How does the Sentinel HASP licensing test for license re-hosting.

Issue

What criteria does Sentinal HASP license look for to establish that a license is legitimate?

Product Line

Andover Continuum

Environment

  • Sentinal HASP
  • Keyless Licensing
  • SafeNet

Cause

How does  the Sentilel HASP license detect that the license has not been re-hosted.

Resolution

Sentinel HASP relies on three different parameters for verifying fingerprints on a virtual machine:

  • Virtual MAC address
  • CPU characteristics
  • UUID of the virtual image.

Each of these parameters is discussed below.

 

Virtual MAC Address

Each physical network adapter or network card has a unique identifier, but this identifier is not accessible to a virtual machine running on the computer. Instead, each virtual machine is assigned a unique virtual MAC address.

 

Within a network, each virtual machine must possess a unique MAC address. A user cannot a user clones a virtual machine and installs it on a second computer within the same network, working on either the original or the cloned virtual machine will be impractical as the two machines will constantly cause network collisions.

 

CPU Characteristics

In desktop/workstation environments such as VMware workstation or VMware player,

the desktop virtualization software does not expose the ability to virtualizes the CPU.

This increases the difficulty for a user to bypass the protection by attempting to create a virtual copy of the source computer.

 

A number of CPU characteristics are available for inclusion in the virtual machine fingerprint, including:

  • Make
  • Model
  • Speed.

 

Due to the large number of different processors available in the market, the likelihood of two different desktop computers having completely identical CPU characteristics is low.

 

In centrally managed virtual infrastructures(also called serverbased virtualization), hardware clusters can be virtualized.

 

In this environment, the virtual infrastructure does not always utilize a single, fixed set of physical hardware resources.  Instead, it utilizes a shared pool of resources.

 

For the most common types of clustered environments, where live migration capabilities are typically required, a requirement usually exists for different hosts in the cluster to have identical CPU characteristics.

 

Solutions such as VMware vCenter Server provide the ability to enable CPU masking to improve compatibility for the high availability and fault tolerance virtualization features.

CPU masking allows host machines with different CPU characteristics to be used in the cluster, while providing common (masked) CPU characteristics Clone Detection for a Virtual Machine 341 across all hosts in the cluster.

 

Therefore the CPU characteristics do not change when virtual machine migrates across the hosts in a

cluster.

 

This enables licensed applications to continue working when migrated from one host to another within a cluster.

 

However, this type of environment is restricted to a limited subset of CPU types.

In addition, the migration can only be performed when the target computer contains physical CPU whose

capabilities match or exceed the characteristics of the virtual CPU.

 

UUID of the Virtual Machine

This is used as a means of unique identification of the virtual machine with the majority of virtual machines technologies.

  • The UUID consists of a 16‐byte (128‐bit) number.
  • Each virtual machine is assigned a different UUID.
  • When a user makes a clone of a virtual image or copies a virtual machine from one location to another, a new UUID value is generated for the new virtual image or virtual machine.

·        None of the three characteristics used by Sentinel HASP to create a virtual machine fingerprint is absolutely tamper‐proof.