545,740 active members*
2,078 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

Enforcing Licensing in Virtual Environments

February 2021
26
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
Enforcing Licensing in Virtual Environments

Virtualization is now in widespread use amongst the IT community and ISVs need to consider the ramifications of virtual machines on software licensing. Simply defined, a virtual machine is hardware, simulated on a host computer. This virtual hardware runs a complete (guest or child) operating system, while severely restricting its ability to interact with the real environment around it. All guest systems and the host share the same physical hardware, but without immediate access allowed to the guest systems. They see a simulated – virtual – machine, which can be saved and recovered with considerable ease.

Applications of virtualization in enterprise networks in the early 2000’s typically involved resource sharing, essentially splitting a single server into separate servers, each one utilizing a fraction of the CPU, storage, and other resources. With the addition of hypervisor control software, modern-day virtualization goes well beyond resource sharing and can involve data, desktops, servers, operating systems, and network functions. Today, there are several types of virtual environments that are being employed:

  • Virtual Machines on a local computer: This scenario is typically used for QA and testing purposes, as evaluation can be performed on a consistent, well-defined operating system.
  • Virtual Machines on a server: This approach is geared towards ensuring high availability, as it is very easy to move an entire environment from one system to another. The environment is independent of the hardware layer, ensuring high availability despite any hardware issues.
  • Virtual Machines in the cloud (AWS and Azure): With the growing popularity of Amazon Web Services (AWS) and Microsoft Azure, virtualization in a cloud environment adds even more benefits. Beyond the savings in hardware, operating costs and efficiencies, cloud virtualization is cost effective, as users only pay for what they use, and it is very easy to scale performance and the number of virtual machines on-demand.
  • OS-level virtualization: Environments like Docker Containers are very popular to simplify the deployment of applications. A ready-to-use image is deployed, including all needed dependencies for the application. Such environments limit the access to local available resources. Contrary to a complete virtual machine, in OS-level virtualization parts of the OS kernel are shared between Host and all Containers.

While IT readily leverages the benefits of virtualization, it’s a different story for ISVs as the technology adds another layer of challenges for not only software licensing, but software protection as well. New threats appear and some existing threats are increased. Let’s look at new and increased threats and risks presented in a virtual environment:

  • Copying and duplicating a license on another machine: If the licensing relies on hardware properties, which don't change during a copy or clone process, a license could be duplicated multiple times.
  • Resetting licenses: If the licensing does detect a time warp of the virtual machine, licenses can be reset to an earlier state. This is a high risk, especially if time-based or usage-based licenses are used. But also, if re-hosting of licenses is allowed, this could be used to duplicate a license. In this scenario, (1) a license gets activated on a first machine, (2) a snapshot is taken of this first machine, (3) the license gets deactivated, (4) the license gets activated on another machine, and (5) the first machine is reset to the snapshot with the activated license. Now the license is available at both machines.
  • Increasing floating network licensesIf the licensing does not distinguish between different virtual machines at the same computer, two instances of a running application could be counted as one, resulting in an illegal over-usage of the licenses.
  • Avoiding license locking: A strong feature of copy protection systems is the locking of the license if a crack attempt is detected. Like the threat of resetting licenses, an undetected time warp created by resetting the virtual machine to an earlier snapshot, would reduce the security of the license locking mechanism.

Fortunately, there are countermeasures that ISVs can employ to control licensing and protect software in virtual environments just like in conventional hardware. With Wibu-Systems’ CodeMeter protection and licensing platform, ISVs have the tools and methods needed to safeguard IP, no matter which virtual environment configuration is in use. Software-based CmActLicenses use mechanisms that take into account virtualization. Time warps are detected and licenses are invalidated in this case. Special fingerprinting for Microsoft Azure and AWS allow reliable and secure binding to one instance of a virtual machine. Alternatively, CmCloudContainers can be used to control licenses at the CodeMeter Cloud Server of Wibu-Systems. You can learn more about CodeMeter in Virtual Environments in a white paper, or hear from our experts directly in a prerecorded webinar, Real Licenses in Virtual Environments.

0 comments

Blog Archiv

July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016