SlideShare ist ein Scribd-Unternehmen logo

Platform Virtualization and Software Licensing

LicensingLive! - SafeNet
LicensingLive! - SafeNet

Platform virtualization, however, can be a concern for end user organizations striving for software license compliance, as well as for independent software vendors (ISVs) who want to enforce license compliance and assure revenue without constraining customer deployment. This paper examines virtualization, its advantages, and why it is such a hot topic in the world of software licensing. Finally, the paper digs deeper into the options available to ISVs and presents best practices for handling software licensing in virtual environments. license terms once the application is deployed on a virtual machine.

Technologie
1 von 8
Downloaden Sie, um offline zu lesen
Platform Virtualization and Software Licensing: Best Practices for Software Vendors WHITE PAPER “Software publishers that have Executive Summary not already begun addressing There are many related, yet different, definitions for virtualization floating around the Internet. how to manage the licensing If examined more closely, we discover that most of them focus on a set of processes and of their applications in virtual approaches designed to make data centers more efficient. Virtualization has existed for many environments are behind the years in the areas of testing and development; however, in today’s economic environment, curve. The strategy should it is becoming more and more prevalent as a way for IT to reduce costs and operate more not only include support for efficiently. licensing in virtual environments but also the ability to enforce Platform virtualization, however, can be a concern for end user organizations striving for license terms once the software license compliance, as well as for independent software vendors (ISVs) who want to application is deployed on enforce license compliance and assure revenue without constraining customer deployment. a virtual machine. Without This paper examines virtualization, its advantages, and why it is such a hot topic in the world enforcement, the software of software licensing. Finally, the paper digs deeper into the options available to ISVs and publisher has no control over presents best practices for handling software licensing in virtual environments. the license and therefore their revenue.” What is virtualization? ~Amy Konary, A few minutes with an Internet search engine provides a wealth of definitions for Research Director for IDC1 virtualization. In the world of computing, virtualization has gone from being a “buzz word” to a mainstream IT term almost as common as PC or server. It is highly unlikely that those involved with the computer industry today have not come across terms such as “virtual machine,” “VM,” and perhaps even “Hypervisor.” A few more minutes of searching reveals the abundance of vendors in the market providing a virtualization solution, with names such as VMware, XEN, VirtualBox, KVM, and, of course, Microsoft soon leading the way. The term virtualization is used universally, and can refer to platforms, applications, networks, storage, memory, and other areas. Ultimately, it is a concept where one or more instances of a physical environment are simulated or recreated artificially in software. Despite, the varied areas that fall under the term virtualization, this paper focuses on the area of platform virtualization and how it affects software licensing and the world of automated software license enforcement. Increasing Reach and Revenue through Secure Software Trialware White Paper 1
Why is virtualization such a hot topic? Virtualization There are so many valid reasons to justify the case for virtualization, as it is one of the most • Reduced capital and useful technological advances in the IT industry. Some of the more significant benefits gained operational costs through through virtualization are outlined below. more efficient use of hardware resources. Reduced capital and operational costs through more efficient use of hardware resources. Often, systems that support the day-to-day operation of a business (such as e-mail servers and • Further reduce costs and database servers) are consuming only around 10 percent to 30 percent of the physical machine’s environmental impact available resources. In other words, without adopting virtualization, up to 90% of a machine’s through Green IT. resources might never actually be utilized. • More efficient testing/ Considering the average purchase costs of high-performance servers, it is easy to see how development and security. this can be perceived as wasteful. By creating multiple virtual servers within a single physical • Improved scalability and machine, a company is able to make far more efficient use of their equipment, and subsequently, deployment agility. reduce the costs associated with the purchase and maintenance of multiple physical machines. • High availability/redundancy. Further reduce costs and environmental impact through Green IT. Reducing the number of servers through virtualization not only saves money through more efficient use of hardware, it also reduces power consumption, with the added benefit of reducing a company’s carbon footprint. More efficient testing/development and security. Another benefit of virtualization is apparent in testing and security. ‘Clean’ virtual images can be used to easily reproduce systems in order to create a new environment for testing and development, or to quickly replace a system which has been adversely affected by malware. Improved scalability and deployment agility. Scalability is another important factor driving virtualization. When a company is in need of additional bandwidth or increased availability, it is comparatively simple to create new instances of a virtualized system in a short space of time, without the costs associated with additional hardware purchases or familiarization with new equipment. High availability/redundancy. Virtualized servers are often installed into clustered environments. The inherent concept of dynamically spinning up virtual image ‘clones’ dramatically reduces the complexity and costs associated with managing a clustered infrastructure. Why is virtualization an even hotter topic in the world of licensing? The reasons outlined above show that virtualization cannot be ignored by companies, and there are simply too many perfectly legitimate reasons why it would be adopted. This reasoning does, however, create a conflict when considering the interests of the software vendor. According to Amy Konary, research director for IDC1, “Software publishers that have not already begun addressing how to manage the licensing of their applications in virtual environments are behind the curve. The strategy should not only include support for licensing in virtual environments but also the ability to enforce license terms once the application is deployed on a virtual machine. Without enforcement, the software publisher has no control over the license and therefore their revenue.” Today, most if not all third-party license enforcement technologies are based on a concept known as host-based license enforcement. In short, this is a concept where the license policies are tied to a known and authorized host or machine. Typically, a software license will be tightly coupled to a designated or authorized computer through a mechanism known as hardware fingerprinting or node locking. The purpose of fingerprinting is to protect the license from unauthorized duplication or sharing by uniquely binding a license to the machine. If the license is copied to a new machine with a new fingerprint, it is automatically invalidated. The most common example of this is to tie the license to unique hardware attributes such as a hard disk identifier or an Ethernet (MAC) address. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 2
