CHARON-AXP for Linux licensing
Table of Contents
General description
CHARON-AXP products are protected by licenses, issued by STROMASYS for each customer individually. The CHARON-AXP license defines all the specifics of the particular CHARON-AXP distribution and its usage.
The license is implemented in the form of a hardware dongle (a Sentinel HASP key) or a software license. Please be careful with your license key. In case of loss or damage, CHARON-AXP will not run or start unless the license key is replaced. For extra protection, STROMASYS recommends the use of a backup license key (purchased separately) that can replace the main license key for a restricted period of time. It is possible to specify the backup license in the CHARON-AXP configuration file to prevent CHARON-AXP from stopping in case its main license is no longer accessible.
The CHARON-AXP license is read upon the start of each instance of CHARON-AXP and at a specified interval (defined by the license content) during the emulated system execution. If CHARON-AXP detects the absence (or malfunction) of the license key / software license, CHARON will try to use a backup license (if specified in the configuration file). If the license is not available / not specified, CHARON displays a warning message in the log file requesting license key reconnection or software license reactivation. If the license is not reconnected within a given period of time (the check interval), CHARON-AXP exits.
Note that if the time-restricted license is used and it expires, CHARON-AXP tries to find its replacement automatically and, if found, CHARON-AXP proceeds using the replacement license.
The present CHARON-AXP implementation requires that the expired license be removed to allow the running CHARON-AXP to switch to some other (valid) one.
The CHARON-AXP software license is not distributed in case of Proof-of-Concept and evaluation installations. Only hardware dongles are used in this case.
It is important to connect HASP license keys to the computer from time to time even if CHARON-AXP is not used. The keys contain a built-in accumulator that needs to be charged. If the accumulator is completely discharged, a license key can be fatally damaged.
Update of the CHARON-AXP license can be performed on the fly without stopping CHARON-AXP. At the next license check, CHARON-AXP will use the updated license normally.
The following sections list all the main parameters of the CHARON-AXP licensing mechanism.
Parameters defined by CHARON-AXP license
The following table represents all the parameters defined by CHARON-AXP license:
General | Products relevant | Optional |
---|---|---|
|
|
|
CHARON-AXP licensing models
CHARON-AXP licensing models are divided in 3 groups:
Regular Sentinel HASP keys
This is most common way of CHARON-AXP licensing.
The CHARON-AXP license is embedded in a Sentinel HASP dongle. This license is available only on the host where the dongle is physically installed.
The CHARON-AXP installation procedure takes care of the Sentinel HASP run-time (driver) installation. Once the CHARON-AXP product has been installed, it is possible to plug-in the regular license key and proceed with CHARON-AXP usage without additional configuration steps.
The number of CHARON-AXP instances allowed to run on a particular host may be restricted by the license content (see above).
Network Sentinel HASP keys
The Network Sentinel HASP key (red dongle) can be shared between several hosts running CHARON-AXP (including the host on which the network license is installed).
If CHARON-AXP is installed on the host where the network key is connected, no additional steps are required. The Sentinel driver is activated as part of the CHARON-AXP installation. If the host does not have CHARON-AXP installed, the host can still distribute the connected network license to CHARON-AXP instances running on other hosts. In this case the Sentinel driver must be installed on the host manually.
The Sentinel run-time driver is distributed as a separate RPM package in the CHARON-AXP kit. Please see the "License installation" section of this chapter for details.
Once the Sentinel run-time driver is installed and the network license is connected, CHARON-AXP can be started on any appropriate host on the LAN network segment.
The Network license key contains a specific parameter to restrict the number of hosts allowed to run CHARON-AXP at the same time. Together with a parameter defining the number of CHARON-AXP instances that may run at the same time, the network license sets the total number of running CHARON-AXP instances on the allowed number of hosts.
Software licenses
The CHARON-AXP Software License is a "virtual" key with exactly the same functionality as the hardware dongle.
The CHARON-AXP software license does not require any hardware but it requires installation of the Sentinel run-time environment.
Software licenses are always network-wide on Linux, so they behave the same way as Network HASP keys.
Software Licenses are highly dependent on hardware configuration of CHARON host. Do not change hardware configuration since it leads to disabling of installed Software License!
If CHARON host has to be upgraded use the following procedure:
- Transfer Software License to some other host.
- Upgrade CHARON host.
- Transfer Software License back to CHARON host.
Multiple licenses configuration and backup license
For any type of licensing, CHARON-AXP can use only one valid ("active") license (of given vendor code) at a time.
The "hasp_srm_view" utility displays the "active" license only. The utility provides the license number and ID / IP address of the host where the active license is installed.
CHARON-AXP cannot: check all the available license keys / software licenses, choose one, automatically switch from one key to another, etc.
The general recommendation is to avoid usage of multiple keys in one network segment. Use only one locally installed license per host or one network license per local network segment containing several CHARON-AXP hosts.
