Virtualization FlexNet Publisher Whitepaper
Virtualization FlexNet Publisher Whitepaper
Virtualization FlexNet Publisher Whitepaper
Based upon two Flexera Software-hosted virtualization summits, participating customers recognize their organizations must answer some the following questions: 1. Have we defined a virtualization policy and has this policy been communicated to our customers? Can we use the same policy as we do for the physical hardware environment? 2. How many of our customers are using virtualization today? Is there a compliance problem and can it be quantified? What virtual platforms are our customers using and in combination with what OS platforms? 3. Are there new markets available because of virtualization (e.g., time rental via SaaS)? 4. What specific problem do we want to solve (e.g., Piracy, compliance, or both). Are we concerned with intentional vs. unintentional overuse? 5. Should pricing be based on physical or virtual resources (sub-capacity pricing)? 6. Should alternate pricing models be defined to license in virtual environments? Should we charge more based upon the additional virtualization test matrix involved? Is there a market to charge less for limited capability? The results of a limited virtualization survey conducted during one of the aforementioned virtualization summits are summarized below.
As reported in the FORRESTER white paper entitled x86 Virtualization Adopters Hit the Tipping Point, November 30, 2007
Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses
As can be seen from these tables, most of the software producers surveyed indicate their organizations have not defined and communicated their virtualization policy. While most have not quantified a specific compliance problem around virtualization, it is recognized the potential for overuse is there and must be solved. Finally, most customers intend to initially apply traditional licensing and pricing models to virtual environments.
Survey Results
Question 1: Has your company defined and communicated your virtualization policy? Yes We are in process of creating a policy, but it is not complete. We have not started on a virtualization policy. I dont know. % of Votes 21% 21% 42% 14%
Question 2: Have you quantified a compliance problem around virtualization? We have quantified a compliance problem and need to solve this problem. We have not quantified a compliance problem, but we want the ability to enforce our license policies in virtual environments. We dont care about enforcing or monitoring compliance around virtualization. I dont have an opinion at this time.
Question 3: Have you defined new ways to monetize your software around virtualization? No, we will use existing licensing and pricing models. No, but we have started to discuss this. Yes, we have defined new models to better match our software usage within virtual environments. I dont know.
Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses
The most commonly known virtualization technology is virtual machine technology. However, there are other types. Here is a partial inventory of those types, the vendors who supply the technology, and a summary of the software licensing issues.
Remote Control
Virtual Machines
With virtual machine technologies, each operating system instance on a physical machine is made to believe its the only operating system running on that physical machine. These technologies do this by virtualizing (abstracting) the machines hardware components, one virtual machine instance per operating system instance.
(Also known as KVM over IP) One person can control the host computer at any one time. The keyboard and mouse connected to the host computer and to each of the guest computers can be active simultaneously and thus compete to be the source of input. Keystroke and mouse events from these different input sources can be interleaved. Also, the video of each computer displays the same single desktop. Therefore, these solutions are not intended for multiple guest computers to share the resources of the host computer at the same time. Remote control solutions do not represent a security vulnerability to license management systems. The ability to remotely control a host computer does not enable a dishonest user to run more instances of licensed software than they could already run if they were using the KVM attached to the host computer. Therefore, this document will not further discuss remote control technologies. The remainder of the document will describe Flexera Softwares approach to providing our software producer customers the tools necessary to deal with licensing within virtual machine (server virtualization) environments using FlexNet Publisher.
With application isolation technologies, each application instance running on an operating system instance is made to believe its the only application running on that operating system. These technologies do this by virtualizing the operating systems file system (and registry on Windows), one virtual file system (and registry) instance per application instance. Some application isolation technologies also isolate the operating systems global namespace, so objects like semaphores are not shared between application instances. All other operating system services are shared between isolated and non-isolated application instance.
Terminal Services
With terminal services, one terminal server machine supports multiple user sessions. Each user session encapsulates the desktop environment of one remotely logged-in user. Each user is made to believe they are the only user on that machine.