Virtualization has introduced a significant challenge to this fundamental component of license Automated License copy protection. The concept of creating virtual hardware means that virtual fingerprints can Enforcement Options also be created. A duplicated virtual machine normally results in a duplicated fingerprint, and • Hardware Keys the license enforcement technology will usually treat the virtual fingerprints no differently than the fingerprints from real (physical) machines. What has historically been seen as a trusted • Detection of Virtual and secure anti-piracy mechanism no longer provides an acceptable level of assurance for the Machines software vendor. • Virtual Machine The most significant point here is that this does not just create an increased threat of malicious Fingerprinting or intended software license misuse. The primary concern for software vendors is that this presents a new problem where conventional ‘honest’ users are now capable of inadvertently duplicating licenses through normal everyday operations. In other words, what is becoming a common way of deploying applications can, and does, result in the accidental duplication of software licenses. This presents another issue where the vendor might have less power from a legal perspective to make a stand and seek protection from those who inadvertently duplicate their licenses. How are software vendors handling virtualization today? Historically, the advice offered to software licensees concerned about virtualization has been based around steering them towards implementing changes in how they price and package their software applications. For example, there are many papers and articles freely available on the Internet advising the vendor to switch their licensing models from conventional seat-based models to metric-based models, such as transaction- and consumption-based schemes. To many vendors, the prospect of implementing such significant operational and commercial changes often presents too great a barrier. Understandably, they are seeking ways to ‘solve’ the problems raised by virtualization and yet maintain their existing commercial models. The main reasons for this resistance to change stem from the fact that so many departments within an organization would be affected. Changes to licensing models would have a direct impact on Sales and sales models, which are also tied to the financial and auditing processes. However, the largest impact is usually with Operations, who are responsible for the fulfillment of the products, along with the associated licenses. Service-orientated roles, such as Customer Care and Technical Support, would also be added to the list. Most software vendors find it difficult to envision how significant changes to the way an application is licensed would not create multiple problems across many independent but interconnected departments. The lack of suitable technical solutions initially drove vendors towards creating contractual wording that would disallow their applications from being installed onto virtualized environments. Some basic ‘virtual machine detection’ solutions have become available in licensing technologies that allow the vendor to enforce these policies technologically, as well as legally. These policies have worked for a short time, but have become less valid as virtualization has become more commonplace. This has left the vendor with one of two simple, yet difficult choices. i. They disallow their applications from being used on virtual machines, and so protect themselves from potential license misuse. This option restricts the scope of their software’s deployment and, therefore, limits sales. ii. More commonly, they simply choose to do nothing about virtualization, keeping the doors fully open from a sales perspective, while forcing them to accept that the license enforcement policies are significantly weakened. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 3
An explanation of automated license enforcement options 1.Hardware Keys The best protection against license duplication through virtualization is to store the information responsible for enforcing the license policy in a location that is trusted or protected, or is outside of the virtual environment. The most common example of this today is with vendors who protect their applications with hardware keys, also known as dongles. When delivering a dongle with an application, it is rare for the debate around virtualization and software licensing to arise. The concept is relatively simple. The use of the software is reliant on the presence of a specific hardware key. Although the system that the software is installed onto can be virtualized (and therefore duplicated), a USB dongle can only be accessed by one machine at a time and access According to IDC VMs will to it is blocked by any other machine. This means that on a single physical machine, the dongle outnumber physical servers 2:1 can only be accessed by one virtual machine, regardless of how many virtual machines are actually running on that physical machine. An extension to using hardware keys would be to combine them with concurrent network licenses. In this scenario, a license server or license manager is protected from being virtualized by tying the licenses that it hosts to a hardware key. Whether the protected applications are installed onto real or virtual clients has little consequence since the license manager will maintain the license seat count. This scenario provides the software vendor with an excellent level of assurance that the license count will be maintained, yet provides their customer with the deployment agility that is often one of the initial factors that drives a company towards virtualization. Virtual Machines License Server Real Machines There are, however, several reasons why hardware keys are not considered to be the universal solution to license enforcement and virtualization. For one, many virtualization technologies do not adequately support external USB devices, meaning that a hardware key will never be seen by the virtual machine. Secondly, there are also many vendors who very strongly prefer not to send hardware keys to their customers and, instead, seek a pure software-based, electronic solution. As mentioned, the whole debate around virtualization was not born within the world of hardware keys, and it is predominantly a concern among those who have exclusively adopted an electronic license enforcement approach. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 4
2. Detection of Virtual Machines With this approach, the licensing system uses internal checks to detect if it (and therefore the protected software) is being run on a virtual machine. The vendor can then choose to allow or disallow their software from being used within a virtual environment, and force the applications to be deployed only onto real machines. This biggest problem with this approach is that it is at risk of having a short shelf-life. As mentioned, virtualization is becoming more commonplace every day, and vendors who choose to prevent their customers from installing their applications onto virtual environments will find that they are able to deploy (and therefore sell) their software to fewer and fewer customers as time goes by. Nearly 50% of enterprise There is, however, a more acceptable solution when combining this approach with a concurrent network license deployment, as with hardware keys. By forcing the license manager onto real organizations have already hardware, the end customer is free to deploy the protected applications onto any mix of real virtualized all or a portion of versus virtual machines. This will also satisfy the desire of many software vendors to maintain their.* IT infrastructure, and an the deployment of electronic licenses. additional 33% plan to do so in the next 12 months.* Virtual Machines License Server VM Real Machines 3. Virtual Machine Fingerprinting Driven specifically by the need to allow the software vendor to continue deploying and fulfilling their software as they have done in the past, the ability to bind a license uniquely to a virtual machine is the latest tool available to them. This links back to the discussion where the majority of software vendors are looking for a solution that will allow them to maintain their existing license and deployment models. The concept of virtual machine fingerprinting (VM fingerprinting) allows the software vendor to treat virtual machines the same as real machines, and the whole debate of virtualization becomes secondary. By providing a fingerprinting mechanism that includes attributes that are designed with virtualization in mind, it becomes possible to lock a license to a virtual computer and still provide a high level of assurance that a copy of that virtual machine will not result in a working copy of the license. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 5
