Why Software Publishers are Migrating from Certificates to Activations
October 13, 2010
David ZnidarsicVice President of TechnologyFlexera Software, Inc.
Agenda
Benefits of activationsWhen are activations appropriate?When are activations appropriate?Changes to application environment and operations serverMachine virtualization best practicesMachine virtualization best practicesActivation componentsTransactions with customersEnterprise customers’ perspective
2
Terminology
Certificate license right expressed as one or more license lines
Activation structured process for fulfilling a license right
Deactivation structured process for returning a license right
Trusted storage technology necessary to implement deactivation
3
Certificates Philosophy
Rights best managed by license serverTampering of licensed machines cannot be detectedTampering of licensed machines cannot be detectedOperations and license server are control points
ImplicationsNo means to cancel/return non-expiring rightsNo means to cancel/return expiring rights prior to expirationLicense server’s only control of license lifecycle results from
i t t ti ith li d hipersistent connection with licensed machinesLicense lifecycle is linear
4
Activations Philosophy
Rights best managed by licensed machinesTampering of licensed machines can be detectedTampering of licensed machines can be detectedOperations and license server are distribution and transfer hubs
ImplicationsCan cancel/return rights at any timeLicense lifecycle can be controlled without a persistent connection (or any connection) to licensed machinesLi lif l i li lLicense lifecycle is cyclicalNot all license lifecycle phases need to be overseen by publisher
5
Feedback Prior to Activations Support
CustomersFlexibility of certificates is great, but my customers have so muchFlexibility of certificates is great, but my customers have so much flexibility that they get themselves into trouble and then overwhelm my support organization.Fl ibilit f tifi t i t d I h tFlexibility of certificates is great, and I have my customer interactions under control.
ProspectsProspectsFlexibility of certificates is not great, there are too many choices; you’re the experts, just tell me what to do and how to do it.
6
License Lifecycle
Trial useFulfill
GoalsStandardize transition Fulfill
Update (subscriptions)Return (re-deployment / credit)
through lifecycle with minimal or reduced involvement fromReturn (re deployment / credit)
Upgrade (versions / features)Re-host
involvement from publisherMaintain existing flexibility
Emergency useView
7
Improved Customer Experience
Structured interactions between publishers, channel partners, and customers
Uses verifiable transactions instead of hard-to-manage file transfersI f i ll i ll h d i i h li dInterface to install, un-install, change, and view rights on licensed machines guides customerTransactions can even be communicated verballyTransactions can even be communicated verbally
Self-service for all lifecycle eventsIncreased structure does not increase intervention
Optimized for customers’ mobile laptop usageSupports lifecycle even with disconnected sitesTolerates re-configuration of licensed machines
8
Improved Visibility into Customer’s Activities
All transactions can be:Self-serviceSelf serviceVerifiedAudited
Any individual transaction can be allowed to be:Private, but trusted
Bulk fulfills, updates, returns, and upgrades always can be:VerifiedA dit dAudited
9
When areWhen are activations appropriate?
Comparison of Transactions
Transaction Activations Certificates
Trial use Yes Yes, but publisher must be involvedinvolved
Activate (aka fulfill) Yes YesRenew (aka update) Yes Yes
Deactivate (aka return) Yes Yes, but can’t verify
Upgrade Yes Yes, but can’t verify previous version has been deactivated
Transfer (aka rehost) Yes Yes, but can’t verify it’s a move, not a copy
Emergency use Yes Yes, but publisher must be involvedg y involved
View Yes, via publisher’s interface Yes
11
Comparison of Other FactorsFactor Activations Certificates
Customer and channel self-service Yes Limitedmanagement Yes Limited
License management Structured and auditable Customer manages licenses License management transactions in text files
Information from customer Yes, for verifiable d ti ti Noo a o o cus o e deactivation o
Disconnected use(hybrid / borrowing) Better Yes, but…(hybrid / borrowing)
License integrityTolerant blended hostid, better clock wind-back
Single hostid, intolerant blended hostid, clock wind-
detection back detection
12
Frequency of Events Recommends Technology
If average time between lifecycle events is measured in units of
…then recommended technology isevents is measured in units of… is…
minutes or seconds concurrent certificates with persistent minutes or seconds connection to license server
hours borrowed certificates with intermittent connection to license serverconnection to license server
daysactivations with intermittent
connection to license or operations server
weeks activations with no connection to license or operations serverlicense or operations server
13
Changes toChanges to application ppenvironment and operations serverserver
Changes to Application Environment
ApplicationSingle API call can checkout certificates and activationsSingle API call can checkout certificates and activations
License serverSingle license server can serve concurrent licenses and activate licensed machinesSingle license server can load concurrent licenses from certificates or via activationsor via activations
Activation utilityUse Activation API to create component to install, change, and un-Use Activation API to create component to install, change, and uninstall licenses on either or both:
Licensed machineLi hiLicense server machine
15
License Server Availability
Role of license server for activations:License server deploys licenses to licensed machines in advance of their useLicense server does not need to be operational at time of license checkout or while license is being usedcheckout or while license is being usedLicense server only needs to be operational:
At time of activation,At time of de-activation
You reduce reliance on availability of:License server processLicense server machine
You reduce (or eliminate) reliance on the availability of:You reduce (or eliminate) reliance on the availability of:Network connection to license server machine
16
Changes to Operations Server
Activation process best implemented with FlexNet OperationsBuilt-in support for all transactions (on-premise and on-demand)Built in support for all transactions (on premise and on demand)Converting to activations often a result of re-evaluating all license management; therefore, FlexNet Operations often introduced to
ti i itioptimize revenue recognitionActivation process can be implemented with or without FlexNet OperationsOperations
License Generation Toolkit (LGT) can be integrated into your back-office
Single operations server can manage both certificates and activationsN t ti t b t dNew transactions must be supported
17
Machine Virtualization Best Practices
Licensed applicationUse concurrent certificates; the best “virtual” licenseUse concurrent certificates; the best virtual license
License serverDeploy as an application or service
Limit to only a specified physical machineSet ls_allow_vm=PHYSICAL, put a traditional hostid on SERVER line
Limit to any virtual machine running on a specified physical machineLimit to any virtual machine running on a specified physical machinePut a “bare metal” hostid on SERVER line
• Ethernet MAC address or hostname of physical machine
U th f d dUse three servers for redundancyDeploy as a virtual appliance
Set ls allow vm=VM ONLY, put a UUID hostid on SERVER lineSet ls_allow_vm VM_ONLY, put a UUID hostid on SERVER lineUse VMotion or Hyper-V Live Migration for redundancy
19
ActivationActivation Componentsp
Distribution and Transfer Hubs
Activation transactions can be managed between:Publisher-hosted operations and licensed machinePublisher hosted operations and licensed machineFlexera-hosted operations and licensed machineEnterprise-hosted license server and licensed machinePublisher-hosted operations and enterprise-hosted license serverFlexera-hosted operations and enterprise-hosted license server
Publisher-hosted
operations server
Licensed machine(s)
server
Enterprise-hosted license server(s)
Flexera-hosted
or
optionaloperations
server
21
Creating Trust
Must control the installation, change, and un-installation of licensesCreate a license repository only written by publisher’s componentsTrusted Storage – encrypted, bound and anchoredPublisher’s components detect changes they didn’t make:
TamperingCopyingDeletingDeletingRestoring
New “repair” transaction to synchronize trusted store with what isNew repair transaction to synchronize trusted store with what is known in the operations server
22
Components for Node-Locked Models
Licensed Licensedicen
sed
ompu
ter
cens
edom
pute
rLicensed
ApplicationLicensed
ApplicationAPI API
L CoLi Co
XML wrapperFileLicense
Activation UtilityLicenseLicense API
eTrusted Store
License
23
Components for Concurrent Models
Lice
nsed
Com
pute
rLicensed
ApplicationLicensed
Application
Lice
nsed
Com
pute
r
pp
License License
APIAPI
Lice
nse
Ser
ver
Lice
nse
Ser
ver
License Server
License Server
LL
FileLicenseLicense
XML wrapper
LicenseActivation
Utility API
eTrusted Store
License
24
Compatibility
Licensed Application
LicenseServer
Lice
nsed
Com
pute
r
Lice
nse
Ser
ver
FileLi
FileLi
API
eTrusted Store
LicenseLicense
eTrusted Store eTrusted Store
License
eTrusted Store
LicenseActivation
UtilityAPI Activation
UtilityAPI
License
XMLXML wrapper
License
25
Compatibility (without application activation utility)
Licensed Application
LicenseServer
API
APILice
nsed
Com
pute
r
Lice
nse
Ser
ver
FileLi
FileLi
API
eTrusted Store
LicenseLicense
eTrusted Store eTrusted Store
LicenseActivation
Utility
eTrusted Store
LicenseAPI
License
XMLXML wrapper
License
26
TransactionsTransactions with
Customers
Transactions with Individual ComputersPublisher Channel Consumer or Enterprise
S CP t l Licens
XML or Short CodePortal
FlexNet
sed Com
Portal XML Sh t C d
XML or Short CodePortal AP
I
Operations
mputer
Network*
Portal XML or Short Code
Network
* Network communicates the same XML as can be sent off-line
28
Transactions with Multiple ComputersPublisher Channel Enterprise
P t l XML LicensedC
omputer
XMLPortal AP
ILice
XML
Network*
FlexNetXML
ense Se
Portal
XMLPortal
Operations
Network*
XML
erver
LicensedC
omputer
AP
I
XML
Network*
Portal
Network rNetwork
* Network communicates the same XML as can be sent off-line
29
XML Wrapped around Certificates
30
Short Code Refers to Already Deployed XML
Example short code = 218656551957094464245011Example short code = 218656551957094464245011
31
Single or Composite Transactions
Communications can contain one or more transactionsUpgrade can occur in one round tripUpgrade can occur in one round trip
No round trip for de-activation, then additional round-trip for re-activation
Initial activation can occur in one round tripNo round trip for setup, then additional round-trip for activation
Composite transactions only supported by XML between:Operations server and license serverOperations server and licensed machineOperations server and licensed machine
32
Enterprise’s Perspective
Help me stay in complianceGive me a consistent view of my license linesGive me a consistent view of my license lines
lmadmin and FlexNet Manager give view into license pools already loaded into license serverRequirement for visibility on licensed machine might be cry for visibility from operations server
Allow me to change and reorder license linesAllow me to change and reorder license linesClaim that certificates are sometimes not accurate
Allow me to use concurrent licenses on disconnected laptopsAllow me to use concurrent licenses on disconnected laptopsAllow me to continue to report on my license usage using FlexNet Managerg
33
Activations Summary
Improved customer experiencePublisher visibility into mostPublisher visibility into most transactions even through channel tiersCustomer and channel visibility into all transactions and current statestateCan still support certificatesCompliance assuranceCompliance assurance
34
Thank You
David ZnidarsicDavid ZnidarsicVice President of Technology 2860 De La Cruz Blvd,
Santa Clara, CA 95050
[email protected]@flexerasoftware.comDirect: (408) 642–3900 Cell: (408) 881–4834
www.flexerasoftware.com
35