License Management Overview for Charon-PAR for Linux
Please refer to the other sections of the Charon Licensing Handbook and your product documentation for any topics not covered in this overview guide and for more detailed information on the topics discussed here.
This page provides an overview of the basic steps to set up the HASP licensing environment on a system running Charon-PAR for Linux.
General Description
A Charon emulator product will not run without a valid license. For Sentinel HASP licenses (the topic of this chapter) this license can be provided on a USB hardware dongle (a Sentinel HASP key) or as a software license bound to the hardware of the host system or the network license server. A loss or defect of a license will cause the emulator to stop.
For extra protection, Stromasys recommends the use of a backup license key (purchased separately) that can replace the main license key for a limited period of time. It is possible to specify the backup license in the Charon configuration file to prevent the emulator from stopping in case its main license is no longer accessible.
To check the validity of a license, Charon performs the following steps:
- The Charon emulator checks the license to determine if there is a product definition that will allowed it to run.
- Then Charon checks the feature definition associated with the product to see if the feature definition is valid - that is, it is not expired, the available runtime hours are not exhausted, and if there are still some instance-slots available to run the emulator.
- If there is no matching product definition or if the feature is not valid, Charon reports the problem in the log and shuts down.
Charon License Checks
Charon products check the availability of a valid license at different points in time:
1. At startup:
If no valid license is found, an error message will be written to the emulator log file and the emulator will not start.
2. At regular intervals during the runtime of the emulator (the default license check period of 1 hour can be changed by Stromasys using the appropriate license parameters):
- If the previously used valid license has been removed, has disappeared, is defect, or has become invalid, the emulator will report the loss of the license in the log file and continue operation for a limited amount of time as described below.
- If there is another valid license, for example a backup license defined in the configuration file, it will be used.
- Starting with Charon-PAR 1.10: Charon allows for a grace period of 12 hours during which the software checks for the presence of a valid license every 10 minutes until a valid license is found. If no valid license is found after the grace period has expired, the emulator will stop.
- Earlier versions of the above products and other emulator products: should there still be no valid license at the next regular license check (this default interval may be changed by individual Charon products), the emulator will stop.
- If a time-restricted license is used and it expires, the Charon instance tries to find its replacement automatically and, if found, proceeds using the replacement license.
Important note for Windows installations: any running emulators will be stopped if the license service is forced to stop despite existing service dependencies (i.e., running emulators). So any running guest systems must be cleanly shutdown before restarting the license service in order to avoid data loss. This is the behavior at the time of writing. It may change in future versions.
Charon License Updates
Under certain circumstances existing licenses must be updated. License updates are required, for example, in the following cases:
- Charon product version upgrade
- Product change
- License validity (time) extension
License updates, for example a new expiration date or a new execution counter, can be performed without interrupting operation, that is, without shutting down active Charon instances, provided that the resulting license is valid for the running Charon instance. If any parameters of the updated license are not valid for the running Charon instance (for example, the wrong model or version), the Charon instance will stop running.
Licenses are backwards compatible to some extent. A license update to a more recent version will allow some previous Charon versions to run as well. The details depend on the Charon product.
The license check for Charon-PAR will pass if the version on the license is higher than the one of the running Charon instance, as long as the major version (e.g., the 2 in 2.00) is the same. Please note that license are not compatible between product versions 1.x, 2.x, and 3.x.
License Content
The license data on a license key, independent of whether it is a hardware or software license key, consists of several parts: the license key text block contains the license section and one or more product sections. The license features describe additional conditions and limitations for the emulator products contained on the license.
A) License Key Text Block
1) License Section (one per license key)
The license section contains general license information related to ownership and administration.
There is one license section per license key.
Please note that in rare cases, you may receive an empty USB dongle for which command outputs will show that no license information was detected. In such cases, request a license update from Stromasys as described in Updating a License.
Relevant license section parameters:
- License type: type of the license, i.e., hardware or software license, network-enabled or local (added in newer Charon product versions, e.g., Charon-AXP/VAX 4.9)
- License number: assigned by Stromasys
- License key ID: unique; pre-programmed; unmodifiable; on physical keys same value as the Physical Key ID
- Master key ID: the software vendor ID used by Stromasys for issuing licenses
- Release date: the day on which the license was issued
- Release time: the time at which the license was issued
- Update number: the number of license updates that have been applied
- End user name: the name of the person to whom the license was issued
- Purchasing company name: usually the company to which the license was issued
2) Product Section (one or more per license key)
The text block also contains product sections that contain product specific licensing information.