Creating best practices from the available options Seeing the various approaches that are now available to the software vendor, it is now possible to create a workable best practices approach when considering how to address virtualization and automated license enforcement. The primary factor to consider is the level of trust the software vendor has with their customer. Typically, there is a direct correlation between the level of trust the vendor has with a customer and the amount of flexibility they are willing to offer. When the vendor has a higher level of trust, they are able to implement softer policies that provide the end customer with far fewer deployment constraints. High Level of Trust Low Low Level of Protection High Traditional VM Fingerprinting VM Detection Hardware Keys “soft” locking (and allow or disallow) Traditional soft locking puts the least amount of restrictions on the end customer, giving them 9 out of 10 ENT organizations will almost complete freedom in considering when and how to install a vendor’s applications. But this is typically only suitable for end customers who have their own incentives in place for expect their software to run on license compliancy. virtual machines by EoY 2011.* Typically, end customers are seeking more assistance from their software vendors to help them ‘stay honest’, and the vendors prefer to implement measures which help to keep them compliant. The virtual machine fingerprinting fits well into this scenario since it provides a high level of protection from what could be termed as accidental license misuse. When tighter policies are required by the vendor, the detection and denial of virtual machines becomes preferable. It is more common to combine this capability with concurrent network licenses, as previously discussed, to create a more workable solution. Lastly, for maximum levels of assurance, a hardware key is the best choice so that the information related to license enforcement can be stored in a location that is trusted and guaranteed to be external to the virtualized environment. Closing Thoughts It is clear that virtualization is not a short term craze. It is here to stay and, in many ways, is still in its infancy. As virtualization evolves, it will become increasingly more difficult to tell the difference between virtual and real environments. Automated software license enforcement must evolve with virtualization, and the initial tendencies to distance license enforcement from virtualization threaten to make the problem a harder one to solve. Fortunately, there are now feasible options available for software publishers to stop perceiving virtualization as a source of revenue leakage or a blocker of sales, but instead as an opportunity. Those vendors who utilize the tools available to embrace virtualization the soonest will create a significant differentiator between themselves and their competitors. The SafeNet Approach to Licensing in Virtual Environments SafeNet recognizes that the rapidly growing popularity of virtual machines (VMs) within enterprise organizations makes a software vendor’s ability to license and control their applications within any virtual environment critical to business growth and durability. Successful management of software requires not only support for licensing in virtual environments, but also the ability to enforce license terms once the application is deployed on a virtual machine. Without the enforcement, software publishers have no control over the license and, therefore, their revenue. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 6
While hardware keys remain the most effective way to prevent unauthorized use and distribution SafeNet’s options for of software in virtualized environments, for some, that option is not practical. Until the release licensing applications of SafeNet’s VM fingerprinting solution, software vendors wishing to extend their software- in any virtualized based licensing implementation to support virtualized environments were limited to methods environment allow you to: that detect the presence of a VM and either allow or deny the execution of the software within • Protect revenue by those environments—an incomplete solution without any measure of controlling the application preventing copy/duplication once authorized. of applications in virtual With SafeNet, there is finally a viable third option – authorize and control software in any environments virtualized environment with the industry’s first and only technology-agnostic VM fingerprinting • Reduce churn, secure new solution. By enabling software vendors to uniquely lock a license to a single VM, just as they business, and improve would in a traditional licensing scenario, SafeNet’s technology protects the license, and competitive position by therefore the application, from copy and duplication in any end user environment, virtualized or supporting use of your otherwise. application(s) within virtual SafeNet is the industry’s only software licensing and management technology vendor to offer environments software vendors both hardware- and software-based options for licensing applications in any • Increase profit with licensing virtualized environment. and pricing models for virtual • Protect revenue by preventing copy/duplication of applications in virtual environments environments • Reduce churn, secure new business, and improve competitive position by supporting use of your application(s) within virtual environments • Increase profit with licensing and pricing models for virtual environments SafeNet Software Rights Management Solutions Sentinel HASP® Sentinel HASP, formerly Aladdin HASP SRM, is the industry’s first and only software licensing and security solution to enable the use of either software- or hardware-based protection keys to enforce software protection and licensing. With Sentinel HASP, you can increase your profits by protecting against losses from software piracy and intellectual property theft, and enable innovative business models to increase value and differentiate your products. Sentinel HASP fully integrates with your existing software product lifecycle to minimize disruptions to development and business processes. Featuring easy-to-use, role-based tools for developers, product managers, order processing, and production, Sentinel HASP ensures a short learning curve and optimum use of employee time and core competencies—ensuring quick time- to-market and the ability to quickly respond to changing market needs. To download a FREE Sentinel HASP Developer Kit, visit: http://www3.safenet-inc.com/Special/hasp/safenet-hasp-srm-order/default/asp Sentinel RMS® Sentinel RMS is a robust license enablement and enforcement solution providing software and technology vendors with control and visibility into how their applications are deployed and used. Focused on scalable and flexible license management, RMS is ideal for applications deployed in medium to large scale enterprise environments. Implementation of RMS provides a tie-in to software licensing agreements in order to enforce the terms and conditions by which you manage your products. In addition to reducing the risk of piracy, RMS enables you to offer a variety of license models to flexibly price and package your products. When combined with Sentinel EMS, SafeNet’s enterprise-oriented, Web-based management system, Sentinel RMS provides a complete solution for license management and enforcement. Sentinel RMS is deployed by both industry-leading enterprise software vendors and high-tech device manufacturers. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 7
SafeNet Sentinel Software Monetization Solutions SafeNet has more than 25 years of experience in delivering innovative and reliable software licensing and entitlement management solutions to software and technology vendors worldwide. Easy to integrate and use, innovative, and feature-focused, the company’s family of Sentinel® LicensingLive!™ (lahy’sun sing lahyv’), Software Monetization Solutions are designed to meet the unique license enablement, adj. n. [SAFENET, INTERACTIVE] enforcement, and management requirements of any organization, regardless of size, technical 1. Immediate access to the best requirements or organizational structure. Only with SafeNet are clients able to address all practices and emerging challenges of their anti-piracy, IP protection, license enablement, and license management challenges associated with software packaging, while increasing overall profitability, improving internal operations, maintaining competitive pricing, fulfillment, delivery and positioning, and enhancing relationships with their customers and end users. With a proven management. 2. A forum bringing history in adapting to new requirements and introducing new technologies to address evolving together software vendors, industry market conditions, SafeNet’s more than 25,000 customers around the globe know that by analysts, licensing consultants and choosing Sentinel, they choose the freedom to evolve how they do business today, tomorrow, and technology vendors. beyond. For more information on SafeNet’s complete portfolio of Software Monetization Solutions for installed, embedded, and cloud applications or to download a free evaluation of our award winning products please visit www.safenet-inc.com/sentinel Join the Conversation Sentinel Online www.Safenet-inc.com/sentinel www.LicensingLive.com * Enterprise End-User Survey: In September 2010, SafeNet commissioned Vanson Bourne, a third party firm, to Twitter surveyed 300 senior IT decision-makers in the USA (typically CIOs or equivalent), normally the head of the IT function http://twitter.com/#!/LicensingLive within the organisation. Respondents were based in finance, RDT (retail, distribution and transport), the public sector, manufacturing and other commercial sectors. In April of 2010 Vanson Bourne completed the same study across LinkedIn select European and Asian territories. http://bit.ly/LinkedInLicensingLive YouTube http://www.youtube.com/user/LicensingLive Contact Us: For all office locations and contact information, please visit www.safenet-inc.com BrightTalk Follow Us: www.safenet-inc.com/connected http://www.brighttalk.com/channel/5572 ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (EN)-11.16.10 Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 8

