Floating license over internet.

For a customer we would like to offer a kind of floating license over the internet.

Our first idea was to setup a vps and install the TurboFloat server on it for our customer. But then we realised there is no authentication, so everyone who knows the IP of this server could configure it in the application and use a license from this server.

Do you have an option to password protect a TurboFloat server? Or any idea's how we could implement this for our customer?

I was thinking about this too, but we finally declined this idea at all, because there is not enough guaranteed safety.

But, you may create some special field with unique code, that will receive only customer.Your application will require: server, port, and this unique code.When you receive lease from TFS (over net), than you have to check unique code.

In this case, you have 2 secret information: server ( + port) and unique code.

Another possible solution would be to use hash of something (customer name/email/id), but it's only little increase in security.

Unless attacker knows, what else are you checking, it is safe. But also, customer can leak it out, or give it to someone.

Using custom fields is not really an option. Because then you can prevent the program from starting if the unique code isn't right, the invalid user can however get a lease from the server. This way genuine users could be blocked from using the program (I don't really know if this would be an issue).

Another option we thought about was using a proxy in front of the float server, this proxy server then would handle the authentication. However I only found a way to configure a proxy in the float server itself, and no possibility to configure a proxy server for the float clients.

Another option would to setup some secure tunnel (via ssh for instance) from the user to the vps. This tunnel then would be used to the connection to the float server. But setting up a tunnel for the program is not really user friendly.

This is a network administration problem.

So, let's say a client of yours buys 100 floating licenses. They install the TurboFloat Server on a company server. They can configure that server (the hardware) to allow connections from inside the building. Plus they can whitelist specific external IP address to allow access to the server. And they can also allow VPN connections for people outside the company that (a) either need to be authenticated to get a license lease and/or (b) don't have a fixed IP (because, for instance, they work while they travel).

So, that's the solution -- basic network administration. We didn't build in another layer of network administration directly into the TurboFloat Server because it is redundant and would force network administrators to learn more configuration junk that just duplicates existing network layers (whitelisting, VPNs, etc.)

Wouter wrote:> Using custom fields is not really an option. Because then you can prevent> the program from starting if the unique code isn't right, the invalid user> can however get a lease from the server. This way genuine users could be> blocked from using the program (I don't really know if this would be an> issue).>

If your program will immediately check custom fields, and drop lease if it is not valid, then it will not block genuine users, in my opinion.This could be more user-friendly than setting some network.

Reply
Discard post