Network Mode
For running applications in network mode, SCP is installed as a service on the same machine where the RMS License Manager is installed.
The topics included in this section are:
>Place the CA Certificate Bundle
>(Mandatory) Configure Fingerprint Friendly Name
>Which Entitlements are Served?
>(Optional) Configure Version-less Products and Variants
>(Optional) Specify the Location of the SCP Configuration File
NOTE The 32-bit SCP service works with the 32-bit RMS License Manager and the 64-bit SCP service works with the 64-bit RMS License Manager only.
Unzip the SCL Add-on Package
1.Unzip the SCL Add-on package by using the password received from Thales in emails, and extract the Linux-specific package.
2.Copy Sentinel Cloud Add-On Linux.tar.gz to the system where the RMS License Manager is installed, and extract its contents to any folder (represented by <extractedfolder>).
NOTE You can extract the installation package to any folder, but we recommend extracting it to the Sentinel RMS installation folder. An example path is: /home/<user>/SentinelRMSSDK/10.x.x.
Place the CA Certificate Bundle
Copy cacert.pem file at the location where the SCP configuration file is placed, which by default is /etc/sentinel-scp/.
You can download cacert.pem from http://curl.haxx.se/ca/cacert.pem.
Configure SCP
Open the SCP configuration file and modify the following elements:
|
Element |
Description |
|---|---|
|
Customer Id |
Specify the ID of the customer defined in EMS for whom licenses will be fetched by SCP. For example, if Customer ID in EMS is "Demo", you can modify the element like: <Customer id="Demo"/> NOTE The Customer ID can be copied from EMS entitlement certificate emails received from EMS. NOTE SCP supports only one customer ID. |
|
YPSaddress |
Specify the URL of Directory Services which is received in emails from Thales. For example: https://demo-yps.com/YPServer |
| Fingerprint Friendly Name | Specify the fingerprint-friendly name that identifies the customer's machine where the application is running. |
(Optional) Configure Logging
By default, the log files are created at /usr/sbin/.
You can specify a different location by editing the SCP configuration file, as explained in the section Configure Logging.
Configure Proxy Settings
There are two methods of defining proxy settings in Linux:
Using the Configuration File
For details on how to configure proxy settings, refer to the section (Optional) Configure Proxy Settings.
Using System Settings
These are defined using the environment variables: https_proxy and http_proxy.
NOTE The configuration file has precedence over system settings.
System settings for proxy
1.First, https_proxy variable value is checked. If it is specified, the host value is used to establish the connection. Example:
export https_proxy=http://12.12.12.12:8080
2.If https_proxy variable is not specified, the application checks for http_proxy and will repeat the process similar to https_proxy.Example:
export http_proxy=http://12.12.12.12:8080
3.If both https_proxy and http_proxy are not specified, the auto proxy is used to establish the connection. The application will search for the wpad server entries in both DHCP and DNS. If found, the application will download the wpad.dat file, retrieve the proxy server IP address, and use the same to connect to the cloud.
4.If the connection is not established using auto proxy (that is, wpad is not defined), the application will run as if no proxy is set.
NOTE Both https_proxy and http_proxy are case-sensitive. The https_proxy variable takes precedence over http_proxy.
Limitation
On Linux, auto proxy with PAC is supported by using the SCP configuration file. However, auto proxy with PAC using system settings is not supported.
(Mandatory) Configure Fingerprint Friendly Name
A fingerprint-friendly name identifies a machine uniquely for a customer to help in better license management. For vendors selling hardware, the serial number of hardware can be used in the fingerprint-friendly name. For software vendors, either the host name of the machine or any unique string identifying the machine can be used in the fingerprint-friendly name.
While provisioning an entitlement from EMS, it is specified whether or not the machine should be registered with the entitlement or product key, by using the Fingerprint Registration check box of the Flexible License Model screen.
>If the Fingerprint Registration check box is selected, machine registration becomes mandatory for the consumption of the entitlement or product key. For machine registration, the fingerprint information of the machine (in the XML format) is used along with a unique friendly name for the machine.
When the fingerprint registration is mandatory, the fingerprint-friendly name specified in the SCP configuration file must be same as the friendly name registered using EMS.
>If the Fingerprint Registration check box is clear, machine registration is optional. The entitlement is referred to as the non-registered entitlement.
Even when the fingerprint registration is optional, it is mandatory to specify the fingerprint-friendly name in the SCP configuration file. You can specify the host name of the machine in the fingerprint-friendly name.
How to specify the fingerprint-friendly name?
To specify the fingerprint-friendly name in the SCP configuration file, use the FingerprintFriendlyName element. You can use alphanumeric characters to specify the fingerprint-friendly name. Though, it is recommended to specify the host name of the machine in the fingerprint-friendly name.
NOTE Internationalization is not supported in specifying the fingerprint-friendly name.
<FingerprintFriendlyName value="host_name"/>
Example:
<FingerprintFriendlyName value="Your_host_name"/>
Which Entitlements are Served?
The following conditions decide which entitlements are served to SCP:
>If the friendly name specified in the SCP configuration file is already registered in EMS, the entitlements registered with the given friendly name and all the non-registered entitlements for the requested customer, entitlement, or product key are served. When non-registered entitlements are served to the customer, Cloud Connect captures the machine’s fingerprint information and automatically registers it with the entitlement.
>If the friendly name specified in the configuration file is not already registered in EMS, only the non-registered entitlements are served to the customer.
Additional Scenarios
>If a machine requests a license again by using a different and unique friendly name, the cloud considers it a different machine, serves the license, and decrements the Quantity by 1. The Quantity denotes the count of machines on which the licenses can be served.
