This document discusses the benefits of migrating from software license certificates to activations. It outlines that activations provide more flexibility in managing the license lifecycle by allowing licenses to be canceled, returned, or upgraded at any time without needing a persistent connection to a license server. Activations also allow for more visibility into customer license usage through structured, auditable transactions. The document provides guidelines on when activations are most appropriate based on the frequency of license lifecycle events and compares activations to certificates. It also describes changes needed to applications, license servers, and operations servers to support activations.

1. Why Software Publishers
are Migrating from
Certificates to Activations
October 13, 2010
David Znidarsic
Vice President of Technology
Flexera Software, Inc.

2. Agenda
Benefits of activations
When are activations appropriate?
Changes to application environment and operations server
Machine virtualization best practices
Activation components
Transactions with customers
Enterprise customers’ perspective
2

3. Terminology
Certificate license right expressed as one or more
license lines
Activation structured process for fulfilling a license right
Deactivation structured process for returning a license
right
Trusted storage technology necessary to implement
deactivation
3

4. Certificates Philosophy
Rights best managed by license server
Tampering of licensed machines cannot be detected
Operations and license server are control points
Implications
No means to cancel/return non-expiring rights
No means to cancel/return expiring rights prior to expiration
License server’s only control of license lifecycle results from
persistent connection with licensed machines
i t t ti ith li d hi
License lifecycle is linear
4

5. Activations Philosophy
Rights best managed by licensed machines
Tampering of licensed machines can be detected
Operations and license server are distribution and transfer hubs
Implications
Can cancel/return rights at any time
License lifecycle can be controlled without a persistent connection
(or any connection) to licensed machines
License lifecycle i cyclical
Li lif l is li l
Not all license lifecycle phases need to be overseen by publisher
5

6. Feedback Prior to Activations Support
Customers
Flexibility of certificates is great, but my customers have so much
flexibility that they get themselves into trouble and then overwhelm
my support organization.
Flexibility f
Fl ibilit of certificates i great, and I h
tifi t is t d have my customer
t
interactions under control.
Prospects
Flexibility of certificates is not great, there are too many choices;
you’re the experts, just tell me what to do and how to do it.
6

7. License Lifecycle
Trial use Goals
Fulfill Standardize transition
through lifecycle with
Update (subscriptions) minimal or reduced
Return (re-deployment / credit)
(re deployment involvement from
Upgrade (versions / features) publisher
Re-host Maintain existing flexibility
Emergency use
View
7

8. Improved Customer Experience
Structured interactions between publishers, channel partners,
and customers
Uses verifiable transactions instead of hard-to-manage file
transfers
Interface to install, un-install, change, and view rights on li
I f i ll i ll h d i i h licensed
d
machines guides customer
Transactions can even be communicated verbally
Self-service for all lifecycle events
Increased structure does not increase intervention
Optimized for customers’ mobile laptop usage
Supports lifecycle even with disconnected sites
Tolerates re-configuration of licensed machines
8

9. Improved Visibility into Customer’s Activities
All transactions can be:
Self service
Self-service
Verified
Audited
Any individual transaction can be allowed to be:
Private, but trusted
Bulk fulfills, updates, returns, and upgrades always can be:
Verified
Audited
A dit d
9

10. When are
activations
appropriate?

11. Comparison of Transactions
Transaction Activations Certificates
Yes, but publisher must be
Trial use Yes
involved
Activate (aka fulfill) Yes Yes
Renew (aka update) Yes Yes
Deactivate (aka return) Yes Yes, but can’t verify
Yes, but can’t verify previous
Upgrade Yes
version has been deactivated
Yes, but can’t verify it’s a
Transfer (aka rehost) Yes
move, not a copy
Yes, but publisher must be
Emergency use
g y Yes
involved
View Yes, via publisher’s interface Yes
11

12. Comparison of Other Factors
Factor Activations Certificates
Customer and channel self-service
Yes Limited
management
Structured and auditable Customer manages licenses
License management
transactions in text files
Yes, for verifiable
Information from cus o e
o a o o customer No
o
deactivation
d ti ti
Disconnected use
Better Yes, but…
(hybrid / borrowing)
Tolerant blended hostid, Single hostid, intolerant
License integrity better clock wind-back blended hostid, clock wind-
detection back detection
12

13. Frequency of Events Recommends Technology
If average time between lifecycle …then recommended technology
events is measured in units of…
of is…
is
concurrent certificates with persistent
minutes or seconds
connection to license server
borrowed certificates with intermittent
hours
connection to license server
activations with intermittent
days connection to license or operations
server
activations with no connection to
weeks
license or operations server
13

14. Changes to
application
pp
environment
and operations
server

15. Changes to Application Environment
Application
Single API call can checkout certificates and activations
License server
Single license server can serve concurrent licenses and activate
licensed machines
Single license server can load concurrent licenses from certificates
or via activations
Activation utility
Use Activation API to create component to install, change, and un-
un
install licenses on either or both:
Licensed machine
License server machine
Li hi
15

16. License Server Availability
Role of license server for activations:
License server deploys licenses to licensed machines in advance
of their use
License server does not need to be operational at time of license
checkout or while license is being used
License server only needs to be operational:
At time of activation,
At time of de-activation
You reduce reliance on availability of:
License server process
License server machine
You reduce (or eliminate) reliance on the availability of:
Network connection to license server machine
16

