Enterprise Financial Software Licensing Case Study: Numerix
NumeriX, a New York-based company, is the award-winning, independent leader in pricing and risk analytics for fixed income, credit, foreign exchange, hybrids, cross currency, inflation rate and equity derivatives. Trading and risk platform vendors leverage NumeriX analytics to gain a time-to-market advantage by embedding the power of NumeriX into their systems for sales, traders, quants and risk managers of derivatives and structured products at major financial institutions worldwide, including ING, Bloomberg and Nomura Japan.
NumeriX had been using in-house-developed licensing tools to manage and protect their applications since 1996. In 2006, NumeriX decided to outsource licensing to a third party vendor who could provide a more robust scalable solution that offered not only node-locked licenses but also concurrent or floating-license options. Due to the nature of the industry NumeriX supplied with product, they were looking for a third party vendor who could offer an extremely flexible approach to license delivery. Security was also a paramount consideration for their customer base.
They had two legacy systems that required integration. One of the in-house solutions had become problematic as the developers who had built the system were no longer available to support it. This contributed to the decision to outsource and the escalation of the search for a suitable replacement. NumeriX decided to consolidate on one commercial licensing solution, and, after extensive evaluation of the leading license management solutions, chose Agilis’s Orion Network Licensing Platform.
NumeriX’s requirements are demanding. Their solutions run on a wide range of operating system platforms including 32-bit and 64-bit Windows, Linux, Solaris SPARC, Solaris i86 and AIX, and are developed in Java, C++, and C#. NumeriX offers a wide range of licensing models. As Christopher Etienne, Licensing Administrator for NumeriX, explains: “We offer trial licenses and renewable subscription licenses with a 30-day grace period. Our product has 8 different modules, and each of these modules has anywhere from 4 to 15 features, so there are about 50 different options we need to manage for each license. Finally, we also control whether a license will allow grid processing, and if so the number of processors supported”. In addition to the above, NumeriX offers its end customers the option of purchasing floating licenses.
NumeriX’s end-customer environments also presented deployment challenges. Major financial institutions have strict privacy and security requirements. In many instances, absolutely no Internet access is permitted from the customers’ internal networks, while in other cases, external network communication is restricted through often-proprietary HTTP proxy-server-based firewalls and DMZ’s. This poses a challenge for managing product activation. An Internet-based licensing system has to provide an easy way for users worldwide to obtain licenses even when they have no Internet access from their systems. At the same time, NumeriX does want to provide as much automation of the product activation process as is possible in a given customer environment. Support for product activation through HTTP proxy servers and DMZ’s is therefore required. Where end customers purchase floating licenses, they require the license server to be running within their private network with no external access. Protection from piracy is also a concern for NumeriX, given the high-value nature of their solutions; strong node-locking support is therefore required for all the supported platforms.
To support all their required platforms for C/C++ applications, NumeriX took advantage of Agilis’s Porting Program, which allows ISVs to port the Orion C/C++ client library to any platform that is not currently supported by Agilis. With Agilis’s technical assistance, NumeriX readily ported the Orion C/C++ client library to a number of non-standard platforms and IDE’s, such as IBM’s AIX and VisualAge.
In order to provide node locking capabilities that were both flexible and strong, NumeriX utilized the Orion client library’s Fuzzy Fingerprinting capabilities in lenient mode. Their application is locked to a number of parameters of the target system, but can tolerate some minor changes or upgrades to the system without requiring re-activation of the license.
NumeriX first rolled out an Internet-based product activation solution in early 2007. An Orion License Server is hosted at NumeriX’s data center in New York, and manages licenses for some 300 customers in 25 countries around the globe. Licenses are distributed world wide via automatic and proxy routing.. Licenses are automatically node-locked at the time of activation, and continue working within their specific license limits with no further communication required with the license server for the duration of their subscription. When the subscription is renewed, a simple re-activation is all that is required to enable the license for another year. NumeriX plans a high-availability configuration with an Orion Proxy Server front end that will provide automated failover between primary and backup Orion license servers that access the same Orion license database hosted on a Network Attached Storage system.