- Several products can be combined on one license key. Stromasys may place restrictions on what products can be combined on a single license key.
- The product section also may include information about the support contract and the end of support. It may contain hardware specific limitations related to the types of devices that can be connected (e.g., serial interfaces).
- A checksum is inserted after the last product section of a license. This checksum is not visible in the show command output. Charon products/versions requiring such a checksum will not start if the license does not contain a checksum.
- Each product section is associated with a feature defining additional conditions for the product.
The following list shows the most important parameters of a product section.
Please note that not all of these parameters may be present for a particular Charon product.
- Product License Number: identification of specific product section (optional; new starting with Charon-AXP/VAX 4.9 and Charon-PAR 1.10). Corresponds to configuration parameter license_id.
- Virtual Hardware: range of virtual models available for running
- Product Name: commercial product name
- Product Code: commercial product code
- Major Version, Minor Version, Maximum Build, Minimum Build: commercial product version and range of build numbers suitable for running with this license. The parameters Maximum and Minimum Build are no longer displayed starting with Charon-AXP/VAX 4.9 and Charon-PAR 1.10.
Please note that, depending on the product and product version, licenses have a limited backward compatibility (i.e., when the version on the license is newer than the product version).
See Operational Procedures Overview in the Sentinel HASP Licensing Documentation for more information. - Host CPU supported or 32bit and 64bit OS requirements: type of host CPU required (for example, x64)
- Host Operating System required: Linux or Windows
- CPUs allowed: number of virtual CPUs enabled for virtual multiprocessor systems
- Maximum virtual memory: Maximum memory emulated. If not present the value defaults to the maximum memory possible for the particular virtual system. Note that the maximum memory may not be available to the virtual system if the host computer has insufficient physical memory.
- CHAPI enabled: whether or not CHAPI (Charon-AXP API) can be used with this product
- Instances allowed: maximum number of Charon emulator instances of this program/hardware model that are allowed to run concurrently on the local host. Relevant for local license keys that do not support the process count parameter. See also the parameter Number of processes in the feature section.
- CPU Speed: optional parameter to reduce the speed at which the program can run to a fraction of the maximum (e.g., to 25%)
- HPSUSAN: optional parameter. Specific to HP3000, overrides physical key ID. The HPSUSAN (HP System Unique Serially Assigned Number) is used for licensing purposes by HP. The parameter may be needed if a license on the physical system is tied to the original HPSUSAN.
- Feature number: number of the feature defining further limits/restrictions for the product license. Each product can use a separate feature, or the same feature can be used by several products.
If using a network license and the same feature is shared by several products, the number of instances allowed by the feature is shared between the products (e.g., 2 allowed instances enable one Charon-AXP and one Charon-SSP instance to run concurrently). If using a local license dongle and the same feature is shared by several products, the number of allowed instances is counted separately for each product.
The parameters defined in a feature are described below in the Features section.
B) License Feature Section (one or more per license key)
Features define product specific conditions, for example expiration date and number of concurrent instances.
The following list describes these conditions:
- Released product expiration date: for time-based licenses. Note that at the time of writing the license of Charon-AXP/VAX products will expire at the end of the day of the expiration date, the license of Charon-SSP in the early morning of the expiration day. The exact behavior of the different versions can change without prior warning. Not supported for HL-MAX dongles.
- Runtime counter: number of license checks after which the license will be disabled. Default check interval is one hour. The counter will be decreased at the start of the emulator and then at every license check interval. Once the counter has been depleted, the license becomes invalid. This license type is typically used on licenses intended as backup licenses.
- Login interval or Check interval: frequency of license checking during emulator execution (default 1 hour). This parameter is not visible in the show command output in older Charon product version. It is visible in the show command output of newer versions, starting with Charon-AXP/VAX 4.9 and Charon-PAR 1.10.
- Network license: indicates that a physical license is a network license
- Number of processes: maximum overall number of Charon instances that are allowed to run concurrently.
This parameter is set by Stromasys to the value matching the respective customer contract. For network dongles, the maximum possible value of this parameter is determined by the type of network dongle. For example: on a NetTime10 dongle this parameter can be set to a value between 1 and 10 (depending on the customer contract). The type of dongle can be viewed via Sentinel ACC.
Example with Time-Based Parameters
The parameters below describe the following limitations to the emulator:
- License permits running up to 2 instances of Charon at the same time.
- License expires on May 31, 2020, or after 360 license checks (with an interval of 60 minutes between the checks).
