Search
Close this search box.
Try RLM for Free
Search
Close this search box.

Reprise Blog

Reprise Software Blog – Your Hub for Licensing Solutions Insights
Stay informed about our products including Reprise License Manager (RLM), RLM Cloud, and Activation Pro. 

 

Learn from our customer success stories, understand the intricacies of different licensing models, and keep up with our ongoing service upgrades.

The Best Hostid for ISVs

  • By Reprise Staff
  • January 21, 2019

, ,

Best Hostid for ISVs

, ,

Finding the Optimum Balance between Security and Convenience

Ensuring License Compliance

Independent software vendors (ISVs) want their customers to only have access to the licenses they buy. One of the ways that ISVs ensure that customers do not exceed their allotment of licenses is to place checks within their applications to limit how many licenses are used and where they can be used. Most ISVs use a license manager to perform these checks for both stand-alone and floating licenses. But ISVs are also careful to select a license model that minimizes inconvenience for themselves and their paying customers.

 

What is a Hostid and Why Do I Need One?

A software license manager uses the term hostid to refer to a unique identifier for a specific computer. The hostid is used by licensing software to lock a license (or pool of licenses, in the multi-user case) to a machine so that they can be used on only that computer. The hostid is a parameter used to generate the license key’s security signature, thereby rendering the license unusable if it is moved or its hostid is modified.

 

The Security v. Convenience Continuum

three computer screens with code with futuristic city backgroundThe decision on which hostid to use is usually based on trade-offs made along the security vs. convenience continuum. While this may not be immediately obvious, there are always trade-offs between making something (software, a car, a building) more secure vs. less convenient to access. Should it be accessed through a turnstile or a vault? ISVs should choose security-convenience policies that are in line with their beliefs and business models. Luckily, computers have many different elements that can be used as a hostid, so there is probably a hostid to match virtually any ISV’s policy goals. However, no single hostid type will satisfy every ISV, so let’s consider your hostid choices and examine the potential pros and cons of each one.

 

Three Important Issues to Consider:

  1. Convenience
  2. Security
  3. Cost 

 

Convenience…

As much as possible, you want the hostid to be native to the machine. In other words, you want it to be ubiquitous and its contents to be easily obtained via a standard system command. In this way, you avoid the delays, expense, and potential confusion of having to send special software or extra hardware to the customer prior to the sale of your products – everything is already there. Your customer can get your software up and running as quickly as possible.

 

… v. Security

For maximum security, you want the hostid to be difficult to modify, or at least non-trivial to modify. Most ISVs who use software license managers want to use the most secure hostid possible, but with an eye toward convenience (i.e. customer satisfaction) and cost control, at the same time.

 

Once Upon a Time…

From a software licensing point of view, an ideal hostid choice would be a standard unique serial number burned into every CPU. Intel tried this in the late 1990s, but the idea failed, not on technical grounds, but primarily on the basis of concerns over privacy. The fear was that software could be used to track users’ behavior and identity to a specific computer as they surfed the web.

 

Hostid Choices

NIC Addresses

closeup of fiber opticsThe most common hostid choice is the Network Interface Card (NIC) Ethernet media access control layer (MAC) address. It is built into every modern workstation and server and can be easily queried through software. Although on some systems the NIC address can be re-programmed, creating the potential for the same license to work on multiple machines, connecting these machines on the same local area network will cause networking problems. So, although there are some security issues with NICs, they remain a good hostid choice.

 

IP Addresses

IP addresses, or IP address ranges, are of little use as hostids from the software vendor’s perspective. Most users do not have fixed IP addresses, so they tend to be too transitory to rely on as hostids. However, IP address ranges are convenient for end users to use to allocate pools of licenses to specific sub-nets.

 

Disk Volume Serial Numbers

Like the NIC above, disk volume serial numbers are commonly used as hostids (Windows only). They are convenient, but do suffer from being easily modifiable, making them less than ideal from a security point of view. 

 

Names as Hostids

What if you weren’t so concerned about security? What if you wanted your licenses to be valid no matter where your user installed the software? This is a pretty common vendor policy. In this case, it might make sense to use the customer’s username as the hostid. It’s also possible to use the hostname of the system as the hostid, giving the customer the flexibility to move the software to new hardware without getting a new license – as long as he resets the new machine’s hostname to match.

 

Hostid Lists

There are cases where you want to allow a license to run on any machine in a list. For instance, if a workstation has multiple NIC addresses, you could license to them all, and as long as one of them was found in the list, the license would be valid.

