Innovation continues in the coding labs at Reprise Software, and here we peel back the onion a little bit more to reveal more details of what's new in v3.0.

SPEEDING UP LICENSE REQUESTS: End users want virtually instantaneous responses from their license servers. Problems can arise in two areas: 1) the license servers that they are checking do not have licenses for the products that they are interested in, and 2) the connection timeout is too long when a server in the server list is currently down.  Reprise adds a couple of new features to RLM v3.0 to alleviate these problems. First is a new environment variable has been added that lets the end-user set the license server connection timeout. Additionally, v3.0 introduces a couple of new api calls that allow the ISV to "skip over" servers that RLM has determined do not have support for your licenses. This means that subsequent license requests will not make an attempt to check out a license from these servers, so no time will be wasted trying servers that cannot possibly satisfy the requests.

LICENSE SERVER CAPACITY PLANNING: RLM v3.0 sheds some light on the black art of predicting license server load and performance. The new RLM release includes some testing tools that let License Administrators answer questions such as:
 

• How fast can my license server service license requests?
• How many licensed users can my server handle?
• What will my performance be if I double my current user population?
• When should I split my license inventory into multiple independent servers?
   

The LICENSING of LIBRARIES: If your products are sold as re-linkable libraries (like RLM), how do you license them to your customers? RLM v3.0 addresses this problem by supporting licenses "in-a-string." This new method allows the ISVs to sell licenses for their libraries in the form of strings that are passed as parameters into their library's initialization routine that is then passed as a parameter into RLM's initialization routine. This means that only products that are built with a valid license string will successfully initialize the library.

AUTHENTICATED REPORT LOGS: Corporations who use your software often require such functions as departmental bill-back, charging for oversubscribed license usage, or pay-per-use licensing models rely on the report logs to be intact. RLM v3.0 adds the ability to authenticate the RLM report log. Authentication is important for vendors and their end-users who need to know that the data in the log has not been modified. 

RLM v3.0 is (as of June 1, 2007) in beta test.  Our customers and prospective customers are invited to take a closer look at it via the RLM evaluation SDK that is available from our web site.
 

 

Options: How would you describe what V.i. Labs does?

Vic DeMarines: V.i. Labs provides software protection solutions for software vendors and application providers to protect their applications from the threat of software piracy, code theft, and tampering. Our mission is to provide a product based software protection solution that can prevent reverse engineering of sensitive intellectual property (IP) contained within software applications. We started development of our core product, CodeArmor, in 2002 and have built a customer base in the CAD, gaming, and embedded system markets.

Options: How does your technology integrate with licensing?

Vic: Licensing is critical for application providers to grant use of their IP, but licensing is not meant to protect against overt piracy. Our technology allows organizations to layer software protection on top of the license management functions to guard against reverse engineering and binary tampering, which are two common forms of piracy. We do not need to directly integrate with licensing because our solution protects the application binaries and does not require source code modification. 

Options: What is driving the need for software protection technology?

Vic:  One of the biggest trends we are hearing about from customers and partners is the risk of doing business in emerging markets such as China, Russia, South America, and others - regions known for weak their IP laws.  But their software development (and subsequently) reverse-engineering expertise has advanced considerably.  Consequently, even complex software is not safe from piracy.  The risk is not only pirated software being sold to the consumer, but serious concerns about the software being stolen or copied by competitors.

Options: How would you respond to the old saying, "that those that pirate software will never buy it?"

Vic: We still hear this opinion in some circles and it may have held water in the early days of software distribution, but the lack of rules and regulations in emerging countries, coupled with the ease in which files that can be shared has made it simple for businesses to use illegal software.  Also, for informed small businesses or users, some of the Warez web sites do a decent job of convincing people that they are actually authorized to provide software a lower price. An interesting data point that should have every ISV concerned is in the UBS Financial Report on China and Piracy, which indicated piracy rates for small deployments and larger enterprise software was estimated between 75-90 percent.

Options: Can software protection stop the piracy problem?

Vic: There is no magic bullet to stop piracy.  It comes down to prevention and creating a strategy to minimize the revenue loss attributed to piracy.  However, vendors need to understand that a comprehensive anti-piracy program is more than just subscribing to BSA, SIIA, or attempting to shut down the networks and sites distributing pirated software. There are specific piracy groups that are recruiting suppliers from the ranks of vendors, as well as recruiting crackers to disable license management.  These groups represent the origin of the pirated release, which then feeds the public availability of illegal software.  These piracy groups pride themselves on having a software vendor's next major release available for the day of FCS; "0-day" release.

Software protection goes after the root of the piracy issue, which is to prevent reverse engineering techniques that lead to a cracked software release. Although there is no absolute protection against reverse engineering, the harder the software is to crack, the more time and expense is needed by the cracking community to distribute pirated releases.  In return, the vendor has more time to gain revenue.

Options: That sounds all well and good, but if you delay piracy on a new release, won't the end users just stick with older available versions of the software?

Vic: The prevailing evidence suggests that just like legitimate customers, owners of pirated software want the newest version of that software. Essentially, piracy groups are acting as ISV's and have the same incentives to make newer releases available.

Options: What can you suggest to vendors around implementing an anti-piracy strategy that includes software protection?

Vic: The first step for a software vendor to realize is that license management systems are not designed to stop persistent piracy.  The second step is to assign a measurable goal for software protection. For example, we created an approach called "Time to Crack" which gives vendors a way to evaluate the effectiveness of their anti-piracy strategy, including software protection. Today a software release can be cracked and made available in 2 weeks; the goal should then be to extend this time considerably. The assumption is that the longer it takes to crack new software the more opportunity there is to gain revenue with the new release.

In the PC gaming market, vendors have turned this into a science and are constantly looking for ways to extend their average Time to Crack, which is currently 4 weeks. For traditional software vendors, especially those that market complex design software, the expectation should be 6 months to a year, assuming you have appropriate protection in place.

Options: Thanks, Vic!

For more information about V.i. Labs, please visit http://www.vilabs.com

RLM - What's in it for end-users and license systems administrators?

RLM was designed to address two main constituencies: ISVs and their end-users. Many licensing products have come and gone over the past twenty years. Those that failed largely short-changed end-users. RLM was designed to stand the test of time by creating a foundation that incorporates many of the popular licensing features of the past that end-users have come to rely on, while building many highly valuable new functions that they have been asking for, but have never been implemented by their legacy vendors.

Unique End-User Benefits

• Familiar architecture and controls
• Free and open access to well-documented report log data format
• License requests span multiple license servers
• License server administration with your favorite web browser
• Increased license utilization
• Omni-PoolTM license queuing
• Prioritized Queueing w/ EXPRESS_LANE
• Failover servers
• License Roaming
• Speeding up license requests
• Sizing license servers
   

Familiar architecture and controls: The first thing that an experienced network administrator will see in RLM is just how familiar it operates compared to what he or she is used to. RLM was designed to use the familiar license server, license file syntax, options file and debug and report log set up common to older legacy licensing systems.

Free and open access to well-documented report log data format: For years, older licensing systems have produced a detailed encrypted report log file of the activity of the license server. Until now, that data has been encrypted in a secret format. The only way to read this data is to buy expensive programs from the licensing vendor that can decrypt the log file data format. Once decrypted, useful usage reports can be produced to help a software user understand the usage patterns. This information is also used to reallocate under-utilized licenses and to justify the purchase of new licenses. Additionally, the reports help to allocate costs across multiple cost-centers or specific projects. RLM produces an equally valuable stream of usage data in the report log; however, the RLM data format is fully supported and is made public. This simple decision enables end users to choose among several report writer vendors or even to produce custom reports on their own. This lowers end-users' costs while freeing them from a "sole-source" situation.