Expiration date: 31/5/2020 Runtime counter: 360 Login interval: 60 minutes Instances allowed: 2
If any of the conditions are no longer met (too many instances, past expiration date, all checks exhausted), the feature becomes invalid and will not allow an emulator instance (or an additional instance) to run.
License Type Overview
Depending on customer requirements, Stromasys can provide several different license types.
Local Hardware License
Local hardware licenses are USB dongles and work on the system they are physically connected to. For Windows systems supporting AnywereUSB®, hardware licenses can also be connected over the network. They can easily be moved to a different system, if required. The content of the dongle can be updated if a change to the license or an extension of a time-based license is required. The necessary steps will be described later in this document.
Please note:
- Hardware dongles require the Sentinel HASP run-time (driver) installation before the dongle can be connected to and used by the system.
- Hardware dongles, apart from HL-MAX dongles, are equipped with a battery and a clock, which makes them independent of the host clock. The battery is not rechargeable. However, the dongle can use the power provided by the host system while it is plugged in. By doing this, the depletion of the battery can be slowed down. Check the dongle at regular intervals if it is not permanently connected to a system. If the battery becomes completely depleted, the dongle will be permanently unusable and must be replaced. See also: How long does the license USB dongle battery last upon a full charge.
Software License
A software license is a "virtual" key with functionality very similar to a HASP network-enabled hardware dongle.
A software license does not require any special hardware but it still requires installation of the Sentinel runtime environment.
Please note:
- To avoid unexpected problems, do not use any Sentinel runtime software that was not provided by Stromasys without being advised to do so by your Stromasys representative.
- Software licenses are best suited for stable environments, because their correct function depends on certain characteristics of the host system. Changing any of these characteristics will invalidate the license.
- If the Charon host runs on real hardware, software licenses are by default tightly bound to the hardware for which they were issued. If major hardware characteristics of the system are changed, the license will be disabled.
- If the Charon host runs in a virtual environment (e.g., VMware), software licenses are normally bound to the virtual machine ID and a set of additional characteristics of the virtual machine. If any of these parameters are changed, the license will be disabled.
- Software licenses are very sensitive to even small changes on the host system. Therefore, it is especially important to provide for a backup license that will ensure continued operation should there be a problem with the software license. See Handling Multiple License Keys and Product Licenses for details.
For a more detailed description of the restrictions, please refer to HASP Software Licensing restrictions or contact your Stromasys representative.
Network License
The network Sentinel HASP key (red USB dongle) can be shared between several hosts running a Charon emulator product (including the host on which the network license is installed).
All software licenses are also network licenses.
If the Charon emulator product is installed on the host where the network license is connected, no additional steps are required. The Sentinel driver is installed as part of the Charon product installation. If the host does not have a Charon emulator product installed, the host can still distribute the connected network license to emulator instances running on other hosts.
The Sentinel HASP runtime software must be installed on such a "license server" and on the client system. For details regarding the installation, please refer to the software installation section in this document. Once both the Sentinel runtime software and the network license are installed, the Charon emulator product can be started on any appropriate client host on the LAN, provided access to the license is enabled.
- The network license will be visible to all hosts that can access the license server over IP. Access to the license server must be possible on port 1947 via UDP (discovery process) and TCP (actual access to license). Further information (e.g., use of additional UDP ports) can be found in the section Firewall Considerations.
- The license server and the client must both allow access to the network license using the appropriate management tools.
The maximum number of concurrently active Charon instances is determined by the parameters of the license.
If you need to install a standalone license server, please refer to the installation section of the Licensing Handbook.
Overview of Initial License Installation Steps
Each Charon emulator product requires a valid license to run. To access the license, the emulator needs the Sentinel runtime software. This software is part of the Charon-PAR for Linux installation kits. Refer to the software installation section of the Charon product user's guide for software installation instructions.
After the installation of this software, the license can be installed on the system. The following steps will be described in more detail below:
- Add a password for the Sentinel Admin Control Center (ACC).
- If you purchased a hardware license, you can simply plug the dongle into a free USB port on the system.
- If you purchased a software license, you need to create a fingerprint file in C2V (customer-to-vendor) format containing the system characteristics. Use this file to request a license for your Charon product from Stromasys.
- If your license is a network license served by a license server, make sure that the access of the client system to the license server is not blocked by the configuration or a firewall.
- Optionally, define how multiple licenses will be used (selecting primary/backup license, defining license priorities).
- If you have an existing license that needs to be updated, you need to create a customer-to-vendor (C2V) file and use this file to request a license update from Stromasys.
Overview of License Management Tools
The following list shows the main tools used to manage licenses on Linux:
- Sentinel Admin Control Center (ACC): A web-based interface providing important configuration options with respect to licenses.
