- FortLM provides what kind of license types?
- What is a Node-Locked License?
- What is a Serial-Number-Locked License
- What is a Network-Floating License?
- Why is it important to use UUID in a license file?
- How to start FortLM license server automatically when computer starts?
- Can a floating license be used when disconnected from a network?
- Can I share a floating license across facilities between firewalls?
- Can one floating license be shared by multiple users at once?
- Can clients automatically reconnect to the server after server rebooting?
- How many licenses does it use when running multiple instances of a FortLM protected program?
- Windows terminal services
- How to reserve licenses?
- Which FortLM files and utilities should be shipped to your customers?
- Which FortLM parts should be kept internally by software vendors?
- How can FortLM serve more than 1024 licenses On Linux?
- Can I encrypt my private key and use it to sign license files?
- Can FortLm protect against Computer System Clock setback?
- What should I do when I get "System clock has been set back"?
- What about the United States Export Control?
Depending on the value given to the 'HOSTID=' field in a license file, we can have node-locked, serial-number-locked, and network-floating licenses.
A Node-Locked license uses MAC address as the value for its "HOSTID". A Node-Locked license is tied to the Media Access Control (MAC) address of a Network Interface Card (NIC) found on the host. Customers are permitted to install and use the software only on the licensed computers. On Windows platform to achieve portability customers may consider using the MAC address of a USB wireless or wired NIC card. Note the wireless or wired USB NIC card does not need to be "connected" for the licensed software to work.
A serial-number-locked license is a non-node-locked license since it is NOT tied to any computer. In other words, your customers will be able to install and use your software on any computer, provided they install a non-node-locked license file on these computers. This type of license has the same format as a node-locked licenseÂ except the hostID is set to '000000000000' (twelve 0s). In genera,l this type of license can be considered as serial-number-locked.
A Network-floating license uses the MAC address of the licenses server host computer as the value for its "HOSTID". A Network-Floating license contains a special number (SEATS=) denoting the "licensed seats" that customers may purchase to share among different computers. A Network-Floating license is managed by a license server application and customers are permitted to execute a single instance of the license server only on the licensed server host computer. Customers can install the software on any number of computers, but at any time, the total number of computers that can use the software by checking out licenses from the license server can not exceed the number of "licensed seats". Multiple running instances of the software on a computer consume only a single licensed seat. Network-Floating licenses are counted in terms of concurrent users.
FortLM uses UUID field to determine whether a network license file can be started on a license server host computer. That is, two license files with the same UUID can't be both up and running. Only license files with different UUIDs can be started and running at the same time.
Thus it may be very important to use the SAME UUID for upgrade purchases when your customers want to combine their licenses. For example, initially a customer purchased 1 floating license and you issued a single-seat floating license file. Sometime later the same customer is buying another license and the customer also wants to combine the first license with the second license. Now when you issue this customer the new license file with 2 seats Â you MUST make sure you use the same UUID as used in the first license file. Otherwise, this customer will be able to start both license files. If this happens it is equivalent that this customer gets three floating licenses (not two). This, however, might not be a serious problem if the first license file is time-limited and will expire after a certain period of time.
UUID can be thought as globally Unique Serial Numbers. On Windows and Linux you can use 'uuidgen' command to get a UUID as SN easily.
On Windows systems, you can install license serer as a service
On Linux systems, you can run license server as a system script. For example, place the command:
'/path-to/flmserver -f /path-to/my-license-file /path-to/my-vendor-public-key-file &'
You can also create scripts to run it in the desired run levels.
No. The FortLM protected application will terminate itself after 30 to 45 minutes after it was disconnected from the license server and also failed when trying to reconnect.
Heartbeat messages are being sent every a few minutes to make sure the connection is alive.
Yes. If there is firewall in-between the license server listening port must be made accessible for remote clients. This means your administrator must open the port the license server is listening.
Alternatively, you can configure a SSH tunnel. For example, if the license server is running on a host with a private address 192.168.2.2 in your office. At home your customer can build a ssh tunnel using the following command:
ssh -l user sshserver.myoffice.com -L 12345:192.168.2.2:12345
Change the server host in the license file from "SERVER=192.168.2.2" to "SERVER=127.0.0.1", and then one should be able to run the licensed application on their home machines.
If you are using Putty, then create a SSH connection to sshserver.myoffice.com with a tunnel set up as follows:
No. A FortLM floating license may only be used by one user at a time, keeping the number of concurrent users consistent with the number of software licenses your customer purchased.
Multiple running instances of a FortLM protected application originated from the same machine will only consume a single license.
FortLM manages Windows Terminal Service session automatically. For a Node-Locked license: only one remote desktop session access is allowed. For a Network-Floating license: Each remote desktop session consumes a license from its license server. Running multiple instances of a FortLM protected application would still consume a single license.
To reserve a seat for a particular computer, just add its reservation ID in the value of "RESERVE=" keyword. If there are more than one computer needs to be reserved, separate reservation IDs with a comma. For example: RESERVE=reserveID1,reserveID2.
To get a computer's reservation ID, run the following command:
If there is only one MAC address found on a computer, that hostID is returned as its reservation ID. If there are multiple MAC addresses, 'flmid -r' will pick the first MAC address found as its reservation ID. If it is a Windows Terminal session, then the IP address of the remote terminal is returned as the reservation ID of that remote host (terminal).
1) Your application with FortLM integrated with.
2) For node-locked license end user, a node-locked license file.
3) For network floating license end user, a network-floating license file, FortLM license server application (flmserver).
4) FortLM utilities:
flmid: retrieve hostIDs and reservation ID
flmstat: check FortLM license server status
5) Additional Files:
For FortLM .NET: champlmdotnet.dll and champlmcs.dll
1)flmsign utility: only you, the software vendor needs to create and sign your license files.
2)Your private key. This key is used to sign field license files so it's extremely critical to keep it secret.
You can change your private/public key pair used to sign and validate license files when releasing a new version of your software. This way you can prevent non-current customers from using your the latest software.
Yes. You can encrypt a private key using the following OpenSSL command:
openssl rsa -aes256 -in unencrypted_privkey.key -out encrypted_privkey.key
You can decrypt a private key using the following OpenSSL command:
openssl rsa -aes256 -in encrypted_privkey.key -out unencrypted_privkey.key
If you have an encrypted private key, you must provide it when running FortLM license file signing utility:
flmsign license_file private_key password
FortLM uses TCP connections to keep track of licenses in and out. On Linux systems, you may get the error complaining the maximum file descriptor opened exceeds 1025. This is because the maximum file descriptor defaults to 1024 on Linux.
To change the Max file opened error, edit /etc/security/limits.conf, add
user-name-used-to-run-license-server soft nofile 32768
user-name-used-to-run-license-server hard nofile 32768
Yes.You just need to set the flag to check system clock by making a call to enable_clock_check(). See FortLM sample usage included with the distribution.
ForLM is linked with OpenSSL library. OpenSSL's ECCN number is 5D002, and it is subject to exemption TSU per CFR 740.13(e)(1). Accordingly, we re-distribute OpenSSL with FortLM under the TSU exception for publicly available encryption software defined in CFR 740.13(e)(1). If you live in the countries listed in Export Administration Regulations part 740 Supplement 1 country group E:1 (Cuba, Iran, North Korea, Sudan and Syria) we can not export our software to you. Otherwise, FortLM may be exported and reexported to all other countries.