When needed, it is possible to use a special parameter in the CHARON-AXP configuration file to specify exactly which license must be used by each particular instance of CHARON-AXP:
Parameter | Type | Value | ||
---|---|---|---|---|
license_key_id[N], N=0 or 1 | Numeric | A number (decimal Sentinel key ID) that specifies regular (N=0) and backup (N=1) license keys to be used by CHARON-AXP. Example:
It is also possible to specify both regular and backup key in one line. Example:
Depending on the presence of the regular and/or backup license key IDs in the configuration file, CHARON-AXP behaves differently:
|
License installation
Installation of Regular and Network license keys
Installation of CHARON-AXP regular and network licenses consists of:
Installation of the Sentinel run-time environment on the CHARON-AXP host (regular and network keys) or on the host that will distribute CHARON-AXP licenses over a local network segment (network key only). The Sentinel software ( the “aksusbd” RPM package) is installed automatically by CHARON-AXP for Linux.
Physical connection of the HASP license dongle to the CHARON-AXP host or to the host distributing the CHARON-AXP license over the local network segment.
When manual installation of Sentinel run-time is required (in the case of the network license server that does not have CHARON-AXP installed), open the CHARON-AXP kit folder and proceed the following way:
|
In case of network-wide license (red dongle) do the following:
- On server side (where network license will reside): open port 1947 for both TCP and UDP
- On clients side: open UDP ports 30000-65535
- Both on server and client sides: setup default gateway
Please consult with your Linux User's Guide on details.
If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.
Some additional packages may be needed in certain cases, for example "glibc.i686"
Replacement of currently installed Sentinel run-time
Replacement of currently installed Sentinel Run-time may be needed in case of:
- Upgrade to a newer version of CHARON-AXP
- Installation of a specific CHARON-AXP license Run-time provided by STROMASYS
Remove the current run-time (and the package "charon-hasp-<...>.rpm" containing the run-time customization) with the command
# rpm --nodeps -e aksusbd charon-hasp-<...>
Change to the directory where the new run-time RPM resides (along with the corresponding "charon-hasp-<...>.rpm" customization package) and issue the command:
# rpm --nodeps -ihv aksusbd<…>.rpm charon-hasp-<...>.rpm
Installation and update of CHARON-AXP Software License or HL/HASP dongle License
CHARON-AXP software licenses can be installed / updated according to the procedure described below. This procedure is also applicable for update of a license in case of HL/HASP dongles.
Install CHARON-AXP together with Sentinel run-time (Sentinel run-time is an essential part of CHARON-AXP for Linux distribution)
Reboot host system
- In case of Software License installation and if there are already installed network-wide SL's in local network disable access to network licenses in the following way:
- Go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC).
- Select "Configuration" option at the left panel, then "Access to Remote License Managers" tab.
- Uncheck the highlighted options:
- Press "Submit" button to apply settings
- Select "Network" tab.
- Switch "Network visibility" to "None":
- Press "Submit" button to apply setting.
- Do not forget to return these settings back after SL installation.
- Connect HASP dongle to host system (in case of update of a license in a dongle)
Collect CHARON-AXP host fingerprint file (".c2v") - in case of first installation of Software License:
# hasp_srm_view -fgp my_host.c2v
or collect ".c2v" file in case if already installed Software License or connected HL/HASP dongle needs updating:
# hasp_srm_view -c2v current_license.c2v
Send the ".c2v" file ("my_host.c2v" / "current_license.c2v" in the examples above) to STROMASYS
Receive a ".v2c" file in return and put it somewhere on the CHARON-AXP host.
Start any web browser on this system and go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC) or configure ACC for remote access (see the details below).
In ACC, under the Options menu, select Update/Attach, "" for the "*.v2c" file and then "".
Ensure that the license appears in the “
” menu.
Alternatively it is also possible to use "hasp_update" command line utility for applying the ".v2c" file.
Content of the installed software license is not shown by the Sentinel HASP Admin Control Center. To see it please run "hasp_srm_view" utility from local console or configure remote access according to the instructions given in the "hasp_srm_view" utility section
In case of network-wide software license do the following:
- On server side (where network license will reside): open port 1947 for both TCP and UDP
- On clients side: open UDP ports 30000-65535
- Both on server and client sides: setup default gateway
Please consult with your Linux User's Guide on details.
If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.
License management
CHARON-AXP license management is performed by the Sentinel Admin Control Center and specific utilities. These are described in the sub-sections below.Sentinel Admin Control Center
General Description
The Sentinel Admin Control Center (ACC) is the web-interface to the Sentinel run-time environment. It allows viewing/managing available keys, enabling and disabling them, controlling usage of remote keys etc.
To access the ACC, start any web browser and go to http://localhost:1947
Sentinel Admin Control Center is not able to display CHARON-AXP licenses - to view key contents, use the "hasp_srm_view" utility.
To access Sentinel Admin Control Center start any web browser, enter http://localhost:1947 and press Enter. Web interface of the Sentinel Admin Control Center will appear.
The screenshot below gives an example of its interface:
This example demonstrates that 4 license keys are available:
Network key ("HASP-HL NetTime") on the host "XEON4WAYW7"
Network key installed locally
HASP-HL installed locally
Network-wide software license on the host "RH64"
Sentinel Admin Control Center reports that there is one opened session on key (4). The other keys are not being used at the moment
Using Sentinel Admin Control Center it is possible to check available keys, verify hosts on which they reside, verify opened sessions etc. For a more detailed description of Sentinel Admin Control Center, please refer to its "Help" section.
