Contents
Prerequisites
The Charon-SSP VE License Server has a number of prerequisites:
- The VE license server package
- A suitable Linux instance to be used as the VE license server. This instance must run
- in a supported cloud environment, or
- in a supported VMware environment.
- Correct firewall settings
- The VE-capable Charon-SSP emulator software running on a Charon host with appropriate network access to the VE license server
These items are described below.
VE License Server Package
The Charon-SSP VE License Server package is delivered as an RPM package. Stromasys or your Stromasys VAR will provide you with the software or a download link.
Package name:
license-server-<version>.rpm
Where <version> indicates the version of the software, for example, 1.1.4.
Linux Instance for License Server
The license server package must be installed on a Linux cloud instance or a Linux VM on VMware.
Currently Supported Cloud Providers
At the time of writing, the following cloud providers are supported by the VE license server:
- Amazon AWS
- Oracle Cloud Infrastructure (OCI)
- Microsoft Azure
- Google Cloud Platform (GCP)
- IBM cloud
Please refer to your cloud provider's documentation for configuring and launching an appropriate instance. A description of the basic steps of launching an instance can be found in Additional Information.
Depending on the cloud environment, Stromasys may offer a prepackaged Charon-SSP VE image on the cloud marketplace. This image includes the Charon-SSP emulator software (already installed) and the VE License Server RPM package (can be installed optionally). An instance launched from such a prepackaged image can also be used as a VE license server.
Currently Supported VMware Platforms and Requirements
At the time of writing, the following VMware Platforms are supported by the VE license server.
- Requirements for direct ESXi host binding:
- The VE license server must run in one of the VMs on the ESXi server.
- ESXi/vSphere version 6.5 and above.
- Valid license that supports the vSphere API feature.
- Ports 443 and 902 must be accessible to the VE license server host.
- 100 MB of free disk space to be used by the VE license server host.
- Administrative user (and password) on the ESXi/vSphere host used for the binding between license server and ESXi/vSphere host.
- Requirements for vCenter Server binding:
- The VE license server must run in a VM on one of the ESXi systems managed by the vCenter server.
- Ports 443 and 902 must be accessible to the VE license server host.
- 100 MB of free disk space to be used by the VE license server host.
- Administrative user (and password) on the vCenter server used for the binding between license server and vCenter server.
Please note: vMotion for the virtual machine running the VE license server can only be used if the license server binds to the vCenter Server.
Linux Host Requirements for the VE License Server
The Linux system on which the VE license server runs must fulfill the following requirements:
Software requirements for the VE License Server:
Red Hat, CentOS, or Oracle Linux (64-bit) versions 7.x or 8.x
Basic hardware requirements (cloud instance capabilities or VMware host configuration) for running only the license server:
Must be sufficient for the selected Linux operating system.
Additional hardware requirements (cloud instance capabilities or VMware host configuration) for running the emulator software on the same system:
- If the license server is combined with the Charon-SSP emulator software on the same instance, the instance used must satisfy the requirements of the Charon-SSP host and all instances that will run on it. If this requirement exists, please refer to the Charon-SSP user's guide for details.
Additional general requirements:
- In the AWS cloud, an IAM role allowing the ListUsers action (IAMReadOnlyAccess in the example below) must be attached to the instance. This can be done during the launch of the instance as shown in the sample below.
Alternatively, the role can be set/changed by selecting the instance, right-clicking on it, and selecting Security > Modify IAM Role (in the older AWS console, use the Action menu). If such a role has not yet been defined, please refer to Creating and Attaching an AWS IAM Role and to the documentation provided by AWS for additional information.
Firewall Settings
Communication Between License Server and Client System
Any intermediate firewall as well as the cloud-specific subnet and instance security settings must permit the following ports for the appropriate source systems:
- TCP/8083: must be permitted on the license server for the client system to enable the use of the license by the client.
- TCP/8084: must be permitted by the license server for any system that should access the web interface to display information about licenses and active clients (currently not encrypted, hence should not be run across the Internet without a VPN).
