License Manager (also referred to as "Server")
Sentinel RMS License Manager is an on-premises network service that enforces and manages licensing in multi-user environment. It keeps track of all the licenses and handles requests from network users who want to run your application, granting authorization to the requester to allow them to run the application, and denying requests when all licenses are in use.
Since v10.0 of , a cloud-based RMS License Manager is also introduced. As a result, Sentinel RMS now provides:
>On-premises RMS License Manager, called the RMS License Manager or License Manager
>Cloud-based RMS License Manager, called the RMS Cloud License Manager or RMS Cloud LM
About RMS License Manager
The RMS License Manager usually runs on a computer within the network where users (clients) have installed the licensed application (refer to the diagram below for an illustrated view). It is an integral component of the network licensing schemes that can be implemented with Sentinel RMS, namely server-locked licenses, site licenses and commuter licenses.
Usually the licenses reside on the License Manager in a license file. On startup, the License Manager reads the licenses from the file and creates a license table. Otherwise, these are added dynamically to the License Manager. The dynamically added licenses are only available in the License Manager memory. Once the License Manager is stopped these licenses are lost. Refer to License Loading Behavior on RMS License Manager Restart for details.
You program your application to look for a License Manager with available licenses. When the licensed application is run on a client, a request is sent to the License Manager for obtaining an authorization. The License Manager processes the request (including the task of authenticating the clients, if required) and returns the status to the client. The License Manager maintains each request separately, treating these authorizations as separate clients.
|
Figure 1: Multiple Clients Accessing the Sentinel RMS License Manager
|
|
|
Figure 2: Client Requesting for a Network License |
RMS License Manager Parameters
Here are some quick facts about the RMS License Manager:
|
> Windows (32-bit binary that is available for both 32-bit and 64-bit). >For Linux, Solaris Sparc and x86, AIX, and HPUX (32-bit and 64-bit) >For macOS (64-bit) >Linux ARM (32-bit [Hard Float/Soft Float] and 64-bit) NOTE From Sentinel RMS v9.7 onwards, Linux ARM operating system is supported. For specific versions, refer to the release notes or contact the Technical Support. |
|||||||||||||||
| Installation Path |
The default installation path on Windows is: >Windows 32-bit - <Osdrive>:\Program Files\Common Files\Thales\Sentinel RMS License Manager\WinNT. >Windows 64-bit - <Osdrive>:\Program Files(x86)\Common Files\Thales\Sentinel RMS License Manager\WinNT. >On UNIX and Linux ARM operating systems, you can place the License Manager executable (lserv) at any chosen location. |
||||||||||||||
| Network Protocol |
UDP (User Datagram Protocol) that can support both IPv4 and IPv6 addresses. NOTE The IPv6 protocol is not supported for Linux ARM OS. A client can contact the License Manager using the IPv4 or IPv6 communication protocol. When the License Manager is hosted on a dual stack system, both IPv4 and IPv6 clients can communicate with it, however, not all combinations are supported (see the illustration below for more information).
|
||||||||||||||
| Network Port (default) |
5093 NOTE Sentinel RMS License Manager uses port number 5093 and 5099. Make sure these ports are not blocked by a firewall. Otherwise, it may result in unexpected behavior. |
||||||||||||||
| Network Reach |
Broadcasts within a subnet. Directed calls can access License Manager across subnets. Sentinel RMS does not support RMS License Managers with numeric host names. The License Manager may not start on such machines due to external dependencies. NOTE Sentinel RMS is an enterprise-level product functioning within an intranet that is not publically exposed. It is the responsibility of the system administrator on the customer’s site to ensure that the RMS License Manager is set up on a system that is not public. Thales cannot control this setup. |
||||||||||||||
| Compatibility |
The License Managers may exist on different platforms than the clients running the licensed application. For example, a License Manager running on UNIX may administer Windows clients. The License Manager provides backward compatibility to previous-version clients. It is not forward compatible to the higher version clients of Sentinel RMS. |
||||||||||||||
| Startup Options |
For information about configuring the License Manager (like error and transaction logging and tracing) and License Manager utilities (such as lslic, WlmAdmin, WRlfTool) refer to the Sentinel RMS SDK System Administrator Guide. The system administrators, who will be deploying and administering the License Managers in a network, will require this document. | ||||||||||||||
| Failover Support |
Provides License Manager redundancy for up to 11 License Managers. For information about the redundant License Managers see "Redundant License Managers". |
||||||||||||||
|
Related Topics: For information about customizing the License Manager see "Customization Features" in the Sentinel RMS SDK API Reference Guide. |
|||||||||||||||
RMS License Manager Compatibility-Mode Library—v9.8.1 and Later
Starting RMS 9.8.1, an industry-standard secret-key authenticated encryption is used to secure the RMS License Manager communication, by default. Prior to RMS 9.8.1, a proprietary encryption algorithm was used for message encryption. In case, you still choose to use the proprietary encryption algorithm, you will need to obtain a separate add-on component called the License Manager Compatibility-Mode Library from Technical Support and follow the guidelines on using it.
