Changing Configuration Settings for Sentinel License Manager
This topic demonstrates how you can use the AdminApi.adminSet method to change configuration settings for Sentinel License Manager.
NOTE Many settings are only relevant for certain types of License Managers. For each setting, the relevant types of License Managers are indicated.
A demonstration of how to retrieve configuration settings is provided separately.
The following is an example for the AdminApi.adminSet method "action" parameter:
<config>
<accremote>1</accremote>
<pagerefresh>2</pagerefresh>
<writeconfig />
</config>
Note the following:
>The root tag for changing configuration settings is <config>.
>One or more items can be set in a given call to the AdminApi.adminSet method.
>Settings become effective immediately in the current context of the License Manager. To save them to the INI file, and thus make them persistent, add the <writeconfig /> action to the end of the settings list.
>Admin API returns an error if you use a configuration setting that is not relevant in a given situation. For example, if you attempt to disable detach for the External License Manager.
NOTE For additional examples on how to use the settings described in this topic, see the sntl_adminapi_demo.* files in the \Samples\Admin\ directory in your Sentinel LDK installation.
The following settings are described in this topic:
Miscellaneous configuration settings
> Set a friendly machine identifier
>Enable/disable automatic firmware update
> Write changes to the License Manager configuration file
Configuration of user access to Admin Control Center or Admin API
> Set or change the password to perform administrative functions
> Change the password scope for administrative functions
> Allow or disallow remote access to Admin Control Center
>Allow or disallow remote access to Admin API
Configuration of Admin Control Center user interface
>Enable/disable the "Disconnect" button for the Admin Control Center Sessions table
License Manager configuration
> Set timeout for an idle License Manager session
> Set binding limitations for License Manager service
>Enable/disable caching of session/login counters for Remote keys
> Enable/disable load balancing for licensing requests
>Set storage key for identity secrets
Configure access from remote client machines to licenses on the local machine
> Clear user restrictions table
> Append user restrictions to License Manager service
>Enable remote machines to access the current License Manager service
>Clear the Access Restrictions table
> Append rules to the access restrictions list
Configure access from the local machine to remote license server machines
> Enable/disable License Manager service (LMS) to search for remote LMS on the local network
> Enable/disable License Manager service (LMS) to perform aggressive search for remote LMS
> Clear the Search Parameters table
> Specify specific machines to search for remote License Manager service
>Add specific machine to search table and initiate rescan for the machine
>Initiate server rescan for remote License Manager services immediately
Configure detachable Products
>Enable/disable detach of detachable Products
>Set default expiration period for detachable Products
>Enable/disable offline detach
>Set retention of files for detaching and attaching licenses
Install Cloud Licensing Identity Strings
>Install the identity string for cloud licensing on a licensed user's machine
>Hide the identity string secret for cloud licensing on a licensed user's machine
Description of Configuration Settings
This section describes the configuration settings that are available.
Set a friendly machine identifier
Applicable for: All types of License Managers
<friendlyname>Joe's Notebook</friendlyname>
Helps to identify the machine, in case the real machine name (which is taken as default) makes the machine difficult to remember ("NB-02AC34F7").
Enable/disable IPv6 protocol
Applicable for: All types of License Managers
<disable_ipv6>0</disable_ipv6>
When this parameter is set to 1, IPv6 protocol is disabled.
(A corresponding setting to IPv4 exists, but is not currently available.)
Using the AdminApi.adminGet method, you can determine whether the appropriate protocols were detected by the License Manager as follows:
<config>
<element name="has_ipv4" />
<element name="has_ipv6" />
</config>
Enable/disable automatic firmware update
Applicable for: Admin License Manager
<no_auto_fwup>0</no_auto_fwup>
When this parameter is set to 1, disables automatic firmware update.
For more information on firmware updates, see the description of firmware in the Sentinel LDK Release Notes.
