Licensing and Serialization in NetWare 4.1
Articles and Tips: article
Team Leader
Novell Consulting (Europe)
01 Jul 1996
This Application Note discusses licensing and serialization within the NetWare 4.1 operating system. It explains the theory behind licensing, connection types, the watchdog process, and serialization, comparing them with similar concepts in NetWare 3.x. It also covers practical management and administration of licenses in detail.
- Introduction
- NetWare 4.1 Licensing
- Connection Types in NetWare 4.1
- Working with Licenses
- Serialization
- Summary
- Appendix A: Sample Code for SERIALNO.NLM
Introduction
Novell derives revenue from NetWare by licensing the operating system software to end users. To protect against unauthorized duplication or distribution the software, Novell also serializes each copy of the NetWare operating system. While licensing and serialization are fairly uncomplicated issues, questions do occasionally arise from customers, particularly concerning changes that were made in the NetWare version 4.1 release.
To help answer these questions, this AppNote explains the theory behind NetWare licensing, connection types, the watchdog process, and serialization, comparing them with similar concepts in NetWare 3.x. It also covers practical management and administration of licenses in detail.
NetWare 4.1 Licensing
Every copy of NetWare 4.1 is licensed via information obtained from one or more license files supplied on a license disk which ships with the NetWare 4.1 software. This section describes the licensing mechanism used by NetWare 4.1, comparing it with the techniques previously employed by NetWare 3.x to handle licensing.
Licensing Terminology
The following terms are used throughout this AppNote to describe NetWare 4.1 licensing concepts.
License (noun). Authorization to use a service or application.
License (verb). To provide a license to the user of a piece of software.
License file. An encrypted file on the NetWare license disk that contains licensing information.
License disk. A disk supplied by Novell which contains the license files and serialization information.
Connection. A link between a client and server process created to perform some task; for example, a file service connection.
Licensed connection. A connection for which a license is required.
License chain. A complete set of licenses installed on a server.
License count. The number of licenses present on a license disk or in a server's license chain. The number of licensed connections on a server cannot exceed the license count.
The NetWare License Disk
During the NetWare 4.1 server installation process, the user is prompted to insert the license disk. This disk contains an encrypted file which holds the licensing information for the NetWare operating system. Every NetWare 4.1 CD-ROM shipped is identical; it is the license disk which identifies a particular license of NetWare and provides the unique value of the software product. The license disk is available in a number of license counts and configurations, which will be discussed later.
How Licenses Are Used
A connection requires a license to access the file system or print queues on a given server using the NetWare Core Protocols (NCP). This applies whether IPX or IP is used as the transport protocol.
As an example, consider an organization with 150 users and two file servers (server A and server B). If everyone requires access to the files and print queues of both servers, a 150-user license is required on server A and a 150-user license is required on server B. On the other hand, if only 10 users need to use the services of server B, only a 10-user license is required on that server.
Often an organization has one or more servers upon which shared data and/or mailboxes reside for the entire organization. These servers usually have the highest license counts installed. Other servers in individual departments have license counts corresponding to the number of users within those departments.
Connections to servers which use only IPX/SPX or TCP/IP without using NCP do not require a license. An example of this type of application is Novell's NetWare Web Server, which uses TCP/IP for client/server communications. A user does not require a licensed connection when using a browser to access HTML documents stored on the NetWare Web Server. Instead, the Web Server application accesses the NetWare volume on behalf of the client and transfers the resulting files to the user using the HTTP protocol over TCP/IP. Note that if, instead of http:// the file:// protocol is used, a licensed connection is required. In this case, the Web Server is not being used.
Another example is a database application which uses IPX for communication between a graphical front-end and a database server NetWare Loadable Module (NLM) running on NetWare. Again, the NLM running on the server accesses the database files on behalf of the user, meaning that a licensed connection to the server is not required.
The licensing policy for each software application is determined by the individual software manufacturer.
License Counts
The standard license counts offered for NetWare 4.1 are:
5-user
10-user
25-user
50-user
100-user
250-user
500-user
1000-user
Other license counts which may be seen are the 2-user license, which is used only for demonstration purposes and with NetWare Runtime; and the 22-user license configuration, which is provided to Novell Authorized Resellers only as part of a special package. These two license counts are not generally available for purchase.
Additive Licensing
Additive licensing permits multiple individual licenses to be added together to form what is known as a license chain. As an example, a server which requires a license count of 350 could have a license chain consisting of one 250-user license plus one 100-user license.
Note: NetWare 4.0x and NetWare 3.x did not support additive licensing. For example, if an upgrade from 100 users to 150 users was required on a given server, the customer had to purchase a 250-user license for that server.
Checking Licenses with the VERSION Command
The number of allowable licensed connections to a given server is determined by taking the total of all licenses in the server's license chain. You can view the current license chain for any server from the console by using the VERSION command. An example is shown in Figure 1.
Figure 1: The output of the VERSION command displays licensing information.
:VERSION Novell NetWare 4.10 November 8, 1994 (C) Copyright 1983-1994 Novell Inc. All Rights Reserved. Patent Pending - Novell Inc. This server is licensed to: Novell Consulting OEM Identification: 1 Maximum number of License Connections: 150 Current License Chain: Serial Number Connections License Type Version xxxxxxxx 100 MAIN 4.10 xxxxxxxx 50 MAIN 4.10
The field "This server is licensed to" is filled in by the NetWare Software Registration utility ( REGISTER.NLM) as part of the NetWare server installation process.
|
Note: If this field does not contain the correct information ordisplays "( Company Name is Unknown )", you can enterthe correct license information by typing LOAD REGISTERat the server console. You will need to provide your licensedisk and Novell Reseller information to complete theregistration process. |
The "OEM Identification" field indicates the Original Equipment Manufacturer (OEM) who supplied this copy of NetWare. The OEM identification number for Novell is 1.
The "Maximum number of License Connections" field shows the total number of licensed connections allowed by the currently installed license chain, which is displayed under "Current License Chain" on the screen. The information displayed under the four columns is as follows:
Serial Number. This column displays the serial number for each NetWare 4.1 license installed on the server. For a description of the serial number field, see the section "NetWare 4.1 Serialization" later in this AppNote.
Connections. This column shows the number of licensed connections associated with each serial number. The number of connections corresponds to one of the possible license sizes listed earlier in this AppNote (50-user, 100-user, and so on).
License Type. This column indicates the type of license and may be one of three possible values:
MAIN, which indicates the standard NetWare operating system.
SMP, which indicates a Symmetric MultiProcessor version of NetWare. SMP license disks do not have an associated number of connections.
SFT 3, which indicates a System Fault Tolerance Level III version of NetWare. SFT 3 license disks are currently available in configurations of "up to 100 users" and "more than 100 users".
Version. This column indicates the NetWare version of the license which has been installed (4.10 in the example above). The version will usually be the same for all licenses in the license chain.
VERSION Display for a Server With No License Installed
A server with the SYS volume mounted and no license installed will have only one licensed connection allowed. In this case, the output shown in Figure 2 is displayed in response to typing VERSION at the system console.
Figure 2: VERSION command on a server with no license disk installed.
:VERSION
Novell NetWare 4.10 November 8, 1994
(C) Copyright 1983-1994 Novell Inc.
All Rights Reserved.
Patent Pending - Novell Inc.
14-05-96 10:30:46 am: SERVER-4.10-3537
The Main Server License file (MLS.000) could not be found.
Maximum connections has been reduced to ONE.
Connection Types in NetWare 4.1
NetWare 4.1 recognizes three different types of connections:
NOT-LOGGED-IN Connection. This represents a user who has loaded the NETX Shell, the NetWare DOS Requester (VLM), or the NetWare Client 32 components but who has not yet logged in. It also represents a user who has logged out from the server. A user who has logged out will, by default, remain attached via a NOT-LOGGED-IN connection to the server on which his or her default drive was located.
|
Note: The FORCE FIRST NETWORK DRIVE=OFF/ON parameter inthe workstation NET.CFG file can be used to control whichdrive a user has as default after logging out. |
This type of connection does not use up any of the license counts of the server.
Authenticated Connection. This type of connection is seen from users or other NDS objects which have attached to a server, but which are not using the file system. For example, a user on one server may "walk the tree" to view an object located in an NDS replica held on another server. In attaching to the other server (so that browsing is possible), the user makes an authenticated connection to that server. Likewise, a server carrying out NDS synchronization or time synchronization will make an authenticated connection to another server, but will not take up a license on that server.
This type of connection does not count against the number of allowable license connections for the server.
Licensed Connection. This is a connection from a user using the NetWare Core Protocol (NCP) over IPX/SPX or TCP/IP. The user would normally be accessing the file system or print queues of a given server. Every time a MAPor CAPTURE is performed to another server to which the user does not have a licensed connection, a new licensed connection is consumed on that server. This is the only connection type which uses up a license on the server.
