Secure Offline Licensing Case Study: Liaison
Liaison Technologies is a global integration and data management company headquartered in Atlanta, GA. The company’s solution portfolio includes business-to-business and enterprise application integration project outsourcing, cloud-based master data management (MDM), data harmonization, data security, a service oriented architecture-based B2B integration network, and premiere managed services.
Liaison’s Protect products are used by banks, hospitality companies and others to secure credit-card, financial and personal data. Agilis’s Orion Network Licensing Platform, hosted by Agilis as part of the Acropolis On-demand Managed Licensing Service, manages the licenses for all the products in the Protect family on a range of platforms including Linux, Unix and Windows.
Dameion Dorsner, Lead Software Architect for Liaison, noted: “We needed better protection for our licenses, and we needed to ensure only the licensed number of installations were able to run. However, since our solutions mostly run in internal security zones we had to support activation of licenses on systems that have no external network connections. Orion’s self-service activation of node-locked licenses in disconnected mode enables us to accomplish this objective with no operations overhead for Liaison”.
Orion’s disconnected-mode activation works as follows. Liaison first sets up the customer’s license in the Agilis-hosted Orion Server by logging into Liaison’s Acropolis service from any web browser and creating the license. The customer receives an email with their Username and Customer name, and enters these credentials when installing the software. The Orion client automatically reads the node-locking parameters from the host system, and provides the customer with an encrypted file containing this signature and credential information. The customer transfers this file on a thumb drive or similar to any locally available system with a web browser, and uploads the file at the self-service web page for the hosted Orion Server, which validates the file and generates and returns the encrypted Activation Record file, which the user returns to the licensed system via the thumb drive. The Activation Record is a secure encrypted file that enables that license to run on that specific machine within the license terms specified for the license in the Orion Server.
The node-locking parameters include the MAC address, the IP address and the CPU ID. As they are read automatically from the target system by the Orion client library, there is no opportunity for human error
Some customers have many licenses, perhaps running into the hundreds. For these customers Liaison uses Orion’s enterprise licensing capabilities, enabling a single set of credentials to control a pool of licenses. If the customer has purchased, say, 100 licenses, the customer’s end users enter the same Username when activating every installation. Orion ensures that not more than 100 installations are activated, and tracks the activation history and machine location for each license installation.
Michelle McElroy, Senior Product Specialist, observed: “Orion’s self-service license activation on disconnected systems has been great, especially as we have a number of customers in Europe. They used to complain when they could not obtain a license during US working hours, but now they can activate their licenses whenever they’re ready”.
Liaison also utilizes Orion’s secure user self-service license relocation facility for their customers. If an end user wishes to move their license to a new system they can do so without needing to contact Liaison Support, and without the risk of license oversubscription to Liaison. The user simply deactivates the license on the current system, then activates it on the new machine, in both cases locally performing a disconnected-mode file exchange at any web browser. In addition to providing a tamper-proof mechanism for returning licenses, Orion tracks all such license relocations so Liaison knows the history of all license installations.
Liaison uses Orion to provide perpetual licenses for production, as well as to manage the 30-day trial licenses offered to prospective customers, both uniformly using the same disconnected-mode secure activation mechanism. Trial licenses are automatically protected against users who try to extend their time limit by turning back or mis-setting their system’s clock.
Liaison chose to use Agilis’s Acropolis service for hosting the Orion Server, in order to further eliminate the setup and ongoing operations overhead associated with hosting the server internally. The Acropolis service includes all the necessary hardware, software, connectivity, 24×7 support and service management, all from a Tier 1 data center. “In the three years we have been an Agilis customer, I have never known Acropolis to be down” noted Michelle.
Liaison has had a positive experience with Orion. “We plan on protecting an additional product with Orion”, said Jonathan Razza, Director, Data Management Solutions, “and we are considering using Orion’s support for activating licenses via an HTTP Proxy Server or the Orion License Proxy Server to provide fully automated activation and relocation of licenses for our customers having firewall-protected installations, even if the target systems don’t have direct Internet access”.