Incorporating Elan License Manager for NetWare Environments
Articles and Tips: article
Software Engineer
Elan Computer Group
01 Sep 1995
Elan Computer Group, Inc., has now extended support of its Elan License Manager to the IPX networking protocol for Novell NetWare in response to a need for flexible, network-based models. Any software that runs on a Novell network is a candidate for Elan License Manager. To productize an application with Elan License Manager, a developer must create a license code, create a key directory and any-host keys, and install a license daemon. Elan's product is available in binary forms for a one-time fee. Source code is also available.
- Introduction
- Preventing Unauthorized Access
- Floating Licenses and Network Dynamics
- Integrating Elan into Developer Applications
- Developer Integration
- Productization
- Sample Program
- Availability
Introduction
To insure authorized access, appropriate compensation, and user convenience, software developers must address the issue of license management, especially when targeting distribution of their application to multiuser environments. The preference among network administrators for floating license management vs.CPU-based (node-locked) licensing is based on requirements for flexibility, simplicity, and the desire to obtain maximum software usage for the investment.
Elan Computer Group, Inc., of Mountain View, Calif., has built a reputation for license management on UNIX and Windows TCP/IP platforms. The company has now extended support of its Elan License Manager to the IPX networking protocol for Novell NetWare in response to a need for flexible, network-based models.
Elan License Manager controls single or multiuser access to software applications in a single-user or networked multiuser environment. The software's client/server architecture maintains a central database of licenses and activity. Installed on the server as a Netware Loadable Module (NLM) and invoked at system start-up, the license manager verifies valid clients, grants licenses to valid clients, and collects the licenses when the application terminates. Clients can be Windows, Windows NT, WIN32S or DOS machines running with native IPX support.
Any software that runs on a Novell network is a candidate for Elan License Manager, with developers classified into three general categories: those writing an NLM; those with a network-aware application that runs on a PC, but not on the NetWare server; and developers creating a nonnetwork application (e.g. a word processor), but expecting customers to run it on a network. In this latter case, by virtue of using Elan License Manager, the application becomes a NetWare-aware, client/server application.
Preventing Unauthorized Access
Protecting developers from unlicensed client applications is a top priority of Elan License Manager. The license manager includes provisions to address the following security issues:
Running multiple managers on the same server to obtain additional licenses
Running the manager successfully on an unlicensed server
Increasing the number of licenses by cracking the license file encryption
Creating false clients that return licenses or a false manager that issues free licenses
Running an application after its expiration date
The developer's application is protected by a license key generated with Elan License Manager that is only applicable to a specified server. This license key, or "host lock," encodes developer-specified information composed of IPX Address, Host Name, and NetWare serial number. Developers need no longer rely on the "honor system" for software protection, and users are not inclined to overbuy licenses to meet internal requirements. Unlike some other copy protection schemes, Elan License Manager still permits backup copies, changing disks, or reinstallation. And users are not required to install hardware security devices or key disks.
Floating Licenses and Network Dynamics
Elan License Manager is based on a floating-license management model. Contrary to a "one license, one machine" approach, the licenses float on a network and are available to anyone up to a concurrent user count. When the concurrent usage reaches the licensed number, the action taken is predetermined by the developer. Choices include waiting in a queue for a license, listing the current users, or exiting the program with a message. The dynamic nature of the floating license model allows Elan License Manager to offer license management alternatives based on the nature of the NetWare environment and user preference, including the following:
User Based/Concurrent Licenses:per user floating licenses which control the number of concurrent users for an application.
Metered Licenses: license tokens are sold to the enduser. Within the application, Elan License Manager counts down a certain number of tokens by time period, invocations, pages, or some other parameter.
Currency Based Licenses:the developer may assign a varying license value to particular license requests. Instead of requesting one license per invocation, an application requests a number of license tokens based on its "price." A customer with a certain amount of money (license tokens) maypick and choose what to execute. For example, the charge may varywith the speed of the CPU; or the developer sells a set of applications, each with differing values (and sells licenses by volume rather than by invocation count).