 

The Irrepressible Dongle

Dongles, small serialized USB devices, remain a good hostid choice for high-value software where security is paramount. Dongles allow your users to move the software from machine to machine by simply moving the dongle. The downside to dongles, however is that they add cost, must be shipped, can fail in the field, and they can be lost or stolen.

 

Hardware Serial Numbers

If you sell software on a specialized hardware device that has its own unique serial number, then the obvious choice is to use that number as your hostid. For you, this situation is probably ideal because the serial number is always there, and it is secure. Be sure to verify that the licensing technology you use can support a unique or non-standard hostid mechanism. Some licensing vendors provide ISV-specific callback routines to support just this situation.

 

Image showing bar code on softwareSerial Numbers

If your goal is to simply tag your licenses, then you can serialize them so that you can identify the customer to whom they were originally sold. This is useful as a marker to track the original customer without tying the license to a physical host.

 

Custom Composite Hostids

By combining multiple machine identifiers, you can build a composite hostid where ALL of the identifiers need to match in order for the licenses to remain valid. This is a very strict approach leading potentially to numerous re-licensing operations whenever a relevant machine element is changed.

Other Posts

Licensing Solutions: 5 Tech Trends That Will Shape Software Licensing in 2024

From the integration of generative AI to the rise of SaaS and cloud-based licensing solutions, continue reading to explore the five key tech trends that are shaping the future of software licensing in 2024.   The rapid pace of technological advancements is challenging traditional software

Learn more

Guide on How To Create Software Licenses With Reprise License Manager

Managing and distributing software licenses can be challenging. But with the right tools and guidance, it can become a streamlined part of your distribution process. This comprehensive guide will walk you through how to create software licenses with Reprise and direct you towards the rich

Learn more

New RLM Release (v16.0)

The latest major release of RLM is finally here! Version 16.0 brings an all new web interface with many enhancements over the previous interface, and fixes multiple vulnerabilities related to the web interface.     New Features Include: All-new Redesigned UI/UX Most server functions now

Learn more
Put Your License Servers in the Cloud with RLMCloud

Put Your License Servers in the Cloud with RLM Cloud

What if your customer doesn’t want his server in the cloud? No problem, because you can use any combination of RLMCloud-based servers and on-premise servers that you wish.
Learn more
Peregrine Labs Moves to RLM to Build Better Products

Peregrine Labs Moves to RLM to Build Better Products

Peregrine developed a small toolset for tracking usage internally, but they needed help from a third-party solution so they could concentrate on building better products instead of trying to maintain licensing.
Learn more
Lixoft Logo in front of an abstract medical background

Drug Development Company, Lixoft, Uses RLM

A drug development company, Lixoft, uses RLM Cloud for annual license renewals.
Learn more

Dealing with Activation Read Timeouts (error -105)

On rare occasions, an activation request will get a read timeout status return (-105). There are several causes to the RLM_EH_NET_RERR (-105) error.   If you can activate from some systems, then the first cause (server down) is unlikely.   More likely is that there

Learn more

How to Set Environment Variables

Environment variables are flags that you set outside an application that the application reacts to. Applications and libraries like RLM read environment variables that they define. Some RLM environment variables are RLM_ACT_TIMEOUT (adjusts the timeout to the activation server to the value supplied), RLM_QUEUE (enables

Learn more
See All

RLM and RLM
Activation Pro

What’s the difference?

Reprise License Manager (RLM)

Software License Manager

RLM provides runtime checking that verifies that your application is licensed to run and that the current usage of your application is within the limits you have ser every time your application runs.

As a Software publisher, you integrate RLM into your product, and RLM keeps track at runtime of who is using the licenses of your software.

RLM can do this entirely within the client library (linked into your application), or, more commonly, your application makes a request of the RLM Lincese Server to check out a license.

The lincese server runs either on your customers network, or in the cloud if you are using our RLMCloud™ service.

RLM provides runtime checking that verifies that your application is licensed to run and that the current usage of your application is within the limits you have ser every time your application runs.

RLM Activation Pro

Software Activation Manager

Activation Pro is
used once when your customer purchases your software in order to retrieve the license which is specific to that customer.

Software Activation’s purpose in life is to get the licenses for your product to your customers with a minimum of fuss.

Activation Pro also has a server component wich we call the activation server.

Your application contacts the activation server and supplies a short text activation key, and in exchange, the activation server returns the license which enables your product.

Generally, this is done once, right after your customer purchases your software, not every time your software is invoked.