Getting Started with Sentinel RMS—Redundant License Manager in Network Lease Mode
Overview
This document provides step by step instructions for setting up redundant license manager in network lease mode for Sentinel RMS.
Sentinel RMS provides License Manager backup by creating the redundant License Managers setup. All the designated License Managers are grouped together to form a pool so that the next License Manager can take over when the primary License Manager (leader) goes down. As a result, the in-use licenses are not lost and continue to be served seamlessly by the new leader License Manager.
For more details, refer to Sentinel RMS Developer Guide.
Prerequisites
You must meet the software and hardware requirements for installing the following SDKs:
•Sentinel RMS SDK: For details about the system requirements for installing the Sentinel RMS SDK, refer to Sentinel RMS Releases Notes.
•SCL Add-on Package: The SCP SDK is available within the SCL Add-on for Sentinel RMS package. The prerequisites for installing SCP are same as for Sentinel RMS SDK.
The Steps
Follow the steps below to run an SCP-Service on Windows.
The first step is to download the Sentinel RMS SDK and SCL Add-on zip package from the Sentinel order emails, and install the Sentinel RMS SDK.
Downloading and Installing the Sentinel RMS SDK
NOTE If you are a production customer, refer to the Thales order emails for links to download the SDK. Alternatively, you can log in to your Thales support account and use the available links to download the SDK. If you are an evaluation/trial customer, the SDK download links are present in the trial portal, details of which are shared with you over emails.
1.Open the Thales Sentinel order email. In the Download Details table, click the Download link corresponding to the Sentinel RMS SDK (Windows) field.
2.For trial licenses, clicking the link will directly start the SDK download. For all other licenses, you will be redirected to the Thales Support Portal.
3.Extract RMSSDK10.xWindows.zip downloaded in the step above.
4.Run the self-extracting StartHere.exe file and follow the instructions provided with the graphical installation wizard. Note the following:
•One of the screens displayed during the installation is Customer Information dialog box. In this dialog box, type your name, organization name, and the Sentinel Serial Number. You can copy and paste the Sentinel Serial Number from the Thales Sentinel Order email. This serial number is unique for each customer.
•The default Sentinel RMS installation directory is: C:\Program Files (x86)\Thales\Sentinel RMS Development Kit\10.x\
With Sentinel RMS installation, Sentinel RMS License Manager is deployed automatically.
Downloading the SCL Add-on for Sentinel RMS Package
1.Open the Thales Sentinel Order email. In the Download Details table, click the Download link corresponding to the Sentinel Cloud Add-On Package field. This redirects you to a download page on the Thales support portal.
2.Enter the Sales Order (SO) number in the Enter SO Number field. The SO number is available in the subject field of the Thales Sentinel Order email.
3.Click Get Download Key. You will receive an email with the download key on your registered email address. The download key is valid for 24 hours.
4.In the Enter Download Key field, specify the received download key, and click Download. This will start the download of the SCL Add-on for Sentinel RMS package, which is a password-protected archive containing separate packages for different operating systems.
In this step, you connect to the Sentinel EMS Portal using the credentials shared by your Thales representative.
A license model is a combination of various parameters that define how a product can be used by an end user. You need to use the Flexible license model as the base for defining a license for the
1.From the navigation pane, select Catalog > License Models.
2.In the License Models page, search by Name for the Flexible License Model.
3. Under the Actions column, click Copy .
4.In the Copy License Model page, in the Name field, enter any license model name, for example, MyRedundancyLicense.
5.From the Deployment Type drop-down, select Lease.
6.From the License Type drop-down, select Network.
7.Under the Policy section, toggle Enforce Clock Tampered to No. This disables time tampering detection.
8.Under the Policy section, toggle Redundancy to Yes. This activates redundancy for the license that you are configuring.
9.When you enable redundancy for a license, Redundancy Majority Rule is displayed. Set Redundancy Majority Rule to Yes.
10.Under the Locking section, set the value of Redundant Servers. Here, let's use the default value as 3. You can also select the desired locking criteria. In our case, let's use the default locking criteria, Disk ID.
