Protecting containerized applications (e.g. in docker) is similar in many ways to non-containarized applications. The major difference is that, in most cases, there is no reliable way to uniquely identify an instance. And even if it would be possible to identify them, it might not be desirable since oftentimes containers spin up and down very frequently.
More specifically, the challenge from a software licensing perspective is to prevent end users from exceeding the maximum number of concurrent instances.
Solution
The general solution to restrict the number of concurrent users is to use a floating license model (allows to restrict how many instances can run concurrently) and generate a random identifier upon application start (i.e. not relying on any OS information).
If your clients will have an internet connection, your application can call the Cryptolens API directly as described here. In this case, Cryptolens will be responsible for keeping track of all active instances.
If your clients will be offline, they can install a local license server that will keep track of all instances. A tutorial on how it can be setup can be found here.
If you would have any questions or need advice on how to protect containerized applications, please reach out to us at [email protected].
Floating licenses makes it easier for your customers to switch between machines that actively run your software, without having to deactivate them first. For instance, you can constrain the number of concurrent users to 10, but still allow the software to be installed on eg. 100 computers.
In Cryptolens, floating licensing works by letting your app to regularly poll the server to check if the number of concurrent users has been exceeded, which can be accomplished with the code snippet below:
import io.cryptolens.methods.*;
import io.cryptolens.models.*;
public static void main(String args[]) {
String RSAPubKey = "RSA Public Key";
String auth = "Access token";
LicenseKey license = Key.Activate(auth, RSAPubKey, new ActivateModel(3349, "MTMPW-VZERP-JZVNZ-SCPZM", Helpers.GetMachineCode(), 300, 1));
if (license == null || !Helpers.IsOnRightMachine(license, true, true)) {
System.out.println("The license does not work.");
} else {
System.out.println("The license is valid!");
System.out.println("It will expire: " + license.Expires);
}
}
Normally, if the app stops polling the server, that user will be automatically deactivated within the specified period of time. However, if you want to deactivate it instantly, you can use the code below:
import io.cryptolens.methods.*;
import io.cryptolens.models.*;
public static void main(String args[]) {
String auth = "";
boolean result = Key.Deactivate(auth, new DeactivateModel(3349, "MTMPW-VZERP-JZVNZ-SCPZM", Helpers.GetMachineCode(), true));
if (result == true) {
System.out.println("Deactivation successful.");
} else {
System.out.println("Deactivation failed.");
}
}
To see all the required parameters, please check out the GitHub repo of the Java client. Should you have any questions, please feel free to reach out.