Empfohlen

Cloudy with a Chance of Insight
Cloudy with a Chance of InsightCloudy with a Chance of Insight
Cloudy with a Chance of InsightLicensingLive! - SafeNet
 
Feria y Fiestas de Benahadux 2011 San José
Feria y Fiestas de Benahadux 2011 San JoséFeria y Fiestas de Benahadux 2011 San José
Feria y Fiestas de Benahadux 2011 San JosédinaBenahadux
 
Love Is The Thing
Love Is The Thing Love Is The Thing
Love Is The Thing cmnurwy
 
Presentatie tampere caritas
Presentatie tampere caritasPresentatie tampere caritas
Presentatie tampere caritasThomas Jézéquel
 
3d Metal Ball Gold
3d Metal Ball Gold3d Metal Ball Gold
3d Metal Ball GoldMissalicepilin
 
VSTEP Case Study
VSTEP Case StudyVSTEP Case Study
VSTEP Case StudyLicensingLive! - SafeNet
 
Cloud Monetization: A Step by Step Guide
Cloud Monetization: A Step by Step GuideCloud Monetization: A Step by Step Guide
Cloud Monetization: A Step by Step GuideLicensingLive! - SafeNet
 
Turning Technology Threats into Opportunities – The Licensing View
Turning Technology Threats into Opportunities – The Licensing ViewTurning Technology Threats into Opportunities – The Licensing View
Turning Technology Threats into Opportunities – The Licensing ViewLicensingLive! - SafeNet
 

Empfohlen

Cloudy with a Chance of Insight
Cloudy with a Chance of InsightCloudy with a Chance of Insight
Cloudy with a Chance of InsightLicensingLive! - SafeNet
 
Feria y Fiestas de Benahadux 2011 San José
Feria y Fiestas de Benahadux 2011 San JoséFeria y Fiestas de Benahadux 2011 San José
Feria y Fiestas de Benahadux 2011 San JosédinaBenahadux
 
Love Is The Thing
Love Is The Thing Love Is The Thing
Love Is The Thing cmnurwy
 
Presentatie tampere caritas
Presentatie tampere caritasPresentatie tampere caritas
Presentatie tampere caritasThomas Jézéquel
 
3d Metal Ball Gold
3d Metal Ball Gold3d Metal Ball Gold
3d Metal Ball GoldMissalicepilin
 
VSTEP Case Study
VSTEP Case StudyVSTEP Case Study
VSTEP Case StudyLicensingLive! - SafeNet
 
Cloud Monetization: A Step by Step Guide
Cloud Monetization: A Step by Step GuideCloud Monetization: A Step by Step Guide
Cloud Monetization: A Step by Step GuideLicensingLive! - SafeNet
 
Turning Technology Threats into Opportunities – The Licensing View
Turning Technology Threats into Opportunities – The Licensing ViewTurning Technology Threats into Opportunities – The Licensing View
Turning Technology Threats into Opportunities – The Licensing ViewLicensingLive! - SafeNet
 
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...LicensingLive! - SafeNet
 
Integrating Billing and Licensing in a Cloud Environment
Integrating Billing and Licensing in a Cloud EnvironmentIntegrating Billing and Licensing in a Cloud Environment
Integrating Billing and Licensing in a Cloud EnvironmentLicensingLive! - SafeNet
 
Cloud Adoption - A Practical Approach
Cloud Adoption - A Practical ApproachCloud Adoption - A Practical Approach
Cloud Adoption - A Practical ApproachLicensingLive! - SafeNet
 
The Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingThe Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingLicensingLive! - SafeNet
 
VSM Case Study
VSM Case StudyVSM Case Study
VSM Case StudyLicensingLive! - SafeNet
 
Geocap Case Study
Geocap Case StudyGeocap Case Study
Geocap Case StudyLicensingLive! - SafeNet
 
EMS Case Study
EMS Case StudyEMS Case Study
EMS Case StudyLicensingLive! - SafeNet
 
Inea cs en__v4_web
Inea cs en__v4_webInea cs en__v4_web
Inea cs en__v4_webLicensingLive! - SafeNet
 
Key Traffic Systems
Key Traffic SystemsKey Traffic Systems
Key Traffic SystemsLicensingLive! - SafeNet
 
DipTech
DipTechDipTech
DipTechLicensingLive! - SafeNet
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.LicensingLive! - SafeNet
 
CPC
CPCCPC
CPCLicensingLive! - SafeNet
 
RiserTec
RiserTecRiserTec
RiserTecLicensingLive! - SafeNet
 
Build vs. Buy: The Hidden Costs of Licensing
Build vs. Buy: The Hidden Costs of Licensing Build vs. Buy: The Hidden Costs of Licensing
Build vs. Buy: The Hidden Costs of Licensing LicensingLive! - SafeNet
 
Sentinel HASP Envelope
Sentinel HASP EnvelopeSentinel HASP Envelope
Sentinel HASP EnvelopeLicensingLive! - SafeNet
 
Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service LicensingLive! - SafeNet
 
SaaS Pricing and Packaging Strategies
SaaS Pricing and Packaging Strategies SaaS Pricing and Packaging Strategies
SaaS Pricing and Packaging Strategies LicensingLive! - SafeNet
 
Addressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETAddressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETLicensingLive! - SafeNet
 
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)LicensingLive! - SafeNet
 
Dani Shomron, iSC - On Dinosaurs and Men
Dani Shomron, iSC - On Dinosaurs and MenDani Shomron, iSC - On Dinosaurs and Men
Dani Shomron, iSC - On Dinosaurs and MenLicensingLive! - SafeNet
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Weitere ähnliche Inhalte

Mehr von LicensingLive! - SafeNet

Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...LicensingLive! - SafeNet
 
Integrating Billing and Licensing in a Cloud Environment
Integrating Billing and Licensing in a Cloud EnvironmentIntegrating Billing and Licensing in a Cloud Environment
Integrating Billing and Licensing in a Cloud EnvironmentLicensingLive! - SafeNet
 
The Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingThe Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingLicensingLive! - SafeNet
 
Build vs. Buy: The Hidden Costs of Licensing
Build vs. Buy: The Hidden Costs of Licensing Build vs. Buy: The Hidden Costs of Licensing
Build vs. Buy: The Hidden Costs of Licensing LicensingLive! - SafeNet
 
Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service LicensingLive! - SafeNet
 
Addressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETAddressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETLicensingLive! - SafeNet
 
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)LicensingLive! - SafeNet
 

Mehr von LicensingLive! - SafeNet (20)

Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
 
Integrating Billing and Licensing in a Cloud Environment
Integrating Billing and Licensing in a Cloud EnvironmentIntegrating Billing and Licensing in a Cloud Environment
Integrating Billing and Licensing in a Cloud Environment
 
Cloud Adoption - A Practical Approach
Cloud Adoption - A Practical ApproachCloud Adoption - A Practical Approach
Cloud Adoption - A Practical Approach
 
The Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingThe Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based Licensing
 
VSM Case Study
VSM Case StudyVSM Case Study
VSM Case Study
 
Geocap Case Study
Geocap Case StudyGeocap Case Study
Geocap Case Study
 
EMS Case Study
EMS Case StudyEMS Case Study
EMS Case Study
 
Inea cs en__v4_web
Inea cs en__v4_webInea cs en__v4_web
Inea cs en__v4_web
 
Key Traffic Systems
Key Traffic SystemsKey Traffic Systems
Key Traffic Systems
 
DipTech
DipTechDipTech
DipTech
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.
 
CPC
CPCCPC
CPC
 
RiserTec
RiserTecRiserTec
RiserTec
 
Build vs. Buy: The Hidden Costs of Licensing
Build vs. Buy: The Hidden Costs of Licensing Build vs. Buy: The Hidden Costs of Licensing
Build vs. Buy: The Hidden Costs of Licensing
 
Sentinel HASP Envelope
Sentinel HASP EnvelopeSentinel HASP Envelope
Sentinel HASP Envelope
 
Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service
 
SaaS Pricing and Packaging Strategies
SaaS Pricing and Packaging Strategies SaaS Pricing and Packaging Strategies
SaaS Pricing and Packaging Strategies
 
Addressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETAddressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NET
 
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)
SafeNet Vollständige Schutz-& Lizenzlösung Webcast (DE)
 
Dani Shomron, iSC - On Dinosaurs and Men
Dani Shomron, iSC - On Dinosaurs and MenDani Shomron, iSC - On Dinosaurs and Men
Dani Shomron, iSC - On Dinosaurs and Men
 

Kürzlich hochgeladen

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Kürzlich hochgeladen (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Platform Virtualization and Software Licensing

