Software as a service
Licensing in Edge and Cloud
When applications were moved to the cloud, the issue of licensing was thought to have been resolved. But not everything is in good hands in the cloud, and now licensing has become even more important when operating containers due to the associated scaling.
In the distant past, software was delivered on floppy disks. Over time, these were replaced by CDs and DVDs. Users installed the software on their PCs. Today, these solutions are referred to as on-premises and pose several challenges for manufacturers today, just as they did back then. One of these is the system requirements of the user. They need the appropriate computing power to run the software, but interactions with other software can also lead to problems. A second, even more important challenge from the manufacturer's point of view is preventing unauthorized use of the software. Copy-protected data carriers were once introduced for this purpose. A dongle is often used for higher-priced software. Computer-bound activations are also used for this type of software.
Cloud SaaS is catching on
Software as a Service (SaaS) in the cloud has established itself as a way of making software available for use online. Applications such as online maps or online translation tools have completely replaced their on-premises versions. With this cloud software, the application is usually operated by the manufacturer and made available online for use. Users only need a browser, in some cases a thin client. SaaS thus reduces the requirements for local computers, opens the door to software on mobile devices and changes the requirements for protection and licensing. In contrast to on-premises software, no copy protection is required and licensing can be linked to user identification.
The development tools used by programmers have also changed with the move to the cloud. While on-premises applications are often written in C++ or .NET, many different programming environments are used here with Python, JavaScript & Co. SaaS solutions in the cloud are generally already highly scalable due to their architecture. The "cloud first" trend is also spilling over from the end customer environment to B2B applications. One example of this is predictive maintenance applications for control systems and plants.
From the manufacturer's point of view, the new cloud world could be so wonderful if it weren't for issues such as cloud availability, required bandwidth, latency times and, above all, legal issues such as "Where is my data?" that stand in the way of cloud computing. The compromise solution is edge computing. Here, the cloud solutions run on the edge of the cloud at the user's premises and only exchange minimal data with the cloud, if any at all. Manufacturers want to take advantage of all the benefits of their cloud software: Scalability and flexibility in the development environment. Thanks to Docker and other container solutions, it is technically relatively easy to implement a cloud solution as an edge solution. The various services are provided together with all the necessary software components in individual containers and do not require complicated installation processes or dependencies on other software on the user side. This isolation also eliminates interactions with software from other manufacturers.
One point is often overlooked in this type of migration project: The changed requirements for licensing and software protection. While copy protection and intellectual property protection are irrelevant for cloud solutions that are operated by the manufacturer, this point comes back like a boomerang with an edge solution: Similar to on-premises, the application is once again in the care of the user. Licensing is also subject to familiar requirements from the on-premises world, as well as new requirements regarding how the scalability of the systems can be mapped in the license. As in the on-premises world, a non-copyable, secure anchor is required for licensing.
Licensing on an edge device
Edge devices occupy a special position. The manufacturer supplies a ready-made solution consisting of hardware and software that connects the local system landscape with the systems in the cloud and controls the data flow. Licensing can take place either via the cloud systems contacted, which enable user identification via login, or as a classic on-premises license on the device itself. If certificates with private keys worthy of protection are used for encrypted communication, secure anchors are used. These can be TPM chips or dongles.
On the devices in the local system environment, it depends on the exact application scenario, the manufacturer's need for protection and user acceptance as to which licensing type can be used. The systems are often capable of running several containers in parallel, which raises the question of how to control and regulate the number of containers in operation and thus the services running in them. The manufacturer has optimum control if systems with an integrated security chip and licensing mechanism are used or if a dongle can be plugged into the device. The license is then located in a secure chip in the device and the cryptographic functions from the containers can be used directly or via an explicitly created container for license use. If it is possible to use a license from a cloud-based licensing system via an edge device, the manufacturer can also be sure that the licenses are counted correctly. The prerequisite is a permanent connection to the Internet and the unrestricted availability of the cloud license.
For software-based licensing of the application running in a container, you need to take a closer look at the matter and find a suitable solution for the use case. Containers were developed to abstract everything as well as possible and to restrict data traffic to the host or other containers to desired transfers. This means that the system features normally used cannot be read and it is also not possible to persist the license data. In order to be able to implement such licensing, however, a secure anchor is required in the container that can be bound to a license. The license data must then be stored within the system in such a way that it is retained in the container. These requirements are not directly compatible with scaling, i.e. starting several containers in parallel. In these cases, the license is operated in a separate licensing container, which then provides the licenses for the other containers on the local system. In order to obtain a secure anchor, this licensing container will have to run with certain rights. It is important to be aware that the desired abstraction of containers is in direct conflict with the manufacturer's desire for control and licensing.
With the CodeMeter solution offered by Wibu-Systems, the license systems in the dongle, software-based licensing and cloud license are cryptographically identical and can therefore be adapted to the customer's area of application and requirements without having to touch the applications or scripts protected with CodeMeter Protection Suite again. The application containers with the protected software, which may run multiple times, are connected to the license container via a separate network in the container world. This means that the cryptographic calls from the application containers can access the license and are transported in isolation. The license container contains either a connection to the built-in security chip or to the cloud operated by Wibu-Systems. When using a software-based license, this license container requires access to the Docker socket for anchoring. The license information is persisted on the system via a named volume and thus also survives a version update of the license container.
License server in the private cloud
In some use cases, the containers no longer necessarily run on the company's own hardware, but are started in a private cloud for simulation purposes, for example. In the environments of large providers, there are other ways of binding licenses. With CodeMeter, software-based licensing is therefore linked to information provided by the provider about these systems. Alternatively, a trusted license server can be used in the cloud. In this case, a virtual dongle is located in the cloud and the software in the container connects to this virtual dongle in encrypted form using a password file. The number of simultaneously running instances of the software in the containers is monitored via the license server in the cloud. In addition to the ready-made solutions in the CodeMeter runtime, the manufacturer can also provide its own bindings. This can be an enterprise license, for example, which enables the software manufacturer's customers to run as many instances as they wish.
Wolfgang Völker, Director Product Management & Support and Rüdiger Kügler, VP Sales and Professional Services, both Wibu-Systems
You might also be interested in
ESTIA aims to strengthen Europe's cloud
New tech alliance for EU sovereignty
Twelve companies, including Dassault Systèmes, are founding the European Sovereign Tech Industry Alliance (ESTIA). The initiative aims to strengthen Europe's technological independence and define requirements for sovereign cloud services. The start...
read more...Deutsche Telekom and Nvidia launch one of Europe's largest AI factories
With the Industrial AI Cloud in Munich, Deutsche Telekom and NVIDIA are creating one of the largest AI factories in Europe. Companies can train AI models, carry out simulations and access 10,000 GPUs.
read more...Leveraging data potential with AI and streaming
Huge data treasures are still lying dormant in many manufacturing companies. And yet it is high time that these treasures were unlocked. There is often a lack of resources and capacity to make data usable in real time. Streaming production data can...
read more...More awareness of noise
Dematic offers solutions that are tailored to different cloud environments and reduce environmental impact through reduced material consumption and improved energy efficiency.
read more...Generative AI in the automation environment
The mechanical engineering and automation industry is undergoing profound change. This transformation is being driven by more volatile global trade, geopolitical crises and increasing market pressure, which demands greater agility, technological...
read more...Rigid data structures have had their day
The traditional data center is no longer the center of data. A hybrid cloud storage approach enables manufacturing companies to both meet the current requirements of data-intensive processes and future-proof their infrastructure.
read more...Software as a service in three stages
CIM Database Cloud is a new out-of-the-box solution from Contact for end-to-end digital product development.
read more...How production can benefit from AI
Together with AI technology, IIoT networking makes it possible to better control machine parameters and optimize quality with predictive quality. Downtimes and set-up times can also be further minimized. Cloud platforms also make these technologies...
read more...More expertise for digital engineering
Altair, a computational science and artificial intelligence (AI) company, has acquired OmniV, a technology from Michigan, USA-based software company XLDyn.
read more...