Checking Connection Usage in MONITOR
The total number of licensed connections currently in use can be seen from the Current Licensed Connections value on the main screen of the MONITOR.NLM utility (press Tab to expand the General Information window). Network administrators can compare this value with the Maximum Licensed Connections value to determine whether sufficient licenses are currently available. (The Maximum Licensed Connections in MONITOR.NLM is the same as that shown in the VERSIONcommand, as described earlier.)
To view active connections of all types to a server, select the "Connection information" option in MONITOR. You will see a listing similar to that shown in Figure 3.
Figure 3: The MONITOR utility's Connection Information option shows all active connections to a particular NetWare server.
Note how the different types of connections are displayed in this sample screen. The first entry represents a fully authenticated and licensed connection by user Admin. The second entry represents a user running the bindery-based NETX Shell or one who is logged in as a bindery user. The NOT-LOGGED-IN entries represent workstations on which the NetWare client software has been loaded but the user has logged out. The final entry is an server-to-server connection between this server and the ORM-ALTA server. The asterisk (*) indicates an authenticated but not licensed connection.
If you are seeing unwanted licensed connections to servers where connections should not be made, check the user's Default Server property within the NWADMINor NETADMIN utility. Users may be set up to default to servers that they don't really use for file and print services.
Connection Types in NetWare 3.x
NetWare 3.x only recognized two types of user connection to the file server: NOT-LOGGED-IN and logged in (authenticated). Regardless of the type, each connection counted against the license count on the server. Often, the network administrator of a NetWare 3.x network would use a tool such as NLICLEAR.NLM to clear out unwanted NOT-LOGGED-IN connections which would otherwise consume a license on the server.
Clearing Connections via the Watchdog Process
A NetWare server periodically sends packets, called watchdog packets, to check whether a workstation is still "alive." If the workstation does not respond to these watchdog packets within the time period specified by the watchdog-related SET parameters at the server, the server clears the workstation's connection. The watchdog process is useful when users turn off their computers without logging out first, saving licenses by ensuring that these unused connections are cleared.
The watchdog process does not disconnect workstations which may be inactive for other reasons, such as keyboard inactivity, or workstations which have not sent any packets out onto the network cable. The watchdog can disconnect workstations whose power management systems have put them into suspended mode, even though the user may consider the workstation to still be "alive."
The frequency and number of watchdog packets is controlled by the console SET parameters listed below. (Values shown are the default settings. The Variable designation is for the purposes of the calculation which follows.)
|
Variable
|
SET Parameter
|
Description
|
|
A |
SET Number Of Watchdog Packets = 10 |
The total number of packets that will be sent to the work-station before the server decides that the workstation'sconnection should be cleared. |
|
B |
SET Delay Between Watchdog Packets = 59.3 Sec |
The time in seconds between sendingeach of the above-mentioned packets. |
|
C |
SET Delay Before First Watchdog Packet = 4 Min 56.6 Sec |
The period to wait before the first of the watchdog packets is sent. |
Using these three parameters, the time in seconds before an inactive workstation will be disconnected by the watchdog process is calculated by the following formula:
C + (B x A)
In a default configuration, this equation expands to:
4 min 56.6 sec + (59.3 sec x 10) = 889.6 seconds
or 14 mins 49.6 secs, which is usually approximated to 15 minutes.
These parameters can be altered, but the watchdog process cannot be disabled. If you are seeing connections being cleared when they should not be, it could indicate network communication problems. Verify that your workstation and server network adapters are functioning properly and make sure you have the latest available LAN drivers.
To view the watchdog packets on the wire, use a tool such as LANalyzer for Windows and set up a filter to display only workstation and server watchdog packets being exchanged.
To monitor the operation of the watchdog process as it terminates connections, type the following command at the server console:
SET Console Display Watchdog Logouts = On
When a connection is cleared, you will see a message similar to the one shown in Figure 4.
Figure 4: Message displayed at the server console when a connection is cleared by the watchdog.
6-21-96 3:56:50 am: SERVER-4.10-745
User Admin.Novell_Research on station 2 cleared by connection watchdog.
Connection cleared due to communication or station failure.
Working with Licenses
Server licenses are physically distributed as license files on a license disk. This "LICENSE" disk contains two files:
SERVER.MLS, which contains the serialised license.
LICENSE, which describes the contents of the license disk to the installation program.
For most NetWare 4.1 licenses, the file SERVER.MLS is dated November 10, 1994 and is 320 bytes in size. Comparing one license file with another shows no easily recognizable pattern for the contents. This is because the majority of the file contents are encrypted to prevent possible reverse engineering and modification of the licensing information which the file holds.
When licenses are installed, the SERVER.MLS file is copied to the hidden SYS:_NETWARE directory. Here, the first license file becomes the file MLS.000. Files installed thereafter are named MLS.001, MLS.002, and so on. After the license files are copied, the new license count for the server is calculated and stored in the file VALLICEN.DAT, also located in the SYS:_NETWAREdirectory.
It is possible to copy the SERVER.MLSand LICENSE files to the local C drive or to the network for convenience during installation. This is particularly useful if you are installing a server in a remote location (using RCONSOLE) where there is no staff who can physically insert a license disk into the server. If you do this, you must use the F3 or F4 function keys to specify a different path to the license file in the INSTALL program, as explained below.
Installing Licenses
Licenses are installed by the INSTALL.NLM utility as part of the server installation process. The licensing step occurs after the creation and mounting of volumes (see Figure 5).
Figure 5: Prompt to install the license disk in INSTALL.NLM.
If you are not using a license disk, use the F3 or F4 key to choose the path from which the license file should be installed. F3 is used to choose a local path , while F4 (if available) is used to choose a remote path.
Adding a License
To add a license to the license chain after the server has already been installed, load INSTALL.NLM and select the License option. You will see the screen shown in Figure 6.
Figure 6: INSTALL.NLM License option.
Insert the disk containing the license you want to add and press <Enter<. Alternatively, you can press F3 (or F4, if available) to choose a path from which the license file should be installed. The new license will be added to the license chain.
Removing a License
A license may have to be removed if that license is destined to be used on another server elsewhere within the organization. Removal of a license is carried out from the screen shown in Figure 6.
To remove the most recently installed license, press the F8 key. This will remove the license at the end of the current license chain.
To remove a license from the middle of the license chain, you must first remove the licenses which follow it. After you have removed the license which is not required, you can then replace the remaining licenses according to the procedure for adding licenses described above.
To verify that the license has been removed correctly, type VERSIONat the server console.
Replacing a License
A license may need to be replaced if a higher license count has been purchased for a particular server and you will not need the license count of the previous license. For example, following expansion of the network it may be necessary to replace a 100-user license with a 1000-user license.
To replace a license, perform the operations outlined above in "Removing a License" followed by the procedure for "Adding a License" on the same server.
Moving a License to Another Server
To move a license from server A to server B, complete the following steps:
At the console of server A, follow the procedure in "Removing a License" above.
At the console of server B, follow the procedure in "Adding a License" above.
Note that you cannot copy license files directly from one server to another, nor can you copy a license file from the server to a removable disk.
Before removing multiple licenses and/or movinglicenses from one server to another, make sure that youhave all necessary original license disks (or backupcopies of these) before proceeding.
Storing Backup Copies
It is very important that the original license disks and any backup copies be kept well-labelled in a secure location. You may want to maintain copies of the license disks on a server, in which case a structure such as the following is recommended:
SYS:LICENSE\servername1\SERVER.MLS SYS:LICENSE\servername2\SERVER.MLS SYS:LICENSE\servername3\SERVER.MLS
If you have more than one license disk per server, you can use a structure such as this:
SYS:LICENSE\serialnumber1\SERVER.MLS SYS:LICENSE\serialnumber2\SERVER.MLS SYS:LICENSE\serialnumber3\SERVER.MLS
For example:
SYS:LICENSE\17026789\SERVER.MLS
This structure will ensure that identically-named SERVER.MLS files do not get mixed up with one another.
Serialization
Each NetWare license has a 4-byte (8 hexadecimal character) serial number which is assigned by Novell and is unique worldwide. The serial numbers of the installed licenses on a NetWare 4.x server can be viewed from the console using the VERSION command, as shown earlier in this AppNote. To view the serial numbers of all servers on the network, you can use the SNLIST.EXE program which is available from the CompuServe NOVUSERforum library.
The NetWare 3.x VERSION command does not display information about the serial number of the server. However, you can view the serial number from a workstation using the File Server Information option within the NetWare 3.x SYSCON utility. If you would like to view the serial number of a server running NetWare 3.x from the server console, download SERIAL.ZIP from the CompuServe NOVUSERforum library. This contains the file SERIALNO.NLM, compiled from the sample source code listed in Appendix A.
Serialization Packets
To ensure that multiple copies of NetWare with the same serial number are not used in the same LAN/WAN environment, all NetWare servers transmit serialization packets every 66 seconds. These packets are sent to IPX Socket 0457 (hexadecimal) on the destination server.
