[Classification]

NT12-5784, 1.0, 4/16/2012 1

Guide line - TEMS Discovery HASP Licensing

[Classification]

2 NT12-5784, 1.0, 4/16/2012

Contents

1 Installing and Using HASP 3

1.1 Software Protection ..............................................................................................3

1.2 Hardware-based Licensing: HASP HL .................................................................3

1.3 Software-based Licensing: HASP SL ...................................................................3

1.3.1 HASP SL Local License Installation ......................................................3

1.3.2 Using HASP SL Network Licenses .......................................................3

1.4 Updating HASP Keys (HL/SL) ............................................................................11

1.4.1 Updating HASP SL Keys .....................................................................13

1.5 Sentinel HASP Runtime Network Activity ...........................................................13

1.5.1 Local Communications ........................................................................14

1.5.2 Remote Communications ....................................................................15

[Classification]

NT12-5784, 1.0, 4/16/2012 3

1 Installing and Using HASP Software Protection

This chapter covers in detail how HASP software protection is applied to TEMS Discovery and how to handle it in practice.

Either hardware-based licensing (HASP HL, section 1.1) or software-based licensing (HASP SL, section 1.2) can be used.

Regarding general aspects of licensing for TEMS Discovery, see

chapter 4.

1.1 Hardware-based Licensing: HASP HL

The HASP SRM driver is installed automatically on the PC along with TEMS Discovery. Only local (as opposed to network) licenses exist, and no further configuration is required.

1.2 Software-based Licensing: HASP SL

For HASP SL, too, there is a choice between local licenses (section 1.2.1) and network licenses (section 1.2.2).

1.2.1 HASP SL Local License Installation

Here is how to install a local HASP SL license on a client machine.

• Install TEMS Discovery. In the process, the HASP SRM driver is installed automatically on the PC.

• Run the file hasprus.exe which is also found on the TEMS Discovery installation CD. From this session you obtain a file with extension .c2v. See also the document “TEMS HASP SRM Key Information” which is found on the installation CD in the subdirectory Documents.

• Send the .c2v file to TEMS support. You will receive a .v2c file in return.

• Run hasprus.exe again to apply the .v2c file to your PC.

1.2.2 Using HASP SL Network Licenses

1.2.2.1 TCP Port Usage

By default, TCP port 1947 is used between server and client. Due to firewall restrictions or other issues, you might need to change this port. If necessary, do as follows:

• Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ hasplms\Parameters, create a registry entry Port on both server and client.

– Type: REG_DWORD or REG_SZ. REG_SZ is the preferred type since the default display of REG_DWORD is hexadecimal, which may be misleading.

– Value: Set the value to the desired port number.

• Restart the LLM Server (Sentinel HASP License Manager) or reboot the machine.

[Classification]

4 NT12-5784, 1.0,4/16/2012

The port assignment can be verified with the command netstat -a.

If applicable, substitute your own TCP port number for “1947” when following the instructions below.

1.2.2.2 HASP SL License Server Installation

If you are going to use HASP SL network licenses, you must first configure the machine that is going to act as license server:

• Install the HASP SRM driver supplied on the TEMS Discovery installation CD.

• Run the file hasprus.exe which is also found on the TEMS Discovery installation CD. From this session you obtain a file with extension .c2v. See the document “TEMS HASP SRM Key Information” which is found on the installation CD in the subdirectory Documents.

• Send the .c2v file to TEMS support. You will receive a .v2c file in return.

• Run hasprus.exe again to apply the .v2c file to the license server machine.

• Now configure the server using the Admin Control Center web page at Help Hasp Admin Control Center.

– Go to Configuration Detachable Licenses tab and check the option Enable Detaching of Licenses.

– By adjusting the parameter Max. Detach Duration, you can control the maximum duration for which a license may be detached. After this time, the license will be automatically disabled on the client machine and restored to the license server. It is advisable to keep the maximum detach duration fairly short, since if a client computer crashes the license will be unavailable until the expiry date. The minimum value is 1 day.

– Then switch to the Access from Remote Clients tab and enter whatever is suitable under Access Restrictions. By default, a license can be detached from any machine; if you want to restrict the set of machines and/or users that should have access to the HASP License Manager, proceed according to the help provided for this tab (“Help” link in lower right corner).

1.2.2.3 HASP SL Network License: Online Detach/Attach

Once the license server has been configured, it can send out licenses to client machines. Here are the steps to perform on the client PC in order to check out (“detach”) a license online from the license server, and to return (“attach”) a license to the server.

• Configure the client PC using the Admin Control Center web page, Help Hasp Admin Control Center.

– Go to Configuration Detachable Licenses tab and check the option Enable Detaching of Licenses.

– Then go to the Access to Remote License Managers tab. Under Specify Search Parameters, enter the IP address or name of the license server machine. Regarding the other settings, see the help provided for this tab (“Help” link in lower right corner).

• On the ACC web page, under Products, locate TEMS Discovery in the list. Click the Detach button for that product.

[Classification]

NT12-5784, 1.0, 4/16/2012 5

Note: For practical examples of how to work with HASP SL licenses when multiple TEMS products and product options are involved, please turn to section 1.2.2.5.

• “Online” is the default detach method when the client has a network connection to the license server. (No action needed.)

• Specify an expiration date for the detach operation. This setting controls how long the license can be detached at a time, and it is configurable within the limit imposed by the Max. Detach Duration setting on the license server; compare section 1.2.2.2.

• Click the Detach/Attach button.

You should now receive a message “License Detached Successfully”:

Furthermore, the Products page should now be updated with the information that a license has been detached for TEMS Discovery.

The license will expire after the period specified at detach time; after this time you will need to detach the license again. Alternatively, you can actively Chapter 1. Installing and Using HASP Software Protection return (attach) the license to the server before it expires. This is done as follows:

[Classification]

6 NT12-5784, 1.0,4/16/2012

• Navigate to the Products page and click the Cancel License button for the relevant product.

• On the next screen, confirm by again clicking the Cancel License button.

This message will appear:

The information on the Products page will also be updated once more to reflect the reattach of the TEMS Discovery license:

1.2.2.4 HASP SL Network License: Offline Detach/Attach

License detach and attach can alternatively be done offline, without the client and server ever communicating directly over a network connection.

• Configure the client PC using the Admin Control Center web page, Help Hasp Admin Control Center.

– Go to Configuration Detachable Licenses tab and check the option Enable Detaching of Licenses.

– Then go to the Access to Remote License Managers tab. Under Specify Search Parameters, enter the IP address or name of the license server machine. Regarding the other settings, see the help provided for this tab (“Help” link in lower right corner).

[Classification]

NT12-5784, 1.0, 4/16/2012 7

• If the client PC is not yet known to the HASP license server, you need to identify it to the server the first time around.1 On the Admin Control Center web page, go to Diagnostics, and click the button Create ID File. This generates a diagnostics file (with extension .id) identifying your machine.

• Send the diagnostics file to the HASP license server admin.

• Here is how the server admin proceeds in order to detach a license. The admin selects the Update/Attach option:

• The admin then clicks the Detach button next to the relevant product:

1. If (for example) you have detached a license online to this client PC at some point, the PC will already be known to the server, and the identification step is not needed. The license server admin can then send you an .h2r file directly.

• The admin selects your client PC as recipient machine and sets an expiration date for the license.

[Classification]

8 NT12-5784, 1.0,4/16/2012

• Finally the admin saves the detached license as a file with extension .h2r and sends it to you.

• Save the .h2r file on your client PC, then open the Admin Control Center web page, go to Update/Attach, and browse for the .h2r file. Then click the Apply File button. (This is the same dialog that the admin used to process your .id file.)

A confirmation message will appear, and the Product page will be updated with the information that a license has been detached for TEMS Discovery.

See below.

[Classification]

NT12-5784, 1.0, 4/16/2012 9

Note: For practical examples of how to work with HASP SL licenses when multiple TEMS products and product options are involved, please turn to section 1.2.2.5.

The license will expire after the period specified by the HASP license server admin at detach time. After this time you will need to detach the license again. Alternatively, you can actively return (attach) the license to the server before it expires. This is done as follows:

• Navigate to the Products page and click the Cancel License button for the relevant product.

• On the next screen, again click the Cancel License button:

• A file with extension .r2h is created; save this file.

[Classification]

10 NT12-5784, 1.0,4/16/2012

• Send the .r2h file to the HASP license server admin. The server admin will then apply the .r2h file to the server, thereby reattaching the license. (The same Apply File procedure is used as for offline detach, which was covered earlier in this section.)

The information of the Product page will again be updated to reflect the reattach of the TEMS Discovery license.

1.2.2.5 Handling HASP SL Network Licenses for TEMS

Products: Examples

For simplicity the instructions given so far in section 1.2.2 have assumed that it is immediately obvious what type of license to detach. If you have purchased multiple TEMS products, and/or multiple TEMS product packages with different options, things are slightly more complicated. This section clarifies how to proceed in typical configurations of this kind.

Consider the following set of TEMS Discovery packages (Products 1–3) with different combinations of products and license options:

[Classification]

NT12-5784, 1.0, 4/16/2012 11

Each of these packages will appear as a “product” in ACC, as indicated in the diagram. You always check out entire products in the ACC interface, not individual license options. These “products”, however, do not necessarily correspond in one-to-one fashion to TEMS PC applications, as can be seen in the diagrams just given.

• If you want to do LTE or CDMA drive testing or both, you check out Product 1.

• If you want to do both LTE and WiMAX testing, you need to check out both Product 1 and Product 2; but note that you will still only be running one TEMS Discovery application. (You cannot just check out Product 1 and then somehow add only the WiMAX option from Product 2.)

Another fact to keep in mind is that each TEMS product user always needs to check out his or her own license.

• Suppose that Product 1 has been purchased, and user A wants to use TEMS Discovery while user B wants to use TEMS Discovery. The two users then need one license each; it is not possible to check out just one license and share it between users A and B.

• Or suppose that Product 3 has been purchased, and user C wants to study LTE data whereas user D wishes to work with CDMA data. Each of these users must likewise have his or her own license.

1.2.2.6 Monitoring HASP SL License Usage

You can monitor how many licenses are currently checked out and who is using those licenses. This is particularly useful when the number of available licenses is running low.

• Go to Help Hasp Admin Control Center Products.

• The Products page in Admin Control Center lists all products that are available on all accessible HASP License Managers on the network.

– In the Detached column is indicated the number of licenses that are currently detached from the HASP SL key to which the product is locked. Click on a cell in the Detached column to view data about the recipient machines to which the detached licenses have been allocated.

– In the Available column is indicated the number of licenses that are currently available for detachment from the HASP SL key to which the product is locked.

1.3 Updating HASP Keys (HL/SL)

When updating a HASP key of any type (i.e. whether HL or SL), you proceed much in the same way as when first obtaining a HASP SL (software-based) key. HL and SL are described separately below for maximum clarity.

[Classification]

12 NT12-5784, 1.0,4/16/2012

For further information, see the document “TEMS HASP SRM Key Information” which is found on the installation CD in the subdirectory Documents.

1.3.1 Updating HASP HL Keys

1. Make sure you have installed TEMS Discovery.

1. Plug your HASP HL key into the PC.

2. Navigate to the Application folder beneath the TEMS Discovery installation directory and run the file hasprus.exe. This dialog box opens:

2. Now collect the key information by clicking the Collect information button.

3. If you also have a HASP SRM SL (i.e. software-based) key installed on the machine, a dialog will appear at this point prompting you to choose which key to update. Select the HASP HL key.

4. A file with extension .c2v is created. Choose a suitable file name and save the file.

5. E-mail the .c2v file to customer support. Contact information is found at www.ascom.com/networktesting under the link “TEMS Support”.

6. From customer support you will receive a file with extension .v2c. Once you have that file, navigate to the TEMS Discovery folder and run the file hasprus.exe. The Remote Update System dialog opens.

7. Select the Apply License Update tab.

8. Browse to locate the .v2c file, and click the Apply update button:

[Classification]

NT12-5784, 1.0, 4/16/2012 13

9. The result of the operation will be displayed in the main window of the dialog. When you have successfully applied the HASP license, exit the Remote Update System application.

1.3.2 Updating HASP SL Keys

1. Make sure you have installed TEMS Discovery.

2. Navigate to the Application folder beneath the TEMS Discovery installation directory and run the file hasprus.exe. The HASP SRM RUS dialog opens to the Collect Key Status Information tab (as in section 1.3.1, step 3).

3. Click the Collect information button. What this operation does in the HASP SL case is to take a digital fingerprint of your hard drive, uniquely identifying the drive.

4. If you also have a HASP SRM HL hardware key plugged into the PC at this point, a dialog will appear prompting you to choose which key to update. Select the HASP SL key.

5. Just as for HASP SRM HL, a file with extension .c2v is created. Save this file.

6. E-mail the .c2v file to customer support. Contact information is found at www.ascom.com/networktesting under the link “TEMS Support”.

7. From customer support you will receive a file with extension .v2c. Once you have that file, navigate to the TEMS Discovery folder and run the file hasprus.exe. The Remote Update System dialog opens.

8. Select the Apply License Update tab.

9. Browse to locate the .v2c file, and click the Apply update button:

10. The result of the operation will be displayed in the main window of the dialog. When you have successfully applied the HASP license, exit the Remote Update System application.

1.4 Sentinel HASP Runtime Network Activity

Note: This information is reproduced from SafeNet’s Sentinel HASP documentation.

This section describes the type of network activity that occurs in the communication between: • an application (protected using Sentinel HASP) and the local HASP License Manager (referred to as “local communications”).

[Classification]

14 NT12-5784, 1.0,4/16/2012

• the local HASP License Manager and one or more remote HASP License Managers (referred to as “remote communications”). Details regarding local communications and remote communications are provided on the pages that follow. This section is intended to assist IT managers who want to understand how runtime activity on the network may impact the way they set up their network rules and policies.

Sentinel HASP communicates via TCP and UDP on socket 1947. This socket is IANA-registered exclusively for this purpose.

1.4.1 Local Communications

This section describes communication between a protected application and the local HASP License Manager service.

A protected application communicates only with HASP License Manager on the computer where the application is running, regardless of whether the HASP HL or SL Key is located on the same computer or on a remote computer.

Note: Under Windows, HASP License Manager is a service that is launched automatically by hasplms.exe. Under Mac OS and Linux, the HASP License Manager is a process launched automatically by hasplmd.

HASP License Manager service opens socket 1947 for listening (both for UDP packets and TCP packets).

• IPv4 sockets are always opened (HASP License Manager currently does not work without IPv4 installed).

• IPv6 sockets are opened if IPv6 is available.

A protected application tries to connect to 127.0.0.1:1947 TCP to communicate with HASP License Manager. If an application uses multiple sessions, multiple concurrent TCP connections may exist. If a session is unused for a certain number of minutes (at least seven minutes, but the exact number depends on several factors), the session may be closed and automatically re-opened later in order to limit resources used by the application.

[Classification]

NT12-5784, 1.0, 4/16/2012 15

These local communications currently use IPv4 only.

The communication uses binary data blocks of varying size.

1.4.2 Remote Communications

This section describes communication between the local HASP License Manager service and a remote HASP License Manager service.

This type of communication occurs when the protected application is running on a different computer from the computer where the HASP HL or SL Key is installed.

The protected application communicates only with the local HASP License Manager on the computer where the application is running, as described in section 1.4.1. The local HASP License Manager discovers and communicates with the License Manager on the computer containing the

HASP Key using one of the following methods:

• The local HASP License Manager issues a UDP broadcast to local subnets on port 1947 using:

– IPv4 (always)

– IPv6 (if available) You can disable this broadcast by clearing the Broadcast Search for Remote Licenses checkbox in the Admin Control Center Configuration screen.

• The local License Manager issues a UDP “ping” packet to port 1947 for all addresses specified in the Admin Control Center field Specify Search Parameters. These addresses may be individual machine addresses or broadcast addresses.

All License Managers found by the discovery process are then connected via TCP port 1947, using IPv4 or IPv6 as detected during discovery, and data regarding the remote HASP Keys are transferred.

This discovery process is repeated at certain intervals. (The interval size depends on a number of factors, but it is generally not less than five minutes.)

UDP packets sent and received in the discovery process contain the License Manager GUID (40 bytes of payload data). When starting or stopping a License Manager, and when adding or removing a HASP Key, a UDP notification packet is sent, containing the License Manager GUID and a description of the changes encountered. This is done to allow other License Managers to update their data before the next scheduled discovery process.

TCP packets between two License Managers on different computers use HTTP with base-64 encoded data in the body section.