Defining a Modification Product
A Modification Product is a modified version of either a Base Product or another Modification Product. A Modification Product can contain changes such as:
>A software upgrade
>Updated license terms
>Added Features
>Removed Features
>Changes to memory data
When you define a Modification Product, you can add and remove Features and change the license terms for each Feature in the selected Product. Although Modification Products do not include the memory data stored in memory segments of the original Product, memory data are retained for any Key ID containing the original product. You can add memory segments to the Modification Product as needed.
You can edit the properties of a Modification Product only if it has not yet been included in an Entitlement.
To define a Modification Product:
1.Open the Create Modification Product page
Show me how
and select Modification. The Create Modification Product page opens.2.Enter a name in the Name field (maximum length 50 characters). The name must be unique in the selected batch.
3.(Optional) Click the Add Description link and add a description to the Product (maximum 510 characters).
4.If you need to change the locking type, you must first remove all the Features from the Product Features list. Then, in the Locking Type box, select the protection level for the Product:
For more details, see Locking Type.
5.If you selected one of the SL locking types, in Clone Protection, specify the clone protection scheme to apply to Products with Features. (Software that is protected by a Sentinel HL key is not vulnerable to machine cloning.)
•Platform Default: Uses the clone protection schemes for the Default Clone Protection Version version selected in the License Security Settings section of the Administration Console. For details, see the Sentinel LDK-EMS Configuration Guide.
•Advanced: Lets you specify pre-defined or custom clone protection schemes for physical and virtual machines, as follows:
| Machine Type | Clone Protection Scheme Options |
|---|---|
| Physical machine | Select a pre-defined or custom clone protection scheme from the following: >PMType1: Verifies fingerprints using the hard drive serial number and motherboard ID. >PMType2: Verifies fingerprints using various criteria, such as CPU, Ethernet card, optical drive, and PCI card slot peripherals, as well as the hard drive serial number and motherboard ID. This scheme provides enhanced reliability against false positive clone detection and maintains the inherent security of the scheme. >PMType3: Verifies fingerprints using the CPU model, CPU serial number, and internal storage serial number. NOTE Selecting PMType3 disables clone protection for virtual machines and sets the value of Rehost to Leave as is. >PMType4: Verifies fingerprints using the CPU model, CPU serial number, internal storage serial number, Android serial number, and Android Firstboot. This scheme allows users to reinstall licenses on Android without the need for reactivation, provided that features are licensed using Perpetual or Expiration Date licenses. NOTE Selecting PMType4 disables clone protection for virtual machines and sets the value of Rehost to Leave as is by default. >FQDN: Verifies fingerprints using the machine’s FQDN (Fully Qualified Domain Name). >Disable: Disables clone protection for physical machines. >Create Custom Scheme: Opens a list of criteria that you can use to specify your custom-defined clone protection scheme. This is useful, for example, if none of the existing clone protection schemes meet your Product needs. a.In Custom Scheme Name, enter a unique name for the clone protection scheme (maximum 18 alphanumeric and Unicode characters). We recommend entering a descriptive name that clearly indicates the purpose of the custom scheme. b.Select one or more required criteria: –CPU — CPU information excluding the CPU UID –Ethernet Address — MAC address –FQDN — Not supported for Android –Hard Disk — Hard disk ID (on a PC) or SD Card ID (on an Android device) –IP Address — IP address –Machine ID — Motherboard (on a PC) or Android device serial number (or Android first boot if serial number is not available) –Security Identifier (SID) — Microsoft Windows Security Identifier (Windows machine only) c.In Minimum Required Criteria, enter a number between 1 and the number of selected criteria. This specifies the number of criteria that must match when validating the license. For example, if you selected three criteria, enter a number from 1 to 3. d.To validate the license using all of the criteria that are present when a license is generated, select All identifiers present at license generation must exist and match at runtime. For example, suppose the Minimum Required Criteria in your custom clone protection scheme requires 4 out of 5 criteria in the fingerprint. If this option is selected, and all 5 of the criteria are present when the license is generated, then all 5 of the criteria must match the fingerprint at runtime, even though the custom clone protection scheme requires only 4. e.Click Save. The custom clone protection scheme is applied to the product. The scheme is also added to the list of custom clone protection schemes and is now available for any product in any batch code present in the Sentinel LDK-EMS database. f.(Optional) Repeat these steps to create additional custom clone protection schemes for use with any product in any batch code present in the Sentinel LDK-EMS database. After you finish creating the required schemes, make sure to select the relevant scheme for the current product and click Save. This applies the selected custom clone protection scheme to the current Product. |
| Virtual Machine | Select a pre-defined or custom clone protection scheme from the following: >VMType1: Verifies fingerprints using the Virtual MAC address, CPU characteristics, and UUID of the virtual image. For more details, see the section on clone detection for virtual machines in the Sentinel LDK Software Protection and Licensing Guide. >VMType2: Provides VMType1 clone protection and accesses the VM Generation ID (if available) to prevent misuse of a VM snapshot. •Windows 8, Windows 10, and Windows Server 2012 R2 with the supported versions of the following virtual machines: –VMware Player, Workstation, and ESXi. –Hyper-V Server •Some earlier versions of Windows with Hyper-V Server if Hyper-V integration services from Windows 8 or Windows Server 2012 is installed. >VMType3: Ensures that a protected application in a virtualized server environment cannot be used if the license is copied from one virtual machine to another. •SL-AdminMode and SL-UserMode on Windows •SL-AdminMode on Linux >VMType4: This scheme is intended primarily for Docker containers but is also compatible with other virtual machines. This scheme checks the Virtual