Items
Security issue for a SAN configuration
These concepts are fundamental to understanding how to manage licenses using AVLock SIMPLE.
You already saw how the registration keys are composed and the meaning of all its fields. This section will explain with more detail how to use the fields "Users" and "Instances" in order to set the number of users that can be enabled with a single key. See the section Meaning of each filed into the registration key. Into the topic "Registration Keys".
Users and Instances are two levels of user management. The field "users" handles the first level which is administered through the Internet using the OLM (Online License Manager) in Advanced version, and the field "instances" limits the amount of users (instances of your application) that can be running simultaneously. Instances operating in floating mode, this means that no matter how many computers are connected to the network, each of them may run your application if not exceeded the authorized number of instances running simultaneously.
If you want to grant a license to be run on only one computer, set (Users = 1) and (Instances = 1).
Below you can see a complete picture of what can be achieved with a key with (Users = 3) and (Instances = 4) using a SAN configuration.
Users
The "users" field is handled via the OLM on your website. Below you can see the information on a key with (Users = 3) which allows register up to three computers anywhere in the world. Moreover each of these computers can be a local network servers which admit a certain number of simultaneous users (instances) as the value having the field "Instances". The registration process saves the registration data into the local file *. avr matching with those in the OLM. Below you can see the comparisons made to verify the registration data in each of the computers.
Instances
The field "Instances" into a key can limit the number of users running simultaneously your application in a local area network. From the client computer does not have to make any type of registration. Once the server computer is registered the client reads the registration data and performs the verification as shown below.
Security issue for a SAN configuration
But we see here that there is a security problem because it is not possible to compare the local Installcode stored in the registration data with that obtained directly from the machine, this would allow an illegal copy of data to work properly in another local area network, provided that the performance takes place remotely. How to solve this problem? is easy, simply must not allow remote instances run as the first instance of the network and force the first instance always run from the server with all necessary verification comparisons, and secondly the remote instances. If the user does not want to use the server to work with your application and want to use the available instance from a client, you can do as follows: 1) Start an instance from the server, 2) start another instance from a client, 3) Close the server instance, 4) executes the remaining allowed instances in other clients. See below the code used in Example 1 to implement this restriction:
procedure TForm1.FormPaint(Sender: TObject);
begin
if not AVLockS51.IsLocal and (AVLockS51.activeinstances.count < 2) then begin
showmessage('This application must be run first from the server.');
application.Terminate;
end;
end;
See from example 1: Control the number of concurrent instances