The Heirloom Computing Licensing-as-a-Service (LaaS) subsystem is used to manage and control users, products and licenses of those products for the users to applications that are running under public or private clouds. If your are an ISV that is transitioning from traditional deployment of your applications at your customer locations to a Software-as-a-Service (SaaS) model employing the Heirloom Platform-as-a-Service (PaaS), you can use LaaS to manage your users by product type, CPU cores hours, or micro-transaction licensing models.
You modify your application to make API calls or REST Web services to check licenses, upload transaction (usage) counts on your products or its features. As an administrator, you manage the users, products, and license for your users.
The system consists of Web services issued against a LaaS server. The LaaS server's Administration Interface it the high-level interface to license objects which control products, licenses customers and their restrictions. The Admin Portal, Web services API and command line interface (CLI) together provide a flexible set of ways to interface to the licensing server. Key features:
- Server-based license management -- nothing other than a file containing identifying information is present on the client machines
- Auditable transaction counts on licensed products; queued to be sent when networks are available
- Limit users to specific locations (IP or MAC addresses)
- Restrict products to specific numbers of locations
- Track transaction counts of each license
- Operate in either online (connected to the Internet) or offline (validation through proxy checkers) mode
- License "expiration" as well as "grace period"
- License management (checking, transaction uploads) through a proxy machine
- A Java JAR API to invoke the license checking Web service programmatically
- A CLI to create the subscription file for users, carry out proxy operations, or issue license checking commands
- Revocation and renewal of licenses are performed on the LaaS server and do not require an "install" or "uninstall" on the client machines
- Customers - defines the e-mail and the unique customer ID, also called a subscription ID, of your customers and administrator accounts used by you to access the system
- Products - defines the product (or product feature or subsystem) name and its product ID
- Restrictions - defines the restrictions in place for all licenses for this product
- Licenses - connects Customers, Products and Restrictions for a particular
- LogLicense - audit trail of license checks over time
- First - First name
- Last - Last name of the user
- Subsciption ID - Assigned when new users are created, the user or customer ID
- Email Address - the email-address for contact and identification
- Confirmed - Yes if licenses can be checked against this user
- Group - The group name to which this user belongs
- Roles - the roles given to this user
- superadmin - ability to change any record and add new records
- admin - ability to change any record with the same group name and add licenses for customers within the group
- deploy - regular user allowed to read records owned by them and check their own licenses
- trial - regular user allowed to read records owned by them and check their own licenses, but for a trial period of time
Restrictions define certain checks for an entire class of products. There may be a single, globally defined restriction for all of your products (and, therefore, licenses generated for your products). Or, you may define different restrictions for different products. Or, they may be orthogonal to products: Define a restriction based on the types of contracts you write with your customers. An "enterprise license agreement" with your customers may allow them to install the license on any number of machines with a single registered user (Limit MACs 99999). A "personal license" may grant access of your product to each customer for use on a single machine only (Limit MACs 1). Another customer may need to operate in offline mode, where your software is running on a computer that does not have access to the Internet (Check-Every 2678400, or 31-days).
- Restriction ID - A GUID uniquely identifying this restriction record (assigned when the record is created)
- Enabled - The restriction is "enabled" and checked with each license check
- Limit Hosts - The number of unique host names or local IP addresses that a licensed user is allowed
- Limit IPs - the number of unique gateway IP addresses that a licensed user is allowed
- Limit MACs - the number of unique MAC, or "ethernet" or "wi-fi" card addresses that a licensed user is allowed
- Limit Concurrency - the maximum number of concurrent license requests by the same user for the same license that a user is allowed
- Limit Systems - If supplied, the list of systems (e.g, zOS, AS/400, AIX, Solaris, WIndows 64-bit, Windows 32-bit, Linux 64-bit, Linux-32 bit) licenses with this restriction are tied to
- Check-Every - The number of seconds (default 1 hour) between mandatory checks of the license and upload of transaction counts to the server by the client. Because the license checking process through the Java API or CLI will ordinarily not contact the license server until this time has passed, this is effectively a grace period during which the client machine may operate offline without Internet connection and not worry about about a rejected license check.
- Relax - By default, all restrictions are checked. To relax the validation checks, which will result in fewer calls to your customer service organization to "reset" licenses, set relax to validationchecks.
Licenses are granted to a particular Customer, for a particular Product, adhering to a specific Restriction. Therefore, a license object has the following identifying elements that tie it to the others.
- License ID - A GUID uniquely identifying the license record (assigned when a new record is created)
- Subscription ID - A Customer ID to whom this license is issued
- Product ID - A Product ID for which this licensed is issued
- Restriction ID - A Restriction ID defining the license restrictions
- Enabled - Indicates that the license is valid
- Start Date - The date the license is issued
- End Date - The date the license expires
- Delta - Time between Start/End (for defining a new license for a particular duration)
- Transactions - A running total of all transactions (license checks with a transaction count) that have occurred to-date, details of which are stored as LogLicense objects
There are several product attributes that are ignored during Licensing-as-a-Service processing. The ones that are important and should be included in any new product.
- Product ID - A GUID uniquely identifying the product record (assigned when a new record is created)
- Product Title - the name of the product for descriptive purposes only (the product id is used to identify this record
- Available - 1 if this product is available for licensing, 0 if not
- Architecture - the machine architecture (e.g., Windows 32-bit) this product is restricted to (normally left blank)
- Default Restriction - the default restriction GUID for licenses granted to this product (optional)
- Date - The date the check or alteration was performed
- Activity - The licensing operation that was performed
- MAC Address - The physical machine address from the licensed machine
- Plus other identifying information about the license