Let us say, Quantity is 2 indicating that licenses can be served to two machines. The machine M1 has requested a license with the friendly name FN1 earlier. Now, M1 requests the license again with a different friendly name FN2. The license will be served to the machine M1 again. Since the Quantity has exhausted, the license request by any other machine will be denied.
NOTE As explained in the case above, the same machine may consume multiple usage counts, exhausting the quantity. We recommend NOT to change the fingerprint-friendly names assigned to machines.
Also, keep track of the friendly names associated with machines so that license usage can be monitored.
>If after obtaining a license, a machine's friendly name remains same but its locking criteria (which was used to lock the machine to a license) changes, the next license request will be denied. This is because the cloud considers this case as a different machine requesting licenses with a duplicate friendly name, which is not allowed.
Example:
Assume the following:
>Customer name is C1. Machines are M1 and M2. Entitlements provisioned are E1, E2, and E3.
>For E1, the Fingerprint Registration check box is selected. E1 is registered with the machine M1, using the fingerprint-friendly name FFN1.
>For E2 and E3, the Fingerprint Registration check box is not selected. It means E2 and E3 are not registered to any machine.
Entitlements are served s as explained below:
Case 1: M1 requests licenses with the registered friendly name FFN1. E1 is served. In addition, E2 and E3 are also served. (The entitlement registered to this machine and non-registered entitlements for the same customer are served.)
Case 2: M2 requests licenses with a non-registered friendly name FFN2. Only E2 and E3 are served. (There is no entitlement registered to M2)
Case 3: The same machine M1 requests licenses with FFN3. Only E2 and E3 are served.
NOTE Similar to entitlements, you can also choose specific products to fetch licenses. To do so, use the pkid element of the SCP configuration file.
(Optional) Configure Version-less Products and Variants
You can also choose to configure the specific products from which you want to fetch licenses. To do so, use the pkid element of the SCP configuration file.
The configured products can be of the type default or version-less. For version-less products, you can also configure the specific variants from which licenses are to be fetched by SCP. To do so, use the productvariant element of the SCP configuration file. Note that default products do not have variants.
The following table lists when it is optional or mandatory to specify pkid and productvariant in the SCP configuration file:
| Product Type | pkid | productvariant |
|---|---|---|
| Default | Optional | Not applicable |
| Version-less | Mandatory | Mandatory |
NOTE If Entitlement As Whole is enabled and if you want to use product key filtering, you must provide all product keys for the particular entitlement in the SCP configuration file.
Open the SCP configuration file and uncomment the following section:
<!-- <ProductKeys> <ProductKey pkid="" productvariant="" productquantity=""/> </ProductKeys> -->
Specify the product key in the pkid element and variant in the productvariant and productquantity element. For example:
<ProductKeys> <ProductKey pkid="0ca278a5-b504-4be3-a969-99d0fc1b9376" productvariant="one" productquantity="1"/> </ProductKeys>
To specify multiple product keys, repeat the <ProductKeys> </ProductKeys> block for the required number of times. Example:
<ProductKeys> <ProductKey pkid="0ca278a5-b504-4be3-a969-99d0fc1b9376" productvariant="one" productquantity="1"/> <ProductKey pkid="a596d629-dec6-40a6-8d59-ff9db186eaf9" productvariant="two" productquantity="2"/> <ProductKey pkid="b667e123-nov6-40a6-6d23-aa9ab186ab6" productvariant="three" productquantity="3"/> </ProductKeys>
NOTE Quantity decrease functionality introduced in Sentinel EMS v5.3 is supported with SCP clients 5.3 or later.
NOTE EID Filtering is now obsolete
To maintain backward compatibility with SCL Add-on for RMS version 9.2 and earlier, the support for EID filtering using the SCP configuration file has been retained. However, we recommend to use the product key filtering instead of the EID filtering.
Install SCP
NOTE The root permissions are required to perform install/uninstall operations.
NOTE The commands described in this section are for 32-bit applications. For 64-bit applications, change the name of the script to install64.sh.
1.Open the command prompt and go to the directory <extractedfolder>/redistributable/SentinelCloudPlugin.
2.Grant the execute permission on the installation script by using the following command:
chmod +x install.sh
3.Execute the installation script by using the command:
sh install.sh
This installs the SCP service on Linux. Next, you need to start SCP as covered in the section Post-installation Steps.
(Optional) Specify the Location of the SCP Configuration File
The default installation location of the SCP configuration file is /etc/sentinel-scp/.
If you want to keep the SCP configuration file at a different location, specify the configuration file path in the environment variable, SCP_CONFIG_FILEPATH_[vendor_alias]. SCP will then look for the configuration file at the path specified.
Post-installation Steps
After installing the SCP service, you can use the following commands to start and manage SCP.
The name of the SCP service is:
>For 32-bit applications: sntlcloudps_[vendor_alias]
>For 64-bit applications: sntlcloudps64_[vendor_alias]
NOTE The commands shown below are for 32-bit applications. For 64-bit applications, change the name of the SCP service to sntlcloudps64_[vendor_alias].
Start:
/etc/init.d/sntlcloudps_[vendor_alias] start
Status:
/etc/init.d/sntlcloudps_[vendor_alias] status
Stop:
/etc/init.d/sntlcloudps_[vendor_alias] stop
Restart:
/etc/init.d/sntlcloudps_[vendor_alias] restart
Refer to the section SCP Command-line Options for details.
Uninstallation
To uninstall the SCP daemon, go to the path where SCP deliverables are placed and execute the following commands:
NOTE The commands shown below are for 32-bit applications. For 64-bit applications, change the name of the script to uninstall64.sh.
chmod +x uninstall.sh sh uninstall.sh