Accounts

Define the default, global cloud licensing permissions

The global cloud licensing permissions specify the default usage permissions for all customers using CL keys. For details, see Cloud Licensing Permissions.

If needed, you can modify the default cloud licensing permissions for specific customers. These permissions, known as service-hosted cloud licensing permissions, are inherited from the global cloud licensing permissions, and are available only after at least one CL key is generated for a customer. For details, see Customers.

(Later, after you activate an entitlement using Produce and Push, you can modify the service-hosted cloud licensing permissions for specific accounts if needed. By default, accounts inherit the permissions defined for the associated customer. For details, see Permissions.)

Vendor: Customize the license notification email template

Sentinel EMS provides an out-of-the-box email template that is sent automatically to a customer's end user when an account is created. We recommend that you review and customize this email template. For details, see Sentinel LDK Account Certificate.

Create administrator contacts for customers

If you plan to delegate account management to customers via the Sentinel EMS customer portal, an administrator contact must be associated with the customer. Add an administrator contact if one does not exist and associate that contact with the customer. For details, see Contacts.

You can create an administrator contact before (or after) you create the entitlement, or you can create administrator contacts for one or more customers in advance if you already have the relevant details.

Create an entitlement

When you create an entitlement, you must:

>Assign a customer. For details, see Customers.

>Select products that include:

•One of the SL-AdminMode locking types. For details, see Locking Type.

•Features whose license model supports concurrency on a network and specifies the maximum number of concurrent instances. For details, see Configure License Model and Sentinel LDK Enforcement - License Models.

Depending on your configuration, you may also need to set some attributes in the Additional Attributes section of the Define Entitlement Attributes pane.

For details, see Entitlements for Sentinel LDK CL Service (Produce and Push).

Activate the entitlement

To enable cloud licensing, you must use Produce and Push to activate the entitlement. Activating an entitlement generates a CL key for the relevant products.

In addition, when you use Produce and Push for the first time, a new Service-Hosted Cloud Licensing Permissions tab is added to the customer details on the Customers page as described in Define the default, global cloud licensing permissions. You can modify these permissions, if needed.

Create an account

If Send Notification is enabled, then, when you create an account, an email notification is automatically sent to the email address defined in the account. The email informs the end user that they can start using the protected application by clicking a link in the email. The link installs the end user identity credentials for the protected applications that are already installed.

Therefore, make sure to share the protected application with the end user before creating an account, so that they can install the protected application on the device (known as a registered machine) where they plan to run the protected application. For details on distributing protected software, see Sentinel LDK Software Protection and Licensing Guide.

For details on creating an account, see Creating an Account.

The administrator contact manages accounts in the Sentinel EMS customer portal.

Maintain the registered machines

The vendor or administrator contact can manage registered machines for accounts as needed. For example, the administrator contact may need to enable or disable a registered machine.

The administrator contact manages registered machines in the Sentinel EMS customer portal.

For details, see the section on registered machines in the Guide to the Sentinel EMS Customer Portal.

Install the identity credentials for the protected application

The end user can click the link in the email that was received for the account. This automatically installs the end user identity credentials for the protected application that is installed on the end user's device. The customer must ensure that the protected application includes Sentinel Run-time Environment and is already installed on the device where the end user plans to run the protected application. For details on distributing your protected applications, see Sentinel LDK Software Protection and Licensing Guide.

Alternatively, the customer might share instructions with the end user describing how to install the identity credentials manually. The end user does this by updating the configuration .ini file for the protected application with the unique, personalized identity string received from the customer. In this case, Sentinel Run-time Environment is not required. For more details on the identity string and to view an example, see Copy Identity String. For details on manually installing a client identity on an end user's machine, see Sentinel LDK Software Protection and Licensing Guide.

For details on identity credentials, see Identity Code.

An existing customer

Read-only value for the selected customer

1 to 64 characters

>A valid email address

>Up to 100 characters

>Cannot contain: spaces and \ () [] : ; “ <>

>Cannot start with a '.'

>Cannot contain double ..

>Cannot contain double @@

Yes OR No

Default: Yes

A client machine may be automatically registered with the account when a protected application runs for the first time.

Possible values:

>1-10. The maximum number of remote machines that are allowed to use this account to access the license server machine. Each machine is automatically registered the first time it accesses the license server machine. When the maximum number of machines are registered, no additional machines can use the account.

>Unlimited. An unlimited number of remote machines are allowed to use the account to access the license server machine. The machines are not registered.

Default: 5

Date on which the client identity (represented by the identity code) expires for the account.

Possible values:

>An expiration date

>Never expires

To set an expiration date:

a.Clear the Never Expires check box.

b.Do one of the following:

–Set the date.

–Click the calendar icon to display a calendar. Use the calendar to select the expiration date.

–In the Days field, specify the number of days the client identity should remain active.

Regardless of which field (calendar or days) you use to specify the duration of the client identity, the other field is automatically updated so that the two fields remain synchronized.

If you set an expiration date, the selected date cannot exceed the expiration date of the CL key.

When using a second-level license server with a detached license, the expiration date for the detached license cannot exceed the expiration date of the CL key or of the client identity on the second-level license server.

Enables a remote machine with an installed identity string to consume a license from the service-hosted, cloud license manager server.

Possible values: Yes or No

(Relevant for both automatic and on-demand detaching)

Enables a client machine to detach a license (a network seat) for a protected application from the service-hosted, cloud license manager server whenever a license is required.

>Automatic detaching. Detached licenses are deducted from the pool of available networks seats on the CL key. The client machine retains the license up to the number of hours specified even if the connection to the license server is interrupted. This enables the protected application to continue to operate without connection to the license server machine. When the detached license expires, it automatically returns to the pool of network seats on the CL key and is disabled on the machine.

Maximum offline duration: 2 hours

>On-demand detaching. End users can access a manually detached license from a CL key for a specified number of days. This is useful if they want to work with a protected application and expect to be disconnected from the company’s network for an extended period. On-demand detaching works only in offline mode.

To use a manually detached license:

On the machine where the CL key is located, an administrator can generate an H2R file that contains a detached license. The administrator transfers the file to the recipient (for example, the end user) who then applies the H2R file on the machine.

Maximum duration: 14 days

Possible values: Yes or No

(Relevant only for on-demand detaching and visible only if Allow License Detaching is set to Yes)

Enables a machine with the identity string to detach one or more network seats with concurrency from the license server machine. These seats can then be accessed concurrently on the machine that receives the detached license.

A detached license with concurrency can be used to:

>Set up second-level license servers. These can be used to provide greater control over the distribution of network seats within an organization and to minimize the overhead of license administration. For more information, see the Sentinel LDK Software Protection and Licensing Guide.

>Control the number of local hardware resources used by an application. For example, a protected application can be limited to use 4 out 8 CPUs. This requires a detached license with 4 seats, where access to each CPU is granted after the application logs in to the license. In this example, the fifth login will be denied, ensuring that only 4 CPUs are in use.

Possible values: Yes or No

Opens a confirmation box that enables you to change the status of an enabled machine to Disabled. This prevents the end user from accessing protected applications on the registered machine.

Opens a confirmation box that enables you to change the status of a disabled machine to Enabled.

(Not recommended) Opens a confirmation box that enables you to permanently remove the machine from the service-hosted, cloud license manager server.

To enforce the Maximum Number of Registered Machines, Thales recommends that you disable a registered machine instead of deleting it.