Six Issues to Consider Before Building a License Manager


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Six Issues to Consider Before Building a License Manager

  1. 1. White Paper Six Issues to Consider Before Building Your Own License Manager Overview As an independent software vendor (ISV), developing your own licensing tool to protect your product may seem like a good decision – “We know how to develop software, right?” – but this may not be the best strategy for you when all the issues are considered. ______________________________________________________________________________________ Copyright Agilis Software LLC 2010 Page 1
  2. 2. So you want to protect your software product with a license manager, and are now debating whether to develop your own licensing tool or purchase a commercial solution. Perhaps one of your developers, or your offshore development partner, is claiming they can put together what you need at low cost, and you are tempted to give them the green light. Before you do so, here are some issues you should consider. 1. How confident are you that the tool you build will meet your needs? When you embark on a development project you can’t test now what will emerge at the end – you can’t evaluate it, see how it will fit into your operations flow, or present it to key customers to obtain their feedback. With commercial licensing systems you can obtain an evaluation license, see how it will fit into your operations, validate the end-user experience, and be confident your chosen solution will meet your needs. 2. Will it actually be secure? When you need a new lock for your front door, do you go to your workshop and craft a lock yourself? Thought not. The commercial lock vendors have spent years figuring out how to make their locks secure against lockpickers, similar keys, files, credit cards, bolt- cutters etc.. They also make sure their locks are easy to fit in your door and continue to work reliably, and their products have been tested and refined in the marketplace across a multitude of users. The same is true of licensing systems. Your developers may think it looks like a simple problem (“We’ll just Google 'encryption’ ”), but they have probably not spent years studying the subject and having their ideas tested across a range of licensing scenarios. They may build in protection against the more obvious attacks, but in truth they will have no idea of the possible holes in their system. And of course, if their system is hacked, how will you even know? It’s a jungle out there… and vendors of commercial licensing systems have probably already built in protection against types of attacks your developers have never even considered. 3. When will the solution be working? Software development projects are notoriously prone to missed delivery dates. Commercial licensing systems are available now: tested, documented, and supported. Have you thought about how long it will actually take to deliver the complete licensing solution you need? This is far more than just a client library and a command-line key- generation tool. You’ll also need some or all of the following: ______________________________________________________________________________________ Copyright Agilis Software LLC 2010 Page 2
  3. 3. - A convenient way for your operations people to issue licenses - Tracking and reporting on licenses issued - An easy way to upgrade licenses - A way to audit licenses issued - Integration with your back-office or ecommerce systems when your volumes grow - A secure way for people in field offices to issue licenses - A secure way for resellers or OEM partners to issue licenses - Documentation for the client library and license-generation system - User-level documentation for your end customers - Testing across a wide range of deployment scenarios - Internal controls – who is allowed to issue licenses? - A quick and non-intrusive end-user experience across all deployment scenarios (onshore/offshore, connected/disconnected, single user/volume user etc.). 4. Will it support new requirements that will arise? The technology industry stopped thinking years ago that you solve a problem once and then you are done for all time. However if you build your own licensing tool you will necessarily build it to support your requirements as you perceive them right now. It is a virtual certainty that unforeseen needs will emerge: you sign up a reseller, a large company wants floating licensing, your business environment evolves and you now want to offer subscription licensing too, your marketing department wants to start selling different feature packages to market segments, your competitor launches a usage-based licensing option and your prospects start asking for a similar purchasing model, a key customer needs you to support a new computer platform, you want to increase security as you start selling in China, and so forth. If you choose to build an in-house point solution you are committing to continual development as these new requirements come up – and to diverting development resources from your core product to tweaking the license manager. In contrast commercial vendors have seen hundreds of licensing scenarios across many verticals and product markets, and have built support for them into their systems. When a new need arises, your commercial licensing system probably already supports it (if you chose it carefully). 5. “I don’t need to focus on my core product anyway”. As well as taking development resources away from your core product while engineers build the initial version of a licensing tool, you are signing up to a continual drain on development time. ______________________________________________________________________________________ Copyright Agilis Software LLC 2010 Page 3
  4. 4. Your in-house licensing tool will need ongoing maintenance and support, so you should think now about who is going to do this – and how you will feel when a key customer is holding up payment until you deliver a new feature in your product and the developer you need is busy patching a security hole in the license manager. Finally, what happens if the developer who took the lead role in building your license tool leaves your company? You could end up with a license system you are not even able to support. (As a vendor of licensing solutions we have had many companies come to us with just this problem). 6. “It will be more secure if we build it ourselves, as no-one else will know how it works”. Some ISVs might think that their protection will be more secure if they develop it in- house and no-one knows what system they are using. However, as demonstrated above, commercial license management vendors are going to know far more than your developers about how to make licensing secure – they have years of focused experience, and their protection mechanisms have been thoroughly tested in the field. Also, any competent licensing system will ensure only the application vendor can issue licenses for their own product; this is a good question to confirm when you evaluate their product. As with anti-virus software, firewalls, and even just door locks, just because a would-be attacker might know what protection you are using does not mean they can circumvent it. Conclusion A savvy software development company will consider the risks and ramifications of building their own license manager before approving the project. As with databases, operating systems, word processors, application servers, and much more, the commercial solutions embody long experience, deep expertise, and extensive testing, and are ready and supported right now, so it is increasingly hard to justify an in-house development project in a field outside your core expertise. Agilis Software is an infrastructure software company headquartered in Santa Clara, CA in the heart of Silicon Valley. We develop and market software license management solutions that are relied on by software vendors and hardware / software systems vendors in a wide range of industries and market segments. Our solutions are particularly suited to agile companies with complex licensing requirements. Agilis Software LLC URL: 5201 Great America Parkway, Suite 320 Email: Santa Clara CA95054 Tel.: (408) 404 8480 ______________________________________________________________________________________ Copyright Agilis Software LLC 2010 Page 4