Vendor/Products VMware: Workstation, ESX; Microsoft: Hyper-V, Virtual PC/Server; Citrix: Xen Server, Desktop; Parallels: Desktop and Server (Mac), Server (Linux), Workstation (Windows and Linux); Sun: Zones; IBM pSeries: LPARs; HP: VPars, Integrity Microsoft: App-V; VMware: ThinApp; Microsoft: Terminal Server; Citrix: Presentation Server; Sun: Secure Global Desktop GoToMyPC, PCAnyWhere, VNC
Application Virtualization
Affects licensing
Terminal Services
Affects licensing
Remote Control
No affect on licensing
Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses
Software producers licensing policies and approaches range from compliance for trusted customers to enforcement for markets that pose more risk of intentional overuse or outright piracy. Traditional licensing models that bind the license server or application to the physical machine have worked well over the years. As software producers know, any software license can be exploited by a determined hacker. However, traditional license enforcement technologies, design practices, and processes do a good job at keeping honest customers honest and to discourage the casual exploiter. Virtualization technologies have changed this landscape by making it very easy to create multiple virtual machines on a single physical machine. While the advantages of machine virtualization are obvious and enticing for the enterprise customer, this technology poses challenges for the software producer using traditional license enforcement. This is because virtual machines can be configured to have the same attributes (e.g., MAC address, port number, IP address, etc.) that match an existing license file. While the risk is low for widespread piracy of a licensed application, there is potential high risk of the license server being replicated on many virtual machines making available many more entitlements than were purchased. This situation is depicted in Figure 2 below.
License Server Bound to Physical Hardware is Hard to Replicate License Server Bound to Virtual Hardware is Easy to Replicate
challenges and approaches to mitigate this risk. Our customers tell us that they want to apply traditional license models to virtual environments. This approach is important in order to maintain backward compatibility with legacy clients deployed at many end user locations. The challenge for Flexera Software and FlexNet Publisher is there is no universal method to detect and interface with the multitude of virtualization platforms available today. To resolve this challenge, Flexera Software has engaged in dialogs with multiple virtualization vendors to define a supported interface method between FlexNet Publisher and their platforms. Flexera Software has also developed a Virtualization API specification in collaboration with several virtualization vendors. This standard will provide a uniform interface method that will allow FlexNet Publisher to more rapidly support those virtualization platforms that adopt this standard. Other vendors have developed their own APIs and architectures to accomplish this interface (although with varying degrees of complexity, effectiveness, and overhead).
Flexera Softwares virtualization roadmap for FlexNet Publisher enables the software producer to establish an enforcement strategy based upon the level of trust they have with their customers. The trust range is graphically shown Figure 3 below.
STRONG
WEAK
NONE
Guest OS Guest OS
Permission: Allow
LICENSE SERVER
LICENSE SERVER
Guest Gues Gue t OS Guest O ue Guest OS Guest OS st t LC LIC N LICENSE CEN Guest OS SERVER SE V ERV E
LICENSE SERVER
Over the past several years, Flexera Software has collaborated with many software producer customers as well as virtualization vendors about license enforcement
For markets or customers where no trust exists, the publisher can detect the presence of virtual machines and decide not to allow the license server to run or not to issue a license to an application that is installed on a virtual machine. Referring to the above diagram, permission to run on a virtual machine (VM) would be denied, therefore, no binding and reporting would come into play. This approach is perhaps the safest for the producer and may be justified for risky markets. However, the reality of enterprise virtualization and the affect on customer satisfaction that may result must also be considered.
Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses
For markets or customers where strong trust exists, the publisher can first detect the presence of a virtual machine and then bind the license server to the Universal Unique Identifier (UUID) of the VM container. Likewise, the license file for an application can also be bound to the UUID of a particular VM container. While it is true that UUIDs can be replicated and applied to additional virtual machines (either on the same or on different physical machines), virtualization management software is almost always present (such as VMwares vCenter) that will detect this condition and issue system errors until this situation is corrected. In this scenario, permission to run on a VM is granted but VM container binding is also enforced to increase confidence that license entitlements are not replicated on additional virtual machines. With this approach, the end user of the license can take full advantage of the advanced VM functionalities like high-availability and fault tolerance, since the licenses can be moved from one physical machine to another without failure. The FlexNet Publisher report log contains both virtual and physical platform data and license checkout denial information. For those markets and customers deemed to be in the middle of the trust range, the publisher can detect the presence of a virtual machine and then bind to a physical hardware element (or combination of elements) of the host machine (e.g., MAC address). Included in binding is a mutex locking mechanism to ensure the license server is not copied and able to issue licenses from a second VM on the same hardware platform. In this scenario, permission to run on a VM is granted but physical binding is also required to increase confidence that license entitlements are not replicated. The report log will contain virtual and physical platform data and license checkout denial information. This approach is more secure than VM container binding, but will not support use cases such as high-availability or fail-over where the VM will move from one physical server to another. The software producer must first answer some of the questions presented at the beginning of this paper to quantify the problems they want to address and then determine the appropriate license enforcement response for the markets and customers they serve.
