Hierarchical License Server

Untitled document

Large organization may work over wide geographical areas, possibly over several continents

Relying on a central license server will not do, as a WAN failure will prevent clients from working. Grace time may allow clients to continue working for a limited time when the license server can not be contacted, but new clients can't be added. Also, centralized management can easily become bureaucratic and cumbersome.

The QLASS license server allows licenses to be distributed. Typical scenario:

  • The company centrally buys 5000 licenses.
  • Thses are distributed: 2000 to the Europe license server, 1800 to North America license server, 700 to Asia license server and the last 500 kept in reserve at the top-level license server.
  • Regional license servers then distribute to local offices, e.g. 400 to the France license server, 350 to the GB license server and so on.
  • This may be repeated for even more local license servers.

There are two kinds of license servers:

Master servers contain pools of actual licenses, with license number and associated information.

Department servers. These contain no actual licenses, but are used for fine-grained management of licenses within e.g. a department. The administrator of a master server may setup one or more department servers, and distribute license rights to them. There may be e.g. 100 actual licenses, but three department servers may get 50 license rights each.

A user can check out a license from his department server if and only if:

  • He has been granted access to the requested type of license.
  • There is at least one license right available on the departmennt server.
  • There is at least one actual license available on the associated master server.

This may seem a little complicated, but is transparent to the user, and allows for fine-grained and distributed control of licenses.

The master server and all its department server will typically be running on a machine in the same building as the end users.

As implemented, department license servers is a concept rather than an additional piece of software. There is no system administration overhead for using them.

A license that has been checked out can be returned to the pool of available licenses in several ways:

  • The user can release it.
  • If it has not been used for a set period of time, it can be automatically revoked.
  • An administrator can revoke it manually.

Additional features:

  • Licenses can be returned from a master license server to its parent
  • Licenses that have been compromised can be blocked.
  • Licenses can have an indefinite grace period, so that laptops on the move don't get into trouble.
  • Advanced logging that propagates all the way up to the top-level master server.
  • All data for a master server and all its subordinate departmental server reside in a single file. No database server needed.
  • All communication is secure, using SSL.
  • Administrators access all administration features through a web interface in a standard web browser.
  • Client applications access the server through a C API.