accu mark v 10 network security
TRANSCRIPT
-
7/25/2019 Accu Mark v 10 Network Security
1/18
Page 1of 18
AccuMark Family V1 Network Security
The new V10 security has a new physical security key (SafeNet HL DL) and a different way of applying
license updates compared to previous versions of AccuMark Family software. Security updates have
been made for AccuMark, AccuNest, AccuScan and MTM family of products.
Refer to the document AccuMarkV10Security for details about standalone
licensing. Briefly standalone (single user) and Network keys are available. The
standard green key is for the single user.
Network licensing allows you to have one key on a system and have your users use the license server for
their security access for AccuMark applications. The network key can be used instead of having
standalone keys on each users workstation.
Network or concurrent keys come in 3 varieties: all are red in color but come in
different allotments of 1 to 10 users, 1 to 50 users, and 1 to 250 users. The
license file that is applied to the network key further restricts the number of
users. For example, you need to have a network key for 30 users. Thus you
would need to use the network key that allows 1150 users with a license that
is good for 30 users.
Initial V10 keys come Preconfigured
Your initial V10 network security key will come preconfigured with your software entitlement. This can
include any or all of the AccuMark V10 Family products. You will no longer need to apply a separate
license file to get started.
Be sure that you see the l ight on the key. Some computers may go into sleep or hibernate mode andmay shut down power to the USB ports, thus causing the key to not work properly.
V10 AccuMark and other Gerber Products will use different keys for now
Previously different Gerber products were all able to use the same SafeNet USB black security key and
use the Install License application to apply each of the different licenses, including for AccuMark
software prior to V10, Cutworks, and Cutter software.
Now, because of the V10 security updates, if you have more than one Gerber product like those
mentioned above, you will now need to have two security keys in order to run your applications; one forthe new V10 AccuMark Family software and one for the existing Cutworks and/or Cutter software.
Continue to use Install License for AccuMark Family V9 and earlier versions of software as well for the
Cutworks and Cutter software.
-
7/25/2019 Accu Mark v 10 Network Security
2/18
Page 2of 18
Setting up a License Server: Installing the HASP Drivers
A Network license is installed on a single computer with a Run-time Environment. The Run-Time
Environment for AccuMark is called Sentinel Runtime and is provided through the HASP installation.
The users in the same network will then have access to the network license.
The Run-time Environment includes the HASP device drivers and can be installed without having toinstall the full AccuMark software. Since the HASP drivers are a PreRequisite for the full AccuMark
software, you will need to go to the folder where it is located. On the DVD or download file browse to
the location AccuMark\ISSetupPrerequisites\{940FB97C-6A22-4D82-A2F7-9BED4FF2DACD}. In this
folder run HASPUserSetup.exe.
Note: if you download the software from GERBERnet, you must extract all files before installing. You will
encounter errors if you try to install from within the zip file. Installation of the Run-time Environment on
a computer requires admin rights.
Connecting Users to the License Server
Any system that has AccuMark Family V10 and later software installed will broadcast to find a network
server if they do not have a key attached onto it. You no longer have to set environment variables to
point to the license server as you did for previous versions.
This means that the protected application first searches the local machine for a required Sentinel
protection key (default), and then the network.
Concurrent instances from users can be counted or allocated by:
Station: Each login request for a single machine is counted as an instance (default)
Login: Each login request is counted as an instance Process: Each login request for a single process is counted as an instance
In the network key contents details, you will see the number of concurrent instances for one or more
Features. This value specifies the number of instances of simultaneous usage that the license allows on
the customers network. Concurrent instances may relate to the network, processes, ormachines.
Loss of Connection with a Network License
A network-type protection key (HL or SL) that contains Features with concurrency typically does not
reside on the same computer as the protected application. Under certain circumstances, the
communication between the protected application and the protection key may be lost.
For example, the protected application may fail or the computer that hosts the protected application
may crash. As a result, the protection key has an open session for a non-existent instance of the
protected application, reducing the number of available network seats for the application in the license.
-
7/25/2019 Accu Mark v 10 Network Security
3/18
Page 3of 18
Sentinel License Manager contains an automatic function that identifies instances where a network
protection key and the relevant protected application (on separate computers) have become
disconnected. License Manager handles this situation as follows:
If both computers contain active instances of License Manager, but the protected application
fails, License Manager on the computer that hosts the network protection key immediately
closes the session and frees the network seat for re-use.
If only the computer that hosts the network protection key contains an active instance of
License Manager, the session times out after three minutes. At that point, License Manager
frees the network seat for re-use.
This functionality is completely automatic and requires no setup or configuration activities by the ISV or
the end user.
Admin Control Center
Information extracted from Software Protection and Licensing Guide.pdf
The Admin Control Center provides a way to look at the security keys, their content, generating a C2V
file which contains the current state of the key, applying a V2C (license) file update, and in the case of
network licensing allocations of features and sessions to users.