See Cloud-Specific Firewall Information for information about the traffic filtering mechanisms used in the different cloud environments.
Simplified sample commands if firewalld is used on the Linux system:
# firewall-cmd --permanent --zone=public --add-port=8084/tcp
# firewall-cmd --permanent --zone=public --add-port=8083/tcp
# firewall-cmd --reload
- The default zone name can be found with the command
firewall-cmd --get-default-zone
, a list of all zones can be displayed with the commandfirewall-cmd --get-zones
. - The parameter --permanent writes the command to the respective firewalld configuration files. To add the command to the running firewall, re-run it without the parameter --permanent.
- The simplified sample above does not limit the source IP address to the addresses of the license clients. This would require a more sophisticated configuration. Please refer to the documentation of your Linux system.
Communication Between License Server and Cloud Infrastructure
The license server must be able to access information provided by the cloud infrastructure. In particular, it must be able to communicate with the following addresses/systems:
- The metadata server of the cloud environment (169.254.169.254) on AWS, Azure, OCI, and GCP
- If running on AWS, the host iam.amazonaws.com
- If running on GCP, the host www.googleapis.com
- If running on the IBM cloud, the hosts iam.cloud.ibm.com and resource-controller.cloud.ibm.com
Any intermediate firewall as well as the cloud-specific subnet and instance security settings must permit communication with these systems for the VE license server to function properly. See Cloud-Specific Firewall Information for information about the mechanisms used in the different cloud environments, and your Linux firewall documentation for any Linux specific questions.
Communication Between License Server and ESXi Host / vCenter Server
The license server must be able to access the following ports on the ESXi host or vCenter server it binds to: ports 443 and 902.
Charon-SSP VE-Capable Emulator and Management Software
The VE license server software requires matching Charon-SSP emulator software. The necessary features are available in Charon-SSP 4.2.x and later. Stromasys or your Stromasys VAR will provide you with the software or a download link. In certain cloud environments, Stromasys may offer a prepackaged Charon-SSP VE image on the cloud marketplace. This image includes the Charon-SSP emulator software (already installed) and the VE License Server RPM package (can be installed optionally). If you use a Charon host in the cloud and the instance was launched from such a prepackaged image, the required VE-capable emulator software is already installed (refer to the respective cloud-specific Getting Started Guide for more information).
Please note: The protocol versions used by the emulator software and the license server must be compatible. The software checks for compatible protocol versions and reports an error should there be a mismatch.
The Charon-SSP packages to be installed are the following RPM packages:
- Management components (not VE-specific):
- charon-agent-ssp-<version>-x86_64.rpm
- charon-director-ssp-<version>.rpm
- charon-manager-ssp-<version>.rpm
- VE-capable emulator software:
- charon-ssp-<architecture>-<version>.ve.el7-x86_64.rpm
- charon-ssp-<architecture>-<version>.ve.el8-x86_64.rpm
In the above list, the placeholders have the following meaning:
- <version> indicates the software version (e.g., 4.2.5).
- <architecture> indicates the type of emulated SPARC covered by the software (currently it can have the values 4m, 4u, 4v, 4u+, or 4v+).
- The string ve in the package containing the Charon emulator software indicates that this version of the emulator requires a VE license server.
- The string el7 denotes packages intended for Red Hat/CentOS/Oracle Linux 7.x.
- The string el8 denotes packages intended for Red Hat/CentOS/Oracle Linux 8.x.
- Charon Agent, Manager, and Director are not license-model specific.
Please note:
- Unless there is GUI access to the Charon-SSP host system (or an option to use X11-Forwarding via SSH), Charon Manager and Charon Director must be installed on a remote management system that will be used to configure and manage the Charon-SSP software. The Charon-SSP emulator software can also be run from the command-line, in which case Charon Manager and Director are not required.
- The Charon Agent package contains the RPM and Debian packages for the Charon Manager on Linux and a ZIP file for the Charon Manager on Microsoft Windows (charon-manager-ssp-<version>.zip).
- The Charon-SSP VE emulator software can run on the same system as the license server or on a separate system with appropriate network access to the VE License Server.
VE License Server Software Installation
If you are not familiar with the installation of RPM packages, please refer to the regular user's guide or your Linux system documentation.
Please note:
- In versions before 1.0.17, the license server will not start automatically after the initial installation. It will be started once a valid license has been installed (see Installing a License on the VE License Server).
- When upgrading to version 1.0.24 from an older version of the license server, a license update is required due to a change in the license schema.
- If you plan to use a primary and a backup license server, the license server software must be installed on both systems.
VE License Server Installation Steps
Perform the following steps to install the VE License Server software:
- Copy the license server software package to the license server host (if still required):
- Use sftp to connect to the cloud instance.
# sftp -i ~/.ssh/<mykey>
<user>@<linux-ip>
where- <mykey> is the private key of the key-pair you associated with your cloud instance (for an on-premises VMware installation where login with username/password is allowed, it is not needed)
- <user> is the user associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine; for an instance installed from a prepackaged Charon-SSP VE image, use the SFTP user charon)
- <linux-ip> is the ip address of your license server system
- Copy the software package to the license server system using the following SFTP command:
> put <local-path-to-license-server-package>
- Use sftp to connect to the cloud instance.
- Use ssh to log in on the license server host.
where# ssh-i ~/.ssh/<mykey> <user>@<linux-ip>
- <mykey> is the private key of the key-pair you associated with your cloud instance (for an on-premises VMware installation where login with username/password is allowed, it is not needed)
- <user> is the user for interactive login associated with your license server instance (e.g., opc on OCI, centos for a CentOS instance on AWS, or the custom user on your VMware virtual machine; for an instance installed from a prepackaged Charon-SSP VE image, use sshuser)
- <linux-ip> is the ip address of your license server system
- As a privileged user (root) go to the directory where you stored the installation package and install the package:
- Become the root user:
# sudo -i
- Go to the package location:
# cd <path-to-package-directory>
On an instance installed from a prepackaged Charon-SSP VE marketplace image, the installation package is stored under /charon/storage) - Install the package:
- Linux 7.x:
# yum install license-server*.rpm
- Linux 8.x:
# dnf install license-server*.rpm
- Linux 7.x:
- Become the root user:
Below, you find the sample output of an installation (RHEL/CentOS 8.x, assuming that the RPM is in the current working directory):
# dnf install license-server-1.1.5.rpm Last metadata expiration check: 1:14:52 ago on Fr 29 Jan 2021 09:46:32 CET. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: license-server x86_64 1.1.5-1 @commandline 52 M Transaction Summary ================================================================================ Install 1 Package Total size: 52 M Installed size: 79 M Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: license-server-1.1.5-1.x86_64 1/1 Installing : license-server-1.1.5-1.x86_64 1/1 Running scriptlet: license-server-1.1.5-1.x86_64 1/1 Created symlink /etc/systemd/system/multi-user.target.wants/licensed.service → /etc/systemd/system/licensed.service. Verifying : license-server-1.1.5-1.x86_64 1/1 Installed: license-server-1.1.5-1.x86_64 Complete!
Charon-SSP VE-Capable Emulator Software Installation
General Information
The Charon-SSP packages are RPM packages that are installed using the yum (Linux 7.x), dnf (Linux 8.x), or rpm command. They can be copied to the Charon host system using SFTP as shown in the example for copying the license server RPM.
At least the required emulator packages (charon-ssp-4*.rpm) and the agent (charon-agent*.rpm) must be installed for the system to run emulated SPARC systems and to allow remote management by the Charon Manager. If local management with graphical tools is required, then the Charon Manager and the Charon Director packages must also be installed.
For detailed host system requirements and for the management of the Charon-SSP software, please refer to the regular Charon-SSP documentation on the Stromasys Product Documentation and Knowledge Base pages.
Please note: To use the graphical user interface (Charon Manager for SSP) the Charon Manager package typically is installed on your local Linux or Windows PC that will be used for management purposes. Running the Charon Manager in a non-graphical cloud instance and export it via X11-Forwarding is possible, but will require additional configuration and installation steps (with access to a package repository) - this is outside the scope of this document. It is also possible to manage Charon-SSP via the command-line only. This is described in the general Charon-SSP user's guide.
Possible Additional Requirements
Many Linux server instances are missing packages that are typically available on workstation installations. Such packages may have to be installed, for example, if Charon-SSP graphics device emulation or audio emulation are to be used. The same applies to the Charon-SSP Manager, the Server JIT feature, and some non-critical functions of the Charon Agent. On prepackaged Charon-SSP cloud marketplace images, the necessary packages are preinstalled.
The following table provides an overview of the packages that may be missing:
RPM Package | Graphics and audio emulation | Charon Manager* | Server JIT feature | Charon Agent |
---|---|---|---|---|
libX11 | x | x | ||
xorg-x11-server-utils | x | x | ||
alsa-plugins-pulseaudio | x | |||
gtk2 | x | |||
xorg-x11-xauth (only required for X11-Forwarding) | x | |||
libicu (version 50 for Linux 7.x, version 60 for Linux 8.x) | x | |||
pciutils | x |
* If you install the Charon Manager with the yum (or dnf) command, these packages (except for xorg-x11-xauth) and any dependencies that these packages themselves may have, are resolved automatically if a package repository is available.
If you suspect problems caused by missing packages and the emulator was started via the Charon Manager, check the emulator crash-log file in addition to the emulator log file. If starting the emulator from the command-line, review the command-line output.
The packages above have their own dependencies. Install the above packages with the yum (or dnf) command in order to have their dependencies automatically installed. If your server does not have access to the standard operating system repositories, refer to this document for instructions on setting up a local repositories.
Sample Installation
Only the Charon-SSP emulator packages (4M, 4U(+), 4V(+)) are specific to the license model used. The packages required for managing Charon-SSP (Charon Agent, Manager, and Director) are the same as in the conventional product of the same version.
For detailed host system requirements and for the management of the Charon-SSP software, please refer to the regular Charon-SSP documentation on the Stromasys Product Documentation and Knowledge Base pages.
The log output below shows a sample Charon-SSP emulator and management package installation on a Linux 7 system:
# yum install charon*.rpm Loaded plugins: fastestmirror <lines removed> Resolving Dependencies --> Running transaction check ---> Package charon-agent-ssp.x86_64 0:4.3.5-1 will be installed ---> Package charon-director-ssp.x86_64 0:4.3.5-1 will be installed ---> Package charon-manager-ssp.x86_64 0:4.3.5-1 will be installed ---> Package charon-ssp-4m.x86_64 0:4.3.5.el7-1 will be installed ---> Package charon-ssp-4u.x86_64 0:4.3.5.el7-1 will be installed ---> Package charon-ssp-4v.x86_64 0:4.3.5.el7-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: charon-agent-ssp x86_64 4.3.5-1 /charon-agent-ssp-4.3.5-x86_64 32 M charon-director-ssp x86_64 4.3.5-1 /charon-director-ssp-4.3.5 287 k charon-manager-ssp x86_64 4.3.5-1 /charon-manager-ssp-4.3.5 6.0 M charon-ssp-4m x86_64 4.3.5.el7-1 /charon-ssp-4m-4.3.5.el7-x86_64 6.1 M charon-ssp-4u x86_64 4.3.5.el7-1 /charon-ssp-4u-4.3.5.el7-x86_64 24 M charon-ssp-4v x86_64 4.3.5.el7-1 /charon-ssp-4v-4.3.5.el7-x86_64 24 M Transaction Summary ================================================================================ Install 6 Packages Total size: 92 M Installed size: 92 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction <lines removed> Installed: charon-agent-ssp.x86_64 0:4.3.5-1 charon-director-ssp.x86_64 0:4.3.5-1 charon-manager-ssp.x86_64 0:4.3.5-1 charon-ssp-4m.x86_64 0:4.3.5.el7-1 charon-ssp-4u.x86_64 0:4.3.5.el7-1 charon-ssp-4v.x86_64 0:4.3.5.el7-1 Complete!