Understanding Cloud Licensing
This section describes an additional model for generating and distributing software-based licenses, based on an extension to software-based keys (described in Understanding Sentinel LDK Software Protection and Licensing).
Overview
Cloud-based software licensing is a method in which licenses reside in the virtual cloud. Typically, these licenses are subscription licenses, which customers need to renew monthly or yearly (or any other increment that the vendor decides). There are many benefits to a cloud-based subscription license both for the company licensing a product and its customers. Cloud licensing allows companies to constantly update their software and deliver it easily to customers, maintain a constant income stream, and more.
The cloud licensing model provides a simpler mechanism, both for the vendor and for the end user, for distributing and managing licenses.
Using this licensing model, the vendor generates and installs all required product licenses on a single license server machine with Internet access. The vendor generates and distributes a unique set of credentials or a license string for each end user.
The end user logs in to the protected application with the credentials or installs the license string on their machine. The end user can access the license server and consume a license to run the protected application online or detach a license and then run the protected application offline.
Implementing Cloud Licensing
The software vendor implements cloud licensing using one of the following methods:
User-based licensing using OAuth authentication
User-based licensing uses OAuth to enable end users to access the vendor's application or service using login credentials—their user name or email address and their password. End users can log in to the application from any supported device without the need to activate a license or install anything special on the device. With user-based licensing, the user is authorized instead of the device.
For more information, see Sentinel EMS User Guide for Sentinel LDK.
Identity string-based licensing
Identity string-based licensing enables end users to access the vendor's application or service using a unique identity string. This identity string must be installed on the client device where the vendor's application runs. When the vendor's application tries to launch on that device, the client communicates with the cloud licensing service on the vendor's or Thales' service-hosted, cloud license manager server, which authenticates the client identity based on the identity string and verifies the access permissions assigned to the machine account. If the machine account is authorized to access the application, the application opens and runs.
Identity strings are generated and managed using one of the following methods:
>Machine accounts. The cloud licensing service is hosted on Thales' servers. For more information, see Sentinel EMS User Guide for Sentinel LDK.
>Admin Control Center. The cloud licensing service is hosted on the vendor's server. For more information, see Cloud Licensing Overview.
Benefits of Cloud Licensing
Some of the benefits provided by the cloud licensing model are as follows:
>License Mobility. End users can consume licenses from anywhere. Once they receive and install the credentials or identity string, they can run the application, regardless of where they are.
>Implementation. Cloud licenses are easy for vendors to implement, with no compromises on security. No changes to Sentinel Licensing API are required. The model is fully supported by Sentinel LDK Envelope. Licenses are easy to deploy.
>End-user control. Identities or credentials can be disabled by the vendor at any time, or be limited to a certain number of machines.
>VM solution. Cloud licensing provides a simple licensing solution for virtual machines and containers (such as Docker) that is both secure and fully agnostic. There is no need to deal with fingerprints, no risk of cloning, and no risks of snapshot-restore attacks. All that is required is connectivity.
>Clone protection without fingerprint issues. Users can easily upgrade hardware and update the operating system.
>Secure license information. Secure storage (license information) has increased security and reliability, and is Inaccessible to end users. As a result, it cannot be deleted or reverted. Since the secure storage is accessible to the vendor, it can be deployed on highly dependable RAID arrays and be backed up regularly.
>Business insight. Since the vendor hosts the server, they can view usage data and patterns that would otherwise not be available.
>Manage trials. The vendor can easily manage trials by creating a single SL license and then providing users with expiring credentials or client identities that consume the same license. For example, the vendor can host a single cloud-enabled SL key with a perpetual license and, as needed, create identity strings that are active for 30 days to be provided to evaluators.
>Provide emergency cloud licenses. The vendor can provide customers with emergency limited-time credentials or client identities in case they face issues with their local HL or SL key.
>Manage user access to network seats. An IT administrator can manage which users can access network seats and for how long by distributing client identities with expiration dates.
Identity string-based licensing supports detaching licenses. Working with detached licenses provides the following additional benefits:
> Less demanding on server and network infrastructure. Communication to the server is limited to only a single detach operation. This also removes much of the need for server redundancy.
> Performance identical to local licenses. Once a license is detached, consuming it is unaffected by network latency.
> No need for constant connectivity. Once the license is detached, the user's machine can remain offline.
NOTE While intended primarily for implementation by software vendors, the cloud licensing model can also be implemented by the vendor’s customers for distribution of identity strings within their organization.