Guidelines for Using the License Manager Compatibility-Mode Library
The License Manager Compatibility-Mode Library is available only in DLL/shared library formats and is consumed by the licensing library on run-time only.
If you want to use the License Manager Compatibility-Mode Library, overriding the default RMS License Manager communication, you need to follow the guidelines below:
>When using the static licensing library: Place the License Manager Compatibility-Mode Library at the same location as the licensed application.
>When using the dynamic licensing library: Place the License Manager Compatibility-Mode Library at the same location as the licensing library.
The licensed application will communicate with RMS License Manager using the proprietary encryption algorithm.
License Loading Behavior on RMS License Manager Restart
With the new encryption algorithm in place, now when the v9.8.1 (or later) RMS License Manager is restarted, additional tasks related to key-exchange are performed by the running licensed application. During this interval, the licensed application attempting to contact the License Manager (such as for automatic renewal calls via auto-timer), may return with error 210133 (SNTL_RESOURCE_LOCK_FAILURE). To overcome this, try calling the licensing API again after few seconds.
RMS Cloud License Manager or RMS Cloud LM
RMS Cloud LM is a cloud-based service hosted by Thales to manage RMS licenses. This type of deployment is referred to as the Connected (Cloud LM) deployment mode and provides the following main benefits:
>An extension of the traditional on-premises RMS License Manager providing anytime-anywhere access to licensed applications.
>Automatic license deployment on RMS Cloud LM right after entitlement activation in Sentinel EMS in contrast to the manual license addition and deletion tasks with the RMS License Manager.
>Does not require hardware infrastructure installation and maintenance, and thus provides out-of-the-box high availability redundancy.
> Offers secure licensing—protected by JSON Web Token (JWT) type authentication. As a result, RMS licenses can be consumed only after authentication.
>Offers same set of licensing controls for authorizations, such as licenses with expiration dates, global concurrency (hard limit or user limit), license sharing, and license aggregation.
>Offers session management for customers' administrators, who can view a list of live sessions and terminate them, if required, using the Sentinel EMS Customer Portal.
>Entitlement quantity rebalancing across different deployment modes. As a result, you can distribute unused licenses from one deployment mode to another.
>Easier rehosting and revocations without requiring any overheads on behalf of the end user.
>Yields valuable usage data via Sentinel EMS reports.
NOTE RMS Cloud LM is available to SCL Add-on users only.
RMS Cloud LM supports the following types of integrations for on-premises applications:
| Integration Option | Description | Suitable for |
|---|---|---|
| SCP-integrated library | A licensing library that provides an easy-to-use Unified API-based wrapper to internally handle the authentication tasks. |
>Desktop applications in C, Java, .NET. Refer to the Common Use Cases sections of C, Java, and .NET for a quick snapshot of the APIs workflow. >Flexible hybrid implementations that allow searching for a license on a standalone system, network License Manager, and cloud in sequence. |
| RMS Cloud LM REST API |
RMS Cloud LM provides a set of new modern REST API for licensing referred to as the Cloud LM services. These licensing REST APIs make use of the token generated by the Token Management Service REST APIs for authentication. |
Applications written for any language or platform not supported by the SCP-integrated library |
For licensing SaaS applications running in a trusted environment, a workflow that authorizes RMS Cloud License Manager REST API using the OAuth 2.0 Client Credentials flow is provided.
