Tech Tuesday: FlexNet Licensing, Part 1

Howdy, folks! Welcome back to another Tech Tuesday. For our US clients, I hope you enjoyed your President’s Day weekend. I certainly did enjoy spending the day with my new daughter.

I’m back in the office and it’s business as usual, now, so I thought I’d take this time to write about the copy protection used by Isograph.

Isograph’s software uses FlexNet Publisher by Flexera Software. This is a very popular copy protection tool, used by many companies, such as Adobe, to maintain copy control. Most companies, it seems, already have a FlexNet license server set up. Some of our users also remember it when it was called FLEXlm or Flexible License Manager, and was developed by Macrovision. Either way, it’s a very commonly-used tool.

Isograph has used FlexNet licensing in our products since 2004, starting with our Network Availability Program (NAP) v1.0. In 2007, with the release of Availability Workbench 1.0, we switched to what is known as FlexNet trusted storage services. Now, the latest releases of Availability Workbench, Reliability Workbench, and Hazop+ all use trusted storage services via FlexNet 11.

See, the FlexNet that most people are used to uses what is known as certificate-based licensing. In this method—used by our legacy programs, such as NAP and AttackTree+, and older versions of Reliability Workbench, FaultTree+, and AvSim+—a license certificate, typically just a text file with a long code in it, is used to activate the software. This text file is created by Isograph based on some information from the computer that the user intended to have licensed. Many software vendors use the MAC address, or network address, but Isograph’s certificate licenses used the “composite host ID” which was based on several internal components of the computer, including the hard disk and network card. This way, the license file would only activate a single computer—the one it was created for. To activate the computer, the license file just had to be placed in the program’s directory.

A typical license file. This identifies the computer for which it was created (the "COMPOSITE=" number), the program it will activate ("FTP" = FaultTree+) the version (11.0) and the expiry date (16-Mar-2014).
A typical license file. This identifies the computer for which it was created (the “COMPOSITE=” number), the program it will activate (“FTP” = FaultTree+) the version (11.0) and the expiry date (16-Mar-2014).

The drawback to certificate-based licensing is that it’s difficult to move the license; it’s generated for a specific machine, so to move the software to another machine, you had to contact Isograph for another license. And because this could be abused, we typically asked for a written statement saying that you would delete your old license when you received the new one. We also ran into a few issues in some cases, where changing the computer’s components would result in the license no longer working. For instance, switching from a wireless to a wired network, or plugging a laptop into a docking station would fool the FlexNet service into thinking that it was now on a different computer, one that had not been licensed.

But as I mentioned, starting in 2007, we moved to FlexNet trusted storage licensing. In this method, rather than you giving us an identifying number from your computer, we simply give you a code called an activation ID. To activate your license, you simply copy and paste this code into the software, and it will connect to our license server over the internet and activate your license. Once this initial connection and activation is complete, no further contact with our servers is needed.

The license activation screen. Just plug in the activation ID we sent to you, press activate, and—Bob's your uncle—the software is licensed. Be sure to hang on to the activation ID, as you'll need it if you want to move the license to another computer.
The license activation screen. Just plug in the activation ID we sent to you, press activate, and—Bob’s your uncle—the software is licensed. Be sure to hang on to the activation ID, as you’ll need it if you want to move the license to another computer.

The advantages to this are many; you don’t need to wait on us to activate or move a license. If you decide you’d rather move the license to another computer, you can do it yourself very simply. It also works well with upgrades. Previously, if you needed an upgrade license, we would ask for written confirmation that you’d deleted your old licenses. Now, you can just return your licenses over the internet, and we’ll be able to see that you’ve done that. In fact, with the latest version of FlexNet publisher, upgrades can be done automatically. We’ll issue you an upgrade activation ID and when you activate it, your previous-version licenses will be automatically returned.

For users without an internet connection, which is common with servers or secure computers, trusted storage licenses can also be activated via request and response files. Basically, the same information that’s sent via a web connection can also be sent via email. You’ll enter the activation ID into the software, and generate a requestXML file, which you’ll email to us. We use this file to create a responseXML file which we send back to you. You’ll process this response file and the license is activated. Licenses can also be returned and re-hosted using this method.

The FlexNet Ops console. From here, we can create an activation ID for you, process a request file to generate a response file, and view the license activation history. We can only tell the date and time that a license was activated or returned, and if it was activated via the internet or request/response files. We can't see any information about the computer that activated it, such as IP address, host name, or your passwords.
The FlexNet Ops console. From here, we can create an activation ID for you, process a request file to generate a response file, and view the license activation history. We can only tell the date and time that a license was activated or returned, and if it was activated via the internet or request/response files. We can’t see any information about the computer that activated it, such as IP address, host name, or your passwords.

And for users with highly-secure computers, from which you can’t remove any files—this is common for top secret government or military contractors—we can still fall back on certificate-based licenses, where you’ll only need to send us the MAC address.

Next week, I’ll talk more about FlexNet license servers, the newest version of the FlexNet publisher server software, and the differences between LMTOOLS and LMADMIN for configuring the server.