Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 34 Next »

Table of Contents

General description

The CHARON-VAX product is protected by licenses, issued by STROMASYS for each customer individually. The CHARON-VAX license defines all the specifics of the particular CHARON-VAX distribution and its usage.

The license is implemented in the form of a hardware dongle (a Sentinel HASP key) or a software bound to the hardware. Please be careful with your license key. In case of loss or damage, CHARON-VAX will not run or start unless the license key is replaced. For extra protection, STROMASYS recommends the use of a backup license key (purchased separately) that can replace the main license key for a restricted period of time. It is possible to specify the backup license in the CHARON-VAX configuration file to prevent CHARON-VAX from stopping in case its main license is no longer accessible.

The CHARON-VAX license is read upon the start of each instance of CHARON-VAX and at a specified interval (defined by the license content) during the emulated system execution. If CHARON-VAX detects the absence (or malfunction) of the license key / software license, CHARON will try to use a backup license (if specified in the configuration file). If the license is not available / not specified, CHARON displays a warning message in the log file requesting license key reconnection or software license reactivation. If the license is not reconnected within a given period of time (the check interval), CHARON-VAX exits.

Note that if the time-restricted license is used and it expires, CHARON-VAX tries to find its replacement automatically and, if found, CHARON-VAX proceeds using the replacement license.

The CHARON-VAX software license is not distributed in case of Proof-of-Concept and evaluation installations. Only hardware dongles are used in this case.

It is important to connect the HASP license keys to the computer from time to time even if CHARON-VAX is not used. The keys contain a built-in accumulator that needs to be charged. If the accumulator is completely discharged, the license key can be fatally damaged.

Update of the CHARON-VAX license can be performed on the fly without stopping CHARON-VAX. At the next license check, CHARON-VAX will use the updated license normally.

The following sections list all the main parameters of the CHARON-VAX licensing mechanism.



Parameters defined by CHARON-VAX license

The following table represents all the parameters defined by CHARON-VAX license:

GeneralProducts relevantOptional
  • Physical key ID

  • License Number

  • End user name

  • Master key ID

  • License release date and time

  • Update Number

  • Purchasing Company name. In most cases the company to which the key was issued originally

  • Commercial product name

  • Commercial product code

  • Commercial product version and range of build numbers suitable for running

  • Range of CHARON-VAX virtual models available for running

  • Type of host CPU required

  • Host operating system required

  • Number of virtual CPUs enabled for virtual SMP systems

  • Minimum number of host CPU cores required

  • Minimum host memory required

  • Maximum memory emulated. If not present the value defaults to the maximum memory possible for the particular virtual system. Note that the maximum memory may not be available to the virtual system if the host computer has insufficient physical memory.

  • Maximum number of CHARON-VAX instances that can be run concurrently

  • Whether or not CHAPI (CHARON-VAX API) can be used with this product

  • Product and Field Test expiration dates (if any)

  • Product and Field Test executions counter (if any)

  • Maximum number of hosts that may run CHARON-VAX concurrently (in the case of a networking license)

  • Level of support (if any), end date of any support contract, the "First Line" Service Provider

  • Frequency of CHARON-VAX license checking during CHARON-VAX execution

  • Possibility to attach hardware QBUS/UNIBUS hardware via adapter

  • Parameter that reduces the maximum speed of the program

  • Parameter that enables the product to support additional serial lines through an option board from a company such as DIGI

  • Parameter that prohibits use of Advanced CPU Emulation. If not present the Advanced CPU Emulation is enabled

  • Parameter that enables emulation of IEQ11-A IEEE488 Controller (on top of DCI-3100 IEEE488 Controller

  • Parameter that enables emulation of DRV11-WA I/O controller (on top of DCI-1100 I/O controller)

CHARON-VAX licensing models

CHARON-VAX licensing models are divided in 3 groups:


Regular Sentinel HASP keys

This is most common way of CHARON-VAX licensing, the CHARON-VAX license is embedded in a Sentinel HASP dongle. This license is available only on the host where the dongle is physically installed.

The CHARON-VAX installation procedure takes care of the Sentinel HASP run-time (driver) installation. Once the CHARON-VAX product has been installed, it is possible to plug-in the regular license key and proceed with CHARON-VAX usage without additional configuration steps.