- The hasp_srm_view program: A command-line tool to display the detailed license contents and generate C2V and fingerprint files. Cannot be used over a remote connection when using local hardware licenses.
- The hasp_update program: A command-line tool to install new and update existing licenses.
Accessing the License Management Tools
The command-line tools are installed under /opt/charon/bin/
. If this directory is not part of your PATH variable, you have to specify the full path to access the command.
To run the commands, use the following syntax for hasp_srm_view and hasp_update respectively.
and
|
The relevant options will be specified with the tasks described below, as needed.
The Sentinel ACC on the local system is accessed by starting a web-browser and pointing it to the URL: http://localhost:1947.
Sentinel Admin Control Center (ACC) Security Settings
Stromasys strongly recommends performing the steps described below to reduce the risk of unauthorized access to the Sentinel ACC.
Define a Password for the Sentinel ACC
By default, anyone on the local system with access to port 1947 can access the GUI. If remote access is enabled, users on the network with access to port 1947 can also access the GUI. To protect access to the GUI with a password, perform the following steps:
Step | Description |
---|---|
1 | Open a web browser and navigate to http://localhost:1947/. |
2 | Click on the left-hand menu item labeled Configuration. |
3 | Click on the Basic Settings tab. |
4 | Under the entry labeled Password Protection, click the Change Password button. |
5 | At the Change Password window:
|
6 | Back at the Basic Settings tab:
|
7 | Optional: to allow remote access to the Sentinel HASP GUI:
Additional information: For remote access to the Sentinel HASP GUI,
If required, remote access can also be enabled on Linux by editing the file /etc/hasplm/hasplm.ini |
Please note: With these settings, when you connect to the HASP GUI from a remote system, you may be prompted for a username and password. It is enough to just enter the configured password and leave the username field empty.
Setting Linux File Protections
To prevent unprivileged access and modifications to the Sentinel HASP configuration file on Linux, enter the following commands:
|
Viewing Existing Licenses
It is important to know which licenses are visible on a system. For example, the user can
- determine if the correct license is installed,
- identify the expiration date on time-based licenses,
- identify the remaining hours of run-time on backup licenses,
- identify the license ID of primary and backup license which are needed for the emulator configuration file,
- identify licenses that conflict with the currently used product and therefore may need to be removed.
Licenses can be viewed using two tools:
- Sentinel ACC: shows important information, but not the product specific license parameters.
- Command-line tool hasp_srm_view: shows all product details contained on the license. Can only be run from a local connection for local hardware licenses.
Viewing a License with Sentinel ACC
To view available licenses using Sentinel ACC, start the web interface as described above.
To get to the Sentinel Keys screen, click on the corresponding menu item or access the URL http://localhost:1947/_int_/devices.html directly. A screen similar to the following opens and displays the available license keys:
For Sentinel drivers version 7.60 and above, this screen looks similar to the following:
This page displays important information about the available licenses, including
- Location: Shows whether the license is local or remote. If the license is a network license, the hostname of the remote system is specified. You can access the remote license manager by clicking on the hostname, provided that access is permitted.
- Key ID: The unique identification of the license.
- Key Type: Hardware keys are marked by the abbreviation HL (hardware license) and a picture of the license dongle. Software licenses are marked by the abbreviation SL (software license).
- Sessions: Shows the number of active sessions opened for the specific key.
The buttons on the right-hand side can be used to retrieve more information about the license or to extract the C2V file for a license update. The Browse button shown for network licenses will connect to the remote license manager to show the license features.
A C2V file can only be extracted if the license in question is local to the current license manager, i.e., the license manager to which the web browser is connected. In the example above, the network license on a different host does not have the option to create a C2V file. You can connect to the remote license manager clicking on the hostname in the Location column (if connections are allowed).
Please note:
- The option to create a C2V file is not available in older versions of the Charon emulator software.
- Starting with ACC version 7.60, the option to create C2V files for USB dongles is only available if it has been enabled in the basic configuration section (under the Configuration menu item).
The menu options Products, Features and Sessions on the left-hand side provide the same information as the buttons. However, they show the information for all licenses.
Viewing a License with hasp_srm_view
On Linux, the license content is displayed using the hasp_srm_view command. For displaying the license, the following parameters are relevant:
- Display the default license: run the command without options or with
-l
- Display all licenses: run the command with the option
-all
- Display a license with a specific ID: run the command with the option
-key
Please note: Local hardware licenses can only be displayed from a local connection to the system, for example via the console. If you are connected via a remote connection, for example via ssh, the hasp_srm_view command will return an error. Network licenses do not have this problem. A workaround is described below.
