Accu Mark v 10 Network Security

7/25/2019 Accu Mark v 10 Network Security

1/18

Page 1of 18

AccuMark Family V1 Network Security

The new V10 security has a new physical security key (SafeNet HL DL) and a different way of applying

license updates compared to previous versions of AccuMark Family software. Security updates have

been made for AccuMark, AccuNest, AccuScan and MTM family of products.

Refer to the document AccuMarkV10Security for details about standalone

licensing. Briefly standalone (single user) and Network keys are available. The

standard green key is for the single user.

Network licensing allows you to have one key on a system and have your users use the license server for

their security access for AccuMark applications. The network key can be used instead of having

standalone keys on each users workstation.

Network or concurrent keys come in 3 varieties: all are red in color but come in

different allotments of 1 to 10 users, 1 to 50 users, and 1 to 250 users. The

license file that is applied to the network key further restricts the number of

users. For example, you need to have a network key for 30 users. Thus you

would need to use the network key that allows 1150 users with a license that

is good for 30 users.

Initial V10 keys come Preconfigured

Your initial V10 network security key will come preconfigured with your software entitlement. This can

include any or all of the AccuMark V10 Family products. You will no longer need to apply a separate

license file to get started.

Be sure that you see the l ight on the key. Some computers may go into sleep or hibernate mode andmay shut down power to the USB ports, thus causing the key to not work properly.

V10 AccuMark and other Gerber Products will use different keys for now

Previously different Gerber products were all able to use the same SafeNet USB black security key and

use the Install License application to apply each of the different licenses, including for AccuMark

software prior to V10, Cutworks, and Cutter software.

Now, because of the V10 security updates, if you have more than one Gerber product like those

mentioned above, you will now need to have two security keys in order to run your applications; one forthe new V10 AccuMark Family software and one for the existing Cutworks and/or Cutter software.

Continue to use Install License for AccuMark Family V9 and earlier versions of software as well for the

Cutworks and Cutter software.


2/18

Page 2of 18

Setting up a License Server: Installing the HASP Drivers

A Network license is installed on a single computer with a Run-time Environment. The Run-Time

Environment for AccuMark is called Sentinel Runtime and is provided through the HASP installation.

The users in the same network will then have access to the network license.

The Run-time Environment includes the HASP device drivers and can be installed without having toinstall the full AccuMark software. Since the HASP drivers are a PreRequisite for the full AccuMark

software, you will need to go to the folder where it is located. On the DVD or download file browse to

the location AccuMark\ISSetupPrerequisites\{940FB97C-6A22-4D82-A2F7-9BED4FF2DACD}. In this

folder run HASPUserSetup.exe.

Note: if you download the software from GERBERnet, you must extract all files before installing. You will

encounter errors if you try to install from within the zip file. Installation of the Run-time Environment on

a computer requires admin rights.

Connecting Users to the License Server

Any system that has AccuMark Family V10 and later software installed will broadcast to find a network

server if they do not have a key attached onto it. You no longer have to set environment variables to

point to the license server as you did for previous versions.

This means that the protected application first searches the local machine for a required Sentinel

protection key (default), and then the network.

Concurrent instances from users can be counted or allocated by:

Station: Each login request for a single machine is counted as an instance (default)

Login: Each login request is counted as an instance Process: Each login request for a single process is counted as an instance

In the network key contents details, you will see the number of concurrent instances for one or more

Features. This value specifies the number of instances of simultaneous usage that the license allows on

the customers network. Concurrent instances may relate to the network, processes, ormachines.

Loss of Connection with a Network License

A network-type protection key (HL or SL) that contains Features with concurrency typically does not

reside on the same computer as the protected application. Under certain circumstances, the

communication between the protected application and the protection key may be lost.

For example, the protected application may fail or the computer that hosts the protected application

may crash. As a result, the protection key has an open session for a non-existent instance of the

protected application, reducing the number of available network seats for the application in the license.


3/18

Page 3of 18

Sentinel License Manager contains an automatic function that identifies instances where a network

protection key and the relevant protected application (on separate computers) have become

disconnected. License Manager handles this situation as follows:

If both computers contain active instances of License Manager, but the protected application

fails, License Manager on the computer that hosts the network protection key immediately

closes the session and frees the network seat for re-use.

If only the computer that hosts the network protection key contains an active instance of

License Manager, the session times out after three minutes. At that point, License Manager

frees the network seat for re-use.

This functionality is completely automatic and requires no setup or configuration activities by the ISV or

the end user.