17. Changes to Operations Server
Activation process best implemented with FlexNet Operations
Built in
Built-in support for all transactions (on-premise and on-demand)
(on premise on demand)
Converting to activations often a result of re-evaluating all license
management; therefore, FlexNet Operations often introduced to
optimize revenue recognition
ti i iti
Activation process can be implemented with or without FlexNet
Operations
License Generation Toolkit (LGT) can be integrated into your back-
office
Single operations server can manage both certificates and
activations
New t
N transactions must be supported
ti tb t d
17

18. Machine Virtualization Best Practices
Licensed application
Use concurrent certificates; the best “virtual” license
virtual
License server
Deploy as an application or service
Limit to only a specified physical machine
Set ls_allow_vm=PHYSICAL, put a traditional hostid on SERVER line
Limit to any virtual machine running on a specified physical machine
Put a “bare metal” hostid on SERVER line
• Ethernet MAC address or hostname of physical machine
Use three servers f redundancy
U th for d d
Deploy as a virtual appliance
Set ls_allow_vm VM_ONLY, put a UUID hostid on SERVER line
ls allow vm=VM ONLY,
Use VMotion or Hyper-V Live Migration for redundancy
19

19. Activation
Components
p

20. Distribution and Transfer Hubs
Activation transactions can be managed between:
Publisher hosted
Publisher-hosted operations and licensed machine
Flexera-hosted operations and licensed machine
Enterprise-hosted license server and licensed machine
Publisher-hosted operations and enterprise-hosted license server
Flexera-hosted operations and enterprise-hosted license server
Publisher-
hosted
operations
server
Enterprise-hosted Licensed
or license server(s) machine(s)
Flexera- optional
hosted
operations
server
21

21. Creating Trust
Must control the installation, change, and un-installation of
licenses
Create a license repository only written by publisher’s
components
Trusted Storage – encrypted, bound and anchored
Publisher’s components detect changes they didn’t make:
Tampering
Copying
Deleting
Restoring
New “repair” transaction to synchronize trusted store with what is
repair
known in the operations server
22

22. Components for Node-Locked Models
Licensed
omputer
Licensed
omputer
Licensed Licensed
Co
Co
Application Application
API API
File XML wrapper
Activation
API
License License License Utility
Trusted Store
e
License
23

23. Components for Concurrent Models
Licensed
Computer
Licensed
Computer
Licensed Licensed
Application Application
pp
API API
License
Server
License
Server
License License
L
L
Server Server
File
XML wrapper Activation
License License API
License Utility
Trusted Store
e
License
24

24. Compatibility
Licensed
Computer
License
Server
Licensed License
Application Server
API
File File
License
Li License
Li
Trusted Store
e Trusted Store
e
API
Activation Activation API
License Utility Utility License
License
XML wrapper
License
25

25. Compatibility (without application activation utility)
Licensed
Computer
License
Server
Licensed License
API
Application Server
API
File File
License
Li License
Li
Trusted Store
e Trusted Store
e
Activation API
License Utility License
License
XML wrapper
License
26

26. Transactions
with
Customers

27. Transactions with Individual Computers
Publisher Channel Consumer or Enterprise
Portal
P t l XML or S
Short Code
C
Licens Com
sed
Portal XML or Short Code
API
FlexNet
mputer
Operations Portal XML or Sh t C d
Short Code
Network
Network*
* Network communicates the same XML as can be sent off-line
28

28. Transactions with Multiple Computers
Publisher Channel Enterprise
Portal
P t l XML XML
Computer
Licensed
API
Lice
Network*
ense Se
Portal XML
FlexNet
erver
Operations Portal XML XML
Computer
Licensed
API
Network
Network* Network
Network*
r
* Network communicates the same XML as can be sent off-line
29

29. XML Wrapped around Certificates
30

30. Short Code Refers to Already Deployed XML
Example short code = 218656551957094464245011
31

31. Single or Composite Transactions
Communications can contain one or more transactions
Upgrade can occur in one round trip
No round trip for de-activation, then additional round-trip for re-
activation
Initial activation can occur in one round trip
No round trip for setup, then additional round-trip for activation
Composite transactions only supported by XML between:
Operations server and license server
Operations server and licensed machine
32

32. Enterprise’s Perspective
Help me stay in compliance
Give me a consistent view of my license lines
lmadmin and FlexNet Manager give view into license pools already
loaded into license server
Requirement for visibility on licensed machine might be cry for
visibility from operations server
Allow me to change and reorder license lines
Claim that certificates are sometimes not accurate
Allow me to use concurrent licenses on disconnected laptops
Allow me to continue to report on my license usage using
FlexNet Manager
g
33

33. Activations Summary
Improved customer experience
Publisher visibility into most
transactions even through
channel tiers
Customer and channel visibility
into all transactions and current
state
Can still support certificates
Compliance assurance
34

34. Thank You
David Znidarsic
Vice President of Technology 2860 De La Cruz Blvd,
David Znidarsic Santa Clara, CA 95050
davidz@flexerasoftware.com
Direct: davidz@flexerasoftware.com
(408) 642–3900 www.flexerasoftware.com
Cell: (408) 881–4834
35