Getting Started with Sentinel LDK Cloud Licensing (CL) Service

Looking for a powerful, centralized, role-based solution for handling all of your software protection, licensing, and entitlement needs? You've come to the right place!

•Sentinel EMS entitlement management system has a straightforward design that walks you through the process of defining the various features and products that match the features and products in your back office system (ERP, CRM, billing system, or sales system).

•Sentinel LDK is a comprehensive, out-of-the-box software monetization solution that protects and licenses your applications and services, so that you can maximize revenues while introducing flexible and customer-centric offerings into the market.

Cloud Licensing (CL) Service combines Sentinel EMS and Sentinel LDK to provide a user-centric, identity-based approach to cloud licensing that Thales hosts for you on a secure, cloud license manager server. CL Service comprises two main components. Sentinel EMS provides licensing and account (identity) management; Sentinel LDK Cloud License Manager Service provides consumption management for cloud licenses and accounts.

The Basics

The following are the foundation of Sentinel EMS with Sentinel LDK enforcement. It's important to understand these terms before you perform the steps in this Getting Started Guide.

Features

Features are the basic building blocks of products and licenses. Each feature can represent anything from a functional component to an entire application. Learn More This means that you can create a separate feature for a specific functionality, such as "Print" or "Edit & Save", or you can create a feature for each module or for an entire application.

After you define at least one feature, you can add that feature to a product. This enables you to sell a product with one or more licensed features.

Feature ID. The feature ID is a unique identifier. During runtime, the Sentinel Licensing API call uses the feature ID. Always ensure that the feature ID is the same in both Sentinel EMS and the Sentinel LDK application you are using to protect your application (Sentinel LDK Envelope or Sentinel Licensing API).

Products

A product represents a saleable item in your organization—such as a software application—usually with a SKU or similar unit. You can package products with individual features and memory files. Learn More Both features and memory files are optional.

License models and terms.Sentinel LDK enforcement provides configurable, out-of-the-box license models.

You assign a license model and license terms to a feature when you add the feature to a product.

Setting license terms per feature occurrence lets you vary the license terms as needed. This flexibility gives you full control over feature usage whether you include one feature per product, the same feature in multiple products, or multiple copies of a feature in a single product.

Product ID. A product typically has a unique ID. However, multiple products can share the same product ID. This lets you replace one product with another. For example, you might want to create an "upgrade" product for a saleable item to enable customers to pay the price difference and upgrade from a subscription license to a perpetual license. In this case, both the original and upgrade products would need the same product ID.

When ready, you add products to entitlements so that the vendor can generate licenses for distribution to customers.

Entitlements

An entitlement is a customer order for one or more products. Similar to orders in your back office system (ERP, CRM, billing system, or sales system), an entitlement specifies the products that a customer is entitled to use. Learn More It also includes contact details, the products ordered, the features and memory files bundled in the products, licensing terms, the number of copies of your product that are available to that customer (quantity), and the entitlement ID (EID). Each entitlement can also be mapped to an actual order or other reference ID in your system using the External ID or Ref ID fields in Sentinel EMS.

When an entitlement is ready to be processed, you mark it as complete. That enables the next step, which is generating a license and pushing it to the cloud using Produce and Push.

Cloud Licensing Service

Cloud licensing service (also known as CL Service) refers to software and service licensing that Thales hosts on a service-hosted, cloud license manager server. Learn More
Cloud licensing uses identity-based access via accounts to give the vendor or customer granular control over who can access a cloud license. The software vendor can optionally delegate end-user account management to administrator contacts, as described in Accounts.

Accounts

An account represents a set of cloud licensing permissions that grant authorization rights to a customer's end user to access protected applications or services on one or more client devices (also known as registered machines). Accounts are an integral part of cloud licensing. Learn More To enable client authentication and access control, each account is assigned a unique identity string. This identity string must be installed on the client device where the vendor's application runs. When the vendor's application tries to launch on that device, the client communicates with the cloud licensing service on Thales' service-hosted, cloud license manager server, which authenticates the client identity based on the identity string and verifies the access permissions assigned to the account. If the account is authorized to access the application, the application opens and runs.

