Software Asset Management tools vs. the main causes for license compliance drift

The BSA (Business Software alliance) organization runs a cool widget on their site – They call it the Global Software Piracy Study for 2011. It shows the globe divided to political territories. The user can select a country and see the rate of software piracy resident in that country. I admit I find it rather amusing to bet the piracy rate per territory, but apparently BSA officers don’t see the funny side in it. This is the drive for stepping up software license audits.

 As software auditing is becoming ubiquitous, organizations around the world turn to Software Asset Management (SAM) tools to help them come through what some IT members would consider a nightmare.

Strict abiding to license agreements may not be sufficient when it comes to keeping track of software license compliance; As licensing options become increasingly complex, the average honest license administrator may inadvertently slip out of compliance.

Reasons for such a slip are numerous, and can be attributed to :

Structural changes in the organization:

  • Unification and splitting of license pools.
  • Shift of responsibility for license compliance and inventory keeping between IT personnel.
  • Migration to other license servers.

 

Unclear restrictions imposed by the license agreement

  • Change between different license versions.
  • What was right for the previous version may not be OK for the current one.
  • Restrictions that were signed upon in an antecedent licensing agreement.

 

The human factor

  • Inexperienced IT personnel.
  • Unclear notion of the license inventory.
  • End users malcompliance with the organization’s software regulations.

 

These types of triggers for software compliance glitches are addressed by software license monitoring tools such as OpenLM:

  • OpenLM was designed to absorb drifts in license compliance caused by structural changes in the organization. It can interfaces multiple license managers over WAN or LAN, and assign license usage constraints according to licensing policies.

  • OpenLM provides clear accounts of license availability thus eliminating errors that stem from lack of “How many of these do we actually have” and

  • Lifting mundane tasks off the shoulders of license managers and system administrators, thus mitigating the effect of human error.

Please follow and like us:

What is the difference between the FlexLM lmgrd and lmadmin license server managers

license server components

The vendor daemon and the license server manager jointly comprise the FlexLM (Flexnet) license server. The license server manager contacts a FlexEnabled application, and dispatches the handling of that application to the appropriate vendor daemon. It also serves as an interface between the Vendor daemon and the Application, for checking out licenses.

License server manager types

There are two versions of the license server manager:
• lmgrd – the original license server manager with a command-line interface.
• lmadmin – a newer web-based license server manager.

Conceptual differences

The following table summarizes the conceptual differences between the two license server manager types:

Item lmgrd lmadmin
Interface Command-line interface Web-based license server manager
Configuration Options Configuration information is acquired  from the command-line options used when the program is started No configuration options are required upon program start.
Persistence of change Changes need to be done in the license file Settings are maintained after relaunching the tool, and they override the license file.
License file import A single license file set by the configuration options upon running lmgrd Import (multiple) license files.
Number of running instances One instance of lmgrd is run for each vendor daemon. Supports multiple vendor daemons with one lmadmin process.

More changes between lmgrd & lmadmin

On top of these conceptual changes, there have been some changes in commands:

  • Some commands are no longer supported or have been replaced in lmadmin (e.g. lmremove, lmdown)
  • Some have changed in behavior (e.g. lmreread)
  • Other commands have been added into the lmadmin to integrate the functionality previously provided by the LMTOOLS (Stop server)
Please follow and like us:

Application Note 1027_a: OpenLM Agent Installation and Configuration

OpenLM Utilizer Agent

The OpenLM Utilizer Agent is the end user tool of the OpenLM system. It completes the OpenLM license monitoring tool from the End user’s point of view. It provides end users the following capabilities:

  • Query license availability.
  • Check which users are holding required licenses.
  • View a user’s full set of details as they appear on the LDAP, and communicate with users regarding license availability.
  • Receive license availability notifications as soon as requested licenses become available.
  • Report the session’s active project (mainly for billing purposes).

OpenLM Active Agent

The Active Agent incorporates all the characteristics of the Utilizer Agent. On top of that, it supports an extension that enables system administrators to shut down open applications either manually, or by defining a timeout policy. In this manner, system administrators can suspend or save and close idle applications, in order to make more efficient use of licenses. The Active Agent features a user-friendly interface that enables users to quickly reopen closed applications, or resume suspended ones.

