Virtualization FlexNet Publisher Whitepaper

Download as pdf or txt
Download as pdf or txt
You are on page 1of 10

W H I T E PA P E R

Virtualization & FlexNet Publisher

Virtualization & FlexNet Publisher


Introduction
Almost all software licensing models eventually require either one license or a pool of licenses to be bound to a particular machine. While this was answered over the years for physical machines, some virtualization technologies are posing new challenges for software producers to enforce their license agreements using traditional licensing models. Various analyst white papers purport that server virtualization has moved past the early adopter stage to that of strategic virtualization. For example, Forrester reports the adoption of server virtualization in enterprise IT will reach 65% by 2009 with 45% of x86 servers virtualized.1 This means software producers must develop and communicate licensing policies that take into account their license server and applications will run on virtual machines. It also means that FlexNet Publisher must provide the appropriate enforcement and reporting tools to allow the software producer and their enterprise customers to confidently operate in this new virtual environment. Flexera Software research indicates that most software producers have not modified their license policies to deal with virtualization. Longer term it is recognized that new usage based ways to monetize software must be considered. However, in the short term existing hardware centric licensing models must be applied to virtual platforms. This document describes how FlexNet Publisher will enable the software producer to embrace virtualization by providing various means to enforce licensing on virtual machines. This paper describes approaches and technologies available today as well as those that are being considered in the future.

Questions Software Producers Must Answer

Based upon two Flexera Software-hosted virtualization summits, participating customers recognize their organizations must answer some the following questions: 1. Have we defined a virtualization policy and has this policy been communicated to our customers? Can we use the same policy as we do for the physical hardware environment? 2. How many of our customers are using virtualization today? Is there a compliance problem and can it be quantified? What virtual platforms are our customers using and in combination with what OS platforms? 3. Are there new markets available because of virtualization (e.g., time rental via SaaS)? 4. What specific problem do we want to solve (e.g., Piracy, compliance, or both). Are we concerned with intentional vs. unintentional overuse? 5. Should pricing be based on physical or virtual resources (sub-capacity pricing)? 6. Should alternate pricing models be defined to license in virtual environments? Should we charge more based upon the additional virtualization test matrix involved? Is there a market to charge less for limited capability? The results of a limited virtualization survey conducted during one of the aforementioned virtualization summits are summarized below.

As reported in the FORRESTER white paper entitled x86 Virtualization Adopters Hit the Tipping Point, November 30, 2007

Flexera Software: FlexNet Publisher White Paper Series

Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses

As can be seen from these tables, most of the software producers surveyed indicate their organizations have not defined and communicated their virtualization policy. While most have not quantified a specific compliance problem around virtualization, it is recognized the potential for overuse is there and must be solved. Finally, most customers intend to initially apply traditional licensing and pricing models to virtual environments.

Survey Results
Question 1: Has your company defined and communicated your virtualization policy? Yes We are in process of creating a policy, but it is not complete. We have not started on a virtualization policy. I dont know. % of Votes 21% 21% 42% 14%

Question 2: Have you quantified a compliance problem around virtualization? We have quantified a compliance problem and need to solve this problem. We have not quantified a compliance problem, but we want the ability to enforce our license policies in virtual environments. We dont care about enforcing or monitoring compliance around virtualization. I dont have an opinion at this time.

% of Votes 20% 60% 6% 13%

Question 3: Have you defined new ways to monetize your software around virtualization? No, we will use existing licensing and pricing models. No, but we have started to discuss this. Yes, we have defined new models to better match our software usage within virtual environments. I dont know.

% of Votes 64% 14% 7% 14%

Flexera Software: FlexNet Publisher White Paper Series

Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses

Types of Virtualization Technologies

The most commonly known virtualization technology is virtual machine technology. However, there are other types. Here is a partial inventory of those types, the vendors who supply the technology, and a summary of the software licensing issues.

Remote Control

Virtual Machines

With virtual machine technologies, each operating system instance on a physical machine is made to believe its the only operating system running on that physical machine. These technologies do this by virtualizing (abstracting) the machines hardware components, one virtual machine instance per operating system instance.