The number of CHARON-VAX instances allowed to run on a particular host may be restricted by the license content (see above).

Network Sentinel HASP keys

The Network Sentinel HASP key (red dongle) can be shared between several hosts running CHARON-VAX including the host on which the network license is installed.

If CHARON-VAX is installed on the host where the network key is connected, no additional steps are required. The Sentinel driver is activated as part of the CHARON-VAX installation. If the host does not have CHARON-VAX installed, the host can still distribute the connected network license to CHARON-VAX instances running on other hosts. In this case the Sentinel driver must be installed on the host manually.

The Sentinel run-time driver is distributed as a separate RPM package in the CHARON-VAX kit. Please see the "License installation" section of this chapter for details.

Once the Sentinel run-time driver is installed and the network license is connected, CHARON-VAX can be started on any appropriate host on the LAN network segment. In the current CHARON-AXP/VAX versions, a network license controls the maximum overall number of active instances, which can be distributed across client host systems according to the preference of the customer.

Software licenses

The CHARON-VAX Software License is a "virtual" key with exactly the same functionality as the hardware dongle.

The CHARON-VAX software license does not require any hardware but it requires the installation of the Sentinel run-time environment.

Software licenses are best suited for stable environments, because their correct function depends on certain characteristics of the host system. Changing any of these characteristics will invalidate the license.

  • If the CHARON host runs on real hardware, the software licenses are by default tightly bound to the hardware for which they were issued. If major hardware characteristics of the system are changed, the license will be disabled.
  • If the CHARON host runs in a virtual environment (e.g. VMware), the software licenses are normally bound to the virtual machine ID and a set of additional characteristics of the virtual machine. If any of these parameters are changed, the license will be disabled.

For a more detailed description of the restrictions, please refer to the Software Licensing restrictions article or contact your Stromasys representative.

Software licenses are always network-wide on Linux so they behave the same way as Network HASP keys.

Multiple licenses configuration

For any type of licensing, CHARON-VAX can use only one valid ("active") license (of given vendor code) at a time.

The "hasp_srm_view" utility displays the "active" license by default and is able to display all available licenses with the "-all" parameter. It is also possible to check some specific license by its number using the "-key" parameter.

The utility provides the license number and ID / IP address of the host where the active license is installed.

The general recommendation is to avoid usage of multiple keys in one network segment. Use only one locally installed license per host or one network license per local network segment containing several CHARON-VAX hosts.

When needed, it is possible to use a special parameter in the CHARON-VAX configuration file to specify exactly which license must be used by each particular instance of CHARON-VAX:

Parameter

license_key_id

TypeText string
Value

A set of Sentinel Key IDs that specifies the license keys to be used by CHARON. It is also possibly to use a keyword "any" to force CHARON to look for a suitable license in all available keys if the license is not found in the specified keys.

Example:

set session license_key_id = "1877752571,354850588,any"

Based on the presence of this parameter in the configuration file, CHARON behaves as follows:
 

  1. No keys are specified (the parameter is absent)
    CHARON performs an unqualified search for any suitable key in unspecified order. If no key is found, CHARON exits.

  2. One or many keys are specified
    CHARON performs a qualified search for a regular license key in the specified order. If it is not found, CHARON exits (if the keyword "any" is not set).

If the keyword "any" is specified then if no valid license has been found in the keys with specified ID’s all other available keys are examined for valid license as well.

The order in which keys are specified is very important. If a valid license was found in the key which ID was not the first one specified in configuration file, then available keys are periodically re-scanned and if the key with the ID earlier in the list than the current one is found CHARON tries to find a valid license there and in case of success switches to that key.


License installation

Installation of Regular and Network license keys

Installation of CHARON-VAX regular and network licenses consists of:


  1. Installation of the Sentinel run-time environment on the CHARON-VAX host (regular and network keys) or on the host that will distribute CHARON-VAX licenses over a local network segment (network key only). The Sentinel software (the “aksusbd” RPM package) is installed automatically by CHARON-VAX for Linux.

  2. Physical connection of the HASP license dongle to the CHARON-VAX host or to the host distributing the CHARON-VAX license over the local network segment.