Each account is associated with a customer and is defined for a specific end user. When you create an account, you select the customer and specify the name and email address of the end user. By default, the end user then receives an email that includes a clickable link that automatically installs the identity string on the client device. Accounts inherit the access permissions (known as cloud licensing permissions) that are defined for the associated customer. You can modify these settings for a specific account if needed.

Accounts can be created on the Sentinel EMS vendor or customer portal, depending on whether the vendor or a customer's administrator contact creates and manages accounts. Both vendors and administrator contacts can also view the list of activated products on the respective portals, as well as manage the list of registered machines on which each account can access protected applications.

Identity Credentials

Identity credentials are used to verify the identity of a client device and grant access to a cloud-based license. Learn More Unique identity credentials are generated automatically when you create an account. These credentials comprise an identity string that contains a unique, read-only, 7-character identity code and an identity link, which is used to install the identity string on the end user's device.

End users can install an identity string on a client device by clicking the identity link that is sent automatically by email when the account is created. If you choose not to send the identity link automatically, then you must share this identity link directly with the end user in some other manner.

After the identity string is installed, the device shares its identity string with the Sentinel EMS cloud license manager server whenever the application or service starts, or as defined in your application (for example, you might set authentication verification "per session" instead of "at login"). After successful verification, the device accesses your protected application or service.

TIP Want to learn more about any of the concepts and terminology used in Sentinel EMS with Sentinel LDK enforcement? Check out the Glossary at the end of this guide.

Sentinel EMS Workflow

The following diagram illustrates the end-to-end workflow of creating and delivering a cloud license in Sentinel EMS using the Cloud Licensing Service. Each section represents a part in this getting started guide.

Sentinel cloud-licensing workflow

Learn about the different personae in the Sentinel EMS workflow

•Vendors. Vendors use the Sentinel EMS vendor portal. View the different Sentinel EMS personae in the vendor's organization

•Administrator Contacts. (Optional) Vendors can delegate end-user account management directly to their customers by creating administrator contacts. The administrator contact uses the Sentinel EMS customer portal. Learn what the administrator contact does

•End users. The customers' end users use their work or personal devices (machines). Learn what the end user does

See what's not included in this workflow

Before You Begin

•Install the latest version of Sentinel LDK. For instructions, see Sentinel LDK Installation Guide with Sentinel EMS.

•Review The Basics to learn about the Sentinel EMS components.

•Make sure that your Thales account enables you to access Sentinel EMS. At minimum, you need a role in Sentinel EMS that includes Customer Management permissions. Contact your Thales representative for assistance if needed.

One-Time Setup

Make sure that you are connected to the Sentinel EMS vendor portal. Show me how

Define the Default, Global Cloud Licensing Permissions

In this step, you review the global cloud licensing permissions, which are the default usage permissions for all customers that use CL keys. These settings are also inherited by each customer's end user accounts. Later, you can adjust these settings for specific customers and end user accounts as required.

This step provides explanations of each of the settings, so that if you need to modify these settings later, you will understand how to define each option. Unless you already know your specific needs, you can retain the default settings for now. To learn more about any of these settings, see Cloud Licensing Permissions.

1.From the navigation pane, select Configuration > Cloud Licensing Permissions.

2.Look at each of the settings.

•You can set the Maximum Number of Accounts per Customer to unlimited or to the number of network seats available on your Sentinel LDK Master license. Learn why this matters If you want to limit the number of accounts that are available for each customer, select Number of Network Seats. This enables the customer to limit account usage to a predefined number of end users in their organization, for example. Otherwise, leave the default, Unlimited.

•You can set the Maximum Number of Registered Machines per Account from 1-10 or unlimited. You can leave the default value for now. Learn how machine registration works

– If you specify a number, then client machines are automatically registered when end users run protected applications for the first time and access the license server machine. You can manage registered machines on the Customers > Accounts page. (Administrator contacts can do the same on the Sentinel EMS customer portal.)

– If you select Unlimited, then the client machines are not registered on the license server machine, as there is no need to manage the license on the client machine for the end user.

