How-to enable remote connection to Sentinel Admin Control Center without GUI

Table of contents

Description

This article describes how to enable remote connection to the Sentinel Admin Control Center (ACC) on a Charon server or a Charon license server when the WEB interface cannot be opened.

(info) This corresponds to the following configuration using the WEB interface:

To access the page above, one have to open a WEB browser and connect to the page http://localhost:1947. If this operation cannot be performed on the local host itself, it is possible to access this page from a remote host from this page http://charonserver:1947 where charonserver corresponds to either the Charon server name or its IP address.

Step-by-step guide

Linux

Since , Stromasys provides a Text User Interface (for configuration only) to perform these operations. Please contact us if you need the download link.

 Text User Interface overview - Click here to expand...

If the file does not exist (it is created on 1st update), copy the attached file hasplm.ini.linux to the /etc/hasplm folder as hasplm.ini and define the file protection, either with default values (see below) or as defined in this article: /wiki/spaces/CLH01001/pages/135765309

# cp hasplm.ini.linux /etc/hasplm/hasplm.ini

# chmod 644 /etc/hasplm/hasplm.ini

# chown root:root /etc/hasplm/hasplm.ini

(blue star) Edit the file and replace the "name = <your server name>" line with the proper server name. Example: name = myserver.mydomain

(lightbulb) The settings defined in this file, ACCremote or accremote depending on the driver version, will allow you to access the Sentinel ACC from a remote server.

(lightbulb) If you use a pre-existing file (instead of copying the template), make sure the parameter bind_local_only is set to 0 (the value 1 means localhost-only).

Restart the aksusbd service if the changes are not automatically recognized:

# systemctl restart aksusbd


(warning) If it is still not possible to access the Sentinel Admin Control Center from another host, it can be due to the firewall blocking remote access. In this case, please configure the firewall on the Charon server to open the port 1947 (TCP protocol).

Example:

# firewall-cmd --permanent --new-service=Charon
success

# firewall-cmd --permanent --service=Charon --add-port=1947/tcp
success

# firewall-cmd --get-active-zones
public
  
interfaces: ens256 ens192

# firewall-cmd --zone=public --permanent --add-service=Charon
success

# firewall-cmd --reload
success

Windows

If the file does not exist (it is created on 1st update), copy the attached file hasplm.ini.windows-7.x-driver or hasplm.ini.windows-8.x-driver (depending on the version you use) to the "C:\Program Files (x86)\Common Files\Aladdin Shared\HASP" folder as hasplm.ini.

(blue star) Edit the file and replace the "name = <your server name>" line with the proper server name. Example: name = myserver.mydomain

(lightbulb) The settings defined in this file, ACCremote or accremote depending on the driver version, will allow you to access the Sentinel ACC from a remote server.

(lightbulb) If you use a pre-existing file (instead of copying the template), make sure the parameter bind_local_only is set to 0 (the value 1 means localhost-only).

Optionally, restart the "Sentinel LDK License Manager" service if the changes are not automatically recognized (this can be done only is no emulator is running and if the service stop is forced, running emulators will stop too because of service dependencies).

(info) The service can be restarted from a cmd.exe window (as Administrator) using the "sc stop hasplms" and "sc start hasplms" commands or using PowerShell (as Administrator) and running the "Restart-Service hasplms" command.

Additional steps

Security settings

Once remote GUI access has been enabled, do not forget to set a password to protect access to the management interface. The steps for setting a password are described in the article /wiki/spaces/CLH01001/pages/135765309.

Error log file

It is highly recommended to enable the error log file as described in this article: Enabling logging in Sentinel Admin Control Center and check the content of the log file once the aksusbd service for Linux or the "Sentinel LDK License Manager" service for Windows has been restarted.

(info) Some parameters like download_url, update_host and language_url maybe have become obsolete in case of driver upgrade and can then be deleted from the hasplm.ini file.