  • 1. Platform Virtualization and Software Licensing: Best Practices for Software Vendors WHITE PAPER “Software publishers that have Executive Summary not already begun addressing There are many related, yet different, definitions for virtualization floating around the Internet. how to manage the licensing If examined more closely, we discover that most of them focus on a set of processes and of their applications in virtual approaches designed to make data centers more efficient. Virtualization has existed for many environments are behind the years in the areas of testing and development; however, in today’s economic environment, curve. The strategy should it is becoming more and more prevalent as a way for IT to reduce costs and operate more not only include support for efficiently. licensing in virtual environments but also the ability to enforce Platform virtualization, however, can be a concern for end user organizations striving for license terms once the software license compliance, as well as for independent software vendors (ISVs) who want to application is deployed on enforce license compliance and assure revenue without constraining customer deployment. a virtual machine. Without This paper examines virtualization, its advantages, and why it is such a hot topic in the world enforcement, the software of software licensing. Finally, the paper digs deeper into the options available to ISVs and publisher has no control over presents best practices for handling software licensing in virtual environments. the license and therefore their revenue.” What is virtualization? ~Amy Konary, A few minutes with an Internet search engine provides a wealth of definitions for Research Director for IDC1 virtualization. In the world of computing, virtualization has gone from being a “buzz word” to a mainstream IT term almost as common as PC or server. It is highly unlikely that those involved with the computer industry today have not come across terms such as “virtual machine,” “VM,” and perhaps even “Hypervisor.” A few more minutes of searching reveals the abundance of vendors in the market providing a virtualization solution, with names such as VMware, XEN, VirtualBox, KVM, and, of course, Microsoft soon leading the way. The term virtualization is used universally, and can refer to platforms, applications, networks, storage, memory, and other areas. Ultimately, it is a concept where one or more instances of a physical environment are simulated or recreated artificially in software. Despite, the varied areas that fall under the term virtualization, this paper focuses on the area of platform virtualization and how it affects software licensing and the world of automated software license enforcement. Increasing Reach and Revenue through Secure Software Trialware White Paper 1
  • 2. Why is virtualization such a hot topic? Virtualization There are so many valid reasons to justify the case for virtualization, as it is one of the most • Reduced capital and useful technological advances in the IT industry. Some of the more significant benefits gained operational costs through through virtualization are outlined below. more efficient use of hardware resources. Reduced capital and operational costs through more efficient use of hardware resources. Often, systems that support the day-to-day operation of a business (such as e-mail servers and • Further reduce costs and database servers) are consuming only around 10 percent to 30 percent of the physical machine’s environmental impact available resources. In other words, without adopting virtualization, up to 90% of a machine’s through Green IT. resources might never actually be utilized. • More efficient testing/ Considering the average purchase costs of high-performance servers, it is easy to see how development and security. this can be perceived as wasteful. By creating multiple virtual servers within a single physical • Improved scalability and machine, a company is able to make far more efficient use of their equipment, and subsequently, deployment agility. reduce the costs associated with the purchase and maintenance of multiple physical machines. • High availability/redundancy. Further reduce costs and environmental impact through Green IT. Reducing the number of servers through virtualization not only saves money through more efficient use of hardware, it also reduces power consumption, with the added benefit of reducing a company’s carbon footprint. More efficient testing/development and security. Another benefit of virtualization is apparent in testing and security. ‘Clean’ virtual images can be used to easily reproduce systems in order to create a new environment for testing and development, or to quickly replace a system which has been adversely affected by malware. Improved scalability and deployment agility. Scalability is another important factor driving virtualization. When a company is in need of additional bandwidth or increased availability, it is comparatively simple to create new instances of a virtualized system in a short space of time, without the costs associated with additional hardware purchases or familiarization with new equipment. High availability/redundancy. Virtualized servers are often installed into clustered environments. The inherent concept of dynamically spinning up virtual image ‘clones’ dramatically reduces the complexity and costs associated with managing a clustered infrastructure. Why is virtualization an even hotter topic in the world of licensing? The reasons outlined above show that virtualization cannot be ignored by companies, and there are simply too many perfectly legitimate reasons why it would be adopted. This reasoning does, however, create a conflict when considering the interests of the software vendor. According to Amy Konary, research director for IDC1, “Software publishers that have not already begun addressing how to manage the licensing of their applications in virtual environments are behind the curve. The strategy should not only include support for licensing in virtual environments but also the ability to enforce license terms once the application is deployed on a virtual machine. Without enforcement, the software publisher has no control over the license and therefore their revenue.” Today, most if not all third-party license enforcement technologies are based on a concept known as host-based license enforcement. In short, this is a concept where the license policies are tied to a known and authorized host or machine. Typically, a software license will be tightly coupled to a designated or authorized computer through a mechanism known as hardware fingerprinting or node locking. The purpose of fingerprinting is to protect the license from unauthorized duplication or sharing by uniquely binding a license to the machine. If the license is copied to a new machine with a new fingerprint, it is automatically invalidated. The most common example of this is to tie the license to unique hardware attributes such as a hard disk identifier or an Ethernet (MAC) address. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 2
  • 3. Virtualization has introduced a significant challenge to this fundamental component of license Automated License copy protection. The concept of creating virtual hardware means that virtual fingerprints can Enforcement Options also be created. A duplicated virtual machine normally results in a duplicated fingerprint, and • Hardware Keys the license enforcement technology will usually treat the virtual fingerprints no differently than the fingerprints from real (physical) machines. What has historically been seen as a trusted • Detection of Virtual and secure anti-piracy mechanism no longer provides an acceptable level of assurance for the Machines software vendor. • Virtual Machine The most significant point here is that this does not just create an increased threat of malicious Fingerprinting or intended software license misuse. The primary concern for software vendors is that this presents a new problem where conventional ‘honest’ users are now capable of inadvertently duplicating licenses through normal everyday operations. In other words, what is becoming a common way of deploying applications can, and does, result in the accidental duplication of software licenses. This presents another issue where the vendor might have less power from a legal perspective to make a stand and seek protection from those who inadvertently duplicate their licenses. How are software vendors handling virtualization today? Historically, the advice offered to software licensees concerned about virtualization has been based around steering them towards implementing changes in how they price and package their software applications. For example, there are many papers and articles freely available on the Internet