Component/Feature Licenses: the ability to license features or components of an application individually. For example, if an accounting package consists of a number of modules (accounts payable, accounts receivable, orderentry, inventory), the developer may use Elan License Managerto distribute the entire package, and license different modules via keys as they are purchased.
Reserved or Excluded Licenses:the user may reserve a number of licenses for designated workstations, groups or people. For example, 10 of 50 available word processinglicenses may be reserved for the word processing department and one reserved for the demonstration room machine. Similarly, usingthe Elan License Manager resource file, a customer may exclude licenses to specific users, group or nodes.
Held Licenses: Rather than returning to the free license pool upon exiting, an application license is marked with the original owner's user and host name, and held for a specified period of time. Ifthe same person requests a license prior to the expiration of the hold period, it will be transferred back. When the hold period expires, the license is returned to the pool.
Shared Licenses: two or more separate, independent applications run by the same user on the same host and the same display may share a license. This differs from normal licenses in that a request for a shared licensewill consume a license token on the first request.
Demo/Timed Licenses: the ability to establish an expiration date on software. This allows shipment of full-feature product demos and trial copies. When a decision to purchase is reached, the user can be assigned a new key with no expiration date, eliminating the need to ship additional software.
Integrating Elan into Developer Applications
When integrating Elan License Manager into developer applications, consider the following:
Salt
Integration of Elan License Manager into an application can usually be accomplished in one day or less. To localize the software to the developer's company under NetWare, several values must be set. The first of these is to select a "salt," which serves as a password to differentiate the copy of Elan License Manager. A developer may pick any salt, a variable length buffer of 8-bit numbers. At least 20 characters are recommended, for example:
\n;\317nw*q@\033g\14\n\r\n\331\243P%\001m
NetWare IPX Socket
The IPX socket, like a TCP/IP port, defines a communications channel. Dynamic sockets are used by default, and individual Elan License Managers are identified by SAP Server Type instead. Thus, the default value of zero should not be changed. If the developer does change it, the nonzero value assigned will be used as the static IPX socket number.
Service Name
The third default to be set is the Elan License Manager service name, defined by elm_service. Elan recommends that the developer change the default service name (elmd) to a name unique to the developer's company (e.g., mega_lm).
ELMHOST
While Elan License Manager applications normally locate the license server automatically, the user may explicitly specify the server host via the environment variable, elm_host. As with the service name, the developer should also change the elm_host default (ELMHOST) to a unique company name.
Host Code
Elan has chosen a cryptographic encoding for the code and key. Both also include checksums and other encoding to further avoid tampering. To lock the code (and keys) to the host, the developer selects a unique combination of information based on IPX address, NetWare serial number, and Host Name. The default host locking (IPX address) can be changed by adjusting the variable, elm_hostcode.
Data Fields
Developers can customize a portion of the license key by adding fields in the elm_vfields structure, along with their length in characters. Typical fields used by developers include
Product release number
Held license count
Capability codes
Sales codes
The following is an example of adding a release number and capability:
struct elm_vfields elm_vfields [] = { "release",2,/* Release: 2.1 stored as 21 */ "capability",3,/*CPU model number: 300, 310, 320, ...*/" (char *) 0, 0 /* Mark end with zeros */
NetWare Server Type
A unique Service Advertising Protocol (SAP) server type must be assigned to uniquely identify the Elan License Manager's service when advertising it over the NetWare network. The default value supplied has been assigned by Novell to Elan Computer Group, and therefore should not conflict with any other vendor's product. However, it will conflict with other Elan License Managers if not changed. Elan recommends that developers obtain a registered SAP Server Type from Novell Developers Services.