Workaround when logged in via a remote connection:
When connected to the system via a remote connection, the command to display a local hardware license will return an error. As a workaround, you can display the license contents with the following command (adapt the path of the command if your installation location is different):
$ ssh localhost
/opt/charon/bin/hasp_srm_view
Please note: Starting with Charon-PAR 1.10, the hasp_srm_view utility on Linux does not follow the settings in the Sentinel ACC with respect to querying remote license servers and network visibility. The utility performs a broadcast search for network licenses even if this has been disabled in the Sentinel ACC. If this behavior has to be prevented for specific reasons, the network access of the system must be temporarily restricted or disabled, for example by blocking the relevant traffic with a firewall. Alternatively, access to the network license at the license server side can be blocked. Note that such methods can negatively impact other functions of the system or, in case of blocking access to a network license on the server, even the functions on other client host systems.
The following shows sample output of the hasp_srm_view command on Linux (to display all available licenses, use the -all
parameter):
--- output truncated -- |
Starting with license driver versions >= 7.60, for example, in Charon-PAR version 2.00, there are some small changes in the output of hasp_srm_view. The parameters are described in the License Content section of the Licensing Handbook. The following sample shows the most important changes (in blue):
< Parameters Maximum Build and Minimum Build are no longer shown>
|
Installing the License
This section provides a short overview of the initial license installation. For more in-depth information, please refer to the licensing handbook.
Preparation
Before a license can be installed, some preparatory steps are required.
- Ensure that the correct Sentinel Runtime software is installed. Please refer to the installation section of your Charon emulator user's guide for details.
- If a conflicting or obsolete license is available on the system it may be necessary to (temporarily) remove or disable it. If you need to remove a hardware license, simply unplug it. If you need to remove a software license or disable access to a network license, please refer to the relevant chapter in the licensing handbook. Before removing a license or disabling access to it ensure that it is not required by another currently active product.
Installing a Local Hardware License
A local hardware license (USB dongle) is installed by inserting the USB license key into a free USB port of the host system.
After this step, verify that the license is visible to the system by following the steps for viewing a license as described above. Please bear in mind that a local hardware license cannot be read when connected to the system via a remote connection (for example, ssh).
Installing a Software License
To install a new software license, perform the following steps:
Step 1: Create a fingerprint file using the hasp_srm_view command:
Execute the following command to create the fingerprint file:
# /opt/charon/bin/hasp_srm_view -fgp <filename.c2v> |
The fingerprint will be written to the filename specified.
Please note:
- Charon-PAR before 1.10: the above command will terminate with the error message "
Can not retrieve the C2V (host fingerprint mode) data"
or with "Can not retrieve the C2V (host fingerprint mode) data"
if a network-wide software license is visible to the system. Access to such a license needs to be temporarily disabled before creating the fingerprint file. - Charon-PAR versions 1.10 and higher can create a fingerprint file even in the presence of a network-wide software license.
Step 2: Send the resulting fingerprint file to Stromasys orders administration using the email address that Stromasys will provide to you.
Step 3: After receiving the V2C file from Stromasys, copy the file to the system where the license needs to be installed and install the new license:
In addition to the Sentinel ACC, the command hasp_update can be used on Linux to apply V2C files.
The following example shows the use of the hasp_update command:
# /opt/charon/bin/hasp_update u /path/filename.v2c |
This section describes the installation of a new software license. However, the commands to install a V2C file are identical when updating a hardware license.
Important caveat:
- When updating a hardware license you will in most cases receive two V2C files, a *_fmt.v2c file and a *.v2c file. The *_fmt.v2c file formats the dongle and the *.v2c file contains the updated license data. In such cases the *_fmt.v2c file must be applied first.
Installing a Network License
For a network license to be provided to a client host on the network, a license server must have been set up either with a network-enabled hardware license (red dongle) or a software license (software licenses are always network enabled).
If the license server also runs a Charon emulator product, follow the steps in the user's guide to install the software. To set up a standalone license server, please refer to the licensing handbook.
For the client to access a license on a license server the following steps are required:
- Any firewall between license server and client must permit the necessary communication.
- The license server must be configured to allow access from the client.
- The client must be configured to allow access to the license server.
Firewall Considerations
The following ports are used for the communication between license server and client hosts:
- On the server side (where network license has been installed), port 1947 must be open for incoming TCP and UDP traffic to allow client access to the license.
