Tuesday, March 3. 2009Licensing to KillCould FLEXlm be one of the world's worst-designed programs? They've just rechristened it FLEXnet Publisher, and I can only think it's to try to get away from existing FLEXlm stigmas. It's so bad that according to a VMware engineer I spoke to on the phone a few months ago, in the next release of ESX (whatever the new name is going to be) they're ditching it to go back to their own serial-number based scheme, entirely because of a large amount of hugely negative customer feedback. This is only one major release after they switched to it. Let me describe the structure of it (if I were to go into the user interface issues, this would become far too long a post, so maybe another time). There's a management daemon, called lmgrd, and vendor daemons. These vendor daemons are (often along with the management daemon) provided to you, often without an installer and simply as a bunch of files. There's also quite often a node-locking generator (based on things like hostname, MAC address, and all manner of things easily faked in a VM) provided to you by the vendors, which as far as I can tell is different for every vendor. This is possibly so that they can build in their own criteria, but more likely because the FLEXlm people are lazy and can't be bothered to provide a comprehensive set of criteria on their own. Now, why is there a vendor daemon and a management daemon? Good question, and I don't know the authoritative answer, but from using it I can make an educated guess or two: either to allow vendors to validate some part of the licenses in their own manner, or to simply confuse and annoy the hell out of you. See, the different vendor daemons are built against some version of the FLEXlm software, and they may, or may not, have been built against the same version. This may, or may not, cause problems, including crashes. It may explain why every time the license server reboots (thanks, generally, to automatic Windows updates), lmgrd fails to start up successfully. Now, you can run multiple instances of lmgrd -- if you can figure out how to get it installed so that it starts up on bootup, since there isn't much in the way of help in the official help PDF, and only one of the three vendors whose licenses I deal with actually provided an installer (thanks, VMware, I'll be using your installer long after you've switched off of FLEXlm). This lets you have each license under a different copy of lmgrd, perhaps so that you can attempt matching versions, but mainly so that if one of the lmgrd instances crashes, it will only take down that license. (Actually, it's because in this configuration you need to run them on multiple machines, so if one machine goes down, most of your licenses stay up. But I know what they really meant.) Alternately, you can combine licenses into a single file, a process that the manual warns is time-consuming and error-prone. Finally, you can simply have all your licenses be handled by a single lmgrd instance. Now, this isn't really a bad idea, except for port numbers. See, each vendor daemon needs to run on its own TCP port number. You can specify the port number in the license file, except when you can't because some vendor hardcoded it into their software. If you don't specify a port number in the license file, the vendor daemon will be given a port number starting at 27000 on up, giving you an address like 27000@mylicenses.thissucks.com. Now, because everyone likes autoconfiguration, if in your program you leave out the port number (giving you something like @mylicenses.thissucks.com), then it will automatically search ports 27000 through 27009 for a matching vendor daemon. Unfortunately, I haven't seen a single vendor product that doesn't puke on such an address, claiming it is invalid because of faulty validation, even when the FLEXlm manual in front of me says it's perfectly legal. If you don't then modify your license files to specify ports (which you have to remember to do every time you get a new license file), then you better be aware of when the license server reboots, because the ports are given out in the order that the services come up. So if you're in my situation, where the first of the vendor daemons always crashes the first time it tries to load on bootup, then the other two will have their normal ports decreased by 1. I haven't even gotten to things like functions to reread license files that don't actually reread them, a UI that doesn't tell you if a server is running or stopped until you hit the buttons to try to run it or stop it, a status window that displays a large amount of license data in a tiny, non-resizable window, and more. The product feels like it was developed in 1988 (it was) and is a study in market leader stagnation. I would be very surprised if they have a single developer left and haven't fired everyone to just sit there and watch the money roll in. If license servers are necessary for some product you're creating, there are other license servers out there that simply run on a well-known port and don't require any of this idiocy. Unfortunately, in my experience I've seen more companies switch to FLEXlm than away from it. I hope this isn't an industry-wide trend. Where's the KDE angle? There isn't one specifically, other than this: if someone in the KDE community thinks this is a good design, or can see themselves designing such a scheme, please just leave. Now. (Don't worry, I'm sure this doesn't apply to any of you. Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
Do you have any experience with other crossplatform licensing products? We are using HASP from Aladdin for a Qt-based CAD tool, but from what I've seen all of these products are half-assed and slow down the product and cause crashing (personal experience from pro audio software).
Cross-platform licensing, I don't know. I can tell you that in comparison to FLEXlm, WlmAdmin by SafeNet is a joy to use. Not sure how cross-platform it is (the server is probably Windows-based but not sure about clients).
Perhaps Flexnet doesn't really dictate how the license files look like, how they are encrypted, etc. It probably just gives you a SDK to do that, and for the distribution / validation in a client server model. So the lmadm doesn't can't validate a license itself, it just starts one or more different vendor daemons that actually understand and validate them. I don't understand the port problem. Why don't you just specify the ports in the configuration? Don't get me wrong, I'm not a big fan of FlexLM either, it's just what people use. I especially don't like that you don't have access to the whole report format.
The original developers have their own License Server now (RLM - Reprise License Manager), which at least has an open report format, which is nice for monitoring.
Specifying the ports in the configuration is perfectly valid (although you're actually doing it in the license files, so each time you get a license update you need to remember to do it). I was pointing out the issues with not doing so, however, to demonstrate how even when features exist that could mitigate configuration hassles, they are not well-supported, seemingly for no reason other than that no one pays attention or cares or knows about it. I consider this mainly a failure on part of the FLEX guys, as they are not requiring customers to fully implement their API, quite possibly because of lack of education or communication.
FlexLM is really bad, I remember when we tried to use several FlexLM server so that if one server went down, we would still be able to work without disruption, in fact it was even worse: if any server went down then clients couldn't get license anymore!!
Seriously, why put money in a protection scheme that can be cracked anyway?
A very basic serial number that is validated for correctness is enough, if necessary with a MAC address calculation or online activation. That's like ~1 hour of effort. This prevents normal people from making copies and makes no difference to crackers and yet saves loads of money.
From my experience -- people sitting at the top don't understand (or want to understand) the technical issues. They just see that some marketing person promised them that the industry-standard in license management can provide them hacker-proof protection (I know), and they see the $$ dancing in front of their eyes as they envision forcing all those supposed freeloaders out there into paying for their product.
After all, if you charge 20-120k per license per year (I've seen the entire range), then spending however much FLEX costs per year is probably small change next to the possibility of getting one single extra license sold.
You wouldn't think a license server would be such a hassle. Despite it only being used in a handful of classes and probably an average of 0.5 people using it on campus (outside of some of the math labs), my university bought a site-license to Mathematica. I'm pretty sure it was just to avoid the headaches of running whatever Mathematica uses for a license server.
Unfortunately, in many cases (such as some of mine), the site license is itself implemented on a FLEXlm server (after all, the client program has to get a license from somewhere, even if there's an unlimited number of allowed users).
I was unlucky enough to have to deal with the Flexlm server in Serena PVCS a couple of years back, and it was such a PITA that we basically switched to SVN because of it. Not only config is mysterious and the daemon fragile, but the server cannot be easily set up on a cluster of machines or other ha replication scheme. It thus becomes the spof of the applications using it - and when you have 20 devs paid a whole day to do nothing because the licensing server is down, you know somebody will not be happy...
Hah, I can imagine. Yeah, you don't really want your licensing server to be your weakest link, and FLEXlm's stability and design is so bad that it usually is.
|
Amarok LinksCalendarQuicksearchCategoriesSyndicate This BlogBlog AdministrationWe Listen To... Powered by
|
)
