode enabled, Sentinel HL Network keys (red dongles) - is they are going to be used network wide and Sentinel Software Licenses (SL).
Please skip installation of Sentinel run-time (driver) if you use locally connected Sentinel HL keys in "driverless" mode or going to use Sentinel HL Network key in "driverless" from some other host on local network. Just connect the license key to the host and proceed with collecting "*.c2v" file (see below) if the license inside your Sentinel HL key must be updated.
Installation of a CHARON-VAX / CHARON-PDP regular or network licenses consists of:
- Installation of the Sentinel run-time environment on the CHARON-VAX / CHARON-PDP host (regular and network keys) or on the host that will distribute CHARON-VAX / CHARON-PDP licenses over a local network segment (network key only). The Sentinel software is installed automatically by CHARON-VAX / CHARON-PDP for Windows.
- Physical connection of the HASP license dongle to the CHARON-VAX / CHARON-PDP host or to the host distributing the CHARON-VAX / CHARON-PDP license over the local network segment.
- Collecting system fingerprint (*.c2v file), sending it to STROMASYS and applying update (*.v2c file) in case of software license. See the details below.
When manual installation of Sentinel run-time is required (in the case of the network license server that does not have CHARON-VAX / CHARON-PDP installed):
- Login as Administrator
- Open the CHARON-VAX / CHARON-PDP kit folder
- Switch to the "hasp_install" subfolder
- Unzip the archive located in this folder
- Open "cmd.exe" and switch to the folder where the files were unzipped
Issue:
...> haspdinst.exe -fr -kp -nomsg
...> haspdinst.exe -install -cm
Sentinel HL keys can be provided both in "driverless" and regular modes. To switch the Sentinel HL key to "driverless" mode it is required to install Sentinel run-time first as described above and apply a special *.v2c file that switches the key to "driverless" mode. Once it is done the Sentinel run-time can be deinstalled.
Note that the following operations have to be performed on installation phase for network licenses:
- On server side (where network license will reside): open port 1947 for both TCP and UDP
- On clients side: open UDP ports 30000-65535
- Both on server and client sides: setup default gateway
Please consult with your Windows User's Guide on details.
If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "Sentinel HASP License Manager" (hasplms.exe) service (it will be installed by CHARON-VAX / CHARON-PDP).
Replacement of currently installed Sentinel run-time
Replacement of currently installed Sentinel Run-time can be needed in case of installation of specific run-time provided by STROMASYS.
Below please find step-by-step instructions on the run-time replacement:
Login as Administrator
Extract content of the unique ZIP file residing in “hasp_install” directory of the CHARON distribution to the same folder.
Run “cmd.exe” from “Start” menu of host computer
“cd” to the “hasp_install” directory
Issue the following command:
...
> haspdinst.exe -fr -kp -nomsg.
Install other Sentinel run-time:
- “cd” to the directory where the target run-time resides
Issue the following command:
...
> haspdinst.exe -fr -kp -nomsg.
You do not need to perform this procedure for Sentinel HL keys - local and network ones (red dongle) used as local.
Installation and update of CHARON-VAX/PDP Software License or HL/HASP dongle License
CHARON-VAX / CHARON-PDP software licenses can be installed / updated according to the procedure described below. This procedure is also applicable for update of a license in case of HL/HASP dongles.
Install CHARON-VAX / CHARON-PDP together with Sentinel run-time (Sentinel run-time is an essential part of CHARON-VAX / CHARON-PDP for Windows distribution)
Reboot host system
- In case of Software License installation and if there are already installed network-wide SL's in local network disable access to network licenses in the following way:
- Open CHARON Virtual Machines Manager, switch to the "Host Information & Utilities" tab and press the "Sentinel Admin Control Center" button:
or - alternatively - go to the http://localhost:1947 page using your browser to access the "Sentinel HASP Admin Control Center" (ACC).
- Select "Configuration" option in the left pane then switch to the "Access to Remote License Managers" tab.
- Uncheck the highlighted options:
- Press "Submit" button to apply settings
- Select "Network" tab.
- Switch "Network visibility" to "None":
- Press "Submit" button to apply setting.
- Do not forget to return these settings back after SL installation.
- Open CHARON Virtual Machines Manager, switch to the "Host Information & Utilities" tab and press the "Sentinel Admin Control Center" button:
- Connect HASP dongle to host system (in case of update of a license in a dongle)
Collect CHARON-VAX / CHARON-PDP host fingerprint file ("*.c2v")
Open CHARON Virtual Machines Manager, switch to the "Host Information & Utilities" tab and press the "License Update tool" button to envoke "License Update Service" utility:
In the utility dialog popup switch to the "Collect Status Information" tab (opened by default) then select:
.
In the utility dialog popup open the "Collect Status Information" tab, then select:
"Installation of new protection key" (in case of Software License if no Software License has been installed on the host):
Example:
.
"Update of existing protection key" (in case of HL/HASP dongle or Software License that has been already installed on the host and needs updating)
Example:
In case of HASP dongles use only "Update of existing protection key" option!