Installation

Download and save the Openlm Utilizer or Active Agent MSI installation file from the Download section of OpenLM’s site. Double-click it, and follow the instructions of the installation wizard.

When installing the Active Agent, the Extensions “OpenLM Extensions” dialog window appears.

The user may either:

  • Select to install the appropriate software extensions, thus ruling an idle application to be treated in the “Save and Close” method, or
  • Select NOT to install the appropriate software extensions, thus ruling an idle application to be treated in the “Suspend and Resume” method, even though it is an “Extension Supported” application.

For more information on Extension-Enabled applications, please refer to “Application Note 1005: Configuring OpenLM to close idle Licenses”.

At the end of the installation process, in the “Agent Configuration” dialog window, type in the OpenLM server with which the Agent is required to connect, and click the “Apply” button. The Installation is now complete, can be changed at any time (see below).

After installing:

The OpenLM Agent icon appears on the “system tray”.
OpenLM Agent in a connected state:
OpenLM Agent in a disconnected state:

Agent Configuration

  • Right click on the agent icon and select ‘OpenLM Agent Configuration’. The Agent configuration window opens.
  • Select the Agent’s language.
  • Type in the OpenLM server name or IP.
  • Type in the OpenLM server port. This is by default 7012.
  • Click the “Check connectivity to OpenLM server” button.

Advanced settings:

  • Logger Configuration File: Type in the location of the Agent Log File.
  • Logging Level: Adjust the Agent’s logging level.
  • Skip Double Instances Alert: This option either enables or blocks alerts when trying to open two agent sessions simultaneously. This option is set active by default.
  • Use Local Computer’s Proxy Settings: This setting may solve issues that originate using a proxy server. This option is set inactive by default.
  • Shut Agent when products Are inactive… : These parameters are relevant for VM servers. When OpoenLM closes a licensed application, the VM (e.g: Citrix) is kept in use by the workstation, unnecessarily consuming a license. This configuration shuts down the OpenLM Agent after INACTIVITY_TIME, thus releasing the VM license.

The OpenLM Java Agent window

The OpenLM Agent window shows the Feature usage status, per License Server, Vendor and User name. Individual user data is also available through the Agent; Just click a chart line to get more information on the user who is currently occupying the license.

Revision 0.1, Apr29 2012.

Please follow and like us:

Application Note 1026: Basic OpenLM Server configuration for FlexLM

General

OpenLM supports the monitoring of a wide, and ever growing variety of license servers. Among those are Flexera FlexLM (Flexnet) , Beta LM, IBM LUM, DSLS, Sentinel HASP, Sentinel RMS, RLM, and LM-X. This is an description of the basic procedure for configuring the Openlm server to interface a FlexLM license manager, to monitor Flexnet reporting.

Procedure

Please first refer to this Application Note. It gives a general description of the OpenLM system; what should be installed where, and who needs to communicate with whom.

Install the latest version of the OpenLM server. It is found on the OpenLM site.

  1. Configure the OpenLM server so that it would communicate with the License server:
  • Open the “OpenLM server configuration window, On the “License Servers” tab (see image below).

  • Click the ‘Add’ button, and type in the license server parameters (Type, Host name (or IP), port & time zone). In order to find the Server name and port, please refer to this post.
  • You can type in a descriptive name to make recognizing the sever easier
  • In the image above, these parameters are: FLEXlm, olm-lm-arcgis10, 27000, UTC+08, “ArcGIS 10 Head Office”.
  • Click the ‘Apply’ button. Select ‘Restart now’. That’s it: the OpenLM server is
  1. Check the connection of the OpenLM server to the license server; click the ‘Check’ button. A text would follow. This text is a query of the License server. It indicates whether a connection to that server is established.
  1. Now open the EasyAdmin web application. Click start -> Management -> License servers. The “License servers” window appears. Verify that the configured license managers appear on the list. Circle nodes indicate a connection to a license server. Square nodes indicate a connection to a Broker which is installed on the License server machine.


Please follow and like us:

How do I know the FlexLM license manager port number ?