- On the client side, traffic is initiated using ports 30000 through 65535 as the source ports and port 1947 as the target port. If broadcast search for remote licenses is to be used, the client must also permit UDP traffic initiated from port 1947 of the license server to ports 30000 through 65535 of the client.
If a host on the network cannot find the license server even though the server is operational, you can temporarily disable the firewall to determine whether it blocks the traffic.
For details on how to configure the firewall in your network, please consult your operating system documentation and make sure to adhere to your company's security policies.
Allowing Client Access on the License Server
The Sentinel license manager on the license server can be configured to allow or disallow access from remote clients to the network licenses installed on the license server. To access this configuration option, perform the following steps on the license server:
1. Open a web-browser and go to the URL http://localhost:1947/_int_/config_from.html (option: Configuration / Access from Remote Clients).
2. This will open a configuration page similar to the following. Please note: newer Charon emulator products (e.g., Charon-AXP/VAX version 4.9 and Charon-PAR 1.10 and higher) have newer versions of the Sentinel license drivers. The Sentinel ACC pages of these versions look different, but the functionality remains mostly the same.
Old ACC version:
New ACC version:
Or for versions starting with 8.x:
3. Possible actions:
- To allow access from remote clients, activate the check-box next to the field Allow Access from Remote Clients and press Submit at the bottom of the page.
Please note: to allow access from remote clients, network visibility on the "Network" tab must be set to All Network Adapters. - To refuse access from remote clients, clear the check-box next to the field Allow Access from Remote Clients and press Submit at the bottom of the page.
- Access Restrictions allow refining access rules, e.g., by specifying IP addresses. Please refer to Sentinel ACC help for details.
Sentinel ACC versions 8.x and higher have additional configuration options on this screen (mostly cloud related). These options are not relevant to Charon emulator products.
Allowing Access to a License Server on the Client
The Sentinel ACC can be configured to enable or prevent that the client host discovers network licenses and to change the options used to discover and access network licenses provided by a license server.
1. Open a web-browser on the client host and go to the URL http://localhost:1947/_int_/config_to.html
(option: Configuration / Access to Remote License Managers).
2. This will open a configuration page similar to the following. Please note: newer Charon emulator products (e.g., Charon-AXP/VAX version 4.9 and Charon-PAR 1.10 and higher) have newer versions of the Sentinel license drivers. The Sentinel ACC pages of these versions look different, but the functionality remains mostly the same
Old ACC version:
New ACC version:
3. Possible actions:
- Activate the check-box next to the field Allow Access to Remote Licenses to enable access to license servers. Press Submit to save the setting.
- Clear the check-box next to the field Allow Access to Remote Licenses to disable access to license servers. Press Submit to save the setting.
- The option Broadcast Search for Remote Licenses, when activated, enables a broadcast search for license servers on the local network without having to enter the address of a license server.
Please note:
- If the option Broadcast Search for Remote Licenses is not enabled or cannot be used in the customer specific setting, you can enter specific IP addresses or host names that should be queried for network licenses in the Remote License Search Parameters field. Please refer to the Sentinel ACC help function for more information.
- To allow access to remote license managers, network visibility on the "Network" tab must be set to All Network Adapters.
Starting with Charon-PAR 1.10, the Charon emulator products do not follow the settings in the Sentinel ACC with respect to querying remote license servers and network visibility. They perform a broadcast search for network licenses even if this has been disabled in the Sentinel ACC. If this behavior has to be prevented for specific reasons, the network access of the system has to be temporarily restricted or disabled, for example by blocking the relevant traffic in a firewall. Another possibility would be to block access to the network license at the license server side. Note that such methods can negatively impact other functions of the system or, in the case of blocking access to a network license on the server, even the functions on other license clients.
Verifying License Availability
After installing a license on the system, verify the availability of the license as described in the section View Existing Licenses.
Check if the license shows the correct product, expiration date etc.
Handling Multiple License Keys and Multiple Products per License
A Charon host system can have access to several local and remote license keys. Each license key can contain one or more product licenses.
The Charon emulator products can only use one active license at one time. Without additional configuration, they cannot make decisions about which product license or license key to use. If there is more than one available license key, the default license key will be used. The default license key is determined by the Sentinel software. As this can lead to undesirable effects, newer Charon emulator products have configuration parameters that allow the definition of a primary (or production) and a secondary (or backup) key, or the creation of a list of license keys or product licenses sorted by priority.
The following sections describe the options available to achieve a more deterministic license selection. If only one license is available, either locally installed or via the network, this section does not apply.
