Categorieën: Licensing

Urgent – Emergency

Since 2006, Wibu-Systems has provided you with CodeMeter License Central, a tool that allows you to generate, deliver, and manage licenses. Just a year after its launch, it was clear that Wibu-Systems should offer a turnkey solution as Software-as-a-Service in the cloud in addition to the option to install CodeMeter License Central on your own. This marked the birth of our Wibu Operating Services Team, WOPS for short.

The first data center was the company‘s own server room – already equipped with temperature control, redundant RAID storage, and an alternative Internet connection. After a few years, mainly due to capacity reasons, the move to an external data center was made. The highest attention was paid to data security and redundancy. Last year, what can be described as a worst-case scenario occurred: Despite supposed redundancy in storage, connection, etc., there was a failure with a significant duration.

This article takes this as an occasion to summarize which business continuity options are already available today and which further measures have been and will be taken by Wibu-Systems. Here, we consider the use cases of provisioning new users with licenses, planning existing users to migrate existing licenses to another system, and of course, the case of existing licenses failing and keeping a production system running.

Security Built-In

One of the great strengths of CodeMeter is the fact that CodeMeter Protection Suite encrypts your software to be protected, using a key that is securely stored in the license. This creates an extremely strong bond between the license and your protected software, which also means that your software cannot start without the matching license. To increase security against attacks like memory dumping, parts of your software are encrypted in memory and dynamically decrypted on demand. Thus, the license is not only necessary at the start of the application but also at intervals dependent on user interaction.

Warning Instead of Error

A strategy that is not recommended from a security perspective is to let the software run without a license and only display warning messages about the missing licenses. This might be a viable solution for a few markets and customer groups, but it reduces licensing to a voluntary self-check. From my own over 20 years of experience in supporting customers with the integration of CodeMeter, I can tell you that this has only happened once with me.

In this case, CodeMeter Protection Suite cannot be used, or is used in the so-called No-License Mode. The software is encrypted with a key that is not located in the license but obfuscated within the software. The software then always starts, even if no license is present. The license is queried via CodeMeter Core API, and if it is not present or has expired, red warning lights are turned on at the machine.

This option ensures that the software runs in all the above-mentioned use cases, but at the cost of security.

Check Only at Start

For the use case where a license fails during operation, I am occasionally asked by customers whether it is possible to only check the license at the start of the software, especially in connection with CodeMeter Protection Suite. The answer is Yes: There are options where all necessary cryptographic data is read at the start and kept in a cache. Naturally, this extremely reduces protection against memory dumping, as everything needed is present in memory.

I also personally find the use case questionable since restarting the software is no longer possible. The bogeyman in this case, “A person mistakes a CmStick for a memory stick, takes it with them, and the plant comes to a standstill“, might have been present when memory sticks were still expensive luxury items, but today it has faded more than just a bit. I have only experienced a “break“ of a CmActLicense during operation when virtual machines were moved in High Availability environments. And this requirement can be met through special settings of the binding.

All in all, the “Check Only at Start“ option is possible, but it only helps in a very limited scenario and is disproportionate to the reduction in security.

Offline Emergency License

In all more secure solutions, the user needs a license. The simplest solution is the offline emergency license delivered with your software. This is a CmActLicense that is not bound to any specific hardware. It can therefore be used on any computer. You determine how long the licenses contained in the CmActLicense are valid for your software and that this CmActLicense file can only be used once per computer.

With the file‘s import on a computer, this CmActLicense is anchored to the system. Even after deleting the file, CodeMeter Runtime recognizes that this file has already been used and prevents a new import. The licenses are provided with a Usage Period of x days. When the license is first used by your software, the Usage Period starts. After x days, the licenses expire and can no longer be used.

Mostly, these offline emergency licenses are modeled with the full range of software functions, and in some cases, even future functions are already unlocked. In case of need, you can create new license files that the user can use again.

Security-wise, this is a trade-off between security and availability. A potential attacker can obtain a time-limited license and thus has more attack surface than if they had no license at all.

However, the license itself is limited, can be immediately blocked if attacks are detected, and during operation, CodeMeter Protection Suite can use all functions for dynamic decryption of your software. However, I strongly advise against use in virtual environments, as one can always set up a new virtual machine and reset the game at any time.

Emergency Dongle

One of my preferred solutions is the emergency dongle. Comparable to the offline emergency license, it usually contains all licenses or a Product Code that unlocks all features. Optionally, these licenses are provided with a Usage Period or a Unit Counter. A Usage Period works, as described for the offline emergency licenses, for x days from the first use. After x days, the licenses expire. As a publisher, you can reset these licenses to ensure your user‘s continued fail-safety after using the emergency dongle.