(Also known as KVM over IP) One person can control the host computer at any one time. The keyboard and mouse connected to the host computer and to each of the guest computers can be active simultaneously and thus compete to be the source of input. Keystroke and mouse events from these different input sources can be interleaved. Also, the video of each computer displays the same single desktop. Therefore, these solutions are not intended for multiple guest computers to share the resources of the host computer at the same time. Remote control solutions do not represent a security vulnerability to license management systems. The ability to remotely control a host computer does not enable a dishonest user to run more instances of licensed software than they could already run if they were using the KVM attached to the host computer. Therefore, this document will not further discuss remote control technologies. The remainder of the document will describe Flexera Softwares approach to providing our software producer customers the tools necessary to deal with licensing within virtual machine (server virtualization) environments using FlexNet Publisher.

Application Virtualization / Application Isolation

With application isolation technologies, each application instance running on an operating system instance is made to believe its the only application running on that operating system. These technologies do this by virtualizing the operating systems file system (and registry on Windows), one virtual file system (and registry) instance per application instance. Some application isolation technologies also isolate the operating systems global namespace, so objects like semaphores are not shared between application instances. All other operating system services are shared between isolated and non-isolated application instance.

Terminal Services

With terminal services, one terminal server machine supports multiple user sessions. Each user session encapsulates the desktop environment of one remotely logged-in user. Each user is made to believe they are the only user on that machine.

Virtualization Technology Virtual Machines

Vendor/Products VMware: Workstation, ESX; Microsoft: Hyper-V, Virtual PC/Server; Citrix: Xen Server, Desktop; Parallels: Desktop and Server (Mac), Server (Linux), Workstation (Windows and Linux); Sun: Zones; IBM pSeries: LPARs; HP: VPars, Integrity Microsoft: App-V; VMware: ThinApp; Microsoft: Terminal Server; Citrix: Presentation Server; Sun: Secure Global Desktop GoToMyPC, PCAnyWhere, VNC

Software Licensing Issue? Affects licensing

Application Virtualization

Affects licensing

Terminal Services

Affects licensing

Remote Control

No affect on licensing

Figure 1: Partial List of Virtualization Technologies

Flexera Software: FlexNet Publisher White Paper Series

Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses

Compliance and Piracy Challenges of Virtualization

Software producers licensing policies and approaches range from compliance for trusted customers to enforcement for markets that pose more risk of intentional overuse or outright piracy. Traditional licensing models that bind the license server or application to the physical machine have worked well over the years. As software producers know, any software license can be exploited by a determined hacker. However, traditional license enforcement technologies, design practices, and processes do a good job at keeping honest customers honest and to discourage the casual exploiter. Virtualization technologies have changed this landscape by making it very easy to create multiple virtual machines on a single physical machine. While the advantages of machine virtualization are obvious and enticing for the enterprise customer, this technology poses challenges for the software producer using traditional license enforcement. This is because virtual machines can be configured to have the same attributes (e.g., MAC address, port number, IP address, etc.) that match an existing license file. While the risk is low for widespread piracy of a licensed application, there is potential high risk of the license server being replicated on many virtual machines making available many more entitlements than were purchased. This situation is depicted in Figure 2 below.
License Server Bound to Physical Hardware is Hard to Replicate License Server Bound to Virtual Hardware is Easy to Replicate

challenges and approaches to mitigate this risk. Our customers tell us that they want to apply traditional license models to virtual environments. This approach is important in order to maintain backward compatibility with legacy clients deployed at many end user locations. The challenge for Flexera Software and FlexNet Publisher is there is no universal method to detect and interface with the multitude of virtualization platforms available today. To resolve this challenge, Flexera Software has engaged in dialogs with multiple virtualization vendors to define a supported interface method between FlexNet Publisher and their platforms. Flexera Software has also developed a Virtualization API specification in collaboration with several virtualization vendors. This standard will provide a uniform interface method that will allow FlexNet Publisher to more rapidly support those virtualization platforms that adopt this standard. Other vendors have developed their own APIs and architectures to accomplish this interface (although with varying degrees of complexity, effectiveness, and overhead).

Flexera Softwares Approach to Virtualization

Flexera Softwares virtualization roadmap for FlexNet Publisher enables the software producer to establish an enforcement strategy based upon the level of trust they have with their customers. The trust range is graphically shown Figure 3 below.