Please note: For Charon-PAR before version 1.10: the parameters described in this section can only be used to define a primary key and a backup key, or to specify the correct key if there is a conflicting license for a different Charon product on the same system. It is not possible with these versions of Charon to combine a local license (black dongle) with other licenses (local or network) to increase the number of concurrent instances of the same Charon product on one host system. Newer versions allow a more flexible use of multiple licenses. Both variants are described in the following sections.
Backup License Characteristics
It is strongly recommended to order a backup key to recover immediately from damage or loss of the main license key. A backup license key can also help in situations where the Charon host hardware fails and the software must be moved to a different system, thus invalidating the original software license.
Backup keys typically use a counter (integer) value programmed in the key. This integer value corresponds to a number of hours the Charon software is allowed to run. Each time the Charon software checks the license (at start and then every hour), the value is decreased (by 1 hour). Please note that backup keys may have additional restrictions:
- The runtime is typically limited to 720 hours (30 days). This is the time available to get a replacement license from Stromasys.
- A backup license key may be valid only until a certain date.
- If you start and stop the emulator frequently (e.g., frequent runs with a duration of under one hour), the runtime may be significantly less than 30 days, because the license check during the start of an emulator will reduce the counter by one.
Primary and Backup License for Charon-PAR prior to Version 1.10
If more than one key is visible to the system, you can define which is the primary and which the backup key. To do this, add the following parameters to the configuration file of the Charon instance:
primary_license <primary-key-id> secondary_license <secondary-key-id>
To identify the relevant key IDs, display the available licenses as described in section View Existing Licenses.
To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.
Prioritizing Licenses - Charon-PAR Version 1.10 and Higher
Prioritized List of License Keys
If more than one key is visible to the system, you can define a prioritized list of license keys. To do this, add the following parameter to the configuration file of the Charon instance:
|
The first entry in the configuration file has the highest priority. The emulator instance will try to use this key first. If it is not available, it will try the second key in the list and so on. If the parameter license_use_any_key
is set to true, the emulator instance will search for any keys not part of the list should none of the listed keys be available.
To identify the relevant key IDs, display the available licenses as described in section View Existing Licenses.
To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.
Prioritized List of Product License IDs
Every license key can contain one or more product sections. Newer licenses can contain a product license ID identifying each product section. A prioritized list of product license IDs can be added to the emulator instance configuration file to specify which product sections to use and which should have the highest priority. To do this, add the following parameter to the configuration file of the Charon instance:
|
The emulator instance will scan the available license keys for the listed product license IDs. Then it will try to use the first defined product section. If it is not available, it will try the next and so on. If none of the listed product license IDs are found, the emulator will stop.
Please note: without this parameter, the emulator will try to use the first applicable product section found. If this is not the correct one, the emulator may not start.
To identify the relevant product license IDs, display the available licenses as described in section View Existing Licenses.
To get information about modifying the Charon configuration files, refer to the appropriate sections in the user's guide.
Updating an Existing License
If you need to update an existing hardware or software license, for example because the time limit on the license has expired or to upgrade to a new product versions, perform the following tasks:
- Generate the C2V file for the existing license. This step is the same for a hardware license or an existing software license. This Customer-to-Vendor (C2V) file contains the license characteristics necessary for creating the license update.
- Send the C2V file to Stromasys. Stromasys will use the data to create the necessary license update. You will receive one (software license) or two (most hardware license updates) V2C files (the Vendor-to-Customer file).
- Apply the license data from the V2C file(s). This will install and activate the update for your license.
These tasks are described below:
Step 1: Generate the C2V file using the hasp_srm_view command:
Execute the following command to create the C2V file:
# /opt/charon/bin/hasp_srm_view -c2v <filename.c2v> |
If there is more than one license visible to the system, newer product versions (starting from Charon-PAR 1.10) allow selecting a specific license using the -key parameter:
|
The C2V file will be written to the filename specified.
Please note: The license content cannot be read if you are connected to the system via a remote connection (e.g., via ssh). The hasp_srm_view command will return an error. You can use the following workaround:
$ ssh localhost /opt/charon/bin/hasp_srm_view -c2v <filename>
Step 2: Send the resulting C2V file to Stromasys orders administration using the email address that Stromasys will provide to you.
Step 3: After receiving the V2C file(s) from Stromasys, copy the file(s) to the system where the license needs to be installed and install the new license:
Important caveat:
- If a hardware USB key is to be updated, in most cases you will have received two files: a *_fmt.v2c file and a *.v2c file. The *_fmt.v2c file formats the dongle and the *.v2c file contains the updated license data. In such cases the *_fmt.v2c file must be applied first.