Care is taken such that false positives are not generated for virtual machine detection, while at the same time ensuring these techniques are not easily defeated. Once the software identifies that it is being run on a virtual machine, the software producer can implement within their software an appropriate action based on a defined virtualization policy. Some of the business policies that can be enforced include the ability to: 1. Refuse to start the license server in a virtual environment. 2. Refuse to enable a particular feature of the application in a virtual environment. 3. Restrict a software feature to be functional only in a virtual environment. The following segment describes some use cases where the virtual machine detection capabilities can be useful and the FlexNet Publisher syntax needed to implement the desired capability: 1. Software Producer A deploys only a served licensing model. They market low-volume, high-cost software and both casual and intentional piracy is a big concern for them. They do not want their license server to be deployed in a virtual machine due to the ease with which this can lead to license over usage. They will instead require their customers to locate their license server on a physical machine within the data center. This is implemented by the software publisher by setting a compile time switch within the license server customization code. Specifically, within the file lsvendor.c the following variable setting is made and the license server is built: FLEX_VM_TYPE ls_allow_vm = PHYSICAL; /* Restrict VD to a physical m/c only */ 2. Software producer B deploys both served and unserved licensing models. Certain features of their application cannot run on virtual machines (e.g., they require connecting a measurement instrument using a USB port that is not supported on a virtual platform). They would like to disable these features on virtual machines while at the same time allowing the other product features to function on both virtual and physical platforms. This is implemented by the software publisher by using the license file keyword VM_PLATFORMS on the FEATURE line as shown below: FEATURE measure_voltage admld 2.5 01-jan-2012 4\ VM_PLATFORMS=PHYSICAL SIGN=00E3
FlexNet Publisher offers license enforcement options based on virtual machine detection. This release incorporates a number of published techniques to identify virtual machine platforms to allow the FlexNet Publisher vendor daemons and FLEX-enabled applications to identify if they are being run on a virtual machine. While the techniques implemented allow the detection of a number of different virtual machine platforms, this release specifically supports the VMware ESX Server and Workstation products.
Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses
3. Software producer C deploys their software primarily using the unserved, node-locked license model. They are concerned about software piracy, particularly with their non-enterprise users and would like to restrict their software to physical hardware. However, they do want to support certain trusted enterprise customers who want to use their software on virtual machine instances. In short, they want to control the ability of their software to function on a virtual machine (or not) via the license file. This is implemented by the software publisher by using the license file keyword VM_PLATFORMS on the FEATURE line as shown below and granting these licenses on a case-by-case basis: FEATURE ultraplot admld 3.5 01-may-2011 4 \ VM_PLATFORMS=VM_ONLY SIGN=00E3
Over usage can still happen if multiple instances of a virtual machine, running on the same physical machine, are used to run the license server. To eliminate this condition, a facility that will enforce a mutex lock is needed so only one instance of a license server (of one software producer) is being run on a given physical machine. FlexNet Publisher v11.8 will provide both bare metal binding and mutex locking. These two technologies are depicted in the solutions shown in figure 4. This approach provides advantages to both the software producer and their enterprise customers. The software producer has reasonable assurance of a relatively secure licensing solution, while the license administrator can deploy the licensing solution in a data center with virtual machine installations. The following segment describes some use cases where both virtual machine detection and bare metal binding capabilities can be combined using FlexNet Publisher features and syntax to implement more robust license enforcement capability: 1. The example of Software Producer A deploying only a served licensing model described in the License Enforcement Using Virtual Machine Detection section above is expanded upon. Using the new capability available in FlexNet Publisher the producer can expand upon the virtualization detection implemented previously to include bare metal binding and mutex detection for additional license enforcement capability, while not having to build different versions of the license server. This allows the producer to selectively relax their requirement of a license server only running on a physical machine on a case-by-case basis for increased customer satisfaction. This is implemented by the software producer by using special hostid keywords on the SERVER line in the license files introduced in FNP. These hostid types specify: a) the platform type that the license server is authorized to run on, and b) the hostid type. Some examples are shown below: Example 1: To restrict the license server to VMware ESX server and to use the Ethernet address of the physical hardware, specify:
As discussed earlier, binding the licenses to virtual machine hardware may lead to license over usage due to the ease with which the virtual hardware can be replicated. To reduce the possibility of license over usage in markets where weak trust exists, binding the licenses to physical hardware elements is recommended. In this method, the license server (or the client applications) running on virtual machines will bypass the virtual hardware and establish bindings with the host system (or the bare metal). In this situation, even if the virtual machine in which the license server is running is later copied, the bindings break rendering the license server inoperable. While the bare metal binding solves the problem of a license being copied from one physical host to the next, it doesnt eliminate the possibility of over usage.