11.Under the Cloud Served section, toggle Fingerprint Registration to Yes. This specifies that the machine registration is required to consume the entitlement.
12.Click Save.
You've successfully configured the license model. Next, you will create a feature using this license model.
The first step in creating a catalog is defining features.
3.In the Add Feature page, from the Namespace list, select General.
You see the Namespace list only if multiple namespaces are available in the system.
4.In the Name field, enter a feature name, such as REDUNDANCY.
5.In the Version field, type 1.
6.In the ID field, leave the default ID for now.
When you create your own features, you can use the default ID or apply another ID to match an existing feature in one of your company's products. The ID must match the feature ID in your licensed application.
7.In the Available License Models area of the Associate License Models pane, click the license model you created to add
8.Click Save.
You've created your first feature. Next, you will add the feature to a product.
Now that you created a feature, you can add it to a product. This is known as associating a feature with a product.
3.In the Add Product page, from the Namespace list, select General.
4.In the Name field, enter any product name, for example, REDUNDANCY.
5.In the Version field, type 1.
6.In the Available Features area of the Associate Features pane, click the feature you created to add it to the Associated Features list.
7.Click Save. The product is created as a draft.
8.In the Products page, for the product you created, in the Actions column, click the Complete button.
9.In the confirmation box that opens, click Complete (not shown). This makes the product available for distribution.
You've successfully created your first product. Next, you will create an order, known as an entitlement, for the product.
In this step, you are creating an entitlement.
3.Associate this entitlement with a new customer.
a. In the Add Entitlement page, next to the Customer field, click Add Customer .
Tip: You can also define customers directly from the Customers tab.
4.Add contact details to the customer you just created.
a. In the Add Entitlement page, next to the Contact Email field, click Add Contact to open the Add Contact dialog box.
b. In the Email field, add the email address to which the entitlement certificate will be sent.
c. Click Add. The contact is created and the contact email address is associated with the customer you just created.
5.In the Associate Products / Product Suites pane, under Available Products, click the product you created to add it to the Associated Products / Product Suites section.
6.In the Associated Products / Product Suites section, expand the product that you added to this entitlement. Click Product Attributes, and change the Activation Method to Full.
7.
Let's suppose that the customer ordered 10 copies of your product.
In the Available Quantity field, change the value to 10.
8.In the Enforcement Extension section, the fields related to redundancy are enabled as shown in the following image.
9.Click Save to save the entitlement as a draft.
10.In the Entitlements page, in the Actions column, click to complete the entitlement.
(The image shows the Draft status prior to confirmation.)
You need to merge the contents of standard RMS SDK installation with the SCL Add-on for Sentinel RMS Package to obtain SCL lease samples, and setup the environment required for the execution of the samples.
To merge the Sentinel RMS SDK and SCL Add-on for Sentinel RMS Package:
1.Unzip the SCL Add-on for Sentinel RMS package (zip archive) by using the password received in the Thales Sentinel Order Secret email.
2.Unzip the Windows-specific SCL Add-on for Sentinel RMS package (Sentinel Cloud Add-On Windows.zip), and copy all its sub-folders (Development, Manuals, Redistributable, and Samples). The contents of Samples folder are shown below:
Interface |
\Sentinel Cloud Add-On Windows |
---|---|
Samples for C |
\Samples\C\ •sntl_lease_sample.MSVS2008.sln •sntl_lease_sample.MSVS2015.mak •sntlcloudp_configuration_[vendor_alias].xml \Samples\C\Src\ •sntl_lease_demo.c •sntl_lease_demo.vcproj •sntl_lease_tool.c •sntl_lease_tool.vcproj |
Samples for Java |
\Samples\Java-Jna\ •build_lease_sample.bat •sntlcloudp_configuration_[vendor_alias].xml •sntl_lease_demo.java •sntl_lease_demo.MF •sntl_lease_tool.java •sntl_lease_tool.MF |
Samples for C# and VB.NET | \Samples\DotNet-Unmanaged\
•sntlcloudp_configuration_[vendor_alias].xml \Samples\DotNet-Unmanaged\C#\ •sntl_lease_demo.cs •sntl_lease_demo.csproj •sntl_lease_sample.sln •sntl_lease_tool.cs •sntl_lease_tool.csproj \DotNet-Unmanaged\VB.NET\ •sntl_lease_demo.vb •sntl_lease_demo.vbproj •sntl_lease_sample.sln •sntl_lease_tool.vb •sntl_lease_tool.vbproj |
3.Go to the folder where RMS SDK is installed, that is: C:\Program Files (x86)\Thales\Sentinel RMS Development Kit\10.x\. Paste the folders copied earlier and confirm to merge the folders.
