Virtualization software is in widespread use. When licensing your applications, you must consider the impact of virtualization software on your ability to control your licensed applications with your customers.
Let’s first establish operational definitions before trying to understand the impact:
- A virtual machine host (also often referred to as the hypervisor) consists of the computer and operating system which runs the virtualization software. As an example, this could be the environment where software like VMWare Workstation is installed.
- A virtual machine guest is the virtual machine and operating system which is run by the virtual machine host.
- A thin client is a minimalist computer and operating system configuration, which loads its desktop environment and/or applications from a virtual machine guest that is hosted by a remote system.
- There are different types of virtualization software products that can host virtual machine guests. For example, VMWare Workstation is designed for desktop environments, while VMWare ESX and ESXi are “bare metal” systems designed to run on a server that is dedicated to running virtual machine guests. Oftentimes, virtual machine guests can be served up to thin clients on-the-fly, which is more commonly seen in large enterprise environments.
- Remote Desktop (formerly Terminal Services) is very different from virtualization, but can have a similar impact on your licensed applications. This is where users may remotely connect to and use another computer’s desktop environment and applications. These types of environments are sometimes used to serve desktop environments and applications to thin clients as well.
Virtualization Creates Licensing Challenges
Virtual machine technology makes life for IT administrators easier through several features that improve the availability of operating systems and applications. However, several of these features create challenges for independent software vendors who want to leverage software license enforcement:
- Portability of virtual machine guest files makes it easy to copy or move an entire virtualized operating system from one host to another. This creates a vulnerability for casual piracy of your software.
- Near-complete isolation of the virtual machine host’s hardware is needed to make portability of the virtual machine guest files possible. The main exception to this is the CPU/processor model.
- The ability to take snapshots of a machine’s state allows reverting back to a previous state quickly and easily. In some cases, snapshots can be used to repeatedly reinstall a trial to gain additional usage.
- Advanced CPU compatibility masking allow per-virtual machine customization of the CPU features visible to a virtual machine, making even CPU identification difficult.
How should I handle the challenges of virtualized environments?
Virtual environments are both a blessing and a curse since, as you can see above, they offer features specifically designed to mask enough of the host hardware to make it difficult to fingerprint a virtual machine and detect/prevent cloning, especially if you are cloning to and from identical hardware (with the identical processor model). Issuing a single license for one computer could potentially result in many virtualized computers using your software with that single license. Be cautious of any licensing vendor that tells you they can prevent this, especially when applications are running disconnected from a central licensing server.
There are, however, several approaches to take in order to minimize your risk:
- One course of action is to detect and prevent customers from running your software in a virtual machine environment.
- If a virtual environment is detected, utilize Network Floating Licensing features to track the number of concurrent users of an activated software license. This would at least require each of the virtual machines to communicate with a central licensing server to make sure the software is not being run at the same time.
- In addition to automating online software activation, require periodic license validation with a central license server to allow license transfer and revocation.
- For customers who require running your software in a virtual machine, you could license a special build of your software that is allowed to run in virtual machines, set a higher price point to offset the risk of the users cloning the virtual machines.
Although the nature of virtualization presents challenges to enforcing license compliance, it is important that you address the potential risks by selecting a licensing solution with the functionality you will need.
How does the SoftwareKey System assist with the above?
This article is not focused on being a sales pitch, but we wanted to confirm your guess that the SoftwareKey System can help you with the above tasks:
- Protection PLUS offers APIs to detect most virtual machine guest environments and remote desktop environments, so you can prevent execution of your software or create a separate build that allows it.
- Protection PLUS has the ability to identify the Ethernet MAC address of the network card and processor model of the underlying hardware to help prevent virtual machine cloning to dissimilar processor architectures. You should be aware that when multiple systems are connected to the same network using the same MAC address, only one of those systems will be able to obtain network connectivity.
- Protection PLUS offers Network Floating Licensing features, including Cloud-Controlled Network Floating Licensing to help enforce a maximum number of concurrent users under the same license.
- The combination of Protection PLUS and SOLO Server offers not only robust Electronic License Activation features but also sophisticated Electronic License Management features to maintain control of software licenses after they are activated.
Contact us if you need to discuss a specific challenge and/or reference our manual topics.
* Image by Kartik26 – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=35667084