On Linux, the command hasp_update can be used to apply V2C files.
The following example shows the use of the hasp_update command:
# /opt/charon/bin/hasp_update u /path/filename.v2c |
Alternatively, you can use the Sentinel ACC to apply V2C files (use the section Update/Attach). Refer to the license handbook for more details.
Removing a License
If a license needs to be removed from a system or the access to the license needs to be disabled, the steps are different for the different license types and are described in the next sections:
- Removing a hardware license from a system
- Removing a software license from a system
- Removing access to network licenses from a system
Important: before removing a license from a system or disabling access to a license, take to following points into consideration:
- Make sure that there is a valid replacement license for all emulator instances depending on the license to be removed, or make sure the emulated systems have been cleanly shut down,
- Make sure that this step will not negatively impact your production environment.
Removing a Hardware License from a System
To remove a hardware license from a system, simply unplug it from the system.
Removing a Software License from a System
Please note:
The old method for removing a software license from a system depended on the license transfer functionality. This functionality is no longer available in the current versions of the Charon products. The only way to remove a non-transferable obsolete software license is the method described below. On Microsoft Windows, you can use the Charon License Utility (see CHARON on Windows - Charon License Utility) to perform the necessary steps.
To remove an obsolete software license or a software license in cloned state (a software license goes into a cloned state, for example, if a VM is cloned to a different Virtual Machine UUID) from the system, perform the following basic steps:
- Start the Sentinel Admin Control Center (ACC) (for local system: URL http://localhost:1947).
- Identify the software license that is to be removed.
- Identify the name of the certificate file and the path of the base directory where it is stored.
- Remove the certificate file(s).
- Restart the Sentinel runtime service.
The following example shows the required steps in detail:
1. Go to http://localhost:1947/ to access the Sentinel HASP ACC and select Sentinel Keys on the left.
2. In the Sentinel Admin Control Center (ACC), go to Sentinel Keys and locate the target "Sentinel SL AdminMode" license to be removed.
3. Click on the Certificates button at the right side of the SL description:
Old version (showing a software license in cloned state):
4. Note the name of the corresponding certificate file and the path to the certificates base directory as shown in the "Certificates" section:
Example using old ACC version:
Please note: the certificate display screen can look slightly different depending on the type of software license and the actions performed on this license in the past. The following example shows the certificates of a software license after several updates. The screenshot is based on Sentinel ACC version equal or higher than version 7.60.
5. Remove the certificate file(s) using operating system tools.
a. In the first example above (Windows), there is one file to be removed. It is in C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel LDK\installed\68704.
b. In the second example (Linux) there are several files created by a series of license updates. On Linux, the certificate files are typically stored in /var/hasplm/installed/68704/.
c. All certificate files in the identified directory must be removed.
6. After removing the certificate file, restart the Sentinel license service or reboot the system. To restart the service, proceed as follows:
a. On Windows, restart the "Sentinel LDK License Manager" service (hasplms) either using the services.msc
program or via a command line (as administrator) then enter the "sc stop hasplms
" command followed by "sc start hasplms
".
Important: any running emulators will be stopped if the license service is forced to stop despite existing service dependencies (i.e., running emulators). So any running guest systems must be cleanly shutdown before restarting the license service in order to avoid data loss.
b. On Red Hat Enterprise Linux 7.x and 8.x (and compatible Linux systems) restart the aksusbd service: # systemctl restart aksusbd
This also will automatically restart the hasplmd service (separate service for this daemon was introduced in newer runtime driver versions).
c. On Red Hat Enterprise Linux 6.x, restart the aksusbd service: # service aksusbd restart
7. Start the Sentinel ACC again to verify that the software license has been removed.
Removing Access to Network Licenses from a System
There are three different ways to remove a network license. They have different implications and are described below:
Full Removal of Network License
To completely remove a network license, follow the steps above for hardware or software licenses respectively. The steps must be performed on the license server.
Please note: this will remove the license for all emulator hosts on the network using this license and also for the local host. Make sure that this is in fact intended.
Block Access of Remote Emulator Hosts to Network License
You can use the Sentinel Admin Control Center on the license server
- to allow access to a network license for all or specific hosts on the network, or
- to block access from remote hosts completely.
Please refer to the section Controlling Access to Network License on Server Side in Installing a Network License for more information.
Block Access to Network Licenses on Client System
If access of the local system to network licenses is not desired, this can be disabled in the Sentinel ACC for certain products and product versions. Blocking access at the server side is the safer way.
Please refer to the section Controlling Access to Network License on Client Side in Installing a Network License for more information.
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.