You need to upload an XML fingerprint file containing information such as IP address, host name, disk ID and so on within Sentinel EMS to associate with the entitlement. The XML fingerprint file can be generated using Sentinel RMS Run-time API. For more information, refer to the API reference guides, which are located under Sentinel RMS guides.
This section explains how to fetch the fingerprints of all the three machines participating in the redundant license pool, which will then be uploaded on EMS UI to be associated with the customer.
Prerequisites
•sntl_lease_tool.exe:Build sntl_lease_tool.exe from Samples in SCL Add-on Package. This tool is required to generate fingerprints. Copy this tool on your machine, where redundant servers are to be set up and execute it.
1.From the SCL Add-on Package, copy sntl_lease_tool.exe file on all the three machines.
2.Run the sntl_lease_tool.exe on each machine to fetch the fingerprints. For example, here the tool is executed to write the fingerprint information in an output file, named as FP.xml.
NOTE For more details on how a sample fingerprint XML file looks like, refer to The Fingerprint XML.
You've created the fingerprint XML file. Next, you will add and associate with the Entitlement created in the previous step.
This section explains how to manage fingerprints for a customer. After a fingerprint is added, it is available for the customer and can be associated with the customer's entitlements and line items.
Perform the following steps on Sentinel EMS portal on which you created your feature, product and entitlement in the previous steps.
1.From the navigation pane, select Entitlements, in the Actions column for an entitlement, click Manage Fingerprints. The Manage Fingerprints page appears.
2.In the Associated Product pane, select the product to which you want to associate the fingerprint.
3.In the Associate Fingerprint pane, click Add Fingerprint. The Add Fingerprint dialog box appears.
Mandatory Attribute | Description |
---|---|
Friendly Name |
A name for the machine fingerprint to make it easier to identify and use the fingerprint file. NOTE It is recommended to enter host name of the machine. |
Fingerprint XML |
A name for the machine fingerprint to make it easier to identify and use the fingerprint file. You can upload the XML file that contains the required information. In this case, you can use the FP.xml, the XML file created in the previous step. |
4.Click Add & Associate. The fingerprint is added for the customer and associated with the entitlement.
The fingerprint is added for the customer and associated with the entitlement:
This section explains how to set up the redundancy configuration file, which will contain the required information of all the three machines participating in the redundancy for this tutorial.
WRlftool is a Windows-interface program that allows you to create and maintain a redundant license file.
Navigate to the location of the utility, and double-click the file to start the program. The tool is available at the path: C:\Program Files (x86)\Thales\Sentinel RMS Development Kit\10.2\Redistributable\Tools.
Prerequisites
•Ensure that all the three machines must be able to communicate with each other in order to form the redundancy.
Perform the following steps to create redundant license file.
1.Launch WRlf tool.
2.From the File menu and select New.
3.To add a new License Manager to the pool, click Add Server.
4.Enter the host name and the IP address of the computer on which that License Manager resides. All the License Managers in the pool must use the IP address to communicate.
5.Repeat Step 3 and Step 4 to add details of all the three machines.
NOTE Once you have added more than one License Manager to the pool, you can select one of the License Managers and click Move Up or Move Down to adjust its order in the pool. This sets it preference order. If the License Manager having first preference goes down, the License Manager with second preference will be elected as the leader, and so on.
6.From the File menu, select Save As.The file will be saved as, lservrlf by default in the selected directory.
7. Add newly created/updated redundant license (lservrlf) to the other redundant servers by copying the lservrlf file into the License Manager installation folder on all remaining redundant servers.
For using the licensed application in the Redundant License Manager in Network Lease Mode, you need to install RMS License Manager on all the machines participating in the redundant license pool. Here, on all the three machines that are set up for redundancy.
Prerequisites
•Ensure that you have administrator rights to install Sentinel RMS License Manager on your machine
To install the RMS License Manager, run the following command:
lservnt.exe –X install
Once this command is executed successfully, RMS License Manager is installed.
NOTE By default, the License Manager gets installed at the following path on Windows 64-bit machine:
<OSDrive>:\Program Files (x86)\Common Files\Thales\Sentinel RMS License Manager\WinNT\
However, you may specify a different path during the installation process.
To see a list of available command-line arguments for the RMS License Manager, execute the command:
lservnt.exe –X help
You need to configure SCP to ensure that the SCP service can fetch licenses from the cloud. To configure SCP, you need to modify the SCP configuration file (sntlcloudp_configuration_<Vendor_Alias>.xml).
To configure SCP:
1.Navigate to the folder containing the SCP configuration file (sntlcloudp_configuration_<Vendor_Alias>.xml).
2.Double click the SCP configuration file to open it, and update the following:
a.Copy the YPS URL Dev from the Thales Sentinel Order emails and specify it in the SCP configuration file. Example:
<YPSaddress value="https://sin01_heppq.prod.sentinelcloud.com/YPServer" />
b.Set Customer ID to the Customer Identifier value that you entered while creating an entitlement. Example:
<Customer id="MyCustomerID" />
c. In the FingerprintFriendlyName element, set the value to the host name of the
<FingerprintFriendlyName value="host_name"/>
NOTE You will also need to setup the proxy configurations if you are working in a proxy environment. For details on proxy configuration, refer to the Sentinel Cloud Licensing (SCL) Add-on Installation and Configuration Guide.
Logging-related Notes
You need to un-comment the following section in the SCP configuration file to enable logging.
<!-- <LoggingSettings> <Logging value ="1"/> <LogLevel value ="1"/> <LogFilePath value ="scp.log"/> <LogFileMode value ="2"/> <LogType value ="1"/> </LoggingSettings> -->
Logging will be enabled in the error mode that you can change as and when required. The log file (.log) is created in the same folder where the SCP executable for network applications is placed.
You need to install SCP as a service on all the machines that are participating in the redundant server license pool.
NOTE You need administrator privileges to perform the steps given in this section.
1.Copy SCP Service (sntlcloudps_[vendor_alias].exe) and the SCP configuration file (sntlcloudp_configuration_[vendor_alias].xml) on the same system where the RMS License Manager is installed.
If you want to place the SCP executable and configuration files at different locations, you can provide the configuration file path in the SCP_CONFIG_FILEPATH_[vendor_alias] environment variable, or as a command-line parameter.
2.Open the command prompt and run the following command to install the SCP service:
sntlcloudps_[vendor_alias].exe –install
3.To verify the SCP installation, open services manager (Run > services.msc), and check the Sentinel Cloud Plugin Service For [vendor_alias] entry in the list of the services installed on the system.
You can start the RMS License Manager service and the SCP service manually on all the machines participating in redundant license pool by using the Windows Services Manager.
NOTE For redundant servers, lease can be fetched only on leader server machine.
To start the RMS License Manager
Before starting the RMS License Manager, ensure that the redundant license file (lservrlf) is copied in the same directory where the RMS License Manager is installed.
Execute the following command to start the RMS server:
lservnt.exe –X start
NOTE The Sentinel RMS License Manager must be installed and running on each server that will host the redundant licenses before starting the SCP service.
To start the SCP service
Execute the following command to start the SCP service:
sntlcloudps_[vendor_alias].exe –start
NOTE If the SCP service is already running, the licenses are fetched according to the renewal frequency defined in the entitlement.