Set proxy attributes
Applicable for: Admin License Manager
<proxy>1</proxy> <proxy_host>192.168.150.134</proxy_host> <proxy_port>8080</proxy_port> <proxy_username>username</proxy_username> <proxy_password>password</proxy_password>
If a proxy is required for communication with license server machines:
>Set the proxy parameter to 1.
>Set the required proxy attributes.
To disable the proxy, set the proxy parameter to 0.
NOTE You cannot use Sentinel Admin API to retrieve the settings for proxy attributes.
Enable/disable disk writes
Applicable for: Admin License Manager
<no_disk_write>0</no_disk_write>
When this parameter is set to 1, disables all disk write (for example: logs, backups of updates and license files, SL updates). For use in very specific environments.
Write changes to the License Manager configuration file
Applicable for: All types of License Managers
<writeconfig />
All changes made by the AdminApi.adminSet method take effect immediately, but are not written to the configuration file for the License Manager. You could, therefore, use Admin API to make configuration changes for the current License Manager context that are not visible or modifiable by the user.
To write the changed settings to the configuration file, include the <writeconfig /> in the XML request format after the settings that are to be saved.
Set or change the password to perform administrative functions
Applicable for: Admin License Manager
<adminpassold>d41d8cd98f00b204e9800998ecf8427e</adminpassold>
<adminpassnew>c72c6279381db9f9f7f2085bc976c278</adminpassnew>
Sets or changes the password to perform administrative functions in the Admin License Manager using Admin Control Center or the Admin API. Both the old and the new passwords must be specified using their MD5 hash. The example above sets the password by changing it from "" (null) to "Pa55w0rd951".
If the password is changed to null, no password is required to access or modify information in the Admin License Manager. The password scope is ignored. However, you can still disallow remote access to Admin Control Center.
NOTE After the password is set or changed, it may be necessary to establish a new session context for subsequent actions (depending on the password scope and the required actions) using the new password . In this case, the existing session context is no longer usable and should be deleted.
Change the password scope for administrative functions
Applicable for: Admin License Manager
<passacc>1</passacc>
if a password is set for performing administrative functions in Admin Control Center and the Admin API, you can change the scope of the password requirement by setting this parameter to either of the following:
> 0 - (Default) The password is only required to access or modify configuration settings.
>1 - The password is required to perform any function.
Allow or disallow remote access to Admin Control Center
Applicable for: Admin License Manager
<accremote>HTTPS</accremote>
Possible values for this tag are:
| 0 | Default. Remote access to Admin Control Center is disabled. Access is allowed only from the local machine. |
| 1 | Remote access is allowed, using HTTP or HTTPS mode. |
| HTTPS |
Remote access is allowed, using HTTPS mode. For HTTPS mode, you must configure an HTTPS certificate using the Configuration > Network tab in Admin Control Center. |
When remote access is allowed, network users on remote machines are able to access and perform actions in Admin Control Center on the current machine.
Allow or disallow remote access to Admin API
Applicable for: Admin License Manager
<adminremote>HTTPS</adminremote>
Possible values for this tag are:
| 0 | Default. Remote access to Admin API is disabled. Access is allowed only from the local machine. |
| 1 | Remote access is allowed, using HTTP or HTTPS mode. |
| HTTPS | Remote access is allowed, using HTTPS mode. For HTTPS mode, you must configure an HTTPS certificate using the Configuration > Network tab in Admin Control Center. |
When remote access is allowed, network users are able to use Admin API on a remote machine to access and perform actions in Admin License Manager on the current machine.
Set page refresh interval
Applicable for: Admin License Manager
<pagerefresh>2</pagerefresh>
The time (in seconds) after which the Admin Control Center display will be refreshed, providing the most current data.
Set lines per page
Applicable for: Admin License Manager
<linesperpage>20</linesperpage>
The number of rows (from 5 to 100) that will be displayed on each page in the Admin Control Center tables.
Enable/disable the "Disconnect" button for the Admin Control Center Sessions table
Applicable for: Admin License Manager
<disable_disconnect>0</disable_disconnect>
When this parameter is set to 1, the "Disconnect" button is disabled in the Admin Control Center Sessions table.