Admin Control Center

Information extracted from Software Protection and Licensing Guide.pdf

The Admin Control Center provides a way to look at the security keys, their content, generating a C2V

file which contains the current state of the key, applying a V2C (license) file update, and in the case of

network licensing allocations of features and sessions to users.

When you launch Sentinel Admin Control Center, the Web interface displays a number of Administration

Options on the left of the page. The Sentinel Admin Control Center help system provides information

about the fields for each option. Note that the options relate to Sentinel License Manager on the

machine whose name or IP address appears in the title bar of Admin Control Center. The following

options are available:

Sentinel Keysenables you to identify which Sentinel protection keys are currently present on

the network, including locally connected keys.

Productsenables you to view a list of all the Base Products available on all Sentinel License

Managers (local and network). In addition, when a Product contains Features with detachable

licenses you can see the number of licenses for the Product that are currently available to be

detached from the network and the maximum duration for which they may be detached. This

option also enables you to access the Detach/Extend functions.

Note : The Product name for Products that are licensed with Sentinel HL keys are not necessarily

displayed in Admin Control Center.

Featuresenable you to view a list of the Features that are licensed in each of the Sentinelprotection keys that are currently present on the network, including locally connected keys. In

addition, you can see the conditions of the license, and the current activity related to each

Feature.


4/18

Page 4of 18

Sessionslists all the sessions of clients on the local machine, and those remotely logged in to

Sentinel License Manager on the local machine. You can view session data and terminate

sessions.

Update/Attachenables you to update existing licenses on a Sentinel protection key in the field

and, in the case of Sentinel SL keys, to attach a detachable license to a recipient machine. It also

enables you to apply identification details of an offline recipient machine to a host machine inorder to create a file for a detachable license.

Access Logenables you to view a history of log entries for the server on which Sentinel License

Manager is running.

Configurationenables you to specify certain operating settings for Sentinel Admin Control

Center running on the connected machine. You can set parameters relating to user access,

access to remote Sentinel License Managers, and access from remote clients. In addition, you

can customize log template files in terms of the data they return.

Diagnosticsenables you to view operating information for the Sentinel License Manager to

which you are currently logged in, to assist in diagnosing problems. You can generate reports in

HTML format. This option also enables you to view miscellaneous data relating to the use of the

server on which Sentinel License Manager is running.

Help displays the Sentinel Admin Control Center help system. Context-sensitive help is available

within each of the functions described above, by clicking the Help link at the bottom of the page.

Aboutprovides information about the version of Sentinel License Manager, and a link to the

SafeNet, Inc. Web site.

Country Flagsenables you to change the language of the user interface by clicking on the flag of

the country appropriate to the language you require. Languages other than English can be

downloaded from the Sentinel Web site.


5/18

Page 5of 18

Admin Control Center: Looking at a Network Key and its Contents

Open a browser like Internet Explorer and typehttp://localhost:1947into the address bar. Be sure the

V10 network key is attached to the system and click on the Sentinel Keys link on the left:

This example has several different kinds of keys. Not all these types of keys will be visible to others,

mainly just the standalone and networked keys.

The blue Masterkeys allow specific people to generate files for the security keys. No one will have these

keys except for those who are allowed to make such files, like CAD engineering or IT/SAP.
http://localhost:1947/http://localhost:1947/http://localhost:1947/http://localhost:1947/


6/18

Page 6of 18

The soft license or certificateis a different kind of security also may be known as keyless, and is

currently under investigation at this time. The red key is the Network key and the green key is the

Standalonekey.

The see the contents of the network key, click on the Net Features link-box on the right:

Here is a sample of this network keys content:


7/18

Page 7of 18

You may see just numbers listed in the Features column or you may see actual feature names. Your

initial preconfigured key will only show the features as numbers.

If any anytime you need an update to your license, then you will receive an updated license file to apply

and this will enable the ability to see the feature names. Your key will work with either numbers or

feature names.

You will see an expiration date in the Restrictions column. All keys will have expiration dates regardless

if they are permanent licenses. If you are entitled to permanent licenses you will receive updates for

your key prior to your expiration period.

Clicking on the Sessions link will display the information of the connected users:


8/18

Page 8of 18

Managing Access to Sentinel License Managers

Information extracted from Software Protection and Licensing Guide.pdf

Managing Access to Sentinel License Managers is performed in the Users and Access from Remote

Clients tabsin the Configuration page.


9/18

Page 9of 18

Users

The user restrictions that you define are evaluated in the order in which they are specified, and the

evaluation process stops when the first match is found. You therefore need to take care that the

restrictions are listed in an order that satisfies this logic.