It is estimated that 85% of NumeriX end-customers having Orion-protected NumeriX product installations are able to automatically activate their licenses thanks to Orion’s range of options for routing license requests between the target system and the hosted Orion server. The connection can be direct, or use the Orion client’s support for an HTTP proxy-server-based firewall at the end customer site, or NumeriX can install the Orion Proxy Server in a ‘DMZ’ system at the customer’s premises, allowing automated self-service license activation and relocation from the end customer’s isolated network.
The remaining 15% of these customers are able to use Orion’s built-in ‘sneakernet’ self-service license-activation process. At activation time, the Orion client generates an encrypted system fingerprint file, which the user uploads to the hosted Orion server’s self-service web page from any Internet terminal using a web browser. The Orion license server returns the encrypted license activation record file to the end user, who installs it in the target application in order to complete the activation process. A similar process is used by end users to securely deactivate their licenses for the purpose of autonomously returning or relocating licenses. Users can therefore activate their licenses from anywhere in the world 24 hours a day, 7 days a week, without involving NumeriX operations personnel.
Over and above the challenges described above, some of NumeriX’s strategic customers’ environments imposed unique deployment requirements. For example, one of NumeriX’s strategic partners markets financial applications and online services that are accessed through proprietary maintained terminals installed at their end customer sites, and embeds NumeriX components, which are license-protected with Orion product activation technology. This partner embeds a custom HTTP proxy server in its application, and configures it to restrict access over the Internet to their server machines – that is, the terminals cannot communicate directly over the Internet, and they cannot communicate with any web site other than the partner’s own. This partner also did not want any third party server applications embedded in its application, nor did they want a license server running at their premises. At the same time, they wanted all licensing activities to be transparent and automatic via online product activation with a NumeriX-hosted license server.
NumeriX worked closely with Agilis professional services to arrive at a solution that addressed these seemingly conflicting requirements. The license server hosting problem was solved by installing a lightweight Orion Proxy Server at the partner’s premise for the purpose of mediating all licensing communication between the partner’s terminals and NumeriX’s hosted Orion license server. The NumeriX application components that were embedded in the partner’s application were configured with a license server URL specification that directed licensing requests through the partner’s proprietary embedded HTTP proxy server to the partner-resident Orion Proxy Server and thence to the NumeriX-hosted Orion license server. This enabled the end customers to autonomously activate and renew their subscriptions, and relocate their licenses across machines, all without involving the partner or NumeriX operations personnel. The detailed path taken by an Orion licensing request is therefore:
Partner Terminal at end customer site partner-proprietary HTTP proxy server Internet Orion Proxy Server at partner’s site Internet Orion Server at NumeriX.
Approximately 85% of NumeriX’s customer installations are now enabled for Orion-based hosted product activation. The remaining customers do not allow any external communication at all from their internal systems; for these customers, NumeriX has released a floating licensing solution based on a re-distributed Orion Server installed at the customer’s network. The solution did not require additional application development effort, since a single application integration with Orion’s client libraries automatically supports all permutations of hosted / redistributed licensing, and product activation / floating licensing. At the same time, NumeriX was able to build a customized license server administration user interface for end customers of the redistributed Orion server based solution. The user interface was built on top of Orion’s administration APIs.
As Saeed Siddiqui, Vice President of QA for NumeriX, observed: “If we see deployment issues with a NumeriX-hosted server, we now have the option of offering floating licensing from a redistributed server. We can also offer node-locked licensing from this redistributed server in future. Furthermore, since Orion supports Internet-based product activation and floating licensing with the same client library and a single application integration, we didn’t have to ask Engineering to make changes to our application when we added licensing from a redistributed server”.
Now that the redistributed license server solution has successfully passed beta testing, NumeriX expects to soon meet 100% of their licensing needs with a single Orion-based solution. Saeed Siddiqui noted: “Moving our remaining clients from our old licensing system is critical to our operation. With Orion’s ability to smoothly add floating licensing to node-locked licensing we expect to meet this goal very soon”.
Learn more about product activation
Learn more about floating licensing
Contact us for further information