Why Software Publishers are Migrating from Certificates to Activations

October 13, 2010

David ZnidarsicVice President of TechnologyFlexera Software, Inc.

Agenda

Benefits of activationsWhen are activations appropriate?When are activations appropriate?Changes to application environment and operations serverMachine virtualization best practicesMachine virtualization best practicesActivation componentsTransactions with customersEnterprise customers’ perspective

2

Terminology

Certificate license right expressed as one or more license lines

Activation structured process for fulfilling a license right

Deactivation structured process for returning a license right

Trusted storage technology necessary to implement deactivation

3

Certificates Philosophy

Rights best managed by license serverTampering of licensed machines cannot be detectedTampering of licensed machines cannot be detectedOperations and license server are control points

ImplicationsNo means to cancel/return non-expiring rightsNo means to cancel/return expiring rights prior to expirationLicense server’s only control of license lifecycle results from

i t t ti ith li d hipersistent connection with licensed machinesLicense lifecycle is linear

4

Activations Philosophy

Rights best managed by licensed machinesTampering of licensed machines can be detectedTampering of licensed machines can be detectedOperations and license server are distribution and transfer hubs

ImplicationsCan cancel/return rights at any timeLicense lifecycle can be controlled without a persistent connection (or any connection) to licensed machinesLi lif l i li lLicense lifecycle is cyclicalNot all license lifecycle phases need to be overseen by publisher

5

Feedback Prior to Activations Support

CustomersFlexibility of certificates is great, but my customers have so muchFlexibility of certificates is great, but my customers have so much flexibility that they get themselves into trouble and then overwhelm my support organization.Fl ibilit f tifi t i t d I h tFlexibility of certificates is great, and I have my customer interactions under control.

ProspectsProspectsFlexibility of certificates is not great, there are too many choices; you’re the experts, just tell me what to do and how to do it.

6

License Lifecycle

Trial useFulfill

GoalsStandardize transition Fulfill

Update (subscriptions)Return (re-deployment / credit)

through lifecycle with minimal or reduced involvement fromReturn (re deployment / credit)

Upgrade (versions / features)Re-host

involvement from publisherMaintain existing flexibility

Emergency useView

7

Improved Customer Experience

Structured interactions between publishers, channel partners, and customers

Uses verifiable transactions instead of hard-to-manage file transfersI f i ll i ll h d i i h li dInterface to install, un-install, change, and view rights on licensed machines guides customerTransactions can even be communicated verballyTransactions can even be communicated verbally

Self-service for all lifecycle eventsIncreased structure does not increase intervention

Optimized for customers’ mobile laptop usageSupports lifecycle even with disconnected sitesTolerates re-configuration of licensed machines

8

Improved Visibility into Customer’s Activities

All transactions can be:Self-serviceSelf serviceVerifiedAudited

Any individual transaction can be allowed to be:Private, but trusted

Bulk fulfills, updates, returns, and upgrades always can be:VerifiedA dit dAudited

9

When areWhen are activations appropriate?

Comparison of Transactions

Transaction Activations Certificates

Trial use Yes Yes, but publisher must be involvedinvolved

Activate (aka fulfill) Yes YesRenew (aka update) Yes Yes

Deactivate (aka return) Yes Yes, but can’t verify

Upgrade Yes Yes, but can’t verify previous version has been deactivated

Transfer (aka rehost) Yes Yes, but can’t verify it’s a move, not a copy

Emergency use Yes Yes, but publisher must be involvedg y involved

View Yes, via publisher’s interface Yes

11

Comparison of Other FactorsFactor Activations Certificates

Customer and channel self-service Yes Limitedmanagement Yes Limited

License management Structured and auditable Customer manages licenses License management transactions in text files

Information from customer Yes, for verifiable d ti ti Noo a o o cus o e deactivation o

Disconnected use(hybrid / borrowing) Better Yes, but…(hybrid / borrowing)

License integrityTolerant blended hostid, better clock wind-back

Single hostid, intolerant blended hostid, clock wind-

detection back detection

12

Frequency of Events Recommends Technology

If average time between lifecycle events is measured in units of

…then recommended technology isevents is measured in units of… is…

minutes or seconds concurrent certificates with persistent minutes or seconds connection to license server

hours borrowed certificates with intermittent connection to license serverconnection to license server

daysactivations with intermittent

connection to license or operations server

weeks activations with no connection to license or operations serverlicense or operations server

13

Changes toChanges to application ppenvironment and operations serverserver

Changes to Application Environment

ApplicationSingle API call can checkout certificates and activationsSingle API call can checkout certificates and activations

License serverSingle license server can serve concurrent licenses and activate licensed machinesSingle license server can load concurrent licenses from certificates or via activationsor via activations

Activation utilityUse Activation API to create component to install, change, and un-Use Activation API to create component to install, change, and uninstall licenses on either or both:

Licensed machineLi hiLicense server machine

15

License Server Availability

Role of license server for activations:License server deploys licenses to licensed machines in advance of their useLicense server does not need to be operational at time of license checkout or while license is being usedcheckout or while license is being usedLicense server only needs to be operational:

At time of activation,At time of de-activation

You reduce reliance on availability of:License server processLicense server machine

You reduce (or eliminate) reliance on the availability of:You reduce (or eliminate) reliance on the availability of:Network connection to license server machine

16

Changes to Operations Server

Activation process best implemented with FlexNet OperationsBuilt-in support for all transactions (on-premise and on-demand)Built in support for all transactions (on premise and on demand)Converting to activations often a result of re-evaluating all license management; therefore, FlexNet Operations often introduced to

ti i itioptimize revenue recognitionActivation process can be implemented with or without FlexNet OperationsOperations

License Generation Toolkit (LGT) can be integrated into your back-office

Single operations server can manage both certificates and activationsN t ti t b t dNew transactions must be supported

17

Machine Virtualization Best Practices

Licensed applicationUse concurrent certificates; the best “virtual” licenseUse concurrent certificates; the best virtual license

License serverDeploy as an application or service

Limit to only a specified physical machineSet ls_allow_vm=PHYSICAL, put a traditional hostid on SERVER line

Limit to any virtual machine running on a specified physical machineLimit to any virtual machine running on a specified physical machinePut a “bare metal” hostid on SERVER line

• Ethernet MAC address or hostname of physical machine

U th f d dUse three servers for redundancyDeploy as a virtual appliance

Set ls allow vm=VM ONLY, put a UUID hostid on SERVER lineSet ls_allow_vm VM_ONLY, put a UUID hostid on SERVER lineUse VMotion or Hyper-V Live Migration for redundancy

19

ActivationActivation Componentsp

Distribution and Transfer Hubs

Activation transactions can be managed between:Publisher-hosted operations and licensed machinePublisher hosted operations and licensed machineFlexera-hosted operations and licensed machineEnterprise-hosted license server and licensed machinePublisher-hosted operations and enterprise-hosted license serverFlexera-hosted operations and enterprise-hosted license server

Publisher-hosted

operations server

Licensed machine(s)

server

Enterprise-hosted license server(s)

Flexera-hosted

or

optionaloperations

server

21

Creating Trust

Must control the installation, change, and un-installation of licensesCreate a license repository only written by publisher’s componentsTrusted Storage – encrypted, bound and anchoredPublisher’s components detect changes they didn’t make:

TamperingCopyingDeletingDeletingRestoring

New “repair” transaction to synchronize trusted store with what isNew repair transaction to synchronize trusted store with what is known in the operations server

22

Components for Node-Locked Models

Licensed Licensedicen

sed

ompu

ter

cens

edom

pute

rLicensed

ApplicationLicensed

ApplicationAPI API

L CoLi Co

XML wrapperFileLicense

Activation UtilityLicenseLicense API

eTrusted Store

License

23

Components for Concurrent Models

Lice

nsed

Com

pute

rLicensed

ApplicationLicensed

Application

Lice

nsed

Com

pute

r

pp

License License

APIAPI

Lice

nse

Ser

ver

Lice

nse

Ser

ver

License Server

License Server

LL

FileLicenseLicense

XML wrapper

LicenseActivation

Utility API

eTrusted Store

License

24

Compatibility

Licensed Application

LicenseServer

Lice

nsed

Com

pute

r

Lice

nse

Ser

ver

FileLi

FileLi

API

eTrusted Store

LicenseLicense

eTrusted Store eTrusted Store

License

eTrusted Store

LicenseActivation

UtilityAPI Activation

UtilityAPI

License

XMLXML wrapper

License

25

Compatibility (without application activation utility)

Licensed Application

LicenseServer

API

APILice

nsed

Com

pute

r

Lice

nse

Ser

ver

FileLi

FileLi

API

eTrusted Store

LicenseLicense

eTrusted Store eTrusted Store

LicenseActivation

Utility

eTrusted Store

LicenseAPI

License

XMLXML wrapper

License

26

TransactionsTransactions with

Customers

Transactions with Individual ComputersPublisher Channel Consumer or Enterprise

S CP t l Licens

XML or Short CodePortal

FlexNet

sed Com

Portal XML Sh t C d

XML or Short CodePortal AP

I

Operations

mputer

Network*

Portal XML or Short Code

Network

* Network communicates the same XML as can be sent off-line

28

Transactions with Multiple ComputersPublisher Channel Enterprise

P t l XML LicensedC

omputer

XMLPortal AP

ILice

XML

Network*

FlexNetXML

ense Se

Portal

XMLPortal

Operations

Network*

XML

erver

LicensedC

omputer

AP

I

XML

Network*

Portal

Network rNetwork

* Network communicates the same XML as can be sent off-line

29

XML Wrapped around Certificates

30

Short Code Refers to Already Deployed XML

Example short code = 218656551957094464245011Example short code = 218656551957094464245011

31

Single or Composite Transactions

Communications can contain one or more transactionsUpgrade can occur in one round tripUpgrade can occur in one round trip

No round trip for de-activation, then additional round-trip for re-activation

Initial activation can occur in one round tripNo round trip for setup, then additional round-trip for activation

Composite transactions only supported by XML between:Operations server and license serverOperations server and licensed machineOperations server and licensed machine

32

Enterprise’s Perspective

Help me stay in complianceGive me a consistent view of my license linesGive me a consistent view of my license lines

lmadmin and FlexNet Manager give view into license pools already loaded into license serverRequirement for visibility on licensed machine might be cry for visibility from operations server

Allow me to change and reorder license linesAllow me to change and reorder license linesClaim that certificates are sometimes not accurate

Allow me to use concurrent licenses on disconnected laptopsAllow me to use concurrent licenses on disconnected laptopsAllow me to continue to report on my license usage using FlexNet Managerg

33

Activations Summary

Improved customer experiencePublisher visibility into mostPublisher visibility into most transactions even through channel tiersCustomer and channel visibility into all transactions and current statestateCan still support certificatesCompliance assuranceCompliance assurance

34

Thank You

David ZnidarsicDavid ZnidarsicVice President of Technology 2860 De La Cruz Blvd,

Santa Clara, CA 95050

davidz@flexerasoftware.comdavidz@flexerasoftware.comDirect: (408) 642–3900 Cell: (408) 881–4834

www.flexerasoftware.com

35