When you launch Sentinel Admin Control Center, the Web interface displays a number of Administration
Options on the left of the page. The Sentinel Admin Control Center help system provides information
about the fields for each option. Note that the options relate to Sentinel License Manager on the
machine whose name or IP address appears in the title bar of Admin Control Center. The following
options are available:
Sentinel Keysenables you to identify which Sentinel protection keys are currently present on
the network, including locally connected keys.
Productsenables you to view a list of all the Base Products available on all Sentinel License
Managers (local and network). In addition, when a Product contains Features with detachable
licenses you can see the number of licenses for the Product that are currently available to be
detached from the network and the maximum duration for which they may be detached. This
option also enables you to access the Detach/Extend functions.
Note : The Product name for Products that are licensed with Sentinel HL keys are not necessarily
displayed in Admin Control Center.
Featuresenable you to view a list of the Features that are licensed in each of the Sentinelprotection keys that are currently present on the network, including locally connected keys. In
addition, you can see the conditions of the license, and the current activity related to each
Feature.
-
7/25/2019 Accu Mark v 10 Network Security
4/18
Page 4of 18
Sessionslists all the sessions of clients on the local machine, and those remotely logged in to
Sentinel License Manager on the local machine. You can view session data and terminate
sessions.
Update/Attachenables you to update existing licenses on a Sentinel protection key in the field
and, in the case of Sentinel SL keys, to attach a detachable license to a recipient machine. It also
enables you to apply identification details of an offline recipient machine to a host machine inorder to create a file for a detachable license.
Access Logenables you to view a history of log entries for the server on which Sentinel License
Manager is running.
Configurationenables you to specify certain operating settings for Sentinel Admin Control
Center running on the connected machine. You can set parameters relating to user access,
access to remote Sentinel License Managers, and access from remote clients. In addition, you
can customize log template files in terms of the data they return.
Diagnosticsenables you to view operating information for the Sentinel License Manager to
which you are currently logged in, to assist in diagnosing problems. You can generate reports in
HTML format. This option also enables you to view miscellaneous data relating to the use of the
server on which Sentinel License Manager is running.
Help displays the Sentinel Admin Control Center help system. Context-sensitive help is available
within each of the functions described above, by clicking the Help link at the bottom of the page.
Aboutprovides information about the version of Sentinel License Manager, and a link to the
SafeNet, Inc. Web site.
Country Flagsenables you to change the language of the user interface by clicking on the flag of
the country appropriate to the language you require. Languages other than English can be
downloaded from the Sentinel Web site.
-
7/25/2019 Accu Mark v 10 Network Security
5/18
Page 5of 18
Admin Control Center: Looking at a Network Key and its Contents
Open a browser like Internet Explorer and typehttp://localhost:1947into the address bar. Be sure the
V10 network key is attached to the system and click on the Sentinel Keys link on the left:
This example has several different kinds of keys. Not all these types of keys will be visible to others,
mainly just the standalone and networked keys.
The blue Masterkeys allow specific people to generate files for the security keys. No one will have these
keys except for those who are allowed to make such files, like CAD engineering or IT/SAP.
http://localhost:1947/http://localhost:1947/http://localhost:1947/http://localhost:1947/ -
7/25/2019 Accu Mark v 10 Network Security
6/18
Page 6of 18
The soft license or certificateis a different kind of security also may be known as keyless, and is
currently under investigation at this time. The red key is the Network key and the green key is the
Standalonekey.
The see the contents of the network key, click on the Net Features link-box on the right:
Here is a sample of this network keys content:
-
7/25/2019 Accu Mark v 10 Network Security
7/18
Page 7of 18
You may see just numbers listed in the Features column or you may see actual feature names. Your
initial preconfigured key will only show the features as numbers.
If any anytime you need an update to your license, then you will receive an updated license file to apply
and this will enable the ability to see the feature names. Your key will work with either numbers or
feature names.
You will see an expiration date in the Restrictions column. All keys will have expiration dates regardless
if they are permanent licenses. If you are entitled to permanent licenses you will receive updates for
your key prior to your expiration period.
Clicking on the Sessions link will display the information of the connected users:
-
7/25/2019 Accu Mark v 10 Network Security
8/18
Page 8of 18
Managing Access to Sentinel License Managers
Information extracted from Software Protection and Licensing Guide.pdf
Managing Access to Sentinel License Managers is performed in the Users and Access from Remote
Clients tabsin the Configuration page.
-
7/25/2019 Accu Mark v 10 Network Security
9/18
Page 9of 18
Users
The user restrictions that you define are evaluated in the order in which they are specified, and the
evaluation process stops when the first match is found. You therefore need to take care that the
restrictions are listed in an order that satisfies this logic.
The value allow=all@allis implicitly added to the end of the list. According to the logic just described, if
this value was at the beginning of the list, all subsequent restriction values would be ignored.