•You can set the Waiting Period for Reusing Deleted or Disabled Registered Machines (Days) value to an integer of 1-30 representing 1-30 days, or you can select the Allow Immediate Reuse check box to override the waiting period. and allow deleted or disabled machines to be automatically re-registered immediately. Why set a waiting period?The waiting period represents the number of days that the administrator contact must wait before changing the status of a machine that they disabled or deleted using the Sentinel EMS customer portal. This is relevant only after the first time that the registration status changes. The purpose of this setting is to discourage administrator contacts from performing unauthorized license sharing.

•When you set Allow Online Connection to Licenses to Yes, any machine with an installed identity string can consume a license from the service-hosted, cloud license manager server. If you set this option to No, then end users cannot consume the license to access the protected application.

•When you set Allow License Detaching to Yes, any machine with an identity string can detach a license (a network seat) for a protected application from the service-hosted, cloud license manager server for offline use whenever a license is required. Learn why this is usefulThis enables the machine to continue accessing the license even if the connection to the online server is interrupted, or the end user needs to work offline temporarily. The detached license is automatically restored to the pool of available licenses after a pre-defined period of time. There are two types of license detaching: Automatic and On-demand. For details, see Allow License Detaching in the Sentinel EMS User Guide.

•If Allow License Detaching is set to Yes, then you can enable concurrency for manually detached licenses using the Allow Concurrency for Detached Licenses option. Why use concurrency on an end user's machine? This enables a machine with an identity string to detach one or more network seats with concurrency from the license server machine. These seats can then be accessed concurrently on the machine that receives the detached license. This is useful if you need to set up second-level license servers or you want to control the number of local hardware resources used by an application.

OPTIONAL At this point, you might want to customize the license notification email template. This is a one-time step that enables you to modify the out-of-the-box email template that is sent automatically to a customer's end user when an account is created, which is described towards the end of this training. For detailed instructions on modifying the email template, see Sentinel LDK Account Certificate.

Create a Catalog

In this section, you create a catalog that includes your saleable items—a feature and a product. Make sure that you are connected to the Sentinel EMS vendor portal. Show me how

Step 1: Create a Feature

The first step in creating a catalog is defining features. Make sure that you are logged in to Sentinel EMS as described above.

1.From the navigation pane, select Catalog > Features.

2.In the Features page, click Add Feature .

3.In the Add Feature page, if the Namespace list is displayed, select the namespace you want to use. If you have your organization's vendor code, you may want to select that namespace. Otherwise, select DEMOMA to use the demo namespace and vendor code.

4.In the Add Feature page, in the Name field, enter a feature name, such as Edit & Save.

5.In the ID field, enter 501. (If this feature ID is already in use because someone else performed this training, just make a note of this ID.)

When you create your own features, you can use the default ID or apply another ID to match an existing feature in one of your company's products.

The ID must match the feature ID in the Sentinel LDK application you are using to protect your application (Sentinel LDK Envelope or Sentinel Licensing API) as described in Features.

NOTE If Sentinel EMS supports additional enforcements, you may see additional fields. These fields are not relevant for Sentinel LDK and can safely be ignored.

6.Click Save.

You've created your first feature. Next, you will add the feature to a product.

Step 2: Create a Product

Now that you created a feature, you can add it to a product. This is known as associating a feature with a product. You can also associate a memory file, but we are not going to cover that here.

1.From the navigation pane, select Catalog > Products.

2.In the Products page, click Add Product .

3. If Sentinel EMS includes support for other enforcements in addition to Sentinel LDK, you need to select the relevant enforcement before continuing.

In the Add Product page, in the Enforcement Type field (not shown), select Sentinel LDK. Otherwise, skip to the next step.

4.In the Add Product page, if the Namespace list is displayed, select the namespace you used when creating a feature. Otherwise, skip to the next step.

5.In the Add Product page, in the Name field, enter any product name, for example, TextEditor.

6.In the Product ID field, leave the default ID.

Later, when working with your own products, you can change the number to match an existing product ID in your saleable product.

7.Expand Additional Attributes, click the Locking Type arrow (not shown), and select an SL AdminMode-related locking type, or leave the default HL or SL AdminMode or SL UserMode value as is.