Disable remote keys access
A helpful feature of Sentinel Admin Control Center is the ability to disable access to remote keys. If the network key is installed locally, access to the key from remote hosts can be disabled. The following examples demonstrate how this can be done.
To disable access to remote keys switch to the "Access to Remote License managers" tab and uncheck the "Allow Access to Remote Licenses" checkbox. Then press "Submit" button to apply this setting:
To disable access to the locally installed license key from remote hosts switch to the "Access from Remote Clients" tab and uncheck the "Allow Access from Remote Clients" checkbox. Then press "Submit" button to apply this setting:
Accessing Sentinel Admin Control Center from remote hosts
By default, Sentinel Admin Control Center forbids accessing its web interface from remote machines. To allow access, configure ACC for remote management.
The first step is to edit the "hasplm.ini
" file:
|
Allow remote access by changing the "ACCremote" parameter from "0" to "1".Then restart Sentinel Admin Control Center run-time:
# /etc/init.d/aksusbd restart |
# ssh -L8080:CHARON_MACHINE:1947 root@CHARON_MACHINE |
License management utilities
Applying updates (".v2c" files) is typically done using Sentinel Admin Control Center (see above), but alternatively it is also possible to use a specific "hasp_update" utility for that.
Transferring and removing CHARON-AXP software licenses
Software Licenses Transfer
Software Licenses (SL) can be transferred from one host to another using the "hasp_srm_view" utility and "Sentinel Admin Control Center" (ACC).
The following example demonstrates the transfer procedure. Let's suppose a Software License must be transferred from a host "SourceHost" to a host "RecipientHost":Collect the specific information about the "RecipientHost" to issue a transfer license. To do that run "hasp_srm_view" utility on the "RecipientHost" with the following parameters:
$ hasp_srm_view -idf
The file "recipient.id" will be created in the current directory.
Copy the "recipient.id" file to the "SourceHost".
"recipient.id" file is an ASCII file, so use "ascii" option in case of FTP transfer.- On "SourceHost", open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Note the number of the software license you are going to transfer.
Run the "hasp_srm_view" utility in the following way to create a transfer license for the host "RecipientHost":
$ hasp_srm_view -tfr <license number> recipient.id
The "license number" is the value collected at step 3. Example of collecting a transfer license:
$ hasp_srm_view
-tfr 12345678
recipient.id
The file "<license number>.v2c" will then be created in the current directory. In the example above the name of the transfer license will be "12345678.v2c"
Copy the resulting "<license number>.v2c" file to the "RecipientHost".
"<license number>.v2c" file is an ASCII file, so use "ascii" option in case of FTP transfer.- On "RecipientHost", open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Apply the "<license number>.v2c" file as described above
Software License Removal
It is also possible to remove Software License completely from a host, the license will then be dumped to a specific license file "*.v2c", so it can be re-applied if needed.
- Open "Sentinel Admin Control Center" (ACC) (browse to http://localhost:1947). Note the number of the software license you are going to remove.
Run the "hasp_srm_view" utility in the following way to remove the license:
$ hasp_srm_view -tfr <license number>
The "license number" is the value collected at step 1. Example:
$ hasp_srm_view -tfr 12345678
The "<license number>.v2c" file will then be created in the current directory. In the example above the name of the transfer license will be "12345678.v2c"
- It is always possible to re-apply the created ".v2c" file to restore the deleted software license.
Cloned Software License Removal
In certain situations Software License may become "Cloned" (disabled). In this case the following procedure must be applied to remove the cloned license:
- Go to http://localhost:1947 to access the "Sentinel HASP Admin Control Center" (ACC).
- In the "Sentinel HASP Admin Control Center" (ACC), locate the target "Sentinel SL AdminMode" license.
- Press the "Certificates" button at the right side of the SL description:
- Note the name of the correspondent certificate and path to the certificates base in the "Certificates" section.
- Remove the target certificate file from the specified directory (in most cases it is "/var/hasplm/installed/68704/").
- Reboot CHARON host.
- Start "Sentinel HASP Admin Control Center" (ACC) again to ensure that the SL has been removed.
License Deinstallation
To completely remove a CHARON-AXP license from a host, it is enough to remove the Sentinel run-time daemon (and the package "charon-hasp-<...>.rpm" containing the run-time customization) using the following command:
# rpm --nodeps -e aksusbd charon-hasp-<...> |
Special "backup" license keys
Backup keys are provided by STROMASYS along with standard license dongles. It is strongly recommended to order a backup key to recover immediately from damage or loss of the main license key. Backup keys use a counter (integer) value hardcoded inside the key. This integer value is a number of hours CHARON-AXP is allowed to run. Each time CHARON-AXP checks the license (every hour), the value is decreased (by 1 hour). Please note that backup keys have restricted functionality:
- CHARON run time is typically limited to 720 hours (30 days). This should be more than enough time to get a replacement key from STROMASYS.
- Backup license may be valid only until a certain date. Please check with STROMASYS management.
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.