When manual installation of Sentinel run-time is required (in the case of the network license server that does not have CHARON-VAX installed), open the CHARON-VAX kit folder and proceed the following way:

# rpm --nodeps -ihv aksusbd-7.63-1.i386.rpm charon-license-4.11-20404.el74.x86_64.rpm

In case of network-wide license (red dongle) do the following:

  • On the server side (where the network license will reside): open port 1947 for both TCP and UDP
  • On the client side, if broadcast search for remote licenses is to be used, UDP traffic from port 1947 of the license server to ports 30000-65535 of the client must be permitted.
  • Both on server and client sides: setup default gateway

Please consult with your Linux User's Guide on details.

If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.

Some additional packages may be needed in certain cases, for example "glibc.i686"


Replacement of currently installed Sentinel run-time

Replacement of currently installed Sentinel Run-time may be needed in case of:

  • Upgrade to a newer version of CHARON-VAX
  • Installation of a specific CHARON-VAX license Run-time provided by STROMASYS
Run-time replacement is a two step process:
  • Remove the current run-time (and the package "charon-license-<...>.rpm" containing the run-time customization) with the command

    # rpm --nodeps -e aksusbd charon-license-<...>
  • Change to the directory where the new run-time RPM resides (along with the corresponding "charon-license-<...>.rpm" customization package) and issue the command:

    # rpm --nodeps -ihv aksusbd<…>.rpm charon-license-<...>.rpm

Installation and update of CHARON-VAX Software License or HL/HASP dongle License

CHARON-VAX Software Licenses (SL) can be installed / updated according to the procedure described below.

  • Install CHARON-VAX together with Sentinel run-time (Sentinel run-time is an essential part of CHARON-VAX for Linux distribution)

  • Reboot the host system

  • Connect the HASP dongle to the host system (in case of update of a license in a dongle)
  • Collect the CHARON-VAX host fingerprint file (".c2v") - in case of first installation of a Software License:

    # hasp_srm_view -fgp my_host.c2v

    or collect the ".c2v" file in case a Software License is already installed or the connected HL/HASP dongle needs updating:

    # hasp_srm_view -c2v current_license.c2v
  • Send the ".c2v" file ("my_host.c2v" / "current_license.c2v" in the examples above) to STROMASYS

  • Receive a ".v2c" file in return and put it somewhere on the CHARON-VAX host.

  • Start any web browser on this system and go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC) or configure ACC for remote access (see the details below).

  • In ACC, under the Options menu, select Update/Attach, "Browse" for the "*.v2c" file and then "Apply File".

  • Ensure that the license appears in the “Sentinel Keys” menu.


Alternatively it is also possible to use the "hasp_update" utility for applying ".v2c" file.

The content of the installed software license is not shown by the Sentinel HASP Admin Control Center.To see it please run the "hasp_srm_view" utility from the local console or configure remote access according to the instructions given in the "hasp_srm_view" utility section.

In case of network-wide software license do the following:

  • On the server side (where the network license will reside): open port 1947 for both TCP and UDP
  • On the client side, if broadcast search for remote licenses is to be used, UDP traffic from port 1947 of the license server to ports 30000-65535 of the client must be permitted.
  • Both on server and client sides: setup default gateway

Please consult with your Linux User's Guide on details.

If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.

License management

CHARON-VAX license management is performed by the Sentinel Admin Control Center and specific utilities. They are described in the sub-sections below.

Sentinel Admin Control Center

General Description

The Sentinel Admin Control Center (ACC) is the web-interface to the Sentinel run-time environment. It allows viewing/managing available keys, enabling and disabling them, controlling usage of remote keys etc.

To access the ACC, start any web browser and open the http://localhost:1947 page.

The Sentinel Admin Control Center is not able to display CHARON-VAX licenses - to view key contents, use the "hasp_srm_view" utility.

To access the Sentinel Admin Control Center start any web browser and open the http://localhost:1947 page. The web interface of the Sentinel Admin Control Center will appear.

The screenshot below gives an example:


This example demonstrates that 4 license keys are available:

  1. A network key ("HASP-HL NetTime") on the host "XEON4WAYW7"

  2. A network key installed locally

  3. An HASP-HL installed locally

  4. A network-wide software license on the host "RH64"


The Sentinel Admin Control Center reports that there is one opened session on key #4. The other keys are not being used at the moment.

