Network Lease Mode
For running a licensed application in network mode, SCP is installed as a service on the same machine where the RMS License Manager is installed.
The topics included in this section are:
>(Optional) Specify the Path of the SCP Configuration File
•By Editing the SCP Configuration File
•By Using SCP Command-line Parameters
•By Editing the SCP Configuration File
•By Using SCP Command-line Parameters
•By Editing the SCP Configuration File
•By Using SCP Command-line Parameters
>(Mandatory) Configure Fingerprint Friendly Name
>Which Entitlements are Served?
>(Optional) Configure Version-less Products and Variants
>A Note on Applying Updated SCP Configurations
Unzip the SCL Add-on Package
>Unzip the SCL Add-on package by using the password received in Thales order emails, to extract the Windows-specific package.
>Copy Sentinel Cloud Add-On Windows.zip to the system where the RMS License Manager is installed, and extract its contents to any folder (represented by <extractedfolder>).
NOTE You can extract the installation package to any folder, but we recommend extracting it to the Sentinel RMS installation folder. As an example, the folder path for 64-bit Windows is: C:\Program Files (x86)\Thales\Sentinel RMS Development Kit\9.x.
(Optional) Specify the Path of the SCP Configuration File
The default path of the SCP configuration file is <extractedfolder>\Redistributable\SentinelCloudPlugin (same as the SCP service). You can specify a different path for the SCP configuration file by using the SCP_CONFIG_FILEPATH_[vendor_alias] system-level environment variable.
The precedence of options for picking the SCP configuration file is:
>The configuration file path specified in the SCP_CONFIG_FILEPATH_[vendor_alias] system-level environment variable.
>The default configuration file path.
NOTE
The SCP_CONFIG_FILEPATH_[vendor_alias] environment variable (if defined) has higher precedence than the application directory. The environment variable to pick the configuration file should be set under the system variables for the SCP service to run successfully.
Configure SCP
There are certain settings that you need to configure before installing and running SCP. There are two ways of configuring SCP on Windows:
>By editing the SCP configuration file
>By using the SCP command-line arguments
By Editing the SCP Configuration File
Open the SCP configuration file and modify the following mandatory elements:
Element |
Description |
---|---|
Customer Id |
Specify the ID of the customer defined in Sentinel EMS for whom licenses will be fetched by SCP. For example, if Customer ID in EMS is "Demo", you can modify the element like: <Customer id="Demo"/> TIP
|
YPSaddress |
Specify the URL of Directory Services (DS) which is received in emails from Thales. For example: https://demo-yps.com/YPServer |
Fingerprint Friendly Name | Specify the fingerprint-friendly name that identifies the customer's machine where the application is running. |
By Using SCP Command-Line Parameters
Refer to the section SCP Command-line Options for details.
(Optional) Configure Logging
By default, logging is enabled in error mode. The methods to change the logging settings are given below.
NOTE The log settings defined in the SCP configuration file are applicable only for network mode.
Using the SCP Configuration File
To change the logging settings, you can uncomment the LoggingSettings
section and change the options as per the requirement.
Values of these settings are mentioned in comments in the configuration file itself. For example, if logging needs to be changed from error mode to debug mode, LogLevel
can be changed from ‘1’ to ‘2’.
<!--<LoggingSettings> <Logging value ="1"/> <LogLevel value ="1"/> <LogFilePath value ="scp.log"/> <LogFileMode value ="2"/> <LogType value ="1"/> </LoggingSettings>-->
Specify the name and path of the log file in the LogFilePath
element.
<LogFilePath value ="scp.log"/>
By default, the log file (.log) is created at the same location where SCP executable for network applications is placed.
Using Command-line Options
Refer to the section SCP Command-line Options for details.
Configure Proxy Settings
NOTE The settings defined in this section are required only if the licensed application is running in the proxy environment.
To run a licensed application in a proxy environment, the end customer needs to configure proxy settings for SCP, as defined in this section. For the network lease deployment mode, the proxy settings are defined using the SCP configuration file.
Using the Configuration File
Open the SCP configuration file and modify the following elements:
Element |
Description |
---|---|
ProxyMode |
Proxy connection mode. The possible values are: >1: Indicates that the proxy is disabled. NOTE The licensed application will not connect to the cloud if the client machine is in a proxy environment and proxy settings for SCP are not defined. >2: Refers to the manual proxy mode. In this mode, you need to manually set the proxy settings. >3: Refers to the auto proxy mode. In this mode, the proxy settings are automatically detected. |
Manual Proxy Settings (ProxyMode value="2") |
|
ProxyHost |
Proxy host name or IP address. |
ProxyPort |
Port at which the proxy is running. |
Proxy Credentials (when authentication is enabled in the proxy server) |
|
ProxyUser |
User name for the proxy authentication. |
ProxyPassword |
Proxy password for the proxy authentication. |
Auto Proxy Settings (ProxyMode value="3") In this mode, the proxy settings are automatically detected. There are two automatic proxy detection methods: >WPAD (Web Proxy Autodiscovery Protocol): The proxy detection can be done using either DNS or DHCP discovery methods. NOTE DHCP has a higher priority than DNS. The WPAD-enabled client first uses DHCP to find a proxy server, and if the desired information is not obtained, DNS is used. If the wpad.dat file is not found or if a proxy is not detected while running wpad.dat, no error is returned. Instead, the client tries to connect in a manner similar to when the proxy is disabled (No Proxy). >PAC (Proxy Auto-configuration): The location of the proxy script file is specified in the configuration file. In the auto proxy mode, WPAD takes precedence over PAC.
|
|
ProxyPAC |
Location of the auto-proxy configuration (.pac) file to be used for the proxy detection. Use this option for auto-proxy with the .pac file support. This option takes the URL or path of the .pac file as input. |
Using Command Line Options
Refer to the section SCP Command-line Options for details.
(Mandatory) Configure Fingerprint Friendly Name
A fingerprint-friendly name identifies a machine uniquely for a customer to help in better license management. For vendors selling hardware, the serial number of hardware can be used in the fingerprint-friendly name. For software vendors, either the host name of the machine or any unique string identifying the machine can be used in the fingerprint-friendly name.
While provisioning an entitlement from EMS, it is specified whether or not the machine should be registered with the entitlement or product key, by using the Fingerprint Registration check box of the Flexible License Model screen.
>If the Fingerprint Registration check box is selected, machine registration becomes mandatory for the consumption of the entitlement or product key. For machine registration, the fingerprint information of the machine (in the XML format) is used along with a unique friendly name for the machine.
When the fingerprint registration is mandatory, the fingerprint-friendly name specified in the SCP configuration file must be same as the friendly name registered using EMS.
>If the Fingerprint Registration check box is clear, machine registration is optional. The entitlement is referred to as the non-registered entitlement.
Even when the fingerprint registration is optional, it is mandatory to specify the fingerprint-friendly name in the SCP configuration file. You can specify the host name of the machine in the fingerprint-friendly name.
How to specify the fingerprint-friendly name?
To specify the fingerprint-friendly name in the SCP configuration file, use the FingerprintFriendlyName element. You can use alphanumeric characters to specify the fingerprint-friendly name. Though, it is recommended to specify the host name of the machine in the fingerprint-friendly name.
NOTE Internationalization is not supported in specifying the fingerprint-friendly name.
<FingerprintFriendlyName value="host_name"/>
Example:
<FingerprintFriendlyName value="Your_host_name"/>
Which Entitlements are Served?
The following conditions decide which entitlements are served to SCP:
>If the friendly name specified in the SCP configuration file is already registered in EMS, the entitlements registered with the given friendly name and all the non-registered entitlements for the requested customer, entitlement, or product key are served. When non-registered entitlements are served to the customer, Cloud Connect captures the machine’s fingerprint information and automatically registers it with the entitlement.
>If the friendly name specified in the configuration file is not already registered in EMS, only the non-registered entitlements are served to the customer.
Additional Scenarios
>If a machine requests a license again by using a different and unique friendly name, the cloud considers it a different machine, serves the license, and decrements the Quantity by 1. The Quantity denotes the count of machines on which the licenses can be served.
Let us say, Quantity is 2 indicating that licenses can be served to two machines. The machine M1 has requested a license with the friendly name FN1 earlier. Now, M1 requests the license again with a different friendly name FN2. The license will be served to the machine M1 again. Since the Quantity has exhausted, the license request by any other machine will be denied.
NOTE As explained in the case above, the same machine may consume multiple usage counts, exhausting the quantity. We recommend NOT to change the fingerprint-friendly names assigned to machines.
Also, keep track of the friendly names associated with machines so that license usage can be monitored.
>If after obtaining a license, a machine's friendly name remains same but its locking criteria (which was used to lock the machine to a license) changes, the next license request will be denied. This is because the cloud considers this case as a different machine requesting licenses with a duplicate friendly name, which is not allowed.
Example:
Assume the following:
>Customer name is C1. Machines are M1 and M2. Entitlements provisioned are E1, E2, and E3.
>For E1, the Fingerprint Registration check box is selected. E1 is registered with the machine M1, using the fingerprint-friendly name FFN1.
>For E2 and E3, the Fingerprint Registration check box is not selected. It means E2 and E3 are not registered to any machine.
Entitlements are served s as explained below:
Case 1: M1 requests licenses with the registered friendly name FFN1. E1 is served. In addition, E2 and E3 are also served. (The entitlement registered to this machine and non-registered entitlements for the same customer are served.)
Case 2: M2 requests licenses with a non-registered friendly name FFN2. Only E2 and E3 are served. (There is no entitlement registered to M2)
Case 3: The same machine M1 requests licenses with FFN3. Only E2 and E3 are served.
NOTE Similar to entitlements, you can also choose specific products to fetch licenses. To do so, use the pkid element of the SCP configuration file.
(Optional) Configure Version-less Products and Variants
You can also choose to configure the specific products from which you want to fetch licenses. To do so, use the pkid
element of the SCP configuration file.
The configured products can be of the type default or version-less. For version-less products, you can also configure the specific variants from which licenses are to be fetched by SCP. To do so, use the productvariant
element of the SCP configuration file. Note that default products do not have variants.
The following table lists when it is optional or mandatory to specify pkid
and productvariant
in the SCP configuration file:
Product Type | pkid | productvariant |
---|---|---|
Default | Optional | Not applicable |
Version-less | Mandatory | Mandatory |
NOTE If Entitlement As Whole is enabled and if you want to use product key filtering, you must provide all product keys for the particular entitlement in the SCP configuration file.
Open the SCP configuration file and uncomment the following section:
<!-- <ProductKeys> <ProductKey pkid="" productvariant="" productquantity=""/> </ProductKeys> -->
Specify the product key in the pkid
element and variant in the productvariant and productquantity
element. For example:
<ProductKeys> <ProductKey pkid="0ca278a5-b504-4be3-a969-99d0fc1b9376" productvariant="one" productquantity="1"/> </ProductKeys>
To specify multiple product keys, repeat the <ProductKeys> </ProductKeys>
block for the required number of times. Example:
<ProductKeys> <ProductKey pkid="0ca278a5-b504-4be3-a969-99d0fc1b9376" productvariant="one" productquantity="1"/> <ProductKey pkid="a596d629-dec6-40a6-8d59-ff9db186eaf9" productvariant="two" productquantity="2"/> <ProductKey pkid="b667e123-nov6-40a6-6d23-aa9ab186ab6" productvariant="three" productquantity="3"/> </ProductKeys>
NOTE Quantity decrease functionality introduced in Sentinel EMS v5.3 is supported with SCP clients 5.3 or later.
NOTE EID Filtering is now obsolete
To maintain backward compatibility with SCL Add-on for RMS version 9.2 and earlier, the support for EID filtering using the SCP configuration file has been retained. However, we recommend to use the product key filtering instead of the EID filtering.
Install SCP
NOTE Please note that Admin privileges are required to perform install/uninstall operations.
By using command-line, navigate to the following directory: <extractedfolder>\Redistributable\SentinelCloudPlugin .
To install the SCP service, use the following command:
sntlcloudps_[vendor_alias].exe –install
or
sntlcloudps_[vendor_alias].exe -i
or
sntlcloudps_[vendor_alias].exe -installstart
NOTE The installstart option should be used after the required configurations have been set in the SCP configuration file. Otherwise, the required configurations (such as, ypsaddress and customerid) should be specified as input to the installstart option.
You need to start SCP before it can fetch licenses from SCC. This is covered in the next section.
Command-line Options
Execute the commands from the path where the SCP service is placed.
>To start SCP:
sntlcloudps_[vendor_alias].exe –start
>To restart SCP:
sntlcloudps_[vendor_alias].exe –restart
>To stop SCP:
sntlcloudps_[vendor_alias].exe –stop
>To uninstall SCP:
sntlcloudps_[vendor_alias].exe -remove
or
sntlcloudps_[vendor_alias].exe -r
>To check whether SCP is running or not:
sntlcloudps_[vendor_alias].exe -status
For more details, refer to the section SCP Command-line Options.
A Note on Applying Updated SCP Configurations
If the SCP configuration file is updated while SCP is running, the application restart is required to apply the updated settings.