Bare Metal Binding Makes t he Licenses Hard to Copy Bare Metal Binding wit h Mutex Lock Prevents Mult iple Instances of t he License Server on t he Same Physical Box
Guest OS VM Hypervisor
Guest OS
L LICENSE S SERVER
Guest OS
G Gu t O Guest OS
Guest OS
LICENSE SERVER
G t Guest OS
LICENSE SERVER
SERVER this_host VMW_ETHER=1234 Example 2: To restrict the license server to a physical machine and to use the IP address of the machine as the hostid type, specify:
Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses
In situations where strong trust exists between software producers and their customers, it may be desirable to define a more flexible binding method that can be included within a licensing policy. FlexNet Publisher v11.8 will provide the capability to bind the license server to the UUID of the virtual machine container. As previously stated, while it is recognized the UUID can be replicated and applied to additional virtual machines, virtualization management software (that is almost always present) ensures the UUID is unique on the network.
The FlexNet Publisher Trusted Storage solution presents its own unique challenges related to license over usage in a virtual environment. The affected functionalities are three-fold: Anchoring Binding Machine Identification Activation Transactions These topics are discussed in a little more detail below. The Trusted Storage technology uses system anchors to identify if the trusted storage has been restored from a backup or overwritten. These are really links to one or more system identifiers that cross-check the integrity of the Trusted Storage file with the system. Different anchor types are used on different operating systems, with some anchors being much harder to spoof by a user than others. However, a Trusted Storage solution running on a virtual machine only has access to the virtual anchor types, which can be reverted back quite easily. This affects the trial anchors implemented by the Trusted Storage solution, with the result that the trials can be retaken endlessly. The solution to this problem would consist of storing the anchor information on the physical host of the virtual machine. The license rights that are held in Trusted Storage are locked to a system to prevent them from being transferred illegally to another system. This is referred to as binding and the system characteristics use for the binding are referred to as binding identities. The problem with virtual machines with respect to binding is similar to that of License File based licensing that the binding identities too easily duplicated when you copy a virtual machine. The solution to the problem is also the same use the physical binding identities instead of the virtual ones. The Trusted Storage activation technology relies upon uniquely identifying a machine (using UMN values) when performing transactions with the activation server (such as the FlexNet Operations). This is required so that in case of a repair or return transaction, the activation server can ensure that the same machine that has activated the original license is involved in these transactions. With the virtualization technology, it is very easy to setup multiple machines that look to be the same hence resulting in license over usage. The solution, once again, would rely upon using physical elements for machine identification in combination with virtual machine identities.
VM5 UUID=BBB
Allowing the enterprise customer to bind to the UUID of the virtual machine container will allow them to support the license server and the flexibility to take advantage of other advanced virtualization management capability (such as a high-availability configuration) providing greater flexibility and security to their operation. This is implemented by the software producer by using special hostid keywords on the SERVER line in the license files introduced in FNP v11.8. For example, To restrict the license server to VMware ESX and to use the UUID of the virtual machine instance, specify: SERVER this_host VMW_UUID=1234
License enforcement in virtualization environments is only one component of an end-to-end entitlement and compliance management (ECM) solution.
Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses
In addition to the concerns and approaches presented to address license over usage, there are other considerations related to license life cycle activities that may have a bearing on a software producers virtualization policies. For example, a software producer may want to gather data on how many of their products are being used on physical machines vs. virtual machines. Such data would be invaluable to better understand markets and specific customers so these usage patterns can be evaluated as new licensing models are considered for virtualization deployments. This information would also help the software producer ensure their support staff is appropriately trained to handle real-world customer deployments. Gathering of such data can be easily achieved if the license activation server (such as FlexNet Operations) actively logs the platform type on which the license rights are requested. Similar logging of the platform data can be done on the license user side via the report log files generated by the FlexNet Publisher license servers. These report log files can then be analyzed using FlexNet Manager to extract the virtual platform related statistics.
software runs on a virtual machine. For example, one new capability available in VMwares vSphere 4.0 hypervisor and management toolset is the ability to dynamically allocate virtual CPUs (vCPUs). This capability will further play havoc with CPU based licensing. Research by software industry analysts substantiate the industry trend away from hardware based licensing models toward usage based models such as subscription and SaaS.2 As has been presented in this paper, the fundamental byproduct of virtualization technology serves to remove the time-honored hardware hooks and metrics that producers have depended upon to secure and monetize their software. FlexNet Publisher will provide the tools necessary for our customers to embrace server virtualization that is now so prevalent in the enterprise.
Other Possibilities
Advanced product offerings from the virtualization vendors open up many possibilities to ensure the reliability of a license server. For example, the High Availability/Fault Tolerance features offered by virtualization vendors can ensure the license server will never need to be shut down. In fact with appropriate usage, the need for three server redundancy solutions may also be obviated.
Part of Flexera Softwares Entitlement and Compliance Management Solution, FlexNet Publisher enables software producers and high-tech manufacturers to increase revenues and simplify customer relationships. The flexible, yet robust licensing capabilities provided by FlexNet Publisher allow producers and high-tech manufacturers to address piracy and ensure protection of intellectual property, as well as to react quickly and efficiently to new and evolving markets through creation of new pricing models and versatile product configurations. FlexNet Publisher is the industry leader, with over 20 years of experience, a proven track record, more than 3,000 thousand customers and over 20,000 FLEX enabled applications to date. FlexNet was awarded the Industry best software product for software producers in 2007 by SIIA.
Flexera Software recommends the software producer start with a more restrictive approach to their policy of allowing the license server to run in virtual environments and then later relax the policy on a case-by-case basis. Starting with FlexNet Publisher v11.7, the license server can be restricted to a physical machine only without needing a change in the license file. Then, with FlexNet Publisher v11.8, the new license file syntax can be utilized along with a new license server. The new license file syntax can be released to the customers at the time of license renewals so as to cause least disruption to the services. Caution: If the license server is built and deployed to run on virtual machines, this exposure cannot be retracted. It is, therefore, suggested to use the approach discussed in this section.
Conclusion/Summary
As mentioned at the beginning of this paper, most software producers will initially apply traditional licensing models to virtual environments. Longer term, most also recognize the challenges placed upon these traditional models when their
Flexera Software is the leading provider of strategic solutions for Application Usage Management; solutions delivering continuous compliance, optimized usage and maximized value to application producers and their customers. Flexera Software is trusted by more than 80,000 customers that depend on our comprehensive solutions from installation and licensing, entitlement and compliance management to application readiness and software license optimization - to strategically manage application usage and achieve breakthrough results realized only through the systems-level approach we provide. For more information, please go to: www.flexerasoftware.com
For more information on FlexNet Publisher and FlexNet Suite, please visit:
www.flexerasoftware.com/fnp
As reported in IDCs Briefing Going Hybrid with SaaS - Managing Perpetual and Subscription Businesses in the Same Chassis on June 17th, 2009 with Amy Konary.
2
Flexera Software LLC 1000 East Woodfield Road, Suite 400 Schaumburg, IL 60173 USA
United Kingdom (Europe, Middle East Headquarters): +44 870-871-1111 +44 870-873-6300
Copyright 2012 Flexera Software LLC. All other brand and product names mentioned herein may be the trademarks and registered trademarks of their respective owners. FNP_WP_Virtualization2_Sept12