Using the Sentinel Admin Control Center it is possible to check the available keys, verify the hosts on which they reside, verify the opened sessions, etc. For a more detailed description of the Sentinel Admin Control Center, please refer to its "Help" section.

Disable remote keys access

A helpful feature of the Sentinel Admin Control Center is the ability to disable access to remote keys. If the network key is installed locally, access to the key from remote hosts can be disabled. The following examples demonstrate how this can be done.

To disable access to remote keys, switch to the "Access to Remote License managers" tab, uncheck the "Allow Access to Remote Licenses" checkbox and press the "Submit" button to apply this setting:

To disable access to the locally installed license key from remote hosts, switch to the "Access from Remote Clients" tab, uncheck the "Allow Access from Remote Clients" checkbox and press the "Submit" button to apply this setting:

Accessing Sentinel Admin Control Center from remote hosts

By default, the Sentinel Admin Control Center forbids accessing its web interface from remote machines.

To allow access, configure the ACC for remote management:

In this cannot be done using the WEB interface, edit the "hasplm.ini" file:

# vi /etc/hasplm/hasplm.ini

(warning) In the file does not exist, please refer to this article: How-to enable remote connection to Sentinel Admin Control Center without GUI

Allow remote access by changing the "ACCremote" parameter from "0" to "1", make sure the parameter "bind_local_onlyis set to 0 (the value 1 means localhost-only) then restart the Sentinel Admin Control Center run-time:

# systemctl restart aksusbd

(or for RHEL 6.x: # service aksusbd restart)

If the CHARON-VAX host firewall is blocking remote access to the Sentinel Admin Control Center, please configure the firewall to open the port 1947 (TCP protocol). Refer to the Linux documentation for details on how to configure the firewall. It is also possible to use SSH port forwarding with the following command (replace "CHARON_MACHINE" by the real CHARON-VAX host name):

# ssh -L8080:CHARON_MACHINE:1947 root@CHARON_MACHINE

This will expose the Sentinel Admin Control Center on port 8080 to any computer and it will believe commands are coming from the local host.

License management utilities

CHARON-VAX for Linux provides a specific utility for license management - "hasp_srm_view". This utility is used to display the license(s) content, to collect key(s) status information and host fingerprint (C2V) files.


Applying updates (".v2c" files) is typically done using the Sentinel Admin Control Center (see above) but alternatively it is also possible to use the specific "hasp_update" utility.

Please refer to the Utilities section of this Guide for more details.

Removing CHARON-VAX software licenses

The following procedure must be applied to remove software license:
 

  1. Using your web browser, open the http://localhost:1947 page to access the "Sentinel HASP Admin Control Center" (ACC).
  2. In the "Sentinel HASP Admin Control Center" (ACC), locate the target "Sentinel SL AdminMode" license.
  3. Press the "Certificates" button at the right side of the SL description: 
  4. Note the name of the corresponding certificate and path to the certificates base in the "Certificates" section.
  5. Remove the target certificate file from the specified directory, in most cases: "/var/hasplm/installed/68704/".
  6. Restart the aksusbd service (# systemctl restart aksusbd or # service aksusbd restart) or reboot the CHARON host.
  7. Start the "Sentinel HASP Admin Control Center" (ACC) again to ensure that the SL has been removed.


License deinstallation

To completely remove a CHARON-VAX license from a host, it is enough to remove the Sentinel run-time daemon (and the package "charon-license-<...>.rpm" containing the run-time customization) using the following command:

# rpm --nodeps -e aksusbd charon-license-<...>

Then just physically disconnect the license key (in the case of protection by dongles).


Special "backup" license keys

Backup keys are provided by STROMASYS along with standard license dongles. It is strongly recommended to order a backup key to recover immediately from damage or loss of the main license key. Backup keys use a counter (integer) value hardcoded inside the key. This integer value is a number of hours CHARON-VAX is allowed to run. Each time CHARON-VAX checks the license (every hour), the value is decreased (by 1 hour).Please note that backup keys have restricted functionality:

  • CHARON run time is typically limited to 720 hours (30 days). This should be more than enough time to get a replacement from STROMASYS.
  • A backup license may be valid only until a certain date. Please check with STROMASYS management.
  • No labels