New Features, Enhancements, and Changes
NOTE If you are upgrading from a version of Sentinel LDK that is earlier than 8.3, be sure to review the release notes for all intervening versions. Significant enhancements and changes are introduced in each version of Sentinel LDK. You can download a .zip file that contains all Sentinel LDK release notes.
Release: 8.4
>Support for Active-Active High Availability for Cloud Licensing
>Dynamic Memory is Now Supported for SL Keys
>Default Locking Type Changed to "HL or SL (AdminMode or UserMode)"
>Locking Type Can Now Be Modified in the Catalog for Deployed or Queued Products
>Client Identities Can Now Be Assigned an Expiration Date
>Licensing API Can Now Reserve and Release Executions
>Enhancements and Changes to Sentinel LDK Envelope
>Hardlock.sys has been Removed from the RTE Installer
>Sentinel LDK-EMS Now Uses Tomcat Version 9.0.56
>Sentinel LDK-EMS Web Services Now Return eid and createdBy in Response Body
>Sentinel LDK-EMS No Longer Generates an RTE Installer
Support for Active-Active High Availability for Cloud Licensing
Sentinel LDK now supports configuring a vendor-hosted cloud license server for high availability.
Sentinel LDK License Managers in the vendor's data center can be configured to store licenses in a common external trusted license storage (a MySQL database cluster).
You can set up License Managers on two or more active license server machines. A load balancer will distribute license requests between the machines and will maintain access to licenses in case a server becomes unavailable.
For information on setting up high availability for cloud licensing, see the Sentinel LDK High Availability for Cloud Licensing Configuration Guide.
Dynamic Memory is Now Supported for SL Keys
Until now, dynamic memory was supported only for Products that are licensed using HL keys (excluding Basic and Pro keys). Now, dynamic memory is supported for Products that are licensed with SL AdminMode and SL UserMode keys. (Dynamic memory is not supported for SL Legacy keys.)
For SL AdminMode keys, Sentinel Run-time Environment 8.41 or later is required.
Default Locking Type Changed to "HL or SL (AdminMode or UserMode)"
When defining a new Product in the Sentinel LDK-EMS Catalog, the default locking type is now HL or SL (AdminMode or UserMode) instead of HL. This change has no effect on existing Products.
Locking Type Can Now Be Modified in the Catalog for Deployed or Queued Products
Previously, once a Product in the Sentinel LDK-EMS was deployed or queued, it was no longer possible to change the locking type for the Product in the Catalog. Now, you can now modify the locking type in the Catalog for deployed or queued Products as follows:
| Current Locking Type | Modified Locking Type |
|---|---|
| HL | HL or SL
AdminMode, OR HL or SL (AdminMode or UserMode) |
| SL AdminMode | HL or SL
AdminMode, OR HL or SL (AdminMode or UserMode) |
| SL UserMode | HL or SL (AdminMode or UserMode) |
When changing from the HL locking type to a locking type that includes SL, the Clone Protection and the Rehost parameters in the Features also become available for configuration.
NOTE Any changes to Products or Features in the Catalog have no effect on deployed or queued Products.
Client Identities Can Now Be Assigned an Expiration Date
You can now set an expiration date for client identities. This enables you to:
>Easily manage trials by providing users with expiring identities that consume the same license. This removes the need to generate a new key and a new license for each trial.
>Manage which users can access a concurrency license and for how long.
Licensing API Can Now Reserve and Release Executions
For Features that are licensed with the Execution Count license type, the application can now reserve a specific number of executions when it logs in to the protection key (using the LoginScope function in Sentinel Licensing API). If any of the reserved executions are not consumed by the application, they are returned to the pool of executions in the license when the application logs out of the protection key.
This ensures that the application has access to enough executions before it starts to use the licensed Feature.
This functionality is only available with SL keys and is only applicable when using C-language function calls. The function requires Run-time Environment 8.41 or later.
Enhancements and Changes to Sentinel LDK Envelope
Sentinel LDK Envelope has been enhanced or modified as follows:
>When an unexpected error occurs during protection of a file, Envelope now displays a message and provides a link that simplified reporting the issue. This should improve the response time for obtaining assistance from Thales to resolve this type of issue.
>The user interface for working with AppOnChip has been improved.
>The WinV3 protection engine now supports the advanced debugger detection feature.
>Envelope for Linux now displays a warning message when the --debug option is used when also selecting --memdump.
>The behavior of Envelope for Linux has been modified for debug and memdump parameters as follows:
Given that the following protection parameters are specified for an Envelope project:
•Debugging is allowed for the protected application. (The debug parameter was specified.)
•Memory dumps are not allowed for the protected application. (The memdump parameter was not specified.)
The behavior of Envelope is as follows:
•Version 8.3 and earlier: Both debugging and memory dumps are not allowed. No message is issued.
•Version 8.4 and later: Both debugging and memory dumps are allowed. A message regarding this situation is issued.
The reason for this behavior is that protection against memory dumps does not work when debugging of the protected application is enabled.
>Sentinel LDK Envelope for Android has been discontinued.
The following Sentinel LDK functionality is no longer supported for native Android applications.
•Sentinel LDK Envelope
•Data file protection
You can continue to use Sentinel Licensing API to protect native Android applications.
If you require a protection solution for Android native libraries, contact Thales customer support.
Hardlock.sys has been Removed from the RTE Installer
The legacy Hardlock driver (hardlock.sys) is no longer installed as part of the Run-time Environment. RTE 8.31 is the last version that supports the legacy Hardlock driver.
The Hardlock driver is required when an application is licensed using a Hardlock parallel port key or a Hardlock USB key with a very old Hardlock library. In these situations, you must install RTE 8.31 or earlier. RTE 8.31 is available from Knowledgebase article KB0025777.
Starting with RTE 8.41, Hardlock LPT keys are no longer supported. Applications that use Hardlock USB keys need to be built with LDK API 6.4 or later. If an older version of the RTE is required, contact Thales customer support.
Sentinel LDK-EMS Now Uses Tomcat Version 9.0.56
The installation and upgrade procedures for Sentinel LDK-EMS (On-Premises) now install Tomcat version 9.0.56.
Sentinel LDK-EMS Web Services Now Return eid and createdBy in Response Body
When you search for an entitlement using <version>/ws/entitlement.ws or <version>/ws/entitlement/{entId}.ws, the response body now automatically includes the eid and createdBy values in addition to any query parameters.
Sentinel LDK-EMS No Longer Generates an RTE Installer
The Developer > RTE Installer tab has been removed from Sentinel LDK-EMS. You can generate a customized Run-time Environment (RTE) installer using the Sentinel LDK Master Wizard.
>For details on generating a Run-time Environment installer that is customized with your Vendor Codes, see Sentinel LDK Installation Guide.
>For details on signing a Run-time Environment installer, see Sentinel LDK Software Protection and Licensing Guide.