In the process of researching new developments and functionality, I started looking at the ‘borrowing’ of licenses; I found some interesting things.
License borrowing is a term that refers to the renting of licenses from a license server onto e.g. a notebook which gets disconnected from the network. In short, borrow works by creating a temporary license, set to be valid for a specified period of time, on the laptop computer; that license is made unavailable for the same period of time on the license server.
This is quite useful for many companies who wish to make licenses available on notebooks that are disconnected from the network for a certain period of time.
All good so far… But the approach raises some questions which are worth discussing.
Over the last few days I did some research into other vendors’ solutions to this problem, and I found something surprising. Lets say you have a notebook computer with you and you want to borrow a license for e.g. 1 week; you borrow the license and then leave the office and head out on your trip.
In theory, the license you’ve borrowed should be unavailable on the license server for the duration of your trip. However, with just a tiny bit of research I found I was able to easily reset the license server license status – within less then 10 minutes. OK, I have some experience in this area which might make this easier for me than it could be for other people. But I’d guess that any knowledgeable “computer person” could have done the same in under an hour. The secret was that the license server stored the information about license leases on its harddisk.
The question this immediately prompts, of course, is: what happens if you “misplace” the file on the server, or if you “accidentally” delete it? Voila! As far as the server’s concerned, the license is now freed up; the client, on the other hand, still has its license. All of which makes it easy to perform overuse of licenses. Doesn’t it seem a little silly that this kind of licensing hinges upon the use of a file that can so easily be deleted?
Truth is that there are better ways of implementing borrowing of licenses. As is often the case, one aim of my research was to find out how -not- to do things. Using an external memory-device is one alternative approach we are investigating for when we introduce “borrows” into the next version of LM-X – and there are others, too. It’s not necessarily a simple thing to implement securely – any kind of “borrow” functionality will necessarily involve some tradeoff in terms of the strength of the licensing implementation – but we’ll be doing what we can to make it as secure as we can – and to be sure that the licensing can’t be bypassed by simply deleting a file from the server’s harddisk!