Serialization packets can be easily monitored using Novell's LANalyzer for Windows or a similar network analysis tool. The serialization packet consists of a standard 30-byte IPX header, followed by 2 bytes that indicate the service type(04 for NetWare servers). This is followed by 4 bytes containing the actual serial number.
Figure 7 shows an example of a LANalyzer trace of serialization packets being exchanged between two NetWare servers, FS3 and FS4.
Figure 7: LANalyzer trace of serialization packets.
Within the LAN or non-switched environment, it is normal to see small quantities of serialization traffic as part of any traffic analysis carried out.
Duplicate Serial Number Detection
If a NetWare server detects a server with the same serial number as itself within the network, the following events occur:
A warning appears on the file server console and is written to the system error log as shown in Figure 8.
Figure 8: Copyright violation warning message.
5-21-96 2:28:25pm: SERVER-4.10-2884 COPYRIGHT VIOLATION! Server "UKB-LIC-1" and "UKB-LIC-3" have the same license (ID # xxxxxxxx).A broadcast message is sent to all workstations connected to that server.
Following several of these broadcasts, the operating system reduces the license count to one on one of the servers having the duplicate serial number.
If this situation has been caused inadvertently, the network administrator will have to reinstall a valid license on the affected server, using the procedure outlined above.
Depending on how they have been configured, certain routers drop serialization packets. This process does not interfere with the normal operation of NetWare. It is done to ensure that transmission of these packets does not bring up switched asynchronous or ISDN links needlessly.
Serialization APIs
Programmers wishing to make use of the serial number within NetWare can take advantage of two API function calls:
NWGetNetworkSerialNumber, which obtains the main serial number of the server to which this call is directed.
NWVerifyNetworkSerialNumber, which allows an application to determine whether a given serial number is being used.
The sample code provided in Appendix A of this AppNote demonstrates the use of the first API call. Software developers can use the second API call to ensure that a particular piece of software is only allowed to run on a NetWare server which has a certain serial number.
Full documentation for these API function calls can be found on the NetWare SDK CD-ROM, available to members of Novell's DeveloperNet service. For information on joining DeveloperNet, call 1-800-RED-WORD (1-800-733-9673) in the United States and Canada, or 1-801-529-5288 elsewhere. Or visit Novell's home page at http://www.novell.comon the World Wide Web.
Summary
This Application Note has described how licensing and serialization operate within the NetWare 4.1 environment. It has also provided information about the practical issues of managing licenses. Future Application Notes will cover the Licensing Services API (LSAPI) and NetWare Licensing Server (NLS) technology, which will be available for use in an upcoming version of the NetWare 4 operating system.
Appendix A: Sample Code for SERIALNO.NLM
/* SERIALNO.C - Get NetWare serial number
SERIALNO NLM 10 Apr 92 MJW
Amended 24 Sep 93 MJW Add CR/LF after each ConsolePrintf
Tested with NetWare 3.x and NetWare 4.1 */
#include <stdlib.h<<
#include <stdio.h<<
#include <conio.h<<
#include <errno.h<<
#include <nwserial.h<<
#include <nwenvrn.h<<
#include <process.h<<
#include <string.h<<
void main( int argc, char *argv[] )
{
int s,structSize,ccode;
FILE_SERV_INFO sbuf;
LONG SerialNo;
WORD AppNo;
char companyName[80], revision[80];
char revisionDate[24], copyrightNotice[80];
char argument[128];
s = GetCurrentScreen();
ccode = DestroyScreen(s);
getcmd(NULL);
structSize = sizeof(sbuf);
ccode = GetFileServerDescriptionStrings(companyName,
revision,
revisionDate,
copyrightNotice);
ccode = GetServerInformation(structSize,&sbuf);&
GetNetworkSerialNumber(&SerialNo,&AppNo);&
ConsolePrintf("\r\n");
ConsolePrintf("Server Name : %s\r\n",sbuf.serverName);
ConsolePrintf("\r\n");
ConsolePrintf("NetWare Version : %d.%d\r\n",
sbuf.netwareVersion,
sbuf.netwareSubVersion);
ConsolePrintf("NetWare Revision : %s\r\n",revision);
ConsolePrintf("NetWare Revision Date : %s\r\n",revisionDate);
ConsolePrintf("\r\n");
ConsolePrintf("Maximum Connections : %d\r\n",sbuf.maxConnectionsSupported);
ConsolePrintf("\r\n");
ConsolePrintf("Serial number : %08x\r\n",SerialNo);
ConsolePrintf("Application number : %04x\r\n\r\n",AppNo);
exit(0);
}
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.