General Info

By: Richard Glaser - Revised: 2006-06-13 devin

Introduction

General information about KeyServer, how it works, license control, and network redundancy.


What is KeyServer?

KeyServer is a software package designed to manage licenses for an entire software library distributed throughout a network of computers.

KeyServer can be used to:
  • Enforce usage limits for Macintosh and Windows programs
  • Control program access based on location or Name & Password
  • Reallocate licensed software assets for efficient utilization
  • Report on logged program usage and predict software needs
  • Inform users when software upgrades become available
  • Disable obsolete program versions
  • Check out software for use offsite
  • Secure costly or proprietary programs against piracy
  • Reserve access to programs for specified users at scheduled time

Why use KeyServer?

There are many reasons to use KeyServer from protection from software piracy to usage reports, but the main advantage of KeyServer is reducing software costs by taking advantage of concurrent licensing. KeyServer will ensure that the number of licensed copies of software packages in a central pool that are being used anywhere on the campus network is not exceeded. There is no noticeable response time difference between keyed and non-keyed applications. Each keyed software package still resides on the computer's local hard drive.

Who makes KeyServer?

KeyServer is made by Sassafras Software Inc. Sassafras is located in Hanover, New Hampshire, just a few miles north of Dartmouth College.
     
Sassafras Software
PO Box 150 Hanover, NH
03755-0150
USA
(603) 643-3351
E-mail - sales@sassafras.com
Web - www.sassafras.com

Who uses KeyServer?

On campus:
  • ACLIS Labs
  • Biology Dept.
  • Others?
Others:
  • Adobe Corporation
  • Aldus Corporation
  • Apple Computer, Inc.
  • Arizona State University
  • Carnegie Mellon University
  • Duke University
  • Harvard University
  • Indiana University
  • MIT
  • Princeton University
  • Stanford University
  • U.S. Air Force
For a more detailed list, click here for Sassafras Software's install base list.

How KeyServer works

KeyServer uses TCP/IP, IPX, and AppleTalk to stay in contact with the various computers connected to your network. On each networked computer, the KeyServer client software, KeyAccess, handles communication with the KeyServer. When a client computer first starts up, KeyAccess automatically contacts the KeyServer and opens a session.

When a user launches a program, the operating system passes the launch request to KeyAccess, which then conveys the request over the network to the KeyServer. It doesnÕt matter whether the application file being launched is stored on a local disk or on a remote file server; the transaction with the KeyServer is the same. KeyServer consults its database of software licensing information and its current software usage table in order to determine how to respond to the launch request.

Possible responses from the KeyServer back to the client include:
  • Proceed with program launch.
  • No licenses available.
  • KeyServer will notify you when one becomes free.
  • Program version obsolete. Please update to the latest version.
  • Enter a correct name and password in order to use this program.
  • Program access denied for users in your network address range.
  • Program schedule denies access at this hour.

Network Redundancy - KeyShadow

To solve the problem of this single point of failure, KeyServer implements a network-redundancy strategy called shadowing. With shadowing, the network administrator sets up automatic backup servers called KeyShadows in critical locations around the network. KeyShadows maintain a network connection to the main KeyServer, and automatically take over service for the KeyServer whenever this connection is broken. When the connection is reestablished, the KeyShadow passes service back to the central KeyServer. This process is transparent to the users of keyed programs running under any version of the Mac or Windows operating systems, regardless of which protocol they are using to connect to the KeyServer.

Backup KeyServers
When the network connection to a file server is broken, programs run from the file server are shut down almost immediately, and work-in-progress can be lost without warning. In contrast, when the network connection to a KeyServer is broken, but is reestablished within about ten minutes, KeyServer users will not notice the break. If the connection is not reestablished within ten minutes, users are requested to quit from any KeyServer-controlled programs (unless the Controls have the detachable bit set, in which case users can continue running the current sessions of any applications, without interruption). Even if a user ignores repeated dialogs requesting that KeyServer-controlled programs be quit, the client software never puts work-in- progress at risk.

The two main reasons for loss of service are: problems on the KeyServer machine; and failed network bridges, routers, or hubs. You can prepare for these eventualities by having backup KeyServers, called KeyShadows, ready at other computers on your network. First, you need to install KeyShadows at critical locations throughout your network.

ACLIS Labs KeyShadow(s)
We setup a KeyShadow for each lab (Austin Hall, EMCB, MMC, and Union) before the router(s). Almost, all KeyServer failures we have had, have been due to a network problem (i.e. failed network bridges, routers, or hubs) and not a problem with the KeyServer software or hardware itself.   

We are using our outdated/oldest Macintosh for the KeyShadows. They are currently running on a Power Macintosh 7100/66 with 72 MB RAM and 500 MB hard disk.