License Manager (License Server)

The Sentinel RMS License Manager is an on-premises network service that enforces and manages licensing in multi-user environment. It keeps track of all the licenses and handles requests from network users who want to run your application, granting authorization to the requester to allow them to run the application, and denying requests when all licenses are in use. Since v10.0 of Sentinel RMS, a cloud-based RMS License Manager is introduced. As a result, the RMS License Manager can be categorized into the following categories:

>On-premises RMS License Manager, called the RMS License Manager

>Cloud-based RMS License Manager, called the RMS Cloud License Manager or RMS Cloud LM

About RMS License Manager

The RMS License Manager usually runs on a computer within the network where users (clients) have installed the licensed application (refer to the diagram below for an illustrated view). It is an integral component of the network licensing schemes that can be implemented with Sentinel RMS, namely server-locked licenses, site licenses and commuter licenses.

Usually the licenses reside on the License Manager in a license file. On startup, the License Manager reads the licenses from the file and creates a license table. Otherwise, these are added dynamically to the License Manager. The dynamically added licenses are only available in the License Manager memory. Once the License Manager is stopped these licenses are lost. Refer to License Loading Behavior on RMS License Manager Restart for details.

You program your application to look for a License Manager with available licenses. When the licensed application is run on a client, a request is sent to the License Manager for obtaining an authorization. The License Manager processes the request (including the task of authenticating the clients, if required) and returns the status to the client. The License Manager maintains each request separately, treating these authorizations as separate clients.

Figure 1: Multiple Clients Accessing the Sentinel RMS License Manager

 

Figure 2: Client Requesting for a Network License

 

RMS License Manager Parameters

Here are some quick facts about the RMS License Manager:

Parameter Sentinel RMS License Manager

Operating Systems Supported

> Windows (32-bit and 64-bit) operating system

>UNIX-based (32-bit and 64-bit) operating systems, including Linux, Mac, Solaris Sparc, x86, AIX, and HPUX

>Linux ARM (32-bit [Hard Float/Soft Float] and 64-bit) operating system.

NOTE   From Sentinel RMS v9.7 onwards, Linux ARM operating system is supported.

For specific versions, refer to the release notes or contact the Technical Support.

Installation
Path

The default installation path on Windows is:

>Windows 32-bit - <Osdrive>:\Program Files\Common Files\Thales\Sentinel RMS License Manager\WinNT.

>Windows 64-bit - <Osdrive>:\Program Files(x86)\Common Files\Thales\Sentinel RMS License Manager\WinNT.

>On UNIX and Linux ARM operating systems, you can place the License Manager executable (lserv) at any chosen location.

Network
Protocol

UDP (User Datagram Protocol) that can support both IPv4 and IPv6 addresses.

NOTE   The IPv6 protocol is not supported for Linux ARM OS.

A client can contact the License Manager using the IPv4 or IPv6 communication protocol. When the License Manager is hosted on a dual stack system, both IPv4 and IPv6 clients can communicate with it, however, not all combinations are supported (see the illustration below for more information).

License Manager Host Protocol Client-side Protocol
IPv4 IPv6
IPv4 Supported Not supported
IPv6 Not supported Supported
Dual stack Supported Supported


Network Port (default)

5093

NOTE   Sentinel RMS License Manager uses port number 5093 and 5099. Make sure these ports are not blocked by a firewall. Otherwise, it may result in unexpected behavior.

Network Reach

Broadcasts within a subnet. Directed calls can access License Manager across subnets.

NOTE   Sentinel RMS is an enterprise-level product functioning within an intranet that is not publically exposed. It is the responsibility of the system administrator on the customer’s site to ensure that the RMS License Manager is set up on a system that is not public. Thales cannot control this setup.

Compatibility

The License Managers may exist on different platforms than the clients running the licensed application. For example, a License Manager running on UNIX may administer Windows clients.

The License Manager provides backward compatibility to previous version clients as well, as shown in the version compatibility matrix below.

Client Version

License Manager Version
9.0.x 9.1.x 9.2.x 9.3.x 9.4.x 9.5.x 9.6.x 9.7.x 9.8.x
9.0.x
9.1.x x
9.2.x x x
9.3.x x x x
9.4.x x x x x
9.5.x x x x x x
9.6.x x x x x x x
9.7.x x x x x x x x
9.8.x x x x x x x x x
Startup
Options
For information about configuring the License Manager (like error and transaction logging and tracing) and License Manager utilities (such as lslic, WlmAdmin, WRlfTool) refer to the Sentinel RMS SDK System Administrator Guide. The system administrators, who will be deploying and administering the License Managers in a network, will require this document.
Failover
Support
Provides License Manager redundancy for up to 11 License Managers.

For information about the redundant License Managers see "Redundant License Managers".

Related Topics:

For information about customizing the License Manager see "Customization Features" in the Sentinel RMS SDK API Reference Guide.

RMS License Manager Compatibility-Mode Library

Starting RMS 9.8.1, the industry-standard RSA algorithm is used to secure the RMS License Manager communication by default. Prior to RMS 9.8.1, a proprietary encryption algorithm was used for message encryption. In case, you still choose to use the proprietary encryption algorithm, you will need to obtain a separate add-on component called the License Manager Compatibility-Mode Library from Technical Support and follow the guidelines on using it.

Guidelines for Using the License Manager Compatibility-Mode Library

The License Manager Compatibility-Mode Library is available only in DLL/shared library formats and is consumed by the licensing library on run-time only.

If you want to use the License Manager Compatibility-Mode Library, overriding the default RSA-based client-RMS License Manager communication, you need to follow the guidelines below:

>When using the static licensing library: Place the License Manager Compatibility-Mode Library at the same location as the licensed application.

>When using the dynamic licensing library: Place the License Manager Compatibility-Mode Library at the same location as the licensing library.

The licensed application will communicate with RMS License Manager using the proprietary encryption algorithm.

License Loading Behavior on RMS License Manager Restart

With the new encryption algorithm in place, now when the v9.8.1 (or later) RMS License Manager is restarted, additional tasks related to key-exchange are performed by the running licensed application. During this interval, the licensed application attempting to contact the License Manager (such as for automatic renewal calls via auto-timer), may return with error 210133 (SNTL_RESOURCE_LOCK_FAILURE). To overcome this, try calling the licensing API again after few seconds.

RMS Cloud License Manager or RMS Cloud LM

RMS Cloud LM is a cloud-based service by Thales to manage RMS licenses on the cloud. This type of deployment is named as the Connected (Cloud LM) deployment mode and provides the following main benefits:

>An extension of the traditional on-premises RMS License Manager providing anytime-anywhere access to licensed applications.

>Automatic license deployment on RMS Cloud LM right after entitlement activation in Sentinel EMS in contrast to the manual license addition and deletion tasks on the RMS License Manager.

>Does not require hardware infrastructure installation and maintenance and thus provides out-of-the-box high availability redundancy.

> Offers secure licensing—protected by JSON Web Token (JWT) type authentication. As a result, RMS licenses can be consumed only after authentication.

>Offers same set of licensing controls for authorizations such as licenses with expiration dates, global concurrency (hard limit or user limit), license sharing, and license aggregation.

>Offers session management for customer's administrators, who can view list of live sessions and terminate them, if required using the Sentinel EMS Customer Portal.

>Entitlement quantity rebalancing across different deployment modes. As a result, you can distribute unused licenses from one deployment mode to another.

>Easier rehosting and revocations without requiring any overheads on behalf of the end user.

>Yields valuable usage data via Sentinel EMS reports.

NOTE   RMS Cloud LM is available to SCL Add-on users only.

RMS Cloud LM supports the following two types of integrations:

Integration Option Description Suitable for
SCP-integrated library A licensing library that provides an easy-to-use Unified API-based wrapper to internally handle the authentication tasks.

>Desktop applications in C, Java, .NET. Refer to the Common Use Cases sections of C, Java, and .NET for a quick snapshot of the APIs workflow.

>Flexible hybrid implementations that allow searching for a license on a standalone system, network License Manager, and cloud—one after other.

RMS Cloud LM REST API

RMS Cloud LM provides a set of new modern REST API for licensing referred to as the Cloud LM services. These licensing REST API make use of the token generated by the token management services for authentication.

Applications written for any language or platform not supported by the SCP-integrated library