KEYnote 42 English - Fall 2021 | Page 8

fingerprint , so that the licenses would still work even if there are minor changes to the user ’ s system , but stop working if the system is altered substantially ( or the user tries to run the license on a completely different system ).
The challenge with Docker systems is that licenses should not be illicitly duplicated when a second copy of the CodeMeter license server ’ s container is created . The solution here lies in the use of a Named Volume . This Named Volume is placed in the container with the CodeMeter license server , and the CmActLicense then bound to that container and placed in the Named Volume . A special locking mechanism is added to stop the activated CmActLicense from being used multiple times , although it stays active when switching its container , e . g . when the container with the CodeMeter license server is switched to an image with a newer version of CodeMeter . Updating CodeMeter is made easy , as the user only needs to stop the old container and run one with the newer version . For the binding to work reliably and for CodeMeter to be able to check it , the container with the CodeMeter license server needs access to the Docker socket .
The malleability of a container environment means that CmActLicenses are not as easy to protect in a Docker container as they are on a physical system . This is why CmActLicenses still have to be activated explicitly for container environments ( e . g . CmBoxPgm-Option -lopt : vm , container ), and it makes sense to reconsider whether a license in a container is really needed .
Licenses in the cloud Licenses in the cloud can be accessed without much difficulty from the ( required local ) container with CodeMeter license server . The licenses in a CmCloudContainer seem to exist directly in the Docker container , but they offer the best precautions against fraud and abuse . The number of active licenses seems to be tracked in the Docker container , but the CmCloud also counts and manages these licenses . It is impossible to use multiple copies of CmCloud licenses . If the Docker container has constant Internet access , putting licenses in a CmCloudContainer is a great choice .
Docker containers or CmCloudContainers . This approach only needs a computer that is permanently connected to the network and that has either one or more CmDongles connected or CmActLicenses activated . These licenses could then be used by the other devices in the network , including the
Docker container with CodeMeter license server . That license server would be set as a client and told the name or address of the physical CodeMeter license server ( taking over the master server role ). Any license queries from applications
are sent first to the CodeMeter license server in the Docker container and then forwarded to the network license server . Even if the applications are separated from their license server in this sense , they will still run as expected .
CodeMeter License Server
License Server
CodeMeter CloudServer
Other considerations The Docker image containing the CodeMeter components needs to use a glibc-based Linux system . The examples use a lean image based on Debian . The next versions of CodeMeter will drop this requirement for containers with CodeMeter-protected applications . Wibu-Systems is currently working on the CodeMeter library and expansions to CodeMeter Protection Suite , so that protected applications can also run on Alpine , the Linux flavor popular for Docker environments .
Container : CodeMeter License Server
Host
Container : CodeMeter License Server + Credential File
Host
CodeMeter Network
CodeMeter Network
Container : Application + CodeMeter Library
...
Container : Application + CodeMeter Library
Container : CodeMeter WebAdmin
Container : Application + CodeMeter Library
...
Container : Application + CodeMeter Library
Container : CodeMeter WebAdmin
Licenses in networks The CodeMeter license server in a Docker container treats all license queries as if they were local . This means that licenses could also be used in a network as an alternative option to using CmActLicenses in separate
8