NOTE If the disable_disconnect parameter is set to "0" (the default value), the parameter does not appear in the hasplm.ini file.
Set timeout for an idle License Manager session
Applicable for: Admin License Manager
<idle_session_timeout_mins>450</idle_session_timeout_mins>
Sets the number of minutes that a License Manager session remains logged in to a protection key when the session is idle. When the amount of time specified elapses with no activity, the session is closed and the license becomes available. Default: 720 minutes (12 hours).
Set log file parameters
Applicable for: Admin License Manager (all parameters), Integrated/External License Manager (only <dolog> and <doerrorlog>)
<dolog>1</dolog>
<access_log_maxsize>10</access_log_maxsize>
<loglocal>1</loglocal>
<logremote>1</logremote>
<logadmin>1</logadmin>
<doerrorlog>0</doerrorlog>
<error_log_maxsize>0</error_log_maxsize>
<rotatelogs>0</rotatelogs>
<zip_logs_days>1</zip_logs_days>
<delete_logs_days>0</delete_logs_days>
<dopidfile>1</dopidfile>
Log file settings for License Manager. For details, see the Admin Control Center help system.
Set binding limitations for License Manager service
Applicable for: Admin License Manager
<bind_local_only>0</bind_local_only>
When this parameter is set to 1, the License Manager service binds to localhost only (127.0.0.1), so it will be accessible from the local machine only. Default (0): Bind to all IP addresses of the machine.
Enable/disable caching of session/login counters for Remote keys
Applicable for: All types of License Managers
<getinfo_uncached>0</getinfo_uncached>
When the GetInfo or GetSessionInfomethod in the Licensing API retrieves information about remote keys, the information may be obsolete by several minutes because of caching. (For example, the session/login counters may not be current for several minutes.) You can set this parameter to 1 to disable caching and to deliver actual values. However, the additional network request requires significantly more time to retrieve.
Enable/disable load balancing for licensing requests
Applicable for: All types of License Managers
<load_balancing>server</load_balancing>
Attempt to distribute licensing requests evenly by one of the following:
| server | Default. Prefer remote License Managers with fewer sessions. |
| sticky | Prefer License Managers and keys with lower IDs, resulting in a defined order in case of equal priority. |
| container | Prefer remote keys with fewer sessions. |
| none | Prefer the License Manager that responds first, ideally using the fastest one. |
Other priorities (license reuse, faster key preference, local key preference) always override these setting.
Flush the Storage Cache
Applicable for: Admin License Manager
<flush_storage_cache>disk</flush_storage_cache>
NOTE This parameter work for all operating systems, but is intended primarily for macOS.
This parameter determines how the License Manager handles recovery from an operating system crash or power loss.
Possible values are:
| no | Disable disk cache flushing. This could result in corruption of the license storage in the event of power loss or an operating system failure. However, License Manager speed is improved. |
| disk | Flush the disk cache. This ensures that license storage corruption will not occur in the event of power loss or an operating system failure. Default. |
| kernel |
For Linux and Windows, this is equivalent to "disk". For macOS, this option provides a speed increase comparable to "disk". However, while this option ensures that storage corruption will not occur in the event of an operating system failure, it does not provide the same assurance in the event of power loss. Note: This option was the default up to Sentinel LDK v.7.9. |
Clear EMS URL table
Applicable for: Admin License Manager
<emsurl_clear />
Clears existing URLs used to access Sentinel LDK-EMS Service (if any).
Append URL to EMS URL table
Applicable for: Admin License Manager
<emsurl>http://locahost:8080</emsurl>
Appends a URL to the table of EMS URLs, used to access Sentinel LDK-EMS. Existing EMS URL entries are kept, so use <emsurl_clear/> before the new URL if you want to create completely fresh table content.