advising the vendor to switch their licensing models from conventional seat-based models to metric-based models, such as transaction- and consumption-based schemes. To many vendors, the prospect of implementing such significant operational and commercial changes often presents too great a barrier. Understandably, they are seeking ways to ‘solve’ the problems raised by virtualization and yet maintain their existing commercial models. The main reasons for this resistance to change stem from the fact that so many departments within an organization would be affected. Changes to licensing models would have a direct impact on Sales and sales models, which are also tied to the financial and auditing processes. However, the largest impact is usually with Operations, who are responsible for the fulfillment of the products, along with the associated licenses. Service-orientated roles, such as Customer Care and Technical Support, would also be added to the list. Most software vendors find it difficult to envision how significant changes to the way an application is licensed would not create multiple problems across many independent but interconnected departments. The lack of suitable technical solutions initially drove vendors towards creating contractual wording that would disallow their applications from being installed onto virtualized environments. Some basic ‘virtual machine detection’ solutions have become available in licensing technologies that allow the vendor to enforce these policies technologically, as well as legally. These policies have worked for a short time, but have become less valid as virtualization has become more commonplace. This has left the vendor with one of two simple, yet difficult choices. i. They disallow their applications from being used on virtual machines, and so protect themselves from potential license misuse. This option restricts the scope of their software’s deployment and, therefore, limits sales. ii. More commonly, they simply choose to do nothing about virtualization, keeping the doors fully open from a sales perspective, while forcing them to accept that the license enforcement policies are significantly weakened. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 3
  • 4. An explanation of automated license enforcement options 1.Hardware Keys The best protection against license duplication through virtualization is to store the information responsible for enforcing the license policy in a location that is trusted or protected, or is outside of the virtual environment. The most common example of this today is with vendors who protect their applications with hardware keys, also known as dongles. When delivering a dongle with an application, it is rare for the debate around virtualization and software licensing to arise. The concept is relatively simple. The use of the software is reliant on the presence of a specific hardware key. Although the system that the software is installed onto can be virtualized (and therefore duplicated), a USB dongle can only be accessed by one machine at a time and access According to IDC VMs will to it is blocked by any other machine. This means that on a single physical machine, the dongle outnumber physical servers 2:1 can only be accessed by one virtual machine, regardless of how many virtual machines are actually running on that physical machine. An extension to using hardware keys would be to combine them with concurrent network licenses. In this scenario, a license server or license manager is protected from being virtualized by tying the licenses that it hosts to a hardware key. Whether the protected applications are installed onto real or virtual clients has little consequence since the license manager will maintain the license seat count. This scenario provides the software vendor with an excellent level of assurance that the license count will be maintained, yet provides their customer with the deployment agility that is often one of the initial factors that drives a company towards virtualization. Virtual Machines License Server Real Machines There are, however, several reasons why hardware keys are not considered to be the universal solution to license enforcement and virtualization. For one, many virtualization technologies do not adequately support external USB devices, meaning that a hardware key will never be seen by the virtual machine. Secondly, there are also many vendors who very strongly prefer not to send hardware keys to their customers and, instead, seek a pure software-based, electronic solution. As mentioned, the whole debate around virtualization was not born within the world of hardware keys, and it is predominantly a concern among those who have exclusively adopted an electronic license enforcement approach. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 4
  • 5. 2. Detection of Virtual Machines With this approach, the licensing system uses internal checks to detect if it (and therefore the protected software) is being run on a virtual machine. The vendor can then choose to allow or disallow their software from being used within a virtual environment, and force the applications to be deployed only onto real machines. This biggest problem with this approach is that it is at risk of having a short shelf-life. As mentioned, virtualization is becoming more commonplace every day, and vendors who choose to prevent their customers from installing their applications onto virtual environments will find that they are able to deploy (and therefore sell) their software to fewer and fewer customers as time goes by. Nearly 50% of enterprise There is, however, a more acceptable solution when combining this approach with a concurrent network license deployment, as with hardware keys. By forcing the license manager onto real organizations have already hardware, the end customer is free to deploy the protected applications onto any mix of real virtualized all or a portion of versus virtual machines. This will also satisfy the desire of many software vendors to maintain their.* IT infrastructure, and an the deployment of electronic licenses. additional 33% plan to do so in the next 12 months.* Virtual Machines License Server VM Real Machines 3. Virtual Machine Fingerprinting Driven specifically by the need to allow the software vendor to continue deploying and fulfilling their software as they have done in the past, the ability to bind a license uniquely to a virtual machine is the latest tool available to them. This links back to the discussion where the majority of software vendors are looking for a solution that will allow them to maintain their existing license and deployment models. The concept of virtual machine fingerprinting (VM fingerprinting) allows the software vendor to treat virtual machines the same as real machines, and the whole debate of virtualization becomes secondary. By providing a fingerprinting mechanism that includes attributes that are designed with virtualization in mind, it becomes possible to lock a license to a virtual computer and still provide a high level of assurance that a copy of that virtual machine will not result in a working copy of the license. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 5
  • 6. Creating best practices from the available options Seeing the various approaches that are now available to the software vendor, it is now possible to create a workable best practices approach when considering how to address virtualization and automated license enforcement. The primary factor to consider is the level of trust the software vendor has with their customer. Typically, there is a direct correlation between the level of trust the vendor has with a customer and the amount of flexibility they are willing to offer. When the vendor has a higher level of trust, they are able to implement softer policies that provide the end customer with far fewer deployment constraints. High Level of Trust Low Low Level of Protection High Traditional VM Fingerprinting VM Detection Hardware Keys “soft” locking (and allow or disallow) Traditional soft locking puts the least amount of restrictions on the end customer, giving them 9 out of 10 ENT organizations will almost complete freedom in considering when and how to install a vendor’s applications. But this is typically only suitable for end customers who have their own incentives in place for expect their software to run on license compliancy. virtual machines by EoY 2011.