In case of Software License use "Installation of new protection key" option if host does not have Software License installed and "Update of existing protection key" option if already installed Software License has to be updated.
Press "Collect Information". In the popup dialog choose the place to store the "Fingerprint.c2v" file and press "Save":
A message should appear similar to this example, confirming the fingerprint has been collected successfully.
.Send the ".c2v" file ("Fingerprint.c2v" in the example above) to STROMASYS
STOMASYS will send you a ".v2c" file in return. Put it somewhere on the CHARON-VAX / CHARON-PDP host.
Open up the "License Update Service" utility the way described above and open the "Apply License File" tab:
Press "..." button beside the "Update File" edit-box. In the popup select the license file received from STROMASYS:
Press the "Open" button and apply the license.Open CHARON Virtual Machines Manager, switch to the "Host Information & Utilities" tab and press the "Sentinel Admin Control Center" button:
or - alternatively - start any web browser on this system and go to the http://localhost:1947 page to access the "Sentinel HASP Admin Control Center" (ACC).Ensure that the license appears in the “
” menu.
As the content of the installed software or HL/HASP license is not shown by the Sentinel HASP Admin Control Center, press the "HASP License Details" button in the "Host Information & Utilities" section of CHARON Virtual Machines Manager (see above) to display it:
Note that the following operations have to be performed on installation phase for network-wide software licenses:
- On server side (where network license will reside): open port 1947 for both TCP and UDP
- On clients side: open UDP ports 30000-65535
- Both on server and client sides: setup default gateway
Please consult with your Windows User's Guide on details.
If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "Sentinel HASP License Manager" (hasplms.exe) service (it will be installed by CHARON-VAX / CHARON-PDP).
Sentinel HL "driverless" mode
New license keys from Sentinel, so called "Sentinel HL" can work in 2 modes:
- Regular. The key behaves as normal Sentinel HASP key.
- "Driverless". Sentinel HL keys do not require installation of any specific run-time or drivers since they unitize HID drivers, which are an integral part of the Windows operating system.
Sentinel HL license key in "driverless" mode has the following benefits:
- Support of a higher number of features.
- Larger on-key memory space.
- No specific drivers are needed.
- No additional support software is needed for all operations with the license keys.
There is a disadvantage of using Sentinel HL in "driverless" mode: inability to use "Sentinel Admin Control Center" (see below for details) for detailed configuration of the Sentinel HL license key attached to the host.
Sentinel HL Network key (red dongle) always requires installation of Sentinel run-time (driver) on the host it is connected to. See the sections above for details.
Now to define mode of Sentinel HL license key
STROMASYS may provide Sentinel HL keys in regular or "driverless" mode. To define the current mode:
- Install Sentinel run-time (drivers) as described above in "Installation from scratch" section.
- Connect the key to the host
- Run "HASP View" utility. It will report whether the key has "driverless" mode enabled or not.
Switching Sentinel HL to "driverless" mode
To switch Sentinel HL from regular to "driverless" mode:
- Install Sentinel run-time (drivers) as described above in the "Installation from scratch" section.
- Apply a specific "*.v2c" file provided by Stromasys as described above in the "Installation of CHARON Software License" section.
- Remove Sentinel run-time (drivers). See the detailed description below.
Using Sentinel HL in "driverless" mode
To use Sentinel HL key in "driverless" mode:
- Install CHARON kit. By default it installs Sentinel run-time.
- Reboot your host as the CHARON installation suggests.
- Login as Administrator.
- Extract content of the only ZIP file resided in “hasp_install” directory of the CHARON distribution to the same folder.
- Run “cmd.exe” from “Start” menu of host computer.
- “cd” to the “hasp_install” directory.
- Issue the following command: "haspdinst.exe -fr -kp"
- Reboot your host.
- Connect Sentinel HL key to the host. It will be correctly recognized by operating system. Once it is done the Sentinel HL key is ready to be used.
License management
CHARON-VAX / CHARON-PDP license management is performed by the Sentinel Admin Control Center and specific utilities.
Sentinel Admin Control Center
General Description
The Sentinel Admin Control Center (ACC) is the web-interface to the Sentinel run-time environment. It allows the viewing and managing of any available keys, enabling and disabling them, controlling usage of remote keys etc.
Sentinel Admin Control Center is not able to display CHARON-VAX / CHARON-PDP licenses - to view key contents, use the "HASP View" utility.
To access Sentinel Admin Control Center start any web browser, enter http://localhost:1947 and press Enter. Web interface of the Sentinel Admin Control Center will appear.
Example:
This example demonstrates that 4 license keys are available:
Network key ("HASP-HL NetTime") on the host "XEON4WAYW7"
Network key installed locally
HASP-HL installed locally
Network-wide software license on the host "RH64"
Sentinel Admin Control Center reports that there is one opened session on key (4). The other keys are not being used at the moment
For a more detailed description of Sentinel Admin Control Center, please refer to its "Help" section.
Disable remote keys access
A helpful feature of Sentinel Admin Control Center is the ability to disable access to remote keys. If the network key is installed locally, access to the key from remote hosts can be disabled. The following examples demonstrate how this can be done.
To disable access to remote keys switch to the "Access to Remote License Managers" tab and uncheck the "Allow Access to Remote Licenses" check box. Then press the "Submit" button to apply this change:
To disable access to the locally installed license key from remote hosts switch to the "Access from Remote Clients" tab and uncheck the "Allow Access from Remote Clients" check box. Then press "Submit" button to apply this setting:
License management utility
CHARON-VAX / CHARON-PDP for Windows provides two specific utilities for license management:
- "HASP View". This utility is used to display CHARON-VAX / CHARON-PDP license content.
- "License Update Service". This utility is used to collect key status information and host fingerprint (C2V) files, apply updates (".v2c" files) and perform the license transfer/removal.
Please refer to the "Utilities" section of this Guide for more details.
Transferring and removing CHARON-VAX / CHARON-PDP software licenses
Software Licenses Transfer
Software Licenses (SL) can be transferred from one host to another using the "License Update Service" utility.
The following example demonstrates the transfer procedure.
Let's suppose a Software License must be transferred from a host "SourceHost" to a host "RecipientHost":
- Collect the specific information about the "RecipientHost" to issue a transfer license: run the "License Update Service" utility on the "RecipientHost" (see above), choose the "Transfer License" tab and pressthe "..." button adjacent to the "Save Recipient Information" edit-box:
In the popup choose a directory an file name for the recipient information.
Press the "Collect and Save Information" button to create the recipient information file.
Copy the recipient file to the "SourceHost".
The recipient file is an ASCII file, so use "ascii" option in case of FTP transfer.- On "SourceHost", run "License Update Service" utility, select "Transfer License" tab and the particular license to transfer in the big edit-box.Press the "..." button adjacent to the "Read the recipient information from file" edit-box, choose the just transferred recipient file, press the "Open" button.
Press the "..." button adjacent to the "Generate the license transfer file to" edit-box, choose the target directory and enter the desired name of the transfer file (*.h2h), then press the "Save" button.
Press the "Generate License Transfer File" button to create the license transfer file in the specified folder.
Copy the resulting "*.h2h" file to the "RecipientHost".
"*.h2h" file is an ASCII file, so use the "ascii" option in case of FTP transfer.- On the "RecipientHost", apply the license transfer file ("*.h2h") the same way as a regular software license (see above).
- Start any web browser on the "RecipientHost" and go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC).
- Ensure that the license appears in the “Sentinel Keys” menu.
Software License Removal
It is also possible to remove a Software License completely from a host, the license will then be stored in a specific transfer license file "*.h2h", so it can be re-applied if needed.To remove a Software License completely from a host, follow the license transfer procedure described above. It is possible to use the fingerprint of the "SourceHost" (instead of the one from the "RecipientHost") for the transfer procedure.
Cloned Software License Removal
In certain situations Software License may become "Cloned" (disabled). In this case the following procedure must be applied to remove the cloned license:
- Go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC).
- In the "Sentinel HASP Admin Control Center" (ACC), locate the target "Sentinel SL AdminMode" license.
Press the "Certificates" button at the right side of the SL description:
.Note the name of the correspondent certificate and path to the certificates base in the "Certificates" section:
.- Remove the certificate file. In the example above the file to remove is "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel LDK\installed\68704\387285561437702475_base.v2c".
- Reboot CHARON host
- Start "Sentinel HASP Admin Control Center" (ACC) again to ensure that the SL has been removed.
Deinstallation is needed only in case if Sentinel run-time has been installed. If Sentinel HL in "driverless" mode has been used (see above) no specific deinstallation is required. Just disconnect the key from CHARON host.
To completely remove a CHARON VM license from a host, it is enough to remove the Sentinel run-time driver using the following procedure:
- Login as Administrator
- Open the CHARON VM kit folder
- Switch to the "hasp_install" subfolder
- Unzip the archive located in this folder
- Open "cmd.exe" and switch to the folder where the files were unzipped
Issue:
...> haspdinst.exe -fr -kp -nomsg
Remove the license dongle. Note that the Sentinel run-time driver is deinstalled automatically on CHARON VM with a complete deinstallation.
Special "backup" license keys
Backup keys are provided by STROMASYS along with standard license dongles. It is strongly recommended to order a backup key to recover immediately from damage or loss of the main license key.Backup keys use a counter (integer) value hardcoded inside the key. This integer value is a number of hours CHARON-VAX / CHARON-PDP is allowed to run. Each time CHARON VM checks the license (every hour), the value is decreased (by 1 hour).Please note that backup keys have restricted functionality:
- CHARON VM run time is typically limited to 720 hours (30 days). This is the time alloted to get a replacement from STROMASYS.
- A Backup license may be valid only until a certain date. Please check with STROMASYS management.