The default value for accessing Sentinel LDK-EMS is http://localhost:8080/ems. However, if Sentinel LDK-EMS Service is located on a remote machine or if it uses a different port number, the URL must changed in this table accordingly.
Set storage key for identity secrets
Applicable for: Admin License Manager
<identity_storage_encrypt>1</identity_storage_encrypt> <identity_storage_key>00000000000000000000000000000000</identity_storage_key>
The tag identity_storage_encrypt indicates whether identity secrets are stored in the License Manager database as plain text (if the specified value is 0) or as encrypted text (if the specified value is 1). This is equivalent to the parameter Store Identity Secrets in Admin Control Center.
If the tag identity_storage_encrypt is set to 1, use identity_storage_key to provide the storage key. This key is used to encrypt identity secrets before storing them in the License Manager database. (Identity secrets are the secret part of the identity string provided to end users when working with identity-based licenses.)
The storage key is a 16-byte hexadecimal number. This should be specified as 32 hexadecimal characters.
Clear user restrictions table
Applicable for: Admin License Manager
<user_restrictions_clear />
Clears existing elements in the user restrictions table (if any).
Append user restrictions to License Manager service
Applicable for: Admin License Manager
<user_restriction>deny=unwanted_user@all</user_restriction>
<user_restriction>allow=all@all</user_restriction>
Appends user restrictions to License Manager service. Existing user restriction entries are kept, so use <user_restrictions_clear /> if you want to create completely fresh table content.
Enable remote machines to access the current License Manager service
Applicable for: Admin License Manager
<accessfromremote>1</accessfromremote>
When this parameter is set to 1, remote machines can access the current Sentinel License Manager.
Clear the Access Restrictions table
Applicable for: Admin License Manager
<access_restrictions_clear />
Clears existing elements in the "Access Restrictions" table (if any).
Append rules to the access restrictions list
Applicable for: Admin License Manager
<access_restriction>allow=10.24.*.*</access_restriction>
<access_restriction>allow=10.20.0.0/16</access_restriction>
<access_restriction>allow=1.2.3.4-13</access_restriction>
<access_restriction>hklm001.ecomp.com</access_restriction>
<access_restriction>deny=all</access_restriction>
Append rules for specific machines or address ranges to the access restrictions list. If you want to set up a fresh table, use <access_restrictions_clear /> before adding your items.
Enable/disable License Manager service (LMS) to search for remote LMS on the local network
Applicable for: Admin License Manager
<accesstoremote>1</accesstoremote>
When this parameter is set to 1, enables the current License Manager to search for remote Sentinel License Managers on the local network.
NOTE This parameter is only relevant for the Admin License Manager. If the parameter is set to 1 for the External License Manager or Integrated License Manager, the action returns an error.
Enable/disable License Manager service (LMS) to search for remote LMS on the local network via broadcasts
Applicable for: All types of License Managers
<broadcastsearch>1</broadcastsearch>
When this parameter is set to 1, enables the current machine to search for remote Sentinel License Managers on the local network via broadcasts. (Note that the broadcast uses a random UDP source port. This may be an issue with certain firewalls.)
If this option is not enabled, every machine on the local network that is to be searched must be specified with the <serveraddr> tag (see below).
Enable/disable License Manager service (LMS) to perform aggressive search for remote LMS
Applicable for: Admin License Manager
<aggressive>1</aggressive>
When this parameter is set to 1, enables the current machine to connect to remote Sentinel License Managers, even though they cannot be detected using UDP datagram search methods.
Aggressive searching may reduce the update frequency of remote Sentinel information, but may enable very restrictive firewalls to be transversed.
NOTE For Run-time Environment version 8.3.1 and later, this parameter is always assigned the value 1 regardless of the value that you specify, if any.
Clear the Search Parameters table
Applicable for: All types of License Managers
<serveraddrs_clear/>
Clears existing elements in the "Search Parameters" table (if any).