Other useful parameters

ParameterPossible valuesSentinel Admin Control center correspondence from "Configuration" optionNotes

ACCremote

(driver version <7.100)

0 = disabled (default),

1 = enabled

"Basic Settings" tab → Allow Remote Access to ACC

accremote

(more recent driver version)

0 = disabled (default),

1 = enabled

https = enabled with https secure connection

errorlog

0 = disabled (default),

1 = enabled

"Basic Settings" tab → Write an Error Log File

To get file name and location, please see: Enabling logging in Sentinel Admin Control Center

It is recommended to enable error log writing.

rotatelog

0 = disabled (default),

1 = enabled

"Basic Settings" tab → Write Log Files DailyTo get file name and location, please see: Enabling logging in Sentinel Admin Control Center
error_log_maxsize

0 = disabled (default),

any numeric value >0 = size limit in KB

"Basic Settings" tab → Write an Error Log File → Size Limit (KB)

To get file name and location, please see: Enabling logging in Sentinel Admin Control Center

It is recommended to setup a limit, 10000 KB for example

zip_logs_days

0 = never compress (default),

any numeric value >0 = compress files after <value> days

"Basic Settings" tab → Days Before Compressing Log FilesOptional
delete_logs_days

0 = never compress (default),

any numeric value >0 = delete files after <value> days

"Basic Settings" tab → Days Before Deleting Log FilesIt is recommended to enable automatic deletion of old files (after 90 days for example)
accesstoremote

0 = disabled,

1 = enabled (default)

"Access to Remote License Managers" tab → Allow Access to Remote Licenses

accessfromremote

(driver version <7.100)

0 = disabled,

1 = enabled (default)

"Access from Remote Clients" tab → Allow Access from Remote Clients

accessfromremote

(more recent driver version)

0 = no one,

secure = identifiable clients only,

split = anyone, but cloud licenses require identity,

anyone = anyone, and cloud licenses can be consumed without identity (default)

bind_local_only

0 = all adapters (default),

1 = localhost only

"Network" tab → Network Visibility

Starting with Charon-AXP/VAX 4.9 for Linux, Charon-AXP/VAX version 4.8 for Windows, and Charon-PAR 1.10, these Charon emulator products do not follow the accesstoremote and network visibility settings in the the local Sentinel ACC. They perform a broadcast search for network licenses even if this has been disabled in the local Sentinel ACC configuration. 


Attachments

  File Modified

File hasplm.ini.linux-7.x-driver hasplm.ini for aksusbd 7.63 driver

Jun 21, 2022 by Bruno Miretti

File hasplm.ini.linux-8.x-driver hasplm.ini for aksusbd 8.13 driver

Jun 21, 2022 by Bruno Miretti

File hasplm.ini.windows-7.x-driver hasplm.ini for Sentinel LDK License Manager 7.63

Jun 21, 2022 by Bruno Miretti

File hasplm.ini.windows-8.x-driver hasplm.ini for Sentinel LDK License Manager 8.13

Jun 21, 2022 by Bruno Miretti

hasplm.ini file example

;*************************************************************************
;*
;* Sentinel License Manager configuration file
;*
;* Version 21.0 1.77827 at Win7-Main
;* Tue, 14 May 2019 09:07:45 GMT
;*
;*************************************************************************


[SERVER]
name = <your server name>
idle_session_timeout_mins = 720
pagerefresh = 3
linesperpage = 20
ACCremote = 1
enablehaspc2v = 0
old_files_delete_days = 90

enabledetach = 0
reservedseats = 0
reservedpercent = 0
detachmaxdays = 14
commuter_delete_days = 7
disable_um = 0

requestlog = 1
loglocal = 0
logremote = 1
logadmin = 0
errorlog = 1
rotatelogs = 0
access_log_maxsize = 5000 ;kB
error_log_maxsize = 5000 ;kB
zip_logs_days = 0
delete_logs_days = 90
pidfile = 0
passacc = 0

accessfromremote = 1
accesstoremote = 1
bind_local_only = 0 ; 0=all adapters, 1=localhost only

proxyconnect = 0 ; 0=disabled, 1=WPAD, 2=manual
proxyhost =
proxyport = 3128


[UPDATE]
download_url = sentinelcustomer.gemalto.com/Sentinel/LanguagePacks/
update_host = www3.safenet-inc.com
language_url = /hasp/language_packs/end-user/


[REMOTE]
broadcastsearch = 1
aggressive = 0
serversearchinterval = 30


[ACCESS]


[USERS]


[VENDORS]


[EMS]
emsurl = http://localhost:8080
emsurl = http://127.0.0.1:8080


[LOGPARAMETERS]
text = {timestamp} {clientaddr}:{clientport} {clientid} {method} {url} {function}({functionparams}) result({statuscode}){newline}

Related articles




© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.