Administrative Security Policies on the License Server
As the license server administrator of a local license server, you can update the following policies that control administrative security:
The following policies are in effect only when administrative security is enabled:
|
•
|
security.anonymous to determine whether users need to provide credentials simply to “read” information—such as current reservations, features, licenses, or status—on the license server: |
|
•
|
When security.anonymous is set to true, user accounts, including administrator accounts, are automatically granted “read” rights (ROLE_READ); no credentials are needed to perform “read” operations. This policy lessens your administrative burden to manage user accounts. |
|
•
|
When this policy is set to false, a user account, including an administrator account, must be explicitly assigned ROLE_READ in order to perform “read” operations. (The exception occurs when no role is assigned to an account, in which case ROLE_READ is assigned as the only role by default.) Credentials are then required to perform any “read” operation. If an account is not authorized for ROLE_READ, no “read” access is given. |
|
•
|
security.token.duration to limit token validity. This policy sets a time limit on how long an authorization “token” is in effect before it expires, requiring a user to re-enter credentials. Note the following: |
|
•
|
This policy is relevant to FlexNet License Server Manager and those custom administrator tools where credentials are entered once and then automatically applied to each subsequent operation requiring authorization. Once the token expires, the user must re-enter credentials. |
|
•
|
The policy is not relevant for tools like the FlexNet License Server Administrator command-line tool, where users must manually re-enter credentials every time they perform an operation requiring authorization. |
|
•
|
security.ip.whitelist to grant to one or more secure machines (whose IP addresses you specify for this policy) unrestricted access to the license server administrative interface. This access is helpful in cases when you forget your credentials or when someone needs the convenience of accessing administrative functionality on the license server without having to provide credentials. |
|
•
|
security.http.auth.enabled to control whether HTTPS is required to access the license server to perform secured operations (that is, those requiring authorization): |
|
•
|
When set to true, this policy allows the use of the HTTPS or HTTP protocol to perform secured operations. |
|
•
|
When set to false, the policy enforces the use of the HTTPS protocol to perform secured operations. An error is generated when HTTP is used. |
This policy has no effect on those operations exempt from license-server security measures, as described in Operations Exempt from Administrative Security.
For more information about these policies, see the following:
Enabling Administrative Security on a Local License Server
If the producer deployed a local license server with administrative security disabled, you can enable it as long as the producer has provided you with administrator credentials. You can also disable security on a currently secured license server.
To enable administrative security on the local license server
|
1.
|
Obtain default administrator credentials from the producer if you do not already have them. |
|
2.
|
Start up the license server. When administrative security is disabled, you have full privileges to administer the license server (as though you have an account with ROLE_ADMIN, ROLE_RESERVATIONS, ROLE_DROPCLIENT, and ROLE_READ). |
|
3.
|
Use your license server administrator tool to change the security.enabled policy to true: |
|
•
|
For the producer’s custom administration tool, refer to the producer’s instructions. |
|
4.
|
Once administrative security is enabled on the license server, reset your default administrator password, providing your default administrator credentials to authorize your access to this operation: |
|
•
|
For the producer’s custom administration tool, refer to the producer’s instructions. |
This operation is currently not available in the FlexNet License Server Manager.
|
5.
|
From this point on, provide your credentials to perform any secured operation: |
|
•
|
For the producer’s custom administration tool, refer to the producer’s instructions. |
To disable administrative security on the local license server
Using your credentials, access your administrator tool to change the security.enabled policy to false.