License requests span multiple servers: With older license managers it was necessary to write complicated routines to deal with the cases when multiple license requests could not be granted from a single server. Once found, subsequent requests for licenses were limited to the server that granted the original license. To override this behavior, it was necessary to write disconnect/reconnect logic in order to properly obtain licenses from secondary servers. RLM has enhanced the basic license checkout strategy. With RLM, the developer needs only to make a simple license checkout call. Multiple checkouts over multiple servers are handled transparently with RLM, simplifying the implementation within the application, and also giving the end user a more consistent, predictable behavior across all vendors who support RLM.

Increased license utilization: The new RLM technique used to acquire and re-acquire licenses gives end users new flexibility in dividing their license pools across multiple servers. End users will experience little difference in license behavior regardless of the number of license servers they have set up. This flexibility will enable end users to deploy their licenses in a more decentralized fashion and lead to improved license accessibility and increased utility per license.

Omni-PoolTM Queuing: Additionally, the above redesign supports full license queuing across multiple license pools. Your application does not need to be designed to take advantage of this capability because this standard behavior is built into RLM, not your application code. With older license managers it was impossible to queue at any but the first pool of licenses within a license server. That means that there could have been pools of licenses that were available, yet inaccessible to your application. By contrast, RLM transparently queues on each server (and on each license pool within the server) that could satisfy the request. Once the application acknowledges the license grant, all secondary queued licenses are dequeued. All of this is completely transparent to the application code. End users can set or unset queuing to suit their own local usage conventions.

EXPRESS_LANE:  When enabled, end-users requesting fewer licenses than those in the queue ahead of them will be granted service as soon as the number they've been waiting for becomes available.

Priority Queuing: Allows end users to modify the order of queued license requests with an assigned priority giving specific users or project teams higher priority access to busy applications.

Browser-based RLM server administration: Administration of older license managers with out-of-the-box tools was inconsistent across different platforms. For Windows there was one way of doing it, for UNIX/Linux there was different way. Often, a separate runtime system had to be installed to run administration "agents." RLM supports license server administration using a standard browser. RLM web-based administration is built in to the license server itself - no external files or configuration is necessary. Once your license system is up and running, the web-based administration is available - no separate configuration files, no separate web page files - it's all built in.

Failover servers: RLM provides a way for you to enable a "standby" license server that takes over for one or more RLM license servers when they go down. The failover server takes over for the full complement of licenses from each downed server. This feature, combined with RLM's normal behavior of automatically checking multiple servers for licenses, ensures that end-users can have full 100% uptime in the event of a single server failure.

License Roaming: RLM licenses can be used while being disconnected from your corporate network. This allows users who travel or work in the field to access their valuable licenses away from the office. ISVs can enable license roaming on a customer-by customer basis. Licenses that are returned early can be put back into the office pool. Applications do not need to be aware that they are roaming because roaming is enabled outside of the application API.

Speeding up License Requests: End users of licensed products always want to minimize the time it takes to check out a license.  They want virtually instantaneous responses from their license servers. Problems can arise in two areas: 1) the license servers that they are checking do not have licenses for the products that they are interested in, and 2) the connection timeout is too long when a server in the server list is currently down.  Reprise adds a couple of new features to RLM v3.0 to alleviate this problem. First, RLM adds a new environment variable (RLM_CONNECT_TIMEOUT) that sets the license server connection timeout for the application (or rlm utility). The default is 10 seconds, but it can be set as low as 5 seconds. Additionally, v3.0 introduces a couple of new api calls that allow the ISV to "skip over" servers that RLM determines do not have this ISV's server running. This means that subsequent license requests will not make an attempt to check out a license from these servers, so no time will be wasted trying servers which cannot possibly satisfy the requests.

License Server Capacity Planning: RLM v3.0 sheds some light on the black art of predicting license server load and performance. The new RLM release includes some testing tools that let License Administrators answer questions such as:
 

• How fast can my license server service license requests?
• How many licensed users can my server handle?
• What will my performance be if I double my current user population?
• When should I split my license inventory into multiple independent servers?

If you would like to see more RLM-based applications on your networks, please ask your vendors to contact Reprise Software for more information about how RLM can help them help you.