License Locking Terminology

Before you learn more about locking licenses, it is important to understand the related terminology.

>Client-locked, Server-locked, Client-server Locked, and Unlocked Licenses

>Lock Selector

>Locking Criteria

>Fingerprint

>Locking Code

>Local License Request Locking Criteria

>Primary and Secondary Locking Criteria

Client-locked, Server-locked, Client-server Locked, and Unlocked Licenses

Sentinel RMS allows locking the licenses to:

>Specific clients - known as client-locked licenses.

>Specific License Managers - known as server-locked licenses.

>Specific clients as well as License Managers - known as client-server-locked licenses.

>None - known as unlocked licenses.

In the diagram below, the various types of locking are displayed:

NOTE   A license can be locked to the maximum of seven (7) clients.

Lock Selector

The characteristics of a computer that can be used for fingerprinting a computer. These can be the standard system characteristics (such as the host name or IP address) or hardware-based characteristics (such as the Computer ID Key) or any custom criteria of your choice (such as the display card).

Locking Criteria

One or more lock selectors form a locking criteria. For example,

>Lock selector 1 = IP address

>Lock selector 2 = host name

>Lock selector 3 = Ethernet address

>The locking criteria = 1, 2, or 3 individually, or in combination.

Fingerprint

The value for the locking criterion. The fingerprint distinguishes one computer from another.

Locking Code

A 16-byte long readable string that identifies a computer. However, this string is actually a 64-bit hash value based on SHA-256 algorithm.

See the screenshot below of the Wechoid utility (a Windows-based graphical utility) for better understanding of these terms.

Illustrating Few of the Locking Terms Using Wechoid

Local License Request Locking Criteria

 

The locking criteria that are useful when network licenses are used on standalone systems as repository, commuter, and grace licenses. For example, the local locking criteria are used for checking out an authorization for a remote commuter license. Thus, the checked out authorization can only be used on the system that meet the local locking criteria requirements.

Local locking criteria can be specified even when the parent network license is unlocked as they will allow further use on qualified local systems only.

NOTE   If the local locking criteria is not defined, then disk ID will be used for locking these types of licenses. However, disk ID may be duplicated in certain scenarios (when hard drives are cloned) leading to the SNTL_CLIENT_ALREADY_EXIST error. The disk ID is unavailable for Android devices as they do not support standard fingerprints. To combat these scenarios, the software vendor needs to use CustomEx. When using CustomEx for local license locking, ensure to register the custom locking callback in your application (refer to the procedure for C, Java, and .NET).

 

The local license request locking criteria has three parts that you can tailor for flexibly making the licenses available locally (on a client system):

>Required: The necessary locking criteria that must be met by the client system. The disk ID and host name are the required locking criteria in the screenshot below.

>Desired/Floating: The desired locking criteria that should be met by the client system. Ethernet address and CustomEx are the desired locking criteria in the screenshot below.

>Minimum required: The minimum number of locking criteria that must be met by the client system to use the commuter/repository/grace license token locally. This number can be greater than or equal to the number of required criteria and less than or equal to total number of criteria.

Primary and Secondary Locking Criteria

For server-locked licenses, you can specify two sets of locking criteria known as primary and secondary locking criteria. The licensed application will run if any of the locking criteria is matched on the License Manager machine.

NOTE   A typical use of primary and secondary locking criteria is to allow fallback for change in the system fingerprint. For example, for a License Manager the Ethernet address can be the primary criteria and the Computer ID Key can be the secondary locking criteria. For high-availability, you can specify primary locking criteria of License Manager 1 and secondary locking criteria of License Manager 2. However, you should do this with caution as it will allow your customers to duplicate the same license on two License Manager hosts. Since the two systems will not be coordinating with each other regarding the number of tokens issued, the number of license tokens available will be actually doubled.

The table below gives some suggested settings for primary and secondary fingerprints:

Suggestion   Windows UNIX Android Linux ARM
Security Option Group 1 Group 2 Group 1 Group 2 Group 1 Group 2 Group 1 Group 2
Computer ID key Disk ID Computer ID key ID PROM Disk ID ID PROM Disk ID ID PROM
Standalone and Network Option Disk ID IP address and Ethernet address ID PROM ID PROM ID PROM ID PROM ID PROM ID PROM
Laptop Option Disk ID IP address and Ethernet address ID PROM ID PROM ID PROM ID PROM ID PROM ID PROM
Backup Option Disk ID Host Name ID PROM Host Name ID PROM Host Name ID PROM Host Name