A Closer Look at Novell Licensing Services in NetWare 5
Articles and Tips: article
01 Jan 1999
If you're wondering how Novell Licensing Services affects you, this article explains how NLS works and how it has changed in NetWare 5.
Novell Licensing Services (NLS) is a network service that helps you monitor the use of licensed applications on a network. NLS is tightly integrated with Novell Directory Services (NDS) by storing licensing information in NDS. The server component is called a License Service Provider (LSP). In general, client workstations don't require NLS software running on the client workstation. Licensing-enabled applications communicate with LSPs by using .DLL files that are installed on NetWare servers.
In NetWare 4, licensing was a proprietary system tied to SERVER.EXE and had limited capabilities for managing and reporting licensing.
In NetWare 5, licensing is not tied to SERVER.EXE. Instead, licenses are stored in NDS and represented by NDS objects. This separation enables more robust management and reporting of licenses, and Novell can change license models without changing SERVER.EXE. NetWare 5 has the ability to support many different licensing models, providing licensing models for the customer as well as allowing Novell to provide license distribution.
This AppNote provides an overview to help you understand key concepts concerning Novell Licensing Services, how NLS works, and how licensing for NetWare is packaged in NetWare 5.
A follow-up AppNote will contain more detailed information to help you install and troubleshoot NLS.
Key Concepts for NLS
Because NLS is integrated with NDS, you need to be familiar with the basics of NDS and understand NDS objects, partitions, and replicas of partitions. (For background information, refer to the glossary in the Reference section on the NetWare 5 Documentation CD-ROM or visit Novell's online documentation at http://www.novell.com/documentation/lg/nw5/docui.)
NLS Concepts and Terms
Understanding the following concepts and terms relating to NLS helps you properly install and maintain licensing on your network.
License Service Provider (LSP). An LSP is licensing software that you install and run on NetWare servers; it is contained in the NLSLSP.NLM program running on a NetWare 4.11 or later server. This is the component that provides the actual licensing service.
LSPs handle requests from NLS clients. The NLSLSP.NLM program responds to requests for licenses or licensing information from licensing clients. It maintains the license certificates, which are stored within NDS.
NLS_LSP_[servername]. This is an object created in NDS when you install NLS on a NetWare server. It is one of the evidences that NLS is installed on a server and that a server is an LSP. The NLS installation process installs the LSP software on the server and creates a corresponding LSP object (NLS_LSP_[servername]) in the NDS tree.
LSP objects are created in the same NDS context as the server running the LSP software (NLSLSP.NLM). For example, if you install NLS on server Puffin, NLS creates an LSP object named NLS_LSP_PUFFIN in the NDS database. Using NetWare Administrator, you can view this object in the same context as server Puffin, as shown below:
The LSP object stores configuration information about an LSP running on the server: a transaction database name, information about how to search for a license certificate (whether to search to the partition root or to the root of the tree), and other associated data.
NLS adds an attribute on the NCP Server object. This attribute points to the LSP so that NLS has a link between the NCP server object and the LSP.
NLS Client. This is software that requests licensing services from LSPs. It runs on client workstations or on NetWare servers and supports four platforms: DOS, 16-bit Windows, 32-bit Windows, and NetWare Loadable Modules.
When you install NLS on a server, all of the files that enable an application to use NLS are copied to the following directories on the server:
SYS:\PUBLIC\WIN95 for Windows 95 clients
SYS:\PUBLIC\WINNT for Windows NT clients
SYS:\SYSTEM for NLM clients
SYS:\PUBLIC for DOS and Windows clients
SYS:\PUBLIC\WIN32 for 32-bit applications
Other than Novell client software, no additional files need to be installed on client workstations. Applications written to use NLS load client libraries that communicate with NLS components running on a NetWare server.
License Certificate Object. This is an object in NDS that represents a license certificate. NLS creates a License Certificate object when you install license certificates for NLS-enabled applications or when you create metered certificates. Information such as assignments and number of units are stored in the object.
Certificates can be secure or unsecure:
A License Certificate is a digital license that is secured by secrets. It is an .NLS file in an envelope. For additional security, NetWare license certificates are digitally signed. They cannot be modified.
A Metered Certificate does not have secrets. It is an unsecure license. ZENworks functions as the NLS client and requests licenses on behalf of applications.
When you view the object in NetWare Administrator, the certificate displays the serial number, as shown below:
When you install a license certificate, you choose the context (location in an NDS tree) for this object.
Activation Key. This is a sequence of numbers and letters stored in a .KEY file that allows you to complete the installation of a license for a product you purchased.
Software vendors provide this key at the time of purchase. Usually, the activation key is included in an envelope (.NLF) file and is automatically installed during installation. However, if the installation program can't locate an activation key, a prompt allows you to enter it.
Envelope. An envelope is a simple method that enables multiple license certificates to be distributed. It is an .NLF file that contains one or more license certificates. A sample envelope file name is 42C1F1D.NLF.
Because multiple license certificates can exist in an envelope, envelopes allow you to install several license certificates at the same time. Envelopes also contain an embedded activation key for license certificates.
In NetWare 5, envelope (.NLF) files replace SERVER.MLS.
License Container Object. This object in NDS contains one or more License Certificate objects (unless you move or delete the certificates). License Container objects are named using publisher, product, and version. For example, a License Container object for Corel WordPerfect 8 could appear as follows in an NDS tree:
When you install a license certificate or create a metered certificate, NLS creates a License Container object and a License Certificate object. (If a license container already exists, NLS places the additional license certificate in that existing container.)
NLS creates two License Container objects for NetWare 5: one for a server base license and one for a connection license. The server base license allows the NetWare 5 server operating system to provide authenticated connections for clients. Its License Container object displays as follows:
Connection licenses allow users to log in and use NetWare services. A License Container object for a server connection license displays as follows:
Each license container has one or more license certificates. The illustration below shows:
A license container and certificate for a server connection license
A license container and certificate for a server base license
Two NLMs. There are two NLMs you need to be aware of when dealing with NLS:
SETUPNLS.NLM is software that configures NLS. It extends the NDS schema, creates NLS objects in the NDS tree, and converts older NLS objects to NetWare 5 objects in NDS.
When installing or upgrading to NetWare 5, the GUI installation program installs NDS and creates the NLS_LSP_[servername] object. However, the GUI installation does not convert old NLS objects to objects in NetWare 5. To convert NetWare 4.11 NLS objects, you need to run SETUPNLS.NLM.
NWCONFIG.NLM replaces INSTALL.NLM. It allows you to set up NLS, install envelopes and additional license certificates, and delete licenses.
Unlike SETUPNLS.NLM, NWCONFIG.NLM does not extend the NDS schema.
During an installation or upgrade to NetWare 5, you might have selected the Install Without Licenses box. Although the installation program did not install licenses for NetWare 5, licensing services were installed and two grace connections were provided.
Policy Manager (Gatekeeper). A policy manager is a program that makes decisions based on requests from a licensing system. It requests a license and decides whether to grant access to licensed services.
You can have policy managers running on the client to support the four NLS client platforms. For NetWare 5, the policy manager is contained in SERVER.EXE and uses LSAPI.NLM to make its licensing calls. (LSAPI.NLM and NLSAPI.NLM constitute the client component. NLSLSP.NLM is the server component.)
NLS Manager. Along with NetWare Administrator, this graphical management utility enables you to monitor license usage and analyze licensing requirements. In addition, the NLS Manager utility allows you to create, customize, and print reports of license usage on your network.
Licensing Catalog Object. This object in NDS periodically scans the NDS tree and stores information about licenses.
NLS does not require a Licensing Catalog object. The NLS Manager utility takes advantage of Catalog Services by using a Licensing Catalog object. This NDS object is set up to search the NDS tree for license containers and license certificates, thereby providing frequently updated information about licensing on the network.
Without a Licensing Catalog object, NLS must walk the NDS tree when you first use NLS Manager or when you update NLS Manager's Quick View. For large networks or networks with WAN links, a Licensing Catalog object enables the NLS Manager utility to provide usage information more quickly.
Two Types of Licensing Models
There are two types of models for providing licenses:
In the Server Connection License (SCL) model, each connection to a server is licensed. For example, if a workstation logs in to four NetWare 5 servers, that workstation uses four individual connection licenses within the NDS directory. NetWare 4 and 5 use this model.
In the Network Concurrent License (NCL) model, each connection to a network is licensed. For example, if a workstation logs in to four servers on a network, that workstation users one connection license. NetWare for Small Business uses this model.
How NLS Works
NLS requires the following:
A properly configured LSP running on a server that has a writable replica
Licenses installed into the NDS tree
You can detect than NLS is installed and configured on a NetWare 5 server by observing the following:
NLSLSP.NLM is running on the server
This licensing services program is installed on a NetWare 5 server when you install or upgrade to NetWare 5. You can verify that NLSLSP.NLP is running by entering modules at the server console.
NLS_LSP_[servername] is a Leaf object in the NDS tree
The following figure represents an NLS_LSP_[servername] object for server Puffin:
A License Container object in the NDS tree
A License Certificate object in the NDS tree
You can view these three objects by using NetWare Administrator.
You need at least one NLS_LSP_[servername] object for each NDS partition that contains a License Certificate object.
Note: You need to have an LSP running on a server with a writable replica. This can be a master or read/write replica. You can run an LSP on servers without replicas as long as they can communicate with an LSP with a writable replica. The server with the writable replica can make changes to the NDS database in the other servers' behalf.
When you install NetWare 5, the installation program:
Extends the NDS schema
(If a previous version of NLS was installed, you need to run SETUPNLS to convert schema information.)
Adds three different object classes: a License Service Provider object, License Container objects, and License Certificate objects.
Communication occurs through NetWare Core Protocols (NCPs). NLS uses NCP extension services.
When the licensing service begins, NLS reads the LicenseServiceProvider attribute and then uses that attribute to find the NLS_LSP_[servername] object.
Three Basic Calls
Three basic calls are made to the licensing system:
An LSRequest allows you to request a licensing unit within the certificate
An LSUpdate is like an "I am alive" packet. It tells the licensing service that a client is still using the licensing unit.
An LSRelease releases the licensing unit.
Example: An Application at a Workstation
As the following list illustrates, LSPs handle requests from NLS clients by interacting with the NDS database.
An application issues a request to the NLS client.
In NetWare 5, for example, the server requests a license on behalf of the workstation that is connecting to the server. The server issues this request to the NLS client.
The NLS client library packages the application's request and submits it to an LSP.
If the client has an existing connection to a NetWare server running an LSP, the client communicates directly with the LSP. If the client does not already have a connection to a server running an LSP, the client searches for an LSP, starting from the user's context and continuing up to the root of the NDS tree, if necessary. The client attempts to connect to the server corresponding to the LSP object found in the NDS tree.
In NetWare 5, for example, the NLS client communicates with the LSP on that server.
The LSP examines the request and determines whether it can fill the request. It does this by checking the user's NDS context for the specific information or license being requested.
In NetWare 5, for example, the LSP searches the server's context for a NetWare license.
If the requested resource is available, the LSP fills the request. If the LSP cannot fill the request, it can check the next-higher context in NDS for the requested resources. The LSP continues to search until it reaches the Root of the partition or the top of the NDS tree, depending upon how the LSP is configured.
In NetWare 5, for example, the LSP searches up the NDS tree for a NetWare license.
The LSP returns status to the client library.
In NetWare 5, for example, if the LSP finds a NetWare license, it returns a successful status to the library. Otherwise, it returns an error code.
The library returns status to the application.
In NetWare 5, for example, the library returns licensing status to the server.
The application determines action based upon license status.
In NetWare 5, for example, the server determines an action. If the license status is successful, the server allows a connection to the server. Otherwise, the server allows a grace connection (if one is available).
Figure 1 illustrates how NLS works when an application at a client workstation requests a license.
Figure 1: How an application requests a license with NLS.
How NetWare 5 is Packaged
New packaging simplifies purchasing and installation processes. You can purchase a basic kit for a server and additional connection licenses that you install into desired NDS contexts.
Also, new packaging takes advantage of the speed and ease that electronic commerce provides worldwide. In some cases, electronic commerce reduces a 90-day waiting period to a 30-minute one.
Licenses for NetWare 5 are available through regular distribution channels (from Novell resellers) and agreements for large account. Although not covered here, special licenses (demo, evaluation, First Look fulfillment, and education) are also available.
For the Regular Distribution Channel
Novell resellers provide you with "off-the-shelf" NetWare. To avoid duplication and simplify packaging, Novell is standardizing its packaging of NetWare products. You can now customize orders by purchasing a NetWare 5 Server Plus 5 Connections kit and (optionally) NetWare 5 Connection Licenses kits.
These kits allow you to install new NetWare 5 servers, upgrade from NetWare 3 and 4, and add connection licenses to existing NetWare 5 servers.
Server Plus 5 Connections Kits. The NetWare 5 Server Plus 5 Connections kit is required. It is the only way to license your server. The Server Plus 5 kit includes:
CDs that have server and client software and documentation
A license diskette that has digital licenses (a server base license plus five connection licenses)
A language-specific installation manual
A registration or Activation Key form
The server base licenses and connection licenses in these kits require a server assignment. The server installation program will automatically assign a server.
If you select Install Without Licenses during the server installation, you can later use NWCONFIG.NLM, NetWare Administrator, or NLS Manager to install the license certificates. If you use NWCONFIG.NLM, file server assignments are made automatically. If you use NetWare Administrator or NLS Manager, you need to set the server assignments manually.
Connection Licenses Kits. NetWare 5 Connection Licenses kits are optional. Because you can purchase combinations of connection licenses that you need, these kits allow flexible configurations for your network. Options include 5-, 10-, 25-, 50-, 100-, 250-, and 500-licenses certificates.