STRONG

WEAK

NONE

Guest OS VM Hypervisor Operating System

Guest OS Guest OS

Permission: Allow
LICENSE SERVER

Permission: Allow Permission: Prohibit Report: Log File Report: N/A

LICENSE SERVER

Binding: VM Container Binding: Physical Binding: N/A Report: Log File

Figure 3: Range of Trust between Software Producers and their Markets

Guest Gues Gue t OS Guest O ue Guest OS Guest OS st t LC LIC N LICENSE CEN Guest OS SERVER SE V ERV E
LICENSE SERVER

LC LIC N LICENSE CEN SERVER SE V ERV E

Figure 2: License Server Instances Bound to Physical or Virtual Hardware

Over the past several years, Flexera Software has collaborated with many software producer customers as well as virtualization vendors about license enforcement

For markets or customers where no trust exists, the publisher can detect the presence of virtual machines and decide not to allow the license server to run or not to issue a license to an application that is installed on a virtual machine. Referring to the above diagram, permission to run on a virtual machine (VM) would be denied, therefore, no binding and reporting would come into play. This approach is perhaps the safest for the producer and may be justified for risky markets. However, the reality of enterprise virtualization and the affect on customer satisfaction that may result must also be considered.

Flexera Software: FlexNet Publisher White Paper Series

Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses

For markets or customers where strong trust exists, the publisher can first detect the presence of a virtual machine and then bind the license server to the Universal Unique Identifier (UUID) of the VM container. Likewise, the license file for an application can also be bound to the UUID of a particular VM container. While it is true that UUIDs can be replicated and applied to additional virtual machines (either on the same or on different physical machines), virtualization management software is almost always present (such as VMwares vCenter) that will detect this condition and issue system errors until this situation is corrected. In this scenario, permission to run on a VM is granted but VM container binding is also enforced to increase confidence that license entitlements are not replicated on additional virtual machines. With this approach, the end user of the license can take full advantage of the advanced VM functionalities like high-availability and fault tolerance, since the licenses can be moved from one physical machine to another without failure. The FlexNet Publisher report log contains both virtual and physical platform data and license checkout denial information. For those markets and customers deemed to be in the middle of the trust range, the publisher can detect the presence of a virtual machine and then bind to a physical hardware element (or combination of elements) of the host machine (e.g., MAC address). Included in binding is a mutex locking mechanism to ensure the license server is not copied and able to issue licenses from a second VM on the same hardware platform. In this scenario, permission to run on a VM is granted but physical binding is also required to increase confidence that license entitlements are not replicated. The report log will contain virtual and physical platform data and license checkout denial information. This approach is more secure than VM container binding, but will not support use cases such as high-availability or fail-over where the VM will move from one physical server to another. The software producer must first answer some of the questions presented at the beginning of this paper to quantify the problems they want to address and then determine the appropriate license enforcement response for the markets and customers they serve.

Care is taken such that false positives are not generated for virtual machine detection, while at the same time ensuring these techniques are not easily defeated. Once the software identifies that it is being run on a virtual machine, the software producer can implement within their software an appropriate action based on a defined virtualization policy. Some of the business policies that can be enforced include the ability to: 1. Refuse to start the license server in a virtual environment. 2. Refuse to enable a particular feature of the application in a virtual environment. 3. Restrict a software feature to be functional only in a virtual environment. The following segment describes some use cases where the virtual machine detection capabilities can be useful and the FlexNet Publisher syntax needed to implement the desired capability: 1. Software Producer A deploys only a served licensing model. They market low-volume, high-cost software and both casual and intentional piracy is a big concern for them. They do not want their license server to be deployed in a virtual machine due to the ease with which this can lead to license over usage. They will instead require their customers to locate their license server on a physical machine within the data center. This is implemented by the software publisher by setting a compile time switch within the license server customization code. Specifically, within the file lsvendor.c the following variable setting is made and the license server is built: FLEX_VM_TYPE ls_allow_vm = PHYSICAL; /* Restrict VD to a physical m/c only */ 2. Software producer B deploys both served and unserved licensing models. Certain features of their application cannot run on virtual machines (e.g., they require connecting a measurement instrument using a USB port that is not supported on a virtual platform). They would like to disable these features on virtual machines while at the same time allowing the other product features to function on both virtual and physical platforms. This is implemented by the software publisher by using the license file keyword VM_PLATFORMS on the FEATURE line as shown below: FEATURE measure_voltage admld 2.5 01-jan-2012 4\ VM_PLATFORMS=PHYSICAL SIGN=00E3

License Enforcement Using Virtual Machine Detection

FlexNet Publisher offers license enforcement options based on virtual machine detection. This release incorporates a number of published techniques to identify virtual machine platforms to allow the FlexNet Publisher vendor daemons and FLEX-enabled applications to identify if they are being run on a virtual machine. While the techniques implemented allow the detection of a number of different virtual machine platforms, this release specifically supports the VMware ESX Server and Workstation products.

Flexera Software: FlexNet Publisher White Paper Series

Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses

3. Software producer C deploys their software primarily using the unserved, node-locked license model. They are concerned about software piracy, particularly with their non-enterprise users and would like to restrict their software to physical hardware. However, they do want to support certain trusted enterprise customers who want to use their software on virtual machine instances. In short, they want to control the ability of their software to function on a virtual machine (or not) via the license file. This is implemented by the software publisher by using the license file keyword VM_PLATFORMS on the FEATURE line as shown below and granting these licenses on a case-by-case basis: FEATURE ultraplot admld 3.5 01-may-2011 4 \ VM_PLATFORMS=VM_ONLY SIGN=00E3

Over usage can still happen if multiple instances of a virtual machine, running on the same physical machine, are used to run the license server. To eliminate this condition, a facility that will enforce a mutex lock is needed so only one instance of a license server (of one software producer) is being run on a given physical machine. FlexNet Publisher v11.8 will provide both bare metal binding and mutex locking. These two technologies are depicted in the solutions shown in figure 4. This approach provides advantages to both the software producer and their enterprise customers. The software producer has reasonable assurance of a relatively secure licensing solution, while the license administrator can deploy the licensing solution in a data center with virtual machine installations. The following segment describes some use cases where both virtual machine detection and bare metal binding capabilities can be combined using FlexNet Publisher features and syntax to implement more robust license enforcement capability: 1. The example of Software Producer A deploying only a served licensing model described in the License Enforcement Using Virtual Machine Detection section above is expanded upon. Using the new capability available in FlexNet Publisher the producer can expand upon the virtualization detection implemented previously to include bare metal binding and mutex detection for additional license enforcement capability, while not having to build different versions of the license server. This allows the producer to selectively relax their requirement of a license server only running on a physical machine on a case-by-case basis for increased customer satisfaction. This is implemented by the software producer by using special hostid keywords on the SERVER line in the license files introduced in FNP. These hostid types specify: a) the platform type that the license server is authorized to run on, and b) the hostid type. Some examples are shown below: Example 1: To restrict the license server to VMware ESX server and to use the Ethernet address of the physical hardware, specify:

License Enforcement Using Bare Metal Binding

As discussed earlier, binding the licenses to virtual machine hardware may lead to license over usage due to the ease with which the virtual hardware can be replicated. To reduce the possibility of license over usage in markets where weak trust exists, binding the licenses to physical hardware elements is recommended. In this method, the license server (or the client applications) running on virtual machines will bypass the virtual hardware and establish bindings with the host system (or the bare metal). In this situation, even if the virtual machine in which the license server is running is later copied, the bindings break rendering the license server inoperable. While the bare metal binding solves the problem of a license being copied from one physical host to the next, it doesnt eliminate the possibility of over usage.
Bare Metal Binding Makes t he Licenses Hard to Copy Bare Metal Binding wit h Mutex Lock Prevents Mult iple Instances of t he License Server on t he Same Physical Box

Guest OS VM Hypervisor

Guest OS

L LICENSE S SERVER

Guest OS

G Gu t O Guest OS

Guest OS

LICENSE SERVER

G t Guest OS

LICENSE SERVER

SERVER this_host VMW_ETHER=1234 Example 2: To restrict the license server to a physical machine and to use the IP address of the machine as the hostid type, specify:

Figure 4: Solutions with Bare Metal Binding and Mutex Lock

SERVER this_host PHY_INTERNET=10.10.12.101

Flexera Software: FlexNet Publisher White Paper Series

Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses

License Enforcement Using the UUID

In situations where strong trust exists between software producers and their customers, it may be desirable to define a more flexible binding method that can be included within a licensing policy. FlexNet Publisher v11.8 will provide the capability to bind the license server to the UUID of the virtual machine container. As previously stated, while it is recognized the UUID can be replicated and applied to additional virtual machines, virtualization management software (that is almost always present) ensures the UUID is unique on the network.

Virtualization and Trusted Storage

The FlexNet Publisher Trusted Storage solution presents its own unique challenges related to license over usage in a virtual environment. The affected functionalities are three-fold: Anchoring Binding Machine Identification Activation Transactions These topics are discussed in a little more detail below. The Trusted Storage technology uses system anchors to identify if the trusted storage has been restored from a backup or overwritten. These are really links to one or more system identifiers that cross-check the integrity of the Trusted Storage file with the system. Different anchor types are used on different operating systems, with some anchors being much harder to spoof by a user than others. However, a Trusted Storage solution running on a virtual machine only has access to the virtual anchor types, which can be reverted back quite easily. This affects the trial anchors implemented by the Trusted Storage solution, with the result that the trials can be retaken endlessly. The solution to this problem would consist of storing the anchor information on the physical host of the virtual machine. The license rights that are held in Trusted Storage are locked to a system to prevent them from being transferred illegally to another system. This is referred to as binding and the system characteristics use for the binding are referred to as binding identities. The problem with virtual machines with respect to binding is similar to that of License File based licensing that the binding identities too easily duplicated when you copy a virtual machine. The solution to the problem is also the same use the physical binding identities instead of the virtual ones. The Trusted Storage activation technology relies upon uniquely identifying a machine (using UMN values) when performing transactions with the activation server (such as the FlexNet Operations). This is required so that in case of a repair or return transaction, the activation server can ensure that the same machine that has activated the original license is involved in these transactions. With the virtualization technology, it is very easy to setup multiple machines that look to be the same hence resulting in license over usage. The solution, once again, would rely upon using physical elements for machine identification in combination with virtual machine identities.

Virtualizat ion Management VM1 UUID=XYZ


License Server UUID= XYZ

VM4 License UUID=AAA Server


UUID UID UUID= XYZ

VM2 License UUID=ABC Server


UUID= UUID XYZ Z

VM5 UUID=BBB

License Server UUID= UUID XYZ Z

VM3 Lic se License Serve erver ver e UUID=123 Server


UUID= UUID D= XYZ YZ Z

VM6 License erver UUID=CCC Server


UUID= UUID XYZ YZ Z

ESX SERVER PHYSICAL MACHINE

ESX SERVER PHYSICAL MACHINE

Figure 5: Binding to the UUID of the VM Container

Allowing the enterprise customer to bind to the UUID of the virtual machine container will allow them to support the license server and the flexibility to take advantage of other advanced virtualization management capability (such as a high-availability configuration) providing greater flexibility and security to their operation. This is implemented by the software producer by using special hostid keywords on the SERVER line in the license files introduced in FNP v11.8. For example, To restrict the license server to VMware ESX and to use the UUID of the virtual machine instance, specify: SERVER this_host VMW_UUID=1234

Entitlement and Compliance Management

License enforcement in virtualization environments is only one component of an end-to-end entitlement and compliance management (ECM) solution.