A Unit Counter can be counted down at an interval you define when using the software, similar to minutes when making phone calls. For example, if you count in 10-minute intervals, then a Unit Counter of 144 (24 hours times 6 per hour) means that the software runs for a full day or twice for half a day each or any arbitrary division. In this case, the emergency dongle can be used multiple times and, for example, can be tested by the customer upon handover.

From a security perspective, the emergency dongle is the ultimate solution. It is also easy to handle. It covers the use case where the customer already possesses the emergency dongle. For new customers just starting, there is a time delay until the emergency dongle arrives at the customer‘s site.

Emergency Cloud Container

Analogous to the emergency dongle, you can set up an emergency cloud container. Your user receives a credential file, which contains the access data to the emergency cloud container. In an emergency, they import this credential file on their system, and a virtual dongle with the emergency licenses is immediately available to them.

Security-wise, CmCloudContainers are on par with CmDongles as emergency containers. They require a permanent online connection but can be delivered immediately. Thus, they are also optimally usable for new customers. Moreover, you can tailor the licenses specifically to the customer and reset the licenses directly after use. For simplicity‘ s sake, I would implement the processes similarly to the emergency dongle and envisage a mix of CmCloudContainers (for new customers) and CmDongles (for offline cases).

Online Emergency License

Analogous to CmDongles or CmCloudContainers, you can also use CmActLicenses as emergency containers. Unlike the two pre-programmed containers, a CmActLicense is created on demand via CodeMeter License Central. You can decide whether to use a global license for all functions or a license specifically tailored to the customer.

To be independent of potential failures of the production line of CodeMeter License Central, CodeMeter License Central for emergency licenses is operated completely autonomously in another data center. This second data center is offered by Wibu-Systems; you can also operate this line of CodeMeter License Central yourself.

The only needed connection between the production line of CodeMeter License Central and the emergency instance is an automation rule that creates a corresponding emergency license on the emergency system for new licenses or new customers on the production system. The rule set for this synchronization can be adapted to your requirements. Additionally, you can manually generate emergency licenses in this instance and provide them to new customers if the production system is not available at that time.

In regards to security, this solution offers the same security level as a standard CmActLicense. It covers all use cases, both new customers and relocations as well as license failures. Monitoring tools can monitor consumption and automatically or according to workflow refill used emergency licenses.

Reactivation

A special solution for lost or broken licenses is the reactivation in CodeMeter License Central. You define to what extent the user can create a copy of a license on a new device. You can monitor how often customers use them and intervene if there is suspicion of misuse.

The previous – replaced – license is marked in CodeMeter License Central and withdrawn or blocked at the next opportunity. For this purpose, it may be helpful if you initiate automatic updates of the licenses within your software.

In security terms, this solution offers the same security as the CmContainer used for licensing. Unlike the temporary emergency licenses described above, this is an immediate and sustainable solution to a license failure, provided that the production line of CodeMeter License Central is available at that time.

Increased Redundancy in WOPS

Starting in 2024, the hosting by our Wibu Operating Services Team (WOPS) offers even higher redundancy for two of the four editions. In addition to the local redundancies of computer, storage, and connection, the data of CodeMeter License Central will be mirrored in a second separate data center. Depending on the edition, the switchover in an emergency is done immediately and automatically (High Availability System) or manually if needed (High Performance Edition).

Various Paths

The connection to your CodeMeter License Central operated by WOPS depends not only on the availability of our system but also on the path to it. For example, nameservers play an important role in guiding the surfer on the Internet to  the right address when entering lc.codemeter.com. A nameserver is not under the responsibility of Wibu-Systems but is a general address book on the Internet from various providers.

To also offer redundancy here, all systems are available under both lc.codemeter.com and lc.licensecentral.de. The two addresses are registered with different providers, so maximum redundancy is given here as well.

Additionally, lc2.codemeter.com and lc2.licensecentral.de provide two further alternative entry points to our hosting. These are alternative routes to different access points.

Conclusion

Redundancy and business continuity have been a major focus at Wibu-Systems since we started offering hosting services more than 15 years ago and are continuously improved, for example, through the additional data center and data mirroring starting in 2024. Choose the best option for you and your use cases from the available options.

 

KEYnote 47 – Edition Spring/Summer 2024

Naar top