How to Configure RCDevs License Server
1. Introduction
In this short How-To, we will explain how to configure RCDevs License Server. The license server is now the default RCDevs model for licensing. This documentation is addressed to every new customer who is subscribing for an enterprise license. For others, the license server can be used with at least WebADM 1.6.8-2.
IMPORTANT NOTE
Once the license server is configured with WebADM, a license cache is available for 10 days. That means, if your WebADM servers are not able to communicate with RCDevs license servers, WebADM will continue to work as expected during 10 days. Once the offline cache is expired, WebADM services will stop working. To renew the license cache, WebADM needs to communicate again with license servers.
2. First Steps
After subscribing an RCDevs enterprise license, a license file will be provided to you by the RCDevs sales team.
You have to import this file on your WebADM server. To do it, 2 ways are possible, import the license file from the WebADM Administrator portal or copy the file on the server through SSH/WinSCP in /opt/webadm/conf/ folder.
To enable the license server configuration, you have to edit WebADM servers file (/opt/webadm/conf/servers.xml).
Login on the WebADM server through SSH and edit the following file:
vi /opt/webadm/conf/servers.xml
In this file, you should find the license server section. If the following bloc is not available in your servers.xml file, please add it. It looks like below:
<!--
<LicenseServer name="License Server"
host="license.rcdevs.com"
port="7001"
ca_file="" />
-->
You have to uncomment it like below:
<LicenseServer name="License Server"
host="license.rcdevs.com"
port="7001"
ca_file="" />
Configuration is done, you can save and quit this file. To changes takes effect, you have to restart WebADM services:
/opt/webadm/bin/webadm restart
During the restart, if the communications with the license servers work fine, you should see:
Connected License server: License Server (91.134.128.157)
And after:
Checking License service access... Ok
If during the services restarting you see:
Connected License server: ERROR (no server available)
That means that WebADM is not able to contact the license server. Or the new license hasn’t been imported yet. We will see how to troubleshoot this issue in the Troubleshoot section of this documentation.
3. Import the License from the WebADM Administrator Portal
In that scenario, you have to log in on the WebADM Admin GUI, click on the Admin tab and click on Software License Details in Licensing and Configurations section.
You are now in the Software License Details menu. Through this menu, a blue button named Import New License is available to import the license file provided by the RCDevs sales team. Click on the Import New License button.
And you are now in the following menu:
Click on the Browse File button and select your license file locally.
Or for Method 2, copy the content of the license file and past it below.
Click on the appropriate Import button according to the method you choose.
You will now see the license details and another blue button to upload the license.
Click on Update License button.
The license file is now imported on your WebADM server. Please, restart WebADM to activate the license.
/opt/webadm/bin/webadm restart
Finally, you will see the imported license under Admin tab and click on Software License Details.
4. Troubleshooting License Server Connection
4.1 DNS Resolution
Fist, check that the DNS resolution from your WebADM server works correctly for license.rcdevs.com.
[root@webadm1 ~]# ping license.rcdevs.com
PING license.rcdevs.com (91.134.128.157) 56(84) bytes of data.
64 bytes from 91.134.128.157 (91.134.128.157): icmp_seq=1 ttl=54 time=17.5 ms
64 bytes from 91.134.128.157 (91.134.128.157): icmp_seq=2 ttl=54 time=16.8 ms
64 bytes from 91.134.128.157 (91.134.128.157): icmp_seq=3 ttl=54 time=17.1 ms
^C
--- license.rcdevs.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 16.890/17.194/17.510/0.295 ms
As you can see, the resolution works here. If it’s not your case, add an entry in your DNS system or configure the public IP of RCDevs license servers in /opt/webbadm/conf/servers.xml.
license.rcdevs.com is a DNS name for redundant infrastructure. The actual resolved IP for license.rcdevs.com can change, so it is recommended to use the DNS name instead of the IP. If your firewall does not allow using DNS names and you have to use IP addresses, we advise you to allow traffic to the following three IP addresses :
- 91.134.128.157
- 213.32.75.204
- 213.32.75.212
4.2 Communication on port 7001
Here we will try if WebADM is able to access to license.rcdevs.com on 7001 port using telnet tool:
[root@webadm1 ~]# telnet license.rcdevs.com 7001
Trying 91.134.128.157...
Connected to license.rcdevs.com.
Escape character is '^]'.
Communication on port 7001 is allowed. If WebADM is not able to communicate on port 7001, please check your firewall.
IMPORTANT NOTE
Please note that the protocol is pure TCP and not HTTPS. Some firewalls (e.q. Palo Alto) block the connection if the rule is defined with HTTPS.
4.3 How can I be sure that WebADM and License Server are synchronized?
To be sure that communications between WebADM and Licence Servers working fine, log in on the WebADM GUI and click on the Admin tab.
You should see Active License Server: License Server (91.134.128.157) like below:
Always under the Admin menu, another check must be done. Click on Software License Details:
And you should see something similar if everything works fine.
If you have ‘Active License Server: None’ as below after performing every check we previously did, please contact RCDevs support.
4.4 WebADM Cluster and License Servers
When you have a WebADM cluster configured and for any reason, you have to restore a backup on one node, let’s say Node 1. The synchronization will be broken and you have to resynchronize the Node 1. To do it, you have to log in on the WebADM Administrator portal of the Node 2, click on the Admin tab and click on Software License Detail. On this page, you will see a section named License Server Clients and a Resync button next to the client in question (Node 1).
Click on Resync button to resynchronize this server with the license server.
4.5 Server Pool
The licensing model is based on the number of users and the number of WebADM instances that you want to configure.
WebADM Servers IPs doesn’t matter anymore with license servers. You have now a pool with x servers allowed according to the license you ordered. If your pool is full and you want to connect another WebADM instance in this pool, you need to unbind one server to free up one slot in your pool. To remove an instance from your server pool, log into the WebADM Admin GUI, click on the Admin tab, Software License Details and in License Server Client, find the client in question and click Unbind Client to remove the client from your pool.
A slot is now available for another server:
4.6 WebADM cannot contact License Servers anymore
If for any reason, your WebADM server is not able to contact the license servers or if the license servers are down for maintenance, an offline cache will allow WebADM to continue working without problem during 10 days. After 10 days, WebADM will stop working if the communication with license servers have not been established in meanwhile.
5. Information transferred from WebADM to RCDevs License server
For the online license, the information transmitted is the following.
No private or individual user information at all is transmitted.
- Customer ID and instance ID (As in WebADM Software license details)
- Host ID Hash (not IP or MAC or any recognisable address)
- One time license token (generated locally)
- Number of activated users (for OpenOTP)
- Result of one way hash function of the user search base (used to verify the cluster member configs are same)
- Installed RCDevs software versions
- User and host count (for Spankey)