Kubernetes
Protection and Licensing In distributed environments , the ability to protect one ’ s intellectual property and enforce license restrictions is even more critical than elsewhere . We can rely on the tried-and-trusted AxProtectors of CodeMeter Protection Suite to run protected applications safely in Kubernetes environments .
The challenge is : How to provide the necessary CodeMeter licenses in a Kubernetes environment ? In Kubernetes , there are lots of containers , each providing a specific function or micro service . To use CodeMeter , one needs a work-
License Server
CodeMeter License Server
ing CodeMeter license server . That license server is usually run in its own container , while the other protected and licensed services or applications are placed in other containers .
For the application containers to be able to access the CodeMeter license server in a different container , the variable CODEMETER _ HOST needs to be set properly and a dedicated network set up . KEYnote 42 has more information about how this is done .
CodeMeter License Server When designing your own Kubernetes cluster , it is essential to pay attention to the right licensing process . In larger projects , there will likely be a need to run several CodeMeter license servers at the same time , possibly one per pod . Which design fits depends on your needs in terms of redundancy , performance , and the available resources .
Alongside the CodeMeter license server , the licenses themselves also need to be available . These are kept in CmContainers , either in hardware form in a CmDongle , in activation-based CmActLicenses , or in a CmCloudContainer accessed over the Internet . All of these CmContainer types are cryptographically identical for the Universal Firm Code , which means that the licenses in question can be provided in the right CmContainer for each case in hand . The right choice of CmContainer for Kubernetes depends on how and where Kubernetes is used .
Kubernetes in the Cloud Leading cloud providers AWS , Microsoft Azure , and Google Cloud offer a range of comfortable ways to manage services via Kubernetes , including the means to prepare the system as
Container
CodeMeter License Server + Credential File
CodeMeter Network
Container
Pod
CodeMeter License Server + Credential File
CodeMeter Network
Pod
Node
Node
easily in the cloud as one would on a local system . For containers running in the cloud , which would mean constant Internet access , CmCloudContainers are the perfect choice . Wibu-Systems operates CmCloudContainers in a private cloud with exceptional availability guarantees . All cryptographic operations and the necessary keys remain safe in that private cloud , and licenses can be activated easily through the CodeMeter License Portal . The individual CodeMeter license servers only need the access details to the CmCloudContainers , which can be provided in image form . The service is billed by the number of simultaneous license accesses , captured in the form of “ seats ”.
Kubernetes On-Site For an in-house installation of Kubernetes , CmCloudContainers can also be used to gain all of the advantages mentioned above . This does , however , depend on constant Internet access . If that is a risk you are not willing to take or if you want to be independent of the global infrastructure , there are two options at your disposal : CmDongles or CmActLicenses .
Many software developers want to provide their software and licenses in a Kubernetesready form without having to account for external dependencies . Why they do so is evident :
Container
Application + CodeMeter Library
...
Container
Application + CodeMeter Library
Container
Application + CodeMeter Library
...
Container
Application + CodeMeter Library
Master
They want full control over everything in the container environment and use Kubernetes without any other requirements complicating their chosen method .
A CmActLicense requires a unique and copyproof anchor to be encrypted and properly bound to avoid simple duplication . Container environments , by their very nature , are designed to make everything as abstract as possible and to switch to and from between systems . The end result is that the necessary anchors are hard to find . For Docker installations , Wibu- Systems has already delivered an innovative solution ( reviewed in KEYnote issue 42 ). That Docker-specific mechanism does not , however , work with Kubernetes . Older binding options , like binding licenses to hard drive serial numbers or the like , are also too easy to simulate . Kubernetes and , in particular , its fundamental containerization technology are also opensource , which means that it is easy to analyze , imitate , and circumvent any mechanisms of this type . In essence , CmActLicenses cannot be used with any meaningful security in Kubernetes and are therefore not offered in this specific scenario .
The remaining option is to handle licensing outside of Kubernetes . As explained , one or more
25