Setting Up the License Server Machine
This section describes how to set up your license server machine. The setup is the same for both the vendor-hosted implementation and the customer-hosted implementation, except as noted.
The license server machine is the repository for network licenses. The machine must be connected to the Internet and available at all times. (For customer-hosted implementation, connection to the Internet is optional.)
NOTE You should always update the license server machine with the latest Run-time Environment to ensure the best security and compatibility.
Setting Up Admin Control Center
Install Admin Control Center on the license server machine. Configure the parameters described below in Admin Control Center.
Limit Configuration Activities to an ACC Administrator
1.Go to Configuration page > Basic Settings tab.
2.For the Password Protection parameter, select All ACC Pages.
3.On the same line, click Change Password.
4. Enter the new password in the New Admin Password field and in the Re-enter new Admin Password field.
5. Click Submit. The new password is set.
Configure Access From Remote Clients
1.Go to Configuration page > Configuring Access From Remote Clients tab.
2.Configure these parameters:
•Allow Access From Remote Clients. If the license server machine will be used only to serve cloud licenses to machines with identity clients, select Identifiable clients only. Otherwise, select the relevant option.
•Public Address for Access With Identity
•Store Identity Secrets. Select the Encrypted option if you want identity secrets stored in the License Manager database to be encrypted. If you select this option, you must also specify the storage encryption key using Sentinel Admin API.
Allow Detaching of Licenses
To allow end users to detach licenses, be sure to select the configuration parameter Enable Detaching Licenses.
Setting Up Cloud Licenses
Cloud licenses for identity-based accesses must satisfy the following requirements:
>Your Sentinel LDK Master license must contain the Cloud Licensing module.
>When using Sentinel EMS, the parameter Cloud Licensing in the Administration Console must be set to Enabled.
>The license must have the SL AdminMode locking type and must be defined with concurrency, specifying the desired number of network seats to make available.
When you define a client identity, you can specify that it is valid only for a specific key ID. If you do not specify a key ID, the client identity is valid for all cloud licenses on the license server machine.
For vendor-hosted implementation: Set up separate SL keys for each customer.
>If the customer is a single user, Thales recommends that you create a separate SL key for the user and link this key to the user’s client identity.
>If the end customer is an organization, Thales recommends that you create a single SL key and link all client identities in the organization to the key (assuming all users are all entitled to consume the same licenses). If various groups within the organization are entitled to use different sets of licenses, multiple keys can be used to partition the licenses and control access.
By default, the License Manager installs all SL licenses in the same SL key on a given machine. You can use the following procedure to install SL licenses in separate SL keys on the license server machine.
To install multiple SL keys on the license server machine:
1.Ensure that no SL licenses are currently installed on the machine.
2.Use Admin Control Center or RUS to obtain a fingerprint of the machine. Save the fingerprint file for future use.
3.In Sentinel EMS, create
4.Use Admin Control Center or RUS to apply the V2CP file on the license server machine. A new SL key (containing the new SL license) for the customer is created.
5.For each additional customer, repeat steps 3 and 4 as necessary to create new SL keys.
When you generate client identities for customers, you can specify the relevant key ID for each client.
This method allows you precise control over the licenses that you make available for each customer.
To generate and manage client identities for customers or end users, see the Sentinel Admin Control Center help.