Developer Integration
While over 65 routines are available to the developer programmer, Elan License Manager requires only four function calls:
elm_init. Generally the first function called, elm_init automatically locates the server running the Elan License Manager program, elmd. Next, elm_init establishes a connection and initializes the client and server database. If multiple servers are running, elm_init locates the server with available licenses. If redundant servers are running, elm_init will locate the master server.
The elm_host environment may be set to one or more host names, in search or absolute mode. In search mode, the host name(s) are added to the broadcast list. Elan License Manager searches all hosts in parallel and the first host to respond wins.
In absolute mode there is no broadcast. Only the host(s) named are tried in turn until the timeout period expires. Absolute mode is recommended when a specific host is required.
elm_getlicense. Used for requesting a license for feature, the elm_getlicense routine typically responds in one of two ways: ELM-OK for success or ELM_NO_LICENSES when no licenses are currently available. In the latter case, the developer can print a message for the user and either terminate the application with instructions to retry later, or place the user in a wait queue for the next available license. Elan License Manager contains first-in first-out wait queues on a per feature basis. An application may queue for any number of features at a time. Following is an example of an elm_getlicense code fragment:
if ( (X = elm_getlicense (feature, ELM_GETLIC, 0L) ) <)< quit ("%S.\n", elm_message (server, feature,X) );
elm_heartbeat. By performing a notification function at intervals of 60 seconds or so, the elm_heartbeat routine informs the license manager of clients so they are not assumed to be dead. This state, set at a default of three minutes, is referred to as a zombie period. When it is exceeded, the license is returned to the free licenses pool. Ancillary functions of elm_heartbeat include checking for expiration while the process is running and checking for other authorization failures.
An exception handling routine can be initiated only when the client must take some action as a result of the following conditions:
One or more features expired while the application was running
The license server is running in the redundant server model, and there are not enough servers running
A license was lost for a variety of reasons
Network failure
elm_bye. Called just prior to exiting an application, elm_bye causes all licenses acquired by the application to be returned to the free licenses pool and severs its connection with the license manager. If an application fails to issue an elm_bye prior to terminating (perhaps due to a crash) all licenses will be reclaimed, but it may take three to four minutes (or the set zombie period).
Productization
In order to productize an application with Elan License Manger, the developer must take four steps: First, create a license code for the customer's syste. (Two methods of code creation and key distribution are offered: code generation and ready-key.) Second (prior to installing a key) create a key directory, which can be located anywhere on the file system. Third, create any-host keys, those that are not locked to a particular system.These are especially useful for demo versions of developer applications and generally carry an expiration date. Fourth, install a license daemon. After the key file is installed, the license manager elmd should be started on the same machine the code was generated on.
Sample Program
The following is a complete, canonical example of an application using Elan License Manager. For the purpose of clarity, all but the most rudimentary error checking and exception handling have been eliminated.
#define BEAT 60 /* 60 second heartbeat */ char server[ELM_HOST_LEN+1] ; Exception (code, feature) char *feature; { warn ("%s.\n", elm_message (server, feature, code) ) ; } main () { int code; char *feature = A99", *keydir = "/usr/lib/elm", *p;" server [0] = `\0'; if ( (code = elm_init (server, feature, keydir, NULL) ) < 0)< quit ("%s. \n", elm_message (server, feature, code) ) ; elm_heartbeat (BEAT, Exception) ; if ( (code = elm_getlicense (feature, ELMGETLIC, 0L) ) <0)< quit ("%s.\n", elm_message (server, feature, code) ); dosomethinginteresting () ; elm-bye () ; }
Elan License Manager also includes an examples directory with more sophisticated samples.
Availability
Elan Computer Group offers the Elan License Manager in binary forms starting at $5000 for a one-time fee. Source code is also available to developers for further customization. By purchasing the code, developers can enhance the license manager in ways that are not planned by Elan or port to new platforms. Elan Computing Group is located at:
888 Villa Street, Suite 300 Mountain View, CA 94041 Ph 415-964-2200 Fax: 415-964-8588 World Wide Web: http://www.elan.com
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.