Specify specific machines to search for remote License Manager service
Applicable for: All types of License Managers
<serveraddr>hklm001.ecomp.com</serveraddr>
<serveraddr>10.20.2.99</serveraddr>
Append specific machines that may be searched by the current machine for remote Sentinel License Managers. Specify data as IP addresses (for example: 10.1.1.17), Broadcast addresses (for example: 10.1.1.255), or machine names (for example: hklm001.ecomp.com).
When using the IPv6 protocol, use the IPv6 address format. For example, specify FF02::1 to access all remote Sentinel License Managers that are part of the default local group defined in the IPv6 subnet.
Initiate server rescan for remote License Manager services immediately
Applicable for: Admin License Manager
<server_rescan />
A server rescan (looking for new or vanished remote License Managers) is done automatically every 5 to 8 minutes (when using License Manager Service).
<server_rescan /> starts the rescan immediately.
You can use a AdminApi.adminGet request to query the status of the rescan.
A flag named server_rescan_done is set to 0 when <server_rescan /> is started, and is set to 1 when the rescan finishes. Using the AdminApi.adminGetmethod with the syntax below retrieves this flag:
<config>
<element name="server_rescan_done" />
</config>
Add specific machine to search table and initiate rescan for the machine
Applicable for: All types of License Managers
<serverselect>hklm001.ecomp.com</serverselect> <serverselect>10.20.2.99</serverselect>
This setting combines the following actions:
1.Appends the machines to the list of server addresses in the search parameters table.
2.Start a rescan for these specific address only (existing lists of known remote License Managers are not touched).
3.Wait for this rescan to finish before returning from the AdminApi.adminSetmethod.
This means that after return, the specific License Managers keys are immediately accessible (if they exist).
As soon as the AdminApi.adminSetmethod returns, you can, for example, call the Login method in the Licensing API to log into one of the licenses
Enable/disable detach of detachable Products
Applicable for: Admin License Manager
<enabledetach>1</enabledetach>
When this parameter is set to 1, enables Products for which detachable licenses have been defined to be detached from a host machine and temporarily attached to a recipient machine. For more information about detachable licenses, refer to "Working with Detachable Licenses" in the Sentinel LDK–EMS User Guide.
Set default expiration period for detachable Products
Applicable for: Admin License Manager
<commuter_delete_days>7</commuter_delete_days>
When a commuter license expires, it is kept as "expired" for a certain number of days.
Default is 7 days. The default value can be changed here. License functions are not affected by this setting.
Set initial detach limits
Applicable for: Admin License Manager
<reservedseats>0</reservedseats>
<reservedpercent>0</reservedpercent>
<detachmaxdays>14</detachmaxdays>
Settings for initial detach limits (see the Admin Control Center help systemor the Sentinel LDK Software Protection and Licensing Guide).
Enable/disable offline detach
Applicable for: Admin License Manager
<disable_offline_detach>0</disable_offline_detach>
When this parameter is set to 1, offline detach is disabled, allowing only direct (online) detaching of a license.
Set retention of files for detaching and attaching licenses
Applicable for: Admin License Manager
<old_files_delete_days>90</old_files_delete_days>
Number of days that H2R, V2C, and XML files (used to detach or attach licenses) are retained. Specify a value in the range of 30 to 9999 days. Default value is 90 days.
Install the identity string for cloud licensing on a licensed user's machine
Applicable for: Admin License Manager
<serveraddr>YQO7WZA:oBWAAQCBEA+DJjrsR3ddTqM4cY9fVmY@192.168.150.131</serveraddr>
On a licensed user's machine, install the specified dentity string for the licensed user. This enables the licensed user to run the applications that are licensed using a CL key. The identity string remains on the licensed user's machine until it is removed.
Hide the identity string secret for cloud licensing on a licensed user's machine
Applicable for: Admin License Manager
<serveraddr_dynamic>YQO7WZA:oBWAAQCBEA+DJjrsR3ddTqM4cY9fVmY@192.168.150.131</serveraddr_dynamic>
For information, see Hiding the Identity String Secret for Cloud Licensing.