Categorieën: Licensing
TMR: The Solution for Fail-Proof Licensing Setups
Wibu-Systems has been pioneering software protection, licensing, and security technology for more than three decades. The company has made a mark with its user-centric philosophy and its dedication to always listening to its clients’ specific needs, and it has been a trailblazer especially in the ability to license individual software functions.
Why license software? Licenses are used to protect the intellectual property of the developers and to make sure that the protected software runs exactly as it should. This would make it a worst-case scenario if a license server broke down, which can bring entire production lines to a standstill. It is in response to the call for fail-proof, high-availability licensing environments that Wibu-Systems has designed CodeMeter TMR.
TMR stands for “Triple Mode Redundancy“ and combines the concept of fail-proof license availability (2-out-of-3) with field-tested datacenter technology. A cluster of five servers, two of which working as load balancers and three as license servers, forms a combined system. As long as two of the three license servers are available, the entire licensing setup will work – reliably.
CodeMeter TMR was made for the following use cases:
- Manufacturing: In automated production lines where a lost license server would mean downtime and considerable lost revenue.
- Mission-critical applications: For software in e.g., healthcare, finance, or infrastructure management that depends on the high availability of the license servers.
- Global distribution: For companies that operate across geographies and need consistent licensing, even if a local failure happens.
The cleverly tiered and coordinated interaction between CodeMeter and CodeMeter License Central in a TMR Setup means effective license availability, complete license monitoring and efficient load balancing.
- License availability: When a server breaks down or needs to be serviced, the system will keep working (redundant infrastructure). If one license fails, the ISV can reissue it with a workflow integrated into CodeMeter License Central and get everything synchronized properly.
- License monitoring: All paid licenses are always available (as licenses linked across the shared servers). License protection is ensured throughout without any additional licenses, rights, or entitlements having to be issued to users in the field. This gives the vendor complete control over the type and limits of their licenses.
The 2-out-of-3 principle
A TMR Setup is needed to make all this possible. The TMR Setup includes five servers that are usually run as virtual machines. Two of them act as the interface to the user clients (here called TMR Servers). The other three work as Backend Servers that receive the license queries from the user clients.
The TMR Setup has a single virtual IP address in the network. Over that address, all queries are routed to the TMR Server that is active at the time. If that one cannot be reached, the other TMR Server steps into the breach, switching from standby to active. The switchover works according to the standard criteria: If the active TMR Server cannot be reached, the standby server notifies the infrastructure that it wants to receive all packages sent to the virtual IP address and seamlessly slots into the role of the active server. The formerly active server can return to being the standby server as soon as it is reachable again.
This is done by a Keepalived daemon installed and working on both TMR Servers. Switching the status is always possible since the current state of the active server is always synchronized. All active data is replicated.
Working behind the TMR Servers, three CodeMeter Backend Servers are organized as CodeMeter network servers on either Linux or Windows. They act as the recipients of the instructions passed through to them by the TMR servers.
Licenses in a TMR Setup
For CodeMeter licenses in a TMR Setup, a different set of conditions applies than for normal licenses not working in a high-availability arrangement. This is why the parameter TMR-ID was introduced. The TMR-ID is an additional property in the license quantity that is used to clearly identify the three licenses belonging together in the 2-out-of-3 context. Firm Code, Product Code, and TMR-ID all must be identical for the licenses to form one TMR license. Similarly, all other properties for the Product Item are identical for all three licenses. The three licenses are placed in three separate CmContainers with the same CmActID.
When adding a TMR license to a TMR Setup, the TMR Server combines all CmContainers with the same CmActID into a single virtual CmContainer, which is given a standard serial number starting with 131. The user will only see that container. For the TMR licenses to be valid and available, at least two out of three of the constituent licenses need to be available. If only one of the three is there, the TMR license will not show up in the virtual CmContainer. A potential attacker that only has one of the containers with one TMR license could not use the TMR license. The CodeMeter server prevents misuse of licenses with a TMR-ID. These licenses can only be used in a TMR cluster.
The configuration settings in CodeMeter Web-Admin allow the TMR licenses to be passed through to the Backend Servers via the IP address.
In the case of a failure or a planned maintenance event, this means that license operations can go on as planned. If one of the backend servers fails, the other two can handle license queries until the issue is solved or the maintenance finished.
Fail-Proof
If you are looking for fail-proof licensing software that gives you full control over your licenses, CodeMeter TMR is the right choice for you. If you are already using one or more CodeMeter components, TMR can be activated with a simple click in the global settings of CodeMeter License Central if you have the necessary infrastructure in place. Wibu-Systems’ team is happy to help you with installing and configuring your TMR Setup.
KEYnote 46 – Edition Fall/Winter 2023