The value allow=all@allis implicitly added to the end of the list. According to the logic just described, if

this value was at the beginning of the list, all subsequent restriction values would be ignored.

Additional information about defining restriction values is provided in the Admin Control Center help

system.

Access from Remote Clients

When you define criteria relating to the remote machines that can access Sentinel License Manager on

the current machine, you need to define access restrictions. The remote client access restrictions that

you define are evaluated in the order in which they are specified, and the evaluation process stops when

the first match is found. You therefore need to take care that the restrictions are listed in an order that

satisfies this logic.


10/18

Page 10of 18

The value allow=allis implicitly added to the end of the list. According to the logic just described, if this

value was at the beginning of the list, all subsequent restriction values would be ignored.

Additional information about defining remote client access restriction values is provided in the Admin

Control Center help system.

Accessing Sentinel License Manager Located on a Different Subnet

When a Windows application that is protected with Sentinel LDK v.6.0 or later is located on a different

subnet than Sentinel License Manager and the Sentinel protection key, you must create a separate

configuration file to enable the application to find the License Manager.

Create a file called hasp_vendorID.ini, where vendorID is the Vendor ID associated with your Batch

Code (for the DEMOMA Batch Code, use hasp_demo.ini). Place the file on the same machine as the

protected application, in the following directory:

For Windows Windows 7: %LocalAppData%/SafeNet Sentinel/Sentinel LDK/

For example, for Vendor ID 37517and a user named test1, create the following file:

C:\Users\test1\AppData\Local\SafeNet Sentinel\Sentinel LDK\hasp_37517.ini


11/18

Page 11of 18

A separate .inifile must be created on the machine for each user of the protected application.

The hasp_vendorID.inifile should contain the following line:

SERVERADDR = remoteServerAddress where remoteServerAddress is the IP address or computer

name of the remote machine that contains Sentinel License Manager and the protection key.

Searching for Sentinel License Managers

The Access to Remote License Managertab in the Configuration page is used determine which locations

to include when the local Sentinel License Manager searches for remote Sentinel License Managers.

When you define criteria relating to the machines that may be searched for Sentinel License

Manager, you can choose to:

Enable a broadcast that searches all machines on the local network

Search the default local group in an IPv6 subnet

Restrict the search to specific machines. In this case, it is necessary to specify each machine thatmay be searchedby specifying either its name or its IP address.

Additional information about defining remote license manager access restriction values is provided in

the Admin Control Center help system.


12/18

Page 12of 18

Requesting an Update for your Key

If you purchased an additional AccuMark V10 product, or need to have an update for your current key,

you may be instructed to use either the Gerber License Utility or the Admin Control Center.

NOTE: instructions demonstrate for standalone key, procedure is the same for the network key

The request will be to generate a C2V key to obtain the current state of the key. Your key may not be

able to be updated without a file that contains the current state of the key.

To generate a request using the Admin Control Center open a browser like Internet Explorer and type

http://localhost:1947into the address bar. Be sure the V10 security key is attached to the system and

click on the Sentinel Keys link on the left:

Now click on the C2V link-box on the right:
http://localhost:1947/http://localhost:1947/http://localhost:1947/


13/18

Page 13of 18

Click on the Download C2V File link-box:

Select the Save button to save the file:


14/18

Page 14of 18

You will see an acknowledgement that the file has been saved along with other options:

Note the name and location of your Downloads folder to locate the file to send to the requestor. Send

this file to the person who requested the file from your key.

It can be sent through email or the way as instructed by the requestor.

Once the requestor receives the C2V file, they will generate a new file for you to apply.


15/18

Page 15of 18

Applying an Updated license onto your Key

Once you receive an updated file for your key, now you will need to apply it. You start the same way as

for the request by opening the Admin Control Center Open a browser like Internet Explorer and type

http://localhost:1947into the address bar. Be sure the V10 security key is attached to the system and

click on the Sentinel Keys link on the left:

This time click on the Update/Attach link on the left:
http://localhost:1947/http://localhost:1947/http://localhost:1947/


16/18

Page 16of 18

Use the Browse button to locate your updated file:

Select the V2C file to use then select the Open button:


17/18

Page 17of 18

Select the Apply File button:

You should receive a confirmation message indicating the file was applied successfully:


18/18

Page 18of 18

If you receive an error, capture a copy of the error message and send it to the requestor.

To see the updated file, simply click on the link for the key ID:

Now you will see the updated contents and the feature names:

Accu Mark v 10 Network Security

Documents

Transcript of Accu Mark v 10 Network Security