OpenLM employs the Flexnet / FlexLM reporting mechanism to monitor and optimize concurrent license usage, and obtain license statistics. The FlexLM license manager interfaces licensed applications via predefined ports. You can verify that a port number is set correctly by:

1. Using Flexera’s LMTOOL utility: Select the “Server Status” tab, and click the “Perform Status inquiry” button. the port number would appear on the line that begins with “License server status:” e.g.:

License server status: 27000@My_server

2. You can also find the server name and port number (If defined as static) directly in the license file, in the SERVER line e.g.:

SERVER <ServerName> <hostId> <PortNumber>

USE SERVER

The path and name of the license file is set in the LMTOOLS, under the “Config Services” tab.

Please follow and like us:

FlexNet vulnerability: lmgrd Remote Code Execution

Zero Day has reported that a security vulnerability has been discovered in FlexNet License Server Manager installations. This vulnerability enables attackers to execute arbitrary code on remote FlexNet License Server managers. Authentication is not required to exploit this vulnerability. The flaw was reported by Luigi Auriemma and Alexander Gavrun.

The specific flaw exists within lmgrd license server manager. lmgrd listens by default on TCP port 27000. A specially crafted packet sent to the server will cause a stack overflow allowing for remote code execution under the context of the server.

Flexera Software has issued an update to correct this vulnerability and also provided license administrators best practices for mitigating risk exposure.

More details can be found at:

http://www.flexerasoftware.com/pl/13057.htm

Please follow and like us:

IBM Rational – FlexNet Token based licensing

IBM Rational license management using FLEXnet

The IBM Rational License Server uses FLEXnet (FlexLM) for licensing IBM Rational products.

FLEXnet main components

The four main components of FLEXnet are:

  • The License Manager Daemon, lmgrd

  • The Vendor Daemon, telelogic

  • The client application program, in this case any IBM Rational application

  • The license file, license.dat

Mode of employment

  • When an IBM Rational product is started, the program uses the TELELOGIC_LICENSE_FILE system variable to find out the name of the computer that’s running the FLEXnet license server and the port that it’s using.

  • The program contacts the license manager on the FLEXnet license server, using the specified port. It requests a floating license and makes the request for the Telelogic vendor daemon.

  • On the FLEXnet license server, the license manager sends the request to the Telelogic vendor daemon. The Telelogic vendor daemon checks to see if any licenses are available.

  • If there are free licenses, the Telelogic vendor daemon grants a license and the program runs. If there aren’t any licenses available, the Telelogic vendor daemon refuses the request, and the program fails to start and displays a license denial message.


Token-based licensing

Token licenses are in fact a form of floating license, only that instead of having a pool of licenses – it has a pool of tokens. When a feature is checked-out, a certain amount of tokens are consumed. The number of consumed tokens is specific to each feature, and is apparent in the feature/Increment line in the license file. When the application is closed, the tokens are returned to the pool for other end users to use.

Advantages of Token licensing

Having the ability to apply the acquired licenses to multiple products is an appealing concept:

  • Customers are not always aware of the full array of features they may acquire. having a token based license scheme ensures customer satisfaction from the license acquisition.

  • As development stages progress, customer needs change. They may require different licensed features, and eliminate the charge of “unused” software.

  • The entire license purchasing method is simplified. Customer can add/try new software during project, without new PO or evaluation process

Rational tools’ token-based licensing

IBM Rational license types

IBM Rational includes the following license types:

DOORS, Synergy, Change, Tau, System Architect, Focal Point, Rhapsody, Publishing Engine, Logiscope and Team Webtop

IBM Rational token license file examples

  • The Increment / Change line marks the number of tokens to be consumed:

INCREMENT Change telelogic 2015.04302 30-apr-2015 1 …

VENDOR_STRING=T10-999999:t,TLSTOK,1.0,Change,5  … // 5 Tokens worth.

  • This is an INCREMENT line indicating the total number of Tokens in the license

file. In this case, it is 200:

INCREMENT TLSTOK ibmratl 2.0 30-apr-2015 200 ISSUER=IBM

Rational License Server 8.1.1

Rational License Server 8.1.1 incorporates all vendor daemons (telelogic, rational, and ibmratl) into one. This change has also been incorporated into multiple Rational products such as ClearCase and ClearQuest.


References

http://publib.boulder.ibm.com/infocenter/rational/v0r0m0/index.jsp?topic=/com.ibm.rational.license.doc/topics/r_lic_log_file.html


http://www-01.ibm.com/support/docview.wss?uid=swg27023414&aid=1

Please follow and like us: