Reference: License Server Policy Settings

Use the following chart as reference to the license server policy settings provided by the producer to control the various operations that your local license server can perform, such as synchronization to and from the back office, licensing distribution, logging, license server failover, and others.

The Editable? column indicates whether the license server administrator can update the given policy.

Note:These policies are of interest to the administrator of a local license server. The administrator of a CLS instance cannot edit license server policies.

For more information about the process of overriding settings, go to the appropriate link:

Managing License Server Policy Settings in the Using the FlexNet License Server Administrator Command-line Tool section.
Properties View in the Using the FlexNet License Server Manager section. (As a reference, the chart shows the field name equivalents used in FlexNet License Server Manager for various policy settings in producer-settings.xml.)

License Server Policy Settings

Setting

Description

Edit-able?

In FlexNet License Server Manager

database.backup-enabled

The property that determines whether the license server takes a backup of trusted storage at given times and stores it on the server. Should trusted storage become corrupt, the license server administrator can then restore it from the backup without contacting the back office. The default is false. See Trusted Storage Backup and Restoration for details.

No

N/A

Licensing Policies

licensing.
clientExpiryTimer

The frequency of checks for expired features on clients. (An expired feature is one whose borrow interval has expired or that has reached its expiration date as defined in the back office.) Expired features found during a given check are returned to the license-server feature pool. The frequency value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds.

The default frequency for these checks is 2s. Consider increasing this value if the current frequency is interfering with capability-request processing or with overall throughput, particularly when features have large borrow intervals. (The minimum value is 1s.)

Yes

Client Expiry Timer Interval

licensing.
dropClientEnforcedDelay

The delay that is enforced between client deletion requests. This value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds.

This setting can also be used to disallow the deletion of clients; in this case, set the value DROP_CLIENT_DISALLOWED.

(Default is 0s, meaning deleting client records is allowed and there is no enforced delay between deletions.)

No

N/A

licensing.
responseLifetime

The lifetime of a served-license response on the client. This value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. If this value is 0 (zero), the response has an unlimited lifetime. (Default is 1d.)

No

Response lifetime

licensing.allow
VirtualClients

The property that determines whether virtual client devices are allowed to obtain licenses. Default is true.

No

Allow virtual clients

licensing.allow
VirtualServer

The property that determines whether the license server is allowed to run on a virtual host. Default is true.

No

Allow virtual server

licensing.default
Borrow
Granularity

The time unit to which the borrow interval used by the license server rounds up. Valid values include day, hour, minute, or second. (The default is second.)

For example, if the borrow interval (which is always expressed in seconds) is 60 seconds, and the borrow granularity is day, then a license issued at 5:05:01 PM expires at 11:59:59 PM—the borrow interval (5:06:01 PM) rounded to the end of the nearest day. Likewise, if granularity is minute, expiration is at 5:06:59 PM. If the granularity is second, expiration is 5:06:01 PM.

This setting is used for those client devices that do not specify one.

Note:For FlexNet Embedded client SDKs released before version 4.0, the granularity is always “day”, regardless of this setting.

No

Default borrow granularity

licensing.
borrowInterval

The borrow interval for served licenses. This server borrow interval is only considered if the back office does not specify a borrow interval for a feature within the license model. The current version of FlexNet Operations mandates that a borrow interval (also referred to as the feature borrow interval) be specified for new license models.

This value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. (Default is 1w.)

For information on how to determine the effective borrow interval, see licensing.borrowIntervalMax.

No

Server Borrow Interval

licensing.
borrowIntervalMax

Restricts the borrow period of the clients. This value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. Default is NOT_CONFIGURED (0). This is also referred to as the admin borrow interval.

The following helps you determine the effective borrow interval.

If the feature borrow interval has been set in the back office, the borrow interval is the lowest of the following values:
feature borrow interval (set in the back office)
client borrow interval (set in a client capability request)
admin borrow interval (set using licensing.borrowIntervalMax)
If the feature borrow interval has not been set in the back office, the borrow interval is the lowest of the following values:
server borrow interval (defined in producer-settings.xml by the property licensing.borrowInterval)
client borrow interval (set in a client capability request)
admin borrow interval (set using licensing.borrowIntervalMax)

A feature’s current borrow expiration can never exceed the final expiration time for that feature. In addition, a borrow-interval granularity may be applied to the effective borrow interval.

This parameter cannot be used for metered features.

Yes

Borrow Interval Maximum

licensing.renew
Interval

The default renew interval is set as a percentage of the effective borrow interval. This value specifies how often—if ever—the client may attempt to recontact the local license server. Successful contact extends the expiration based on the effective borrow period (in other words, the timer for the effective borrow interval is restarted).

If set to zero, the renew interval is at client discretion. (Default is 15.)

Important:This specification by itself does not lead to enforcement. The client-side APIs must extract this value from the license server capability response and take appropriate action.

For information on how to determine the effective borrow interval, see licensing.borrowIntervalMax.

No

Default Renew Interval

licensing.hostId
Validation
Interval

The frequency with which the license server validates that its host ID has not changed. This value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If this value is 0 (zero), validation is disabled. Default is 2m.

No

Host ID validation interval

licensing.default
TimeZone

Defines the time zone that will be applied when determining a feature’s expiry date, start date, and issue date.

Valid values:

UTC— If UTC is set, a feature’s start date is the start of the specified day in Coordinated Universal Time (UTC). Equally, a feature will expire at the end of the day of the configured expiry date in UTC time. This is the default value.
SERVER—If SERVER is set, a feature’s start date is the start of the specified day in the server’s default time zone. Equally, a feature will expire at the end of the day of the configured expiry date in the server's default time zone.

See Editing the Local Settings Post-Installation for additional information.

No

N/A

licensing.security.
json.enabled

The option that enables (true) or disables (false) security for JSON capability exchanges. Contact the producer to determine whether this policy applies to the licensed product you are using and whether the policy should be enabled. (Default is true.)

Yes

N/A

licensing.
backup.uri

(Defined on back-up or main license server in a failover configuration; optional) The URI of the back-up license server to be included as reference information in the capability response to the client device. Use the following format:

http://server:port/fne/bin/capability 

where server:port is the back-up license server’s name and port number, as in:

http://22.22.2.222:7070/fne/bin/capability 

Yes

Backup URI

licensing.main.
uri

(Defined on back-up or main license server in a failover configuration; optional) The URI of the main server to be included as reference information in the capability response to the client device. Use the following format:

http://server:port/fne/bin/capability 

where server:port is the main license server’s name and port number, as in:

http://11.11.1.111:7070/fne/bin/capability 

Yes

Main URI

License Server Settings

server.trusted
StorageDir

The directory in which trusted storage resides. (Default is ${base.dir}, which points to the flexnetls/producer_name folder in the service’s or user’s home directory.)

No

Trusted storage directory

server.accessLog
Pattern

The format to use for the access log name. (Default is access_yyyy_mm_dd.request.log.)

To disable the creation of the access log, set server.accessLogPattern=none.

No

Access log pattern

server.publisher
DefinedHostId.
policy

The property that determines whether to enable support for the use of a producer-defined hostid to identify the license server. To enable support, use the value STRICT. (Default is false, meaning support for this feature is disabled.)

No

Publisher defined hostid policy

server.extended
HostId.enabled

The property that enables support for the use of extended hostids to identify the license server. (Default is true.)

No

Extended hostid enabled

server.forceTS
ResetAllowed

The property that determines whether trusted storage can be reset when unsynchronized data still exists on the license server. (Default is false.)

No

TS force reset

server.backup
Maintenance.
interval

(Defined on back-up license server in a failover configuration; required) The maximum amount of time that the back-up server can serve licenses in a failover event. This value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. If this value is set to 0, the back-up license server will serve licenses for an unlimited time while in failover mode. (Default is 3d.)

No

Backup maintenance interval

server.sync
Compatibility

(Used for migration from the FlexNet Embedded server application) The property that enables proper conversion of time units used for synchronization to and from the back office during the migration from the FlexNet Embedded server application to the FlexNet Embedded local license server. (Default is false.)

No

Sync compatibility

Back Office URL

lfs.url

The URL for back office to which the license server sends capability requests and synchronization data. The property is required for the online deployment model of the license server.

No

N/A

Policies for Polling Back Office for License Updates

lfs.capability.
enabled

The property that determines whether capability-request polling is enabled. If polling is enabled, a capability request is sent to the back office periodically to update the license server’s license rights.

This property is used for the online deployment model of the license server. (Default is true.)

No

Capability polling enabled

lfs.capability.
repeats

The amount of time between polling sessions to the back office. The value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. (Default is 1d; minimum is 10s.)

Yes

Capability polling interval

lfs.capability.
retryCount

The number of polling attempts allowed if the initial attempt fails. (Default is 3.)

Yes

Capability polling retry count

lfs.capability.
retryRepeats

The amount of time between polling attempts, if the initial attempt fails. The value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. (Default is 30s; minimum is 1s.)

Yes

Capability polling retry interval

Policies for Synchronizing to Back Office

lfs.syncTo.
enabled

The property that determines whether synchronization to the back office is enabled. This property should be viewed in combination with lfs.syncTo.includeAll:

lfs.syncTo.enabled=true and lfs.syncTo.includeAll=true: (Online synchronization) This mode collects all historical client actions in the synchronization history and uploads this data to the back office as part of the synchronization.
lfs.syncTo.enabled=true and lfs.syncTo.includeAll=false: (Online synchronization) This mode collects only the current state for each active client device at the point of synchronization and uploads this data to the back office
lfs.syncTo.enabled=false and lfs.syncTo.includeAll=true: (Offline synchronization) This mode collects all historical and current client actions. This data is retained on the license server until the offline synchronization tools are run (see Offline Synchronization to the Back Office).
lfs.syncTo.enabled=false and lfs.syncTo.includeAll=false: No synchronization data is collected (synchronization is disabled). Client data is deleted from the license server as soon as the client expires.

(Default is false.)

No

Synchroniza-tion to backoffice enabled

lfs.syncTo.
pagesize

The maximum number of client records to include in a synchronization message to the back office. A smaller page size limits the memory overhead at the expense of having multiple synchronization transactions. (Default is 100; minimum is 10; maximum is 256.)

Yes

Synchroniza-tion to backoffice page size

lfs.syncTo.
threads

The number of parallel threads allocated to handle the synchronization of metered-usage and license-distribution data to the back office. (Default is 1.)

Yes

N/A

lfs.syncTo.repeats

The amount of time between synchronization sessions to the back office. The value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. (Default is 5m; minimum is 10s.)

Yes

Synchroniza-tion to backoffice interval

lfs.syncTo.retry
Count

The number of synchronization attempts to the back office allowed when an initial attempt fails. (Default is 4.)

Yes

Synchroniza- tion to backoffice retry count

lfs.syncTo.retry
Repeats

The amount of time between synchronization attempts when an initial attempt fails. The value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. (Default is 5m; minimum is 1s.)

Yes

Synchroniza-tion to backoffice retry interval

lfs.syncTo.delay

At license server startup, the amount of time the server should wait before initiating a synchronization session to the back office. (Default is 2s; minimum is 2s.)

Yes

Synchroniza-tion to backoffice delay

lfs.syncTo.
includeAll

The property that determines whether historical license-distribution data for concurrent features is collected and sent to the back office as part of the synchronization. This property should be viewed in combination with lfs.syncTo.enabled:

lfs.syncTo.enabled=true and lfs.syncTo.includeAll=true: (Online synchronization) This mode collects all historical client actions in the synchronization history and uploads this data to the back office as part of the synchronization.
lfs.syncTo.enabled=true and lfs.syncTo.includeAll=false: (Online synchronization) This mode collects only the current state for each active client device at the point of synchronization and uploads this data to the back office
lfs.syncTo.enabled=false and lfs.syncTo.includeAll=true: (Offline synchronization) This mode collects all historical and current client actions. This data is retained on the license server until the offline synchronization tools are run (see Offline Synchronization to the Back Office).
lfs.syncTo.enabled=false and lfs.syncTo.includeAll=false: No synchronization data is collected (synchronization is disabled). Client data is deleted from the license server as soon as the client expires.

(Default is true.)

No

Synchroniza-tion to backoffice include historical data

Policies for Synchronizing from Back Office

lfs.syncFrom.
enabled

The property that determines whether license-recovery from the back office is enabled. If recovery is enabled, the metered-usage data and license-distribution state for concurrent features is recovered from the back office when the license server initially starts up with a new or reset trusted storage. (Default is false.)

No

License server recovery from backoffice enabled

Policies for License Server Failover

fne.syncTo.
enabled

(Defined on back-up license server only; required) The property that determines whether to enable “license server to license server” synchronization in a failover configuration. (Default is false.)

Yes

Synchroniza-tion to FNE enabled

fne.syncTo.main
Uri

(Defined on back-up license server only; required) The URI of the main license server in a failover configuration. Use the following format:

http://server:port/fne/bin/capability 

where server:port is the main license server’s name and port number, as in:

http://11.11.1.111:7070/fne/bin/capability 

Yes

Main FNE server URI

fne.syncTo.
repeats

(Defined on back-up license server only) The amount of time between synchronization sessions from the main server to the back-up server in a failover configuration. (The back-up server initiates the sessions.) The value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. (Default is 300s; minimum is 5m.)

No

Synchroniza-tion to FNE interval

fne.syncTo.
pagesize

(Defined on back-up license server only) The maximum number of client records to include in a synchronization message to the back-up server. A smaller page size limits the memory overhead at the expense of having multiple synchronization transactions. (Default is 100.)

Yes

Synchroniza-tion to FNE pagesize

fne.syncTo.retry
Count

(Defined on back-up license server only) The number of synchronization attempts from the main server allowed when an initial attempt fails. (