* Typically, end customers are seeking more assistance from their software vendors to help them ‘stay honest’, and the vendors prefer to implement measures which help to keep them compliant. The virtual machine fingerprinting fits well into this scenario since it provides a high level of protection from what could be termed as accidental license misuse. When tighter policies are required by the vendor, the detection and denial of virtual machines becomes preferable. It is more common to combine this capability with concurrent network licenses, as previously discussed, to create a more workable solution. Lastly, for maximum levels of assurance, a hardware key is the best choice so that the information related to license enforcement can be stored in a location that is trusted and guaranteed to be external to the virtualized environment. Closing Thoughts It is clear that virtualization is not a short term craze. It is here to stay and, in many ways, is still in its infancy. As virtualization evolves, it will become increasingly more difficult to tell the difference between virtual and real environments. Automated software license enforcement must evolve with virtualization, and the initial tendencies to distance license enforcement from virtualization threaten to make the problem a harder one to solve. Fortunately, there are now feasible options available for software publishers to stop perceiving virtualization as a source of revenue leakage or a blocker of sales, but instead as an opportunity. Those vendors who utilize the tools available to embrace virtualization the soonest will create a significant differentiator between themselves and their competitors. The SafeNet Approach to Licensing in Virtual Environments SafeNet recognizes that the rapidly growing popularity of virtual machines (VMs) within enterprise organizations makes a software vendor’s ability to license and control their applications within any virtual environment critical to business growth and durability. Successful management of software requires not only support for licensing in virtual environments, but also the ability to enforce license terms once the application is deployed on a virtual machine. Without the enforcement, software publishers have no control over the license and, therefore, their revenue. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 6
  • 7. While hardware keys remain the most effective way to prevent unauthorized use and distribution SafeNet’s options for of software in virtualized environments, for some, that option is not practical. Until the release licensing applications of SafeNet’s VM fingerprinting solution, software vendors wishing to extend their software- in any virtualized based licensing implementation to support virtualized environments were limited to methods environment allow you to: that detect the presence of a VM and either allow or deny the execution of the software within • Protect revenue by those environments—an incomplete solution without any measure of controlling the application preventing copy/duplication once authorized. of applications in virtual With SafeNet, there is finally a viable third option – authorize and control software in any environments virtualized environment with the industry’s first and only technology-agnostic VM fingerprinting • Reduce churn, secure new solution. By enabling software vendors to uniquely lock a license to a single VM, just as they business, and improve would in a traditional licensing scenario, SafeNet’s technology protects the license, and competitive position by therefore the application, from copy and duplication in any end user environment, virtualized or supporting use of your otherwise. application(s) within virtual SafeNet is the industry’s only software licensing and management technology vendor to offer environments software vendors both hardware- and software-based options for licensing applications in any • Increase profit with licensing virtualized environment. and pricing models for virtual • Protect revenue by preventing copy/duplication of applications in virtual environments environments • Reduce churn, secure new business, and improve competitive position by supporting use of your application(s) within virtual environments • Increase profit with licensing and pricing models for virtual environments SafeNet Software Rights Management Solutions Sentinel HASP® Sentinel HASP, formerly Aladdin HASP SRM, is the industry’s first and only software licensing and security solution to enable the use of either software- or hardware-based protection keys to enforce software protection and licensing. With Sentinel HASP, you can increase your profits by protecting against losses from software piracy and intellectual property theft, and enable innovative business models to increase value and differentiate your products. Sentinel HASP fully integrates with your existing software product lifecycle to minimize disruptions to development and business processes. Featuring easy-to-use, role-based tools for developers, product managers, order processing, and production, Sentinel HASP ensures a short learning curve and optimum use of employee time and core competencies—ensuring quick time- to-market and the ability to quickly respond to changing market needs. To download a FREE Sentinel HASP Developer Kit, visit: http://www3.safenet-inc.com/Special/hasp/safenet-hasp-srm-order/default/asp Sentinel RMS® Sentinel RMS is a robust license enablement and enforcement solution providing software and technology vendors with control and visibility into how their applications are deployed and used. Focused on scalable and flexible license management, RMS is ideal for applications deployed in medium to large scale enterprise environments. Implementation of RMS provides a tie-in to software licensing agreements in order to enforce the terms and conditions by which you manage your products. In addition to reducing the risk of piracy, RMS enables you to offer a variety of license models to flexibly price and package your products. When combined with Sentinel EMS, SafeNet’s enterprise-oriented, Web-based management system, Sentinel RMS provides a complete solution for license management and enforcement. Sentinel RMS is deployed by both industry-leading enterprise software vendors and high-tech device manufacturers. Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 7
  • 8. SafeNet Sentinel Software Monetization Solutions SafeNet has more than 25 years of experience in delivering innovative and reliable software licensing and entitlement management solutions to software and technology vendors worldwide. Easy to integrate and use, innovative, and feature-focused, the company’s family of Sentinel® LicensingLive!™ (lahy’sun sing lahyv’), Software Monetization Solutions are designed to meet the unique license enablement, adj. n. [SAFENET, INTERACTIVE] enforcement, and management requirements of any organization, regardless of size, technical 1. Immediate access to the best requirements or organizational structure. Only with SafeNet are clients able to address all practices and emerging challenges of their anti-piracy, IP protection, license enablement, and license management challenges associated with software packaging, while increasing overall profitability, improving internal operations, maintaining competitive pricing, fulfillment, delivery and positioning, and enhancing relationships with their customers and end users. With a proven management. 2. A forum bringing history in adapting to new requirements and introducing new technologies to address evolving together software vendors, industry market conditions, SafeNet’s more than 25,000 customers around the globe know that by analysts, licensing consultants and choosing Sentinel, they choose the freedom to evolve how they do business today, tomorrow, and technology vendors. beyond. For more information on SafeNet’s complete portfolio of Software Monetization Solutions for installed, embedded, and cloud applications or to download a free evaluation of our award winning products please visit www.safenet-inc.com/sentinel Join the Conversation Sentinel Online www.Safenet-inc.com/sentinel www.LicensingLive.com * Enterprise End-User Survey: In September 2010, SafeNet commissioned Vanson Bourne, a third party firm, to Twitter surveyed 300 senior IT decision-makers in the USA (typically CIOs or equivalent), normally the head of the IT function http://twitter.com/#!/LicensingLive within the organisation. Respondents were based in finance, RDT (retail, distribution and transport), the public sector, manufacturing and other commercial sectors. In April of 2010 Vanson Bourne completed the same study across LinkedIn select European and Asian territories. http://bit.ly/LinkedInLicensingLive YouTube http://www.youtube.com/user/LicensingLive Contact Us: For all office locations and contact information, please visit www.safenet-inc.com BrightTalk Follow Us: www.safenet-inc.com/connected http://www.brighttalk.com/channel/5572 ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (EN)-11.16.10 Platform Virtualization and Software Licensing: Best Practices for Software Vendors White Paper 8