cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
TrinityTonic
Level 5

Secure Return of Licenses

Jump to solution

I am using the Flexera Embedded in my device in conjunction with the Flexera FNO Portal as the licensing back-office. I have a use case in mind and would like to know how this could be best achieved and if there's more than one way to do so.

My use-case is that I would like to securely return licenses that were previously acquired by my device so that they could reappear inside the portal and be used by other devices. Typical use-cases would be decomissioning a device or if a device is somehow defect. 

In the first step I would like the solution to be manually triggerable, later on I would like to automate it.

Any links to corresponding documentation on how this could be achieved would be much appreciated.

(1) Solution
jberthold
Revenera Moderator Revenera Moderator
Revenera Moderator

Hi @TrinityTonic ,

Your diagrams are accurate if the FlexNet Operations Configuration setting for  "Skip Confirmation" (found in System/Configure/Embedded Devices/License Generation) is disabled (not checked).  With Skip Confirmation disabled, the device must prove to FNO that the capability response with the license reduction was indeed processed.  So let's take a look at both scenarios (first let's assume that the device is offline and does not have an internet connection)

1. Return initiated in FNO Portal.

a. The license is first removed from the device in the FNO Portal.  The status of the license on the device in the portal will be set to "Waiting for confirmation".  The license has not yet been credited back to the entitlement for use by another device.

b. The capability response with the license removal is then downloaded from the FNO Portal and manually loaded onto the device. 

c.  A confirmation capability request then needs to be generated from the device which will be used to prove to FNO that the capability response for the license reduction from FNO was processed on the device.  This is sometimes called a "sync" capability request which is a standard activation request with no Activation ID or Quantity specified.

d.  Once generated, this sync capability request is then manually uploaded to the FNO Portal.  This will remove the license from the device and free it up for use by another device.

2. Return initiated on Host.

a.  The device creates a capability request to return the existing license which includes the desired Activation ID with quantity 0.  

b.  This capability request is then uploaded in the FNO Portal.  The capability response with the license removal is downloaded from FNO and loaded on the device.  

c.  A confirmation capability request then needs to be generated on the device and uploaded to the FNO portal to prove the capability response was loaded so the license can be freed up for use on another device.

If the device has an internet connection the capability requests & responses can be done programmatically.

If Skip Confirmation is enabled (checked) then you trust that the customer will always load the capability response file on the device when a license is returned.  The license will immediately be freed up in FNO once the license is removed from the device in the FNO portal.  This is not as secure and is a potential area for license abuse, however it prevents the need to generate and upload/send the additional confirmation request.  This can be accomplished transparently if the device is online but requires additional manual steps if the device is offline. 

Best regards,

Jim

 

 

 

View solution in original post

0 Kudos
(6) Replies
daniel_schoepf
Level 3

you need to do a capability request with FNE SDK to obtain the license. You can do the same capability request with reverse quantity to return the license.

0 Kudos

Hi Daniel, do you have any sources where I could dig a little bit deeper into this?

0 Kudos
jberthold
Revenera Moderator Revenera Moderator
Revenera Moderator

Yes as @daniel_schoepf stated you can simply perform the same steps you use for license activation to securely return/deactivate the license.   In the capability request you can specify the desired activation ID(s) with a requested quantity of "0" to return the licenses back to the entitlement.  Alternatively the end customer could remove the licenses from the licensed device in the the FlexNet Operations Customer Portal, then perform a sync between the device and FlexNet Operations.  A sync is an "empty" capability request that does not include an activation ID/quantity.    

- Jim

So If I understood correctly there's two ways:

  • The host triggers the return by starting a capability request with the reduced quantity and uploads it to the portal
  • The portal processes this capability request and adds up the licenses accordingly
  • How does the portal / back-end server know that  the licenses have actually been removed from the device? Is there some capability response involved here?

Alternatively:

  • License is derectly removed from the device in the FlexNet FNO Portal
  • Then a sync is performed ... what does sync stand for here? As far as I understand it would mean that a reduced capability response is generated which is downloaded onto the device
  • The processes the reduced capability response and submits another request to the back-office so that the back-office can be sure that the device has been removed

I'm implementing everything manually so I have to assume that there is (most of the time) no direct connection between host and FNO Portal --> the functionality of uploading and downloading the corresponding requests need to be available in the host's backend and the FNO's backend.

0 Kudos

Would both ways depicted under following pictures be viable solutions for my problem? If so what should be preferred if everything is to be done in a manual (download from ..., upload to ..., etc.) way - what way should be preferred if everything was to be done automatically without user interaction.

2022-08-08_10h12_47.png

0 Kudos
jberthold
Revenera Moderator Revenera Moderator
Revenera Moderator

Hi @TrinityTonic ,

Your diagrams are accurate if the FlexNet Operations Configuration setting for  "Skip Confirmation" (found in System/Configure/Embedded Devices/License Generation) is disabled (not checked).  With Skip Confirmation disabled, the device must prove to FNO that the capability response with the license reduction was indeed processed.  So let's take a look at both scenarios (first let's assume that the device is offline and does not have an internet connection)

1. Return initiated in FNO Portal.

a. The license is first removed from the device in the FNO Portal.  The status of the license on the device in the portal will be set to "Waiting for confirmation".  The license has not yet been credited back to the entitlement for use by another device.

b. The capability response with the license removal is then downloaded from the FNO Portal and manually loaded onto the device. 

c.  A confirmation capability request then needs to be generated from the device which will be used to prove to FNO that the capability response for the license reduction from FNO was processed on the device.  This is sometimes called a "sync" capability request which is a standard activation request with no Activation ID or Quantity specified.

d.  Once generated, this sync capability request is then manually uploaded to the FNO Portal.  This will remove the license from the device and free it up for use by another device.

2. Return initiated on Host.

a.  The device creates a capability request to return the existing license which includes the desired Activation ID with quantity 0.  

b.  This capability request is then uploaded in the FNO Portal.  The capability response with the license removal is downloaded from FNO and loaded on the device.  

c.  A confirmation capability request then needs to be generated on the device and uploaded to the FNO portal to prove the capability response was loaded so the license can be freed up for use on another device.

If the device has an internet connection the capability requests & responses can be done programmatically.

If Skip Confirmation is enabled (checked) then you trust that the customer will always load the capability response file on the device when a license is returned.  The license will immediately be freed up in FNO once the license is removed from the device in the FNO portal.  This is not as secure and is a potential area for license abuse, however it prevents the need to generate and upload/send the additional confirmation request.  This can be accomplished transparently if the device is online but requires additional manual steps if the device is offline. 

Best regards,

Jim

 

 

 

0 Kudos