Eval Now | Sign Up | Contact


The Software Licensing Newsletter
Reprise Software
June 2008
In This Issue
Choosing a HOSTID

Quest Reliability, Inc. - RLM Customer Story

Past Newsletter Topics

Click Here
Reprise  Software
[email protected]
The Right Hostid

Finding the Optimum Balance between Security and Convenience

Ensuring License Compliance
Generally speaking, independent software vendors (ISVs) want their customers to have access to all the licenses that they buy, but not more.  One of the ways that ISVs ensure that customers do not exceed their allotment of licenses is to place checks within their applications to limit how many and where licenses can be used. Most ISVs use a license manager (like RLM) to perform these checks for both stand-alone and floating licenses. But ISVs are also careful to select a license model that minimizes inconvenience for themselves and their paying customers.

What is a hostid and why do I need one?
A software license manager uses the term hostid to refer to a unique identifier for a specific computer. The hostid is used by licensing software to "lock" a license (or pool of licenses, in the multi-user case) to a machine so that they can be used on only that computer.  The hostid is a parameter used to generate the license key's security signature, thereby rendering the license unusable if it is moved or its hostid is modified.

The Security v. Convenience Continuum
The decision on which hostid to use is usually based on trade-offs made along the security vs. convenience continuum. While this may not be immediately obvious, there are always trade-offs between making something (software, a car, a building) more secure vs. less convenient to access. Should it allow access through a turnstile or a vault? ISVs should choose security-convenience policies that are in line with their beliefs and business models. Luckily, computers have many different elements that can be used as a hostid, so there is probably a hostid to match virtually any ISV's policy goals. However, no single hostid type will satisfy every ISV, so let's consider your hostid choices and examine the potential pros and cons of each one.

What are the issues?
The most important questions are:

  • is it a standard part of every machine (which is another way of asking "is it convenient")
  • is it secure enough, and
  • what does it cost.

As much as possible, you want the hostid to be native to the machine. In other words, you want it to be ubiquitous and its contents to be easily obtained via a standard system command. In this way, you avoid the delays, expense and potential confusion of having to send special software or extra hardware to the customer prior to the sale of your products - everything is already there.  Your customer can get your software up and running as quickly as possible.

... v. Security
For maximum security, you want the hostid to be difficult to modify, or at least non-trivial to modify. Most ISVs who use software license managers want to use the most secure hostid possible, but with an eye toward convenience (ie., customer satisfaction) and cost control, at the same time.

Once upon a time...
From a software licensing point of view, an ideal hostid choice would be a standard unique serial number burned into every CPU.  This was tried by Intel in the late 1990s but the idea failed, not on technical grounds, but primarily on the basis of concerns over privacy.  The fear was that software could be used to track users' behavior and identity to a specific computer as they surfed the web.

What are my Hostid Choices?

NIC Addresses
The most common hostid choice is the Network Interface Card (NIC) Ethernet media access control layer (MAC) address.  It is built into every modern workstation and server and can be easily queried through software. Although on some systems the NIC address can be re-programmed, creating the potential for the same license to work on multiple machines, connecting these machines on the same local area network will cause networking problems. So, although there are some security issues with NICs, they remain a good hostid choice.

IP Addresses
IP addresses, or IP address ranges, are of little use as hostids from the software vendor's perspective.  Most users do not have fixed IP addresses, so they tend to be too transitory to rely on as hostids.  However, IP address ranges are convenient for end users to use to allocate pools of licenses to specific sub-nets.

Disk Volume Serial Numbers
Like the NIC above, disk volume serial numbers are commonly used as hostids (Windows only).  They are convenient, but do suffer from being easily modifiable, making them less than ideal from a security point of view.

Names as hostids?
What if you weren't so concerned about security?  What if you wanted your licenses to be valid no matter where your user installed the software? This is a pretty common vendor policy. In this case, it might make sense to use the customer's username as the hostid.  It's also possible to use the hostname of the system as the hostid, giving the customer the flexibility to move the software to new hardware without getting a new license - as long as he resets the new machine's hostname to match.

Hostid Lists
There are cases where you want to allow a license to run on any machine in a list. For instance, if a workstation has multiple NIC addresses, you could license to them all, and as long as one of them was found in the list, the license would be valid.

The Irrepressible Dongle
Dongles, small serialized USB devices, remain a good hostid choice for high-value software where security is paramount. Dongles allow your users to move the software from machine to machine by simply moving the dongle.  The downside to dongles, however is that they add cost, must be shipped, can fail in the field, and they can be lost or stolen.

Hardware Serial Numbers
If you sell software on a specialized hardware device that has its own unique serial number, then the obvious choice is to use that number as your hostid.  For you, this situation is probably ideal because the serial number is always there and it is secure.  Be sure to verify that the licensing technology you use can support a unique or non-standard hostid mechanism.  Some licensing vendors provide ISV-specific callback routines to support just this situation.

Serial Numbers
If your goal is to simply "tag" your licenses, then you can serialize them so that you can identify the customer to whom they were originally sold. This is useful as a marker to track the original customer without tying the license to a physical host.
Custom Composite Hostids
By combining multiple machine identifiers, you can build a composite hostid where ALL of the identifiers need to match in order for the licenses to remain valid.  This is a very strict approach leading potentially to numerous re-licensing operations whenever a relevant machine element is changed.

Machine Fingerprinting
A few vendors have devised sophisticated algorithms that sample dozens of machine attributes to create a unique machine "fingerprint." What's particularly useful is the algorithm's ability to tolerate a certain amount of change to the machine configuration before its fingerprint would invalidate a license. However, be aware that since the fingerprint is an amalgam, it is possible for a simple configuration change to mysteriously affect the algorithm enough to trigger a fingerprint mis-match.

If you would like to discuss your particular needs, we invite you to contact us at Reprise Software.

Quest Reliability, Inc. -

An RLM Customer Story

Providing powerful tools for mechanical and structural integrity

Quest Reliability, LLC is a built on a foundation of leading edge science and technology that has innovated and shaped industries for almost 40 years.  Today, with its advanced knowledge and expertise in the fields of mechanical and structural integrity, risk-based asset management and materials engineering, Quest Reliability is leading the refining, chemical & gas, power and pipeline industries in improving asset reliability and performance.

In addition to the company's advanced consulting and asset management services, Quest Reliability also offers a broad range of commercial software spanning high-level fitness-for-service assessments, life prediction modeling, and fracture mechanics and 3D volumetric flaw analyses.  Quest Reliability's windows-based product lines include:

Signal FFS -- a software product for performing fitness-for-service assessments and fracture mechanics analyses on fixed and rotating equipment. Signal FFS adheres with API 579-1/ASME FFS-1 2007 and BS 7910 standards. Signal FFS is critical when maximizing the reliable service lifetime of critical assets in heavy industries.

FEACrack -- a finite element analysis package that generates 3-D crack meshes, and guides the user through building models, running the analysis, and post processing.  FEACrack was designed by Dr. Ted Anderson, author of the leading Fracture Mechanics textbook, and includes many advanced fracture analysis functions such as crack remeshing, porous Gurson material, node release, and cohesive elements.  The software contains an extensive library of structural geometries and crack shapes.  FEACrack's 3D crack mesh generator creates ready-to-run input files for Abaqus, Ansys, and Warp3D, and creates neutral files for Femap and Patran.

LifeQuest product line --integrated solutions that utilize advanced inspection technologies and include specialized software that implements FEA and life prediction algorithms for:

  • Pipelines
  • Steam reformers
  • Fired heaters
  • High energy piping

Choosing a License Manager
One of the challenges Quest faced in bringing a diverse suite of high-value software products to market was finding a flexible and efficient licensing mechanism that could also support the diversity of our customer base and delivery models.  After researching several available licensing solutions in the market, we chose and standardized on the RLM system because it offered the best overall value, with an extremely rich set of features, and was backed by a responsive and knowledgeable staff.
Our customers range from large multi-nationals, requiring high availability, network license pools and roaming licenses, to independent consultants and researchers requiring a single-seat node-locked installation.  We were able to quickly integrate RLM into our products and accommodate all of the requirements, while simplifying our build and operational processes.
One of our first licensing challenges after adopting RLM was to deliver a package where we could enable a customer to have full software functionality while working with specific data sets, but limit the software functionality for non-licensed data.  Licensing "data" instead of an executable was a snap with RLM.  We incorporated our own data signatures into RLM license lines, and were able to satisfy the requirement with minimal additional coding.
By using the RLM system, we are able to effectively manage and create unique licensing arrangements specific to our customer's needs.

Please visit http://www.questreliability.com/ for more information.

All content copyright (c) 2006-2010 Reprise Software, Inc. All Rights Reserved.
[email protected] 1530 Meridian Avenue, San Jose, CA 95125

Reprise License Manager, OpenUsage, and Transparent License Policy are all trademarks of Reprise Software, Inc.  FLEXlm, FLEXnet, GLOBEtrotter Software and Macrovision are all registered trademarks of Macrovision Corporation.  All other trademarks are property of their respective owners.

Website comments to [email protected]  Last Modified: February, 2010