Additional information about defining restriction values is provided in the Admin Control Center help
system.
Access from Remote Clients
When you define criteria relating to the remote machines that can access Sentinel License Manager on
the current machine, you need to define access restrictions. The remote client access restrictions that
you define are evaluated in the order in which they are specified, and the evaluation process stops when
the first match is found. You therefore need to take care that the restrictions are listed in an order that
satisfies this logic.
-
7/25/2019 Accu Mark v 10 Network Security
10/18
Page 10of 18
The value allow=allis implicitly added to the end of the list. According to the logic just described, if this
value was at the beginning of the list, all subsequent restriction values would be ignored.
Additional information about defining remote client access restriction values is provided in the Admin
Control Center help system.
Accessing Sentinel License Manager Located on a Different Subnet
When a Windows application that is protected with Sentinel LDK v.6.0 or later is located on a different
subnet than Sentinel License Manager and the Sentinel protection key, you must create a separate
configuration file to enable the application to find the License Manager.
Create a file called hasp_vendorID.ini, where vendorID is the Vendor ID associated with your Batch
Code (for the DEMOMA Batch Code, use hasp_demo.ini). Place the file on the same machine as the
protected application, in the following directory:
For Windows Windows 7: %LocalAppData%/SafeNet Sentinel/Sentinel LDK/
For example, for Vendor ID 37517and a user named test1, create the following file:
C:\Users\test1\AppData\Local\SafeNet Sentinel\Sentinel LDK\hasp_37517.ini
-
7/25/2019 Accu Mark v 10 Network Security
11/18
Page 11of 18
A separate .inifile must be created on the machine for each user of the protected application.
The hasp_vendorID.inifile should contain the following line:
SERVERADDR = remoteServerAddress where remoteServerAddress is the IP address or computer
name of the remote machine that contains Sentinel License Manager and the protection key.
Searching for Sentinel License Managers
The Access to Remote License Managertab in the Configuration page is used determine which locations
to include when the local Sentinel License Manager searches for remote Sentinel License Managers.
When you define criteria relating to the machines that may be searched for Sentinel License
Manager, you can choose to:
Enable a broadcast that searches all machines on the local network
Search the default local group in an IPv6 subnet
Restrict the search to specific machines. In this case, it is necessary to specify each machine thatmay be searchedby specifying either its name or its IP address.
Additional information about defining remote license manager access restriction values is provided in
the Admin Control Center help system.
-
7/25/2019 Accu Mark v 10 Network Security
12/18
Page 12of 18
Requesting an Update for your Key
If you purchased an additional AccuMark V10 product, or need to have an update for your current key,
you may be instructed to use either the Gerber License Utility or the Admin Control Center.
NOTE: instructions demonstrate for standalone key, procedure is the same for the network key
The request will be to generate a C2V key to obtain the current state of the key. Your key may not be
able to be updated without a file that contains the current state of the key.
To generate a request using the Admin Control Center open a browser like Internet Explorer and type
http://localhost:1947into the address bar. Be sure the V10 security key is attached to the system and
click on the Sentinel Keys link on the left:
Now click on the C2V link-box on the right:
http://localhost:1947/http://localhost:1947/http://localhost:1947/ -
7/25/2019 Accu Mark v 10 Network Security
13/18
Page 13of 18
Click on the Download C2V File link-box:
Select the Save button to save the file:
-
7/25/2019 Accu Mark v 10 Network Security
14/18
Page 14of 18
You will see an acknowledgement that the file has been saved along with other options:
Note the name and location of your Downloads folder to locate the file to send to the requestor. Send
this file to the person who requested the file from your key.
It can be sent through email or the way as instructed by the requestor.
Once the requestor receives the C2V file, they will generate a new file for you to apply.
-
7/25/2019 Accu Mark v 10 Network Security
15/18
Page 15of 18
Applying an Updated license onto your Key
Once you receive an updated file for your key, now you will need to apply it. You start the same way as
for the request by opening the Admin Control Center Open a browser like Internet Explorer and type
http://localhost:1947into the address bar. Be sure the V10 security key is attached to the system and
click on the Sentinel Keys link on the left:
This time click on the Update/Attach link on the left:
http://localhost:1947/http://localhost:1947/http://localhost:1947/ -
7/25/2019 Accu Mark v 10 Network Security
16/18
Page 16of 18
Use the Browse button to locate your updated file:
Select the V2C file to use then select the Open button:
-
7/25/2019 Accu Mark v 10 Network Security
17/18
Page 17of 18
Select the Apply File button:
You should receive a confirmation message indicating the file was applied successfully:
-
7/25/2019 Accu Mark v 10 Network Security
18/18
Page 18of 18
If you receive an error, capture a copy of the error message and send it to the requestor.
To see the updated file, simply click on the link for the key ID:
Now you will see the updated contents and the feature names: