Online Detach: Setting Up Multi-Level License Server Machines
This section describes how to set up the primary and second-level license server machines when working with online detach of licenses.
The primary license server machine is the repository for network licenses. The machine only requires connection to the Internet when performing the following actions:
>When detaching concurrent seats from the license server machine to the second-level license server.
>When modifying the number of concurrent seats detached from the license server machine or when extending the date for the detached seats.
>When canceling the detach operation.
NOTE Sentinel LDK Run-time Environment 8.51 or later must be installed on both the primary license server machine and on each second-level license server machine. You should always update the license server machines with the latest Run-time Environment to ensure the best security and compatibility.
Setting Up the Primary License Server Machine
Set up the primary license server machine as described in this section.
Set Up Admin Control Center
Install Admin Control Center on the primary license server machine. Configure the parameters as described in Setting Up the License Server Machine.
Under Allow Detaching of Licenses, be sure to select the configuration parameter Enable Detaching Licenses.
Set Up Cloud Licenses
To set up cloud licenses for identity-based access, see Setting Up Cloud Licenses.
Set Up a Client Identity for the Second-Level License Servers
On the primary license server machine, in the SL key for the customer organization, set up a dedicated licensed user to be installed on all the second-level license servers.
To set up the dedicated client identity:
1.Use Sentinel LDK Cloud Portal to define a special-purpose licensed user. Make sure that in the attributes for the user, the options Allow Connection to Licenses, Allow License Detaching, and Allow Concurrency for Detached Licenses are all set to Yes.
2.The notification email generated for the special-purpose licensed user should be sent to an administrator in the customer's organization who will ensure that the email is used to install the client identity on one or more machines that will serve as second-level license servers.
Setting Up Second-Level License Servers
The customer organization sets up one or more second-level license servers on which the detached network seats will reside.
To set up a second-level license server machine:
1.Install the Sentinel LDK Run-time Environment on the machine.
2.In Admin Control Center, limit configuration activities to an ACC administrator as described earlier.
3.Use the email notification generated by Sentinel LDK Cloud Portal to install the identity string for the special-purpose licensed user generated above on the machine.
4.Using Admin Control Center, go to Configuration > Users and specify which end users can access seats on the second-level license server machine.
5.Using Admin Control Center, detach the required number of seats from the primary license server machine as follow:
a.Go to the Products page. Select the relevant Product and click the Detach button.
b.On the Detach License page, select the Online detach method.
c.On the Concurrency section of the page, select Allow Concurrency for Detached License.
d.In Total Number of Seats, enter the number of seats to detach.
e.On the Specify Expiration Date for Detached License section of the page, enter the expiration date for the detached seats.
f.Click Detach & Attach. The specified number of seats are detached from the license on the primary license server machine and are attached to the second-level license server machine.
g.(Optional) Set up the server machine to support automatic detach of seats. Go to Configuration > Detachable Licenses. Under Automatic Detaching of Licenses, select Enabled and assign a value for Allowed Offline Duration. Click Submit.
Setting Up End Users
Each end user must be in the same LAN as the second-level license server. The Sentinel LDK Run-time Environment must be installed on each end user's machine. Each end user must have access to the protected application.