MAC address, CPU characteristics, UUID, and the hard drive serial number. The values for these characteristics must match in the reference fingerprint and the system fingerprint. If there is any mismatch, the protected application is disabled. For more details on protecting applications in Docker Containers, see the appendix in the Sentinel LDK Software Protection and Licensing Guide. >FQDN: Verifies fingerprints using the machine’s FQDN (Fully Qualified Domain Name). This scheme provides increased reliability and provides flexibility of operation in a server virtualization environment. >Disable: Disables clone protection for virtual machines. >Create Custom Scheme: Opens a list of criteria that you can use to specify your custom-defined clone protection scheme. This is useful, for example, if none of the existing clone protection schemes meet your Product needs. a.In Custom Scheme Name, enter a unique name for the clone protection scheme (maximum 18 alphanumeric and Unicode characters). We recommend entering a descriptive name that clearly indicates the purpose of the custom scheme. b.Select one or more required criteria: –CPU—CPU information –Ethernet Address—MAC address –FQDN—Fully Qualified Domain Name –IP Address—IP address –Machine ID—Motherboard (on a PC) or Android device serial number (or Android first boot if serial number is not available) –Security Identifier (SID)—Microsoft Windows Security Identifier (Windows machine only) –VM Generation ID—Attribute of a Windows VM that helps to prevent misuse of a VM snapshot c.In Minimum Required Criteria, enter a number between 1 and the number of selected criteria. This specifies the number of criteria that must match when validating the license. For example, if you selected three criteria, enter a number from 1 to 3. d.To validate the license using all of the criteria that are present when a license is generated, select All identifiers present at license generation must exist and match at runtime. For example, suppose the Minimum Required Criteria in your custom clone protection scheme requires 4 out of 5 criteria in the fingerprint. If this option is selected, and all 5 of the criteria are present when the license is generated, then all 5 of the criteria must match the fingerprint at runtime, even though the custom clone protection scheme requires only 4. e.Click Save. The custom clone protection scheme is applied to the product. The scheme is also added to the list of custom clone protection schemes and is now available for any product in any batch code present in the Sentinel LDK-EMS database. f.(Optional) Repeat these steps to create additional custom clone protection schemes for use with any product in any batch code present in the Sentinel LDK-EMS database. After you finish creating the required schemes, make sure to select the relevant scheme for the current product and click Save. This applies the selected custom clone protection scheme to the current Product. |
For more details, see:
•the section on how Sentinel LDK detects machine cloning in the Sentinel LDK Software Protection and Licensing Guide, which provides a detailed description of each clone protection scheme.
6.If you selected one of the HL locking types, you can select the following:
•Upgrade to Driverless: See Upgrading Sentinel HL keys to Driverless Configuration for details.
•Use Virtual Clock: Lets you manage time-based licenses for Sentinel HL (Driverless Configuration) keys using a virtual clock where no real-time clock is available.
NOTE For Products that are licensed with Sentinel SL keys, Sentinel HL Time keys, and Sentinel HL NetTime keys, V-Clock is always available. For details, see Enabling V-Clock for Sentinel HL (Driverless Configuration) Keys.
7.Enter Ref ID 1 and Ref ID 2 if required (maximum 250 characters). You can enter information that identifies the Modification Product in a different system, for example, a Product code in your company's ERP system.
8.Add Features to the Product, as needed:
a.Click Add Features. The Add Features to Product dialog box opens.
b. Select the Features to add, and click Add Features to Product. The associated Features are displayed in the Product Features tab.
c.For each Feature, select one of the following to specify if the Feature can be excluded or is always included when generating an Entitlement:
| Can be excluded | Enables the order taker to remove the Feature from the Product when generating an Entitlement, as needed. |
| Always included | Ensures that the Feature is always included in the product when generating an Entitlement. |
| All | Sets all Product Features in the list to Can be excluded. |
| None | Sets all Product Features in the list to Always included. |
• Select Always include to ensure that the Feature is always included.
9.In the Product Features pane, modify the Product as needed.
•To modify an individual Feature, use the links provided in the same row.
•To modify multiple Features simultaneously, select the check boxes for the Features and use the buttons on the top-right of the pane.
| Remove |
Removes newly added Features from the Product. NOTE If you remove a pre-existing Feature, the feature is removed from the list, but remains licensed as is in the Product. To remove an existing Feature, use Cancel. |
| Cancel | Cancels the license for the Feature, effectively removing the Feature from the Product. For example, if the Feature exists for this Product ID on a Sentinel protection key, the next update sent to the end user will remove the Feature from the key. |
| Overwrite |
Lets you define fresh license terms for existing or new Features. In the dialog box that opens, define the license terms. See Defining License Terms for a Sentinel LDK Product for details. |
| Leave | Keeps the Feature as is in the Product. |
| Modify |
Lets you change the license terms for existing Features. In the dialog box that opens, modify the license terms as needed. For example, you can increase or decrease execution counts and concurrent instances. This option is not available for newly added Features. See Defining License Terms for a Sentinel LDK Product for details. NOTE If for an existing Feature the license type is Specify at entitlement time, then use Overwrite instead of Modify to change the license terms. |
| Add Features | Lets you add Features to the Product. For details, see the previous step. |
10.Select the Memory tab to define memory areas and write data for secure storage. (For details, see To define a new segment and data in default memory: ).
11.When you finish defining the Product details, click:
•Save as Draft to save the Modification Product as Draft so that you can update its details later.
•Save as Complete to finalize the Modification Product.
The new Modification Product is displayed in the Products page just below the Base Product.