8.In the Available Features area of the Associate Features pane, click the feature you created to add it to the Associated Features list.

9.In the Associated Features list, for the feature you added, either select the check box and click the Configure License Model button, or, under Actions, click Configure License Model .

10.Set the license model.

Let's apply an annual subscription license that starts when the license is generated.

a. Click the Name arrow and select Time from License Generation, which is one of the available license models. Notice that the displayed attributes change to reflect the selected license model.

b. Under License Terms, in the Number of Days box, enter 365. (When the Allow Overwrite check box is selected, the order taker can modify the number of days later when creating an entitlement for a customer.)

c. Under Concurrency, set Enable Concurrency to Yes.

d. In the Concurrent Instances box, enter the number of license instances that need to be able to run at the same time, for example, 2.

e. Click Save.

11.In the Add Product page (not shown), click Save. The product is created as a draft.

12.In the Products page, for the product you created, in the Actions column, click the Complete button.

13.In the confirmation box that opens, click Complete (not shown). This makes the product available for distribution.

You've successfully created your first product. Next, you will create an order, known as an entitlement, for the product.

Define a Customer and Administrator Contact

In this section, you define a customer for the entitlement that you will be creating later. At this stage, you will also create an administrator contact for the customer. Adding an administrator contact lets you delegate account management directly to the customer. Without an administrator contact, you, the vendor, would have the sole responsibility of managing your customers' end-user accounts. Make sure that you are connected to the Sentinel EMS vendor portal. Show me how

Step 1: Create a Customer

When working with cloud licensing, every entitlement is associated with a customer. We are going to create a customer before we start creating our catalog, but you can create customers whenever needed at any stage of the process prior to generating a license. Make sure that you are logged in to the Sentinel EMS vendor portal.

1.From the navigation pane, select Customers > Customers.

2.In the Customers page, click Add Customer .

3.In the Add Customer page, if the Market Group list is displayed, select the market group for the namespace that you are using, for example, DEMOMA.

4.In the Add Customer page, in the Name field, enter a name for the customer that you are creating, for example Papyrus & Words. You can enter any customer name that you want.

5.Leave the Identifier blank, so that a customer identifier will be generated automatically when you save the customer.

6.In the Associated Contacts area, if an administrator contact already exists, you can select that contact to link to this customer. All types of contacts are listed here—not just administrator contacts. You can search by various fields to find the contact that you need.

In our case, though, we have not yet created an administrator contact. Let's do that now after we save the customer.

7.Click Save.

You've created your first customer. Next, you will assign an administrator contact to this customer.

Step 2: Create an Administrator Contact

Before we continue, let's create an administrator contact who will handle account management for our customer. This will save us time when creating an entitlement because the administrator contact will automatically be assigned to the entitlement when you select the customer. The administrator contact will also automatically receive email notification informing them that the licensed products are ready to share with consumer end users as soon as the entitlement is activated. Administrator contacts can view and manage only the accounts for which they are responsible. For the purposes of this training, you will assign yourself as the administrator contact.

1.From the navigation pane, select Customers > Contacts.

2.In the Contacts page, click Add Contact .

3.In the Add Contact page, if the Market Group list is displayed, select the market group for the namespace that you are using, for example, DEMOMA.

4.In the Add Contact page, in the User ID field, enter an identifier for the contact that you are creating, such as 123456. You can enter any identifier that you want, including a name or email address.

5.In the Email field, enter your email address, so that you will receive a notification when the entitlement is activated. The image shows an example.

6.In the Password field, enter a password that you will remember. Click the password criteria icon to see the criteria.

You can use this password to log on to the Sentinel EMS customer portal to manage registered machines for the accounts that you handle.

7.In the Name field, enter a name for the administrator contact, such as Robin Early. You can enter your own name if you want.

8.Under Contact Type, select Administrator. Only administrator contacts can manage accounts for cloud licensing.

9.In the Customer field, start typing the name of the customer that you created earlier. As you type, a list of suggestions is displayed. Select the relevant entry. This associates the contact with the specified customer when you save the customer.

10.Click Save.

You've created your first contact. In the Contacts page (not shown), you can expand the contact that you just created to view the various contact attributes.

Next, you will create a catalog and generate a license.

Generate a License and Push It to the Cloud

In this section, you generate a license and push that license to Thales' cloud license server manager using Sentinel EMS with Sentinel LDK enforcement.

First you will generate an entitlement to fulfill an order for a specific customer. Then you will use Produce and Push to generate a cloud license for the product features included in the entitlement. The license will automatically be pushed to Thales's service-hosted, cloud license manager server, making it ready to share with the customer's end users. Make sure that you are connected to the Sentinel EMS vendor portal. Show me how

Step 1: Create an Entitlement

In this step, you are creating an entitlement.

1.From the navigation pane, select Entitlements.

2.In the Entitlements page, click Add Entitlement .

3.In the Add Entitlement page, under Assign Customer / Channel Partner, set the required fields:

a. If the Market Group list is displayed, select the market group that you are using, for example, DEMOMA.

b. In the Customer field, start typing the name of the customer that you created earlier. As you type, a list of suggestions is displayed. Select the relevant entry.

c. In the Contact Email field, verify that the email address of the administrator contact that is associated with the customer is displayed. Earlier, you defined yourself as the administrator contact, so this should be your email address.

4.Expand Define Entitlement Attributes > Additional Attributes and set the following to ensure that the entitlement can be activated using Produce and Push.

a. Set Allow Activation to Yes, and ensure that Vendor Only is selected.

b. Set Entitlement as a Whole to Yes.

c. (Optional) Set Send Notification to Yes. This sends an email to the administrator contact, notifying them that the entitlement is ready for activation.

5.In the Associate Products / Product Suites pane, under Available Products, click the product you created to add it to the Associated Products / Product Suites section.

6.Click Save to save the entitlement as a draft. (If you skip this and go to another tab, your input will be lost.)

7.In the Entitlements page, in the Actions column, click Mark as Complete to complete the entitlement.

(The image shows the Draft status prior to confirmation.)

8.In the confirmation box, click Complete (not shown). The entitlement details are saved. An Entitlement Certificate email is sent to the contact email address you entered earlier.

(The image shows the Completed status post-confirmation.)

In the next step, you will use "Produce and Push" to generate a cloud license and push the license to the Thales service-hosted, cloud license manager server.

Step 2: Use Produce and Push to Generate a Cloud License and Push the License to Thales' Service-Hosted, Cloud License Manager Server

In this step, you generate a cloud license and push the license to the Thales service-hosted, cloud license manager server in a single step.

1.From the navigation pane, select Entitlements.

2.Expand the entitlement you created and click Produce & Push.

3. In the Activate Products page, verify that the Activatee Email is correct.

4.Click Produce & Push to generate a new key with the required licenses.

TIP If you ever need to update this key, the Generate Licenses area lets you choose between generating a new key or updating the licenses on the existing key.

Unless needed, Thales recommends that you update the existing key. By maintaining a single key for each customer, you limit confusion and ease maintenance over time.

When you update licenses, you would select the existing key that you already created, and either remove all existing licenses from the key to start with a clean key, or update the licenses on the key.

5.The Activate Products page displays information about the activated products and the activation details.

6.Click Done. A license certificate is sent to the activatee email address that you specified earlier.

The license certificate email does not include a license string because the end user machine accesses the cloud license using unique identity credentials instead of a license string.

7.The key is marked as Activated, and the license is now stored on Thales' service-hosted, cloud license manager server.

8.(Optional) View the key in the Sentinel Keys page.

In the navigation pane, click Sentinel Keys. Then expand the key line item and switch between the tabs to view the associated products and features, associated memory, and key attributes.

TIP When there are multiple keys on the page, you may want to search by customer to locate the key.

Congratulations! You successfully generated a CL (cloud licensing) key.

Manage End User Accounts

Earlier, you created an administrator contact, who is responsible for handling account management for your customer. You are now using that persona to create an account for your customer's end user. You will enable the Send Notification option to send an email directly to the end user, informing them that they can start using the TextEditor application by clicking the link in the email. Clicking this link installs identity credentials on the end user's machine using an identity string. This string is used to authorize the use of the application on that machine.

Where do you create an end user account?

Vendors create accounts from the Sentinel EMS vendor portal. Customers' administrator contacts create accounts from the Sentinel EMS customer portal.

For the purposes of this training, you can use either portal to create an account.

Option 1: Create an Account in the Sentinel EMS Vendor Portal

1.Navigate to the URL shared by Thales.

2.Log on using the user name and password provided by Thales.

3.From the navigation pane, select Customers > Accounts.

4.In the Accounts page, click Add Account Add Contact .

5.In the Add Account page, in the Customer field, start typing the name of the customer that you created earlier. As you type, a list of suggestions is displayed. Select the relevant entry. This associates the account with the specified customer when you save the account.

Notice that the permission settings on the right side of the page are now editable.

6.In the Name field, enter a name for the end user who will actually be using your application. For now, you can enter your own name if you want.

The name you enter will be used in the salutation of the notification email. This email contains identity credentials that enable the end user to access the protected application. You'll learn more about that in the next section.

7.In the Email field, enter your email address, so that you will receive a notification when the account is created. In a real-life situation, you would enter the email address of the actual end user.

8.Ensure that Send Notification is set to Yes. This will send an email to the account email address you specified above when the account is created. The email will contain an identity link that an end user must click to install an identity string on their machine, which will enable them to use the protected application provided by the customer.

If you set this to No, you will have to provide the end user with the identity link included in the email in another way.

9.In the Permissions area, leave the settings as is. An account inherits the permissions defined for the customer, which inherited the permissions you defined earlier in the global settings. This may sound complicated, but it's really just a hierarchical inheritance structure—global permissions are passed to the customer, and the customer permissions are passed to the account. You can modify these permissions at any level as needed.

You can leave the Expiration Date as Never Expires, or you can set an expiration date if you want.

10.Click Save. You've created your first account.

11.In the Accounts page, notice that in addition to the attributes that you just defined, an Identity Code was added by the system to identify the individual account when accessing the application.

12.Check your email to see the message that will be sent to actual end users.

Option 2: Create an Account in the Sentinel EMS Customer Portal

1.To connect to the Sentinel EMS customer portal, navigate to the URL shared by Thales using the following modified format: https://YOUR-SENTINEL-EMS-DOMAIN/customer/login

Log in using the Email option and the credentials that you created for the administrator contact in Define a Customer and Administrator Contact.

2.From the navigation pane, select Accounts.

3.In the Accounts page, click Add Account Add Contact .

4.In the Add Account page, in the Name field, enter a name for the end user who will actually be using your application. For now, you can enter your own name if you want.

The name you enter will be used in the salutation of the notification email. This email contains identity credentials that enable the end user to access the protected application. You'll learn more about that in the next section.

5.In the Email field, enter your email address, so that you will receive a notification when the account is created. In a real-life situation, you would enter the email address of the actual end user.

6.Ensure that Send Notification is set to Yes. This will send an email to the account email address you specified above when the account is created. The email will contain an identity link that an end user must click to install an identity string on their machine, which will enable them to use the protected application provided by the customer.

If you set this to No, you will have to provide the end user with the identity link included in the email in another way.

7.In the Permissions area, notice that many of the options are read-only. These permissions are inherited from the associated customer's permissions and cannot be changed in the Sentinel EMS customer portal (although they can be changed in the Sentinel EMS vendor portal if needed).

Leave Allow Access to All Associated Products as is to enable the end user to access and run your application. You can leave the Expiration Date as Never Expires, or you can set an expiration date if you want.

8.Click Save. You've created your first account. Check your email to see the message that will be sent to actual end users.

End User Starts Using the Application

Now that you have created an account, the customer's end user can install their unique identity credentials and launch your protected application or service.

For the purposes of this training, let's assume that:

• Your application is already packaged together with Sentinel Run-time Environment.

•The end user has already installed the application on the target device and is just waiting for the license to use the application.

Step 1: Install Identity Credentials on the Client Machine (End User's Device)

This step emulates what end users do to start using an application on their device.

You should have received the email with your identity credentials.

1.Open the email that you received from Sentinel EMS. (If you didn't receive the email, please check your Spam folder.)

Notice that the Name attribute value that you provided in the account is used in the salutation.

2.Click one of the links depending on the machine on which the application is installed or will be used. To install the identity string on a machine, you must click the actual installation link on the machine where the vendor's application runs.

When the vendor's application runs for the first time, the machine is automatically registered on the service-hosted, cloud license manager server (unless the Maximum Number of Registered Machines per Account cloud-licensing permission is set to Unlimited).

3.You, as the vendor user or administrator contact, can now view and manage the registered machine in Sentinel EMS vendor or customer portal, respectively.

In Sentinel EMS, navigate to Customers > Accounts, and expand the account that you created to view the registered machine. Here is an example of what the registered machines section might look like on the Accounts page. The content is identical in both portals. Notice the Actions column, where you can disable, enable, delete, or synchronize the machine.

Glossary

Let's review the concepts and terminology that you need to know to work with Sentinel LDK enforcement in Sentinel EMS. Show the glossary

Concept	Description
Activation (License Generation)	The process of generating or updating a license package (V2CP file) for one or more products. A license can be locked to a specific device, or it can be unlocked, as described in Unlocked from Device (Product).
Application	In the context of Sentinel LDK, application or protected application refers to the vendor's application, which is licensed and protected by the Sentinel LDK Licensing API (native or REST) and/or Sentinel Envelope, and packaged with Sentinel Run-time Environment. For more details on these components, see Sentinel LDK and navigate to the relevant guide. Application can refer to a software application, a service, and so on.
Batch Code	See Namespace (Batch Code).
Burning a Key	Activates an entitlement by burning the license file directly on a Sentinel HL key (dongle).
Catalog	A container for all of your assets, including products, features, memory files, license models, and namespaces. For more details, see Sentinel EMS User Guide for Sentinel LDK.
C2V and V2CP files	C2V (Customer-to-Vendor). A file containing data about deployed Sentinel protection keys or data about the customer's device, such as its fingerprint. The customer sends the C2V file to the vendor, often by email. The vendor then uses the C2V file to generate a license for the customer when activating an entitlement. V2CP (Vendor-to-Customer Package file). A package file from the software vendor that contains one or more license update files (V2C files) for a Sentinel protection key on the customer's device.
Cloud Licensing Permissions	Cloud licensing permissions delineate access and usage permissions for CL keys. Permissions are set at global, customer, and account levels. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Customers and Contacts	A customer can be an organization that owns an entitlement or a current or potential buyer of an entitlement. Typically, you generate entitlements for a customer who has placed an order. A customer can have one or more contacts. An administrator contact uses the Sentinel EMS customer portal to manage end-user accounts for their customer.
Devices	In Sentinel EMS with Sentinel LDK, a device is anything on which customers can install your licensed application, including, but not limited to, computers, tablets, phones, and watches. See also: Registered Machine
Enforcement	Licensing technology, such as Sentinel LDK, that controls and secures your software application.
Identity Code	An identity code is a unique, read-only, 7-character string that is part of the full identity string. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Identity String	An identity string designates the client identity for the account as defined in the cloud licensing service database. When the end user runs a protected application, the local license manager on the user's machine uses the identity string to consume a license from the relevant protection key on the service-hosted, cloud license manager server. If the end user has the appropriate permissions, the end user can use the identity string to detach a license from the service-hosted, cloud license manager server and then run the protected application offline. For more details, see Sentinel EMS User Guide for Sentinel LDK.
License Model	The license terms for a feature. You set the license model when adding a feature to a product, or when modifying a feature in an entitlement. License models: •Define in Entitlement. Enables the order taker to define the license type when creating an entitlement (when each individual order is processed). (Available only when creating a Product.) •Execution Count. The maximum number of times the feature may be used. (Not relevant for products that are not locked to a device. See Unlocked from Device (Product).) •Expiration Date. The date on which the license for the feature will expire. •Perpetual. Default license model. The license can be used an unlimited number of times and for an unlimited period of time. •Time from First Use. The number of days until the license expires. The number of days is counted from the date on which the licensed feature is first used. •Time from License Generation. The number of days until the license expires. The number of days is counted from the date on which the license is generated. (Not relevant for products that are not locked to a device. See Unlocked from Device (Product).) For more details, see Sentinel EMS User Guide for Sentinel LDK.
Locking Type	The level of protection for a product according to the type of Sentinel protection key supplied with the product. You set the locking type when defining a product. Locking types can be hardware-based (Sentinel HL keys) or software-based (Sentinel SL keys). When using the Cloud Licensing service, you must select one of the SL AdminMode options, such as the default HL or SL AdminMode or SL UserMode option. The following locking types are available: •HL. Use for burning licenses on physical, Sentinel HL keys (dongles). •SL UserMode. Use for activating licenses on Sentinel SL UserMode keys (software). •Does not require the installation of Sentinel Run-time Environment (RTE). • Provides a lower level of security for products that are not locked to a device than SL Admin mode. •Provides the highest level of compatibility with future operating system updates. •SL AdminMode. Use for activating licenses on Sentinel SL AdminMode keys (software). •Requires the installation of Sentinel Run-time Environment (RTE). •Supports all license terms, including concurrency and detachable licenses. •Provides a high level of compatibility with future operating system updates. •HL or SL AdminMode. Use for either Sentinel HL keys or Sentinel SL AdminMode keys. •HL or SL AdminMode or SL UserMode. (Default) Use this locking type if the decision on which type of Sentinel protection key is to be shipped with the product is made when each order is processed. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Market Group	A market group applies data access control for specific catalog elements and their entitlements. Typically, a target group of users share common characteristics, such as geographical locations or business units. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Memory	Memory files let you store sensitive data in the Sentinel protection key. For example, you might want to store user data or homegrown license code. You create memory files from the Memory tab. You associate memory files when creating a product. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Namespace (Batch Code)	A namespace represents your company's unique vendor code. ("Namespace" is known as "batch code" in Sentinel LDK.) When you order Sentinel protection keys from Thales, you specify your namespace, which is both written to the keys before dispatch and printed on the outside of each Sentinel HL key. Your company can have one or more namespaces. The namespace for Sentinel protection keys with a demo vendor code is DEMOMA. In Sentinel EMS, a namespace also acts as a workspace, differentiating between separate storage locations. If you have multiple namespaces, the features, memory files, and products in each namespace are available only to those users who have permissions for that namespace. Users with roles that have entitlement-related permissions (such as order takers) can access these items from all namespaces. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Produce and Push	"Produce and Push" generates a cloud license and pushes the license to the Thales service-hosted, cloud license manager server in a single step. After produce and push is performed, the vendor or administrator contact can create accounts for end users, so that end users can access the protected application or service as soon as they receive their unique identity credentials and install the protected application. On the Sentinel EMS customer portal, an administrator contact can create and manage end user accounts, view the list of activated products, and manage the list of registered machines on which each end user can access protected applications. The vendor can also perform these tasks on the Sentinel EMS vendor portal. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Registered Machine	A registered machine is a client device that is linked to an account to enable access to licenses for protected applications from the Thales service-hosted, cloud license manager server. Also known as device or client device. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Role	A role is a set of permissions for using specific entities in Sentinel EMS. For more details, see Sentinel EMS User Guide for Sentinel LDK.
Unlocked from Device (Product)	A product that is distributed with a license that is not locked to a specific device and can therefore be installed freely by any user on any device. Typical uses include: • Trial licenses (free for up to 90 days), which can start from the date of license generation or first use, depending on the License Model. (The Execution Count and Time From License Generation license models are not relevant for products that are not locked to a device.) •"Unlimited" products that or may not have licensing restrictions. For example, you might apply a Perpetual license, you may decide to limit the time period, you may use a different mechanism to license the application, or you may decide not to impose any licensing restrictions at all. When you create an entitlement, you can include products that are either locked to a device or unlocked from a device, but not both. For more details, see Sentinel EMS User Guide for Sentinel LDK.