Connection Licenses kits include:
A diskette that has digital licenses for the client connections
A registration or Activation Key form
Information that tells you how to install the license certificates
These connection licenses also require a server assignment. If you use NWCONFIG.NLM to install the license certificates, NWCONFIG.NLM automatically makes file server assignments. If you use NetWare Administrator or NLS Manager, you need to set the server assignments manually.
Example Licensing Scenarios
To help you understand how licenses would be purchased, consider the following example scenarios.
Scenario 1. The VMP Company plans to place 340 employees on a new NetWare 5 network. The company purchases and installs the Server Plus Five kit. The GUI installation program assigns the license certificates to the server.
To provide 335 additional connection licenses, the company purchases the following Connection License kits:
Three 100-licenses kits
One 25-licenses kit
One 10-licenses kit
Using NWCONFIG.NLM, the network administrator installs the additional license certificates, and NWCONFIG.NLM automatically makes file server assignments. (The network administrator could optionally use NetWare Administrator or NLS Manager to install the certificates and manually assign each certificate to a server.)
Scenario 2. The OptionsPlus Company, with 530 employees, plans to upgrade four NetWare 3 servers and provide licenses for 1,070 connections. The company purchases and installs four Server Plus Five kits. The GUI installation program assigns license certificates to the servers they are installed on. Because the connections cannot be shared across servers, the OptionsPlus Company also purchases the following Connection Licenses kits:
One 500-licenses kit and one 25-licenses kit for server ROS (the mail server, so that all 530 employees can connect to it)
One 250-licenses kit and one 100-licenses kit for server GRANITE (to allow 355 connections for Development and Production)
One 100-licenses kit, one 50-licenses kit and one 10-licenses kit for server KNOX1 (to allow 165 connections for employees in Commerce)
One 50-licenses kit and two 10-licenses kit for server IST (to allow 75 connections to the database server)
Using NWCONFIG.NLM, the network administrator installs the additional certificates. (The network administrator could optionally use NetWare Administrator or NLS Manager to install the certificates and manually assign each certificate to a server.)
Scenario 3. The Puffin Company has already installed NetWare 5 on five servers. Because the company is hiring an additional 50 employees, the company purchases five 50-licenses kits.
Using NWCONFIG.NLM, the network administrator installs a 50-license kit on each of the five servers, placing the certificates into contexts accessible to the employees. With the additional licenses on each server, the fifty new employees are able to log in to each of the five servers. (The network administrator could optionally use NetWare Administrator or NLS Manager to install the certificates and manually assign each certificate to a server.)
For Accounts with Agreements
Novell provides various agreements, depending upon the size of the account: Master License Agreement (MLA), Corporate License Agreement (CLA), and Volume License Agreement (VLA).
MLAs are for global organizations. An MLA license is a Server Plus Unlimited Connections license. You can install the license certificate for as many connections as the license agreement allows.
For more information about MLAs, CLAs and VLAs, see:
For a comparison of these agreements, see:
Appendix: Examples of NLS Clients
Example 1: NLS client software on a client workstation
At your Windows 95 workstation you want to use OptionsPlus, an NLS-enabled application. After you click the icon for OptionsPlus, that application loads on your client workstation. OptionsPlus then requests a license. The NLS component (a .DLL file linked to OptionsPlus software) locates an LSP (an NLS component running on a server). That LSP searches NDS for a License Certificate object that has license units available. The LSP responds to the NLS client in OptionsPlus and allows you to use the application.
Example 2: NLS client software on a server
To bring up server Puffin, you load SERVER.EXE, the NetWare 5<MChar<TM operating system. NetWare 5 loads and runs NDS and an LSP, necessary components of an NLS server. Before completing its bootup, NetWare 5 uses NLS client software (an NLM library for NLS) to request a server base license from an LSP (already running on Puffin). The LSP checks NDS for a license certificate. If a license is available, server Puffin is able to run the NetWare 5 operating system.
NLS itself does not enforce licensing. Instead, it tells applications whether a license is available. The application then determines whether the user can use the application.
NetWare purchased through distribution channels has a "hard stop." This means that if no additional licenses are available, NetWare prevents users from using the application (in this case, a connection to the server). (NetWare for MLAs does not have a hard stop.)
Example 3: Metering
A client workstation requests an application that is not NLS-enabled. ZENworks, integrated with NLS, requests a license on behalf of the application. (ZENworks is Novell's directory-enabled, cross-platform networking solution for Windows-based computers.) Depending on the response from NLS, Application Launcher in ZENworks chooses whether or not to load the application. Thus, Application Launcher can be configured as a license requester for applications that are not NLS-aware.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.