Flexera Software: FlexNet Publisher White Paper Series

Virtualizat ion and FlexNet Publisher for Trusted Storage and Cert ificate-Based Licenses

In addition to the concerns and approaches presented to address license over usage, there are other considerations related to license life cycle activities that may have a bearing on a software producers virtualization policies. For example, a software producer may want to gather data on how many of their products are being used on physical machines vs. virtual machines. Such data would be invaluable to better understand markets and specific customers so these usage patterns can be evaluated as new licensing models are considered for virtualization deployments. This information would also help the software producer ensure their support staff is appropriately trained to handle real-world customer deployments. Gathering of such data can be easily achieved if the license activation server (such as FlexNet Operations) actively logs the platform type on which the license rights are requested. Similar logging of the platform data can be done on the license user side via the report log files generated by the FlexNet Publisher license servers. These report log files can then be analyzed using FlexNet Manager to extract the virtual platform related statistics.

software runs on a virtual machine. For example, one new capability available in VMwares vSphere 4.0 hypervisor and management toolset is the ability to dynamically allocate virtual CPUs (vCPUs). This capability will further play havoc with CPU based licensing. Research by software industry analysts substantiate the industry trend away from hardware based licensing models toward usage based models such as subscription and SaaS.2 As has been presented in this paper, the fundamental byproduct of virtualization technology serves to remove the time-honored hardware hooks and metrics that producers have depended upon to secure and monetize their software. FlexNet Publisher will provide the tools necessary for our customers to embrace server virtualization that is now so prevalent in the enterprise.

About FlexNet Publisher

Other Possibilities

Advanced product offerings from the virtualization vendors open up many possibilities to ensure the reliability of a license server. For example, the High Availability/Fault Tolerance features offered by virtualization vendors can ensure the license server will never need to be shut down. In fact with appropriate usage, the need for three server redundancy solutions may also be obviated.

Part of Flexera Softwares Entitlement and Compliance Management Solution, FlexNet Publisher enables software producers and high-tech manufacturers to increase revenues and simplify customer relationships. The flexible, yet robust licensing capabilities provided by FlexNet Publisher allow producers and high-tech manufacturers to address piracy and ensure protection of intellectual property, as well as to react quickly and efficiently to new and evolving markets through creation of new pricing models and versatile product configurations. FlexNet Publisher is the industry leader, with over 20 years of experience, a proven track record, more than 3,000 thousand customers and over 20,000 FLEX enabled applications to date. FlexNet was awarded the Industry best software product for software producers in 2007 by SIIA.

Best Practices for the Software Producer

Flexera Software recommends the software producer start with a more restrictive approach to their policy of allowing the license server to run in virtual environments and then later relax the policy on a case-by-case basis. Starting with FlexNet Publisher v11.7, the license server can be restricted to a physical machine only without needing a change in the license file. Then, with FlexNet Publisher v11.8, the new license file syntax can be utilized along with a new license server. The new license file syntax can be released to the customers at the time of license renewals so as to cause least disruption to the services. Caution: If the license server is built and deployed to run on virtual machines, this exposure cannot be retracted. It is, therefore, suggested to use the approach discussed in this section.

About Flexera Software

Conclusion/Summary

As mentioned at the beginning of this paper, most software producers will initially apply traditional licensing models to virtual environments. Longer term, most also recognize the challenges placed upon these traditional models when their

Flexera Software is the leading provider of strategic solutions for Application Usage Management; solutions delivering continuous compliance, optimized usage and maximized value to application producers and their customers. Flexera Software is trusted by more than 80,000 customers that depend on our comprehensive solutions from installation and licensing, entitlement and compliance management to application readiness and software license optimization - to strategically manage application usage and achieve breakthrough results realized only through the systems-level approach we provide. For more information, please go to: www.flexerasoftware.com

For more information on FlexNet Publisher and FlexNet Suite, please visit:
www.flexerasoftware.com/fnp

As reported in IDCs Briefing Going Hybrid with SaaS - Managing Perpetual and Subscription Businesses in the Same Chassis on June 17th, 2009 with Amy Konary.
2

Flexera Software: FlexNet Publisher White Paper Series

Flexera Software LLC 1000 East Woodfield Road, Suite 400 Schaumburg, IL 60173 USA

Schaumburg (Global Headquarters): +1 800-809-5659

United Kingdom (Europe, Middle East Headquarters): +44 870-871-1111 +44 870-873-6300

Australia (Asia, Pacific Headquarters): +61 3-9895-2000

For more office locations visit: www.flexerasoftware.com

Copyright 2012 Flexera Software LLC. All other brand and product names mentioned herein may be the trademarks and registered trademarks of their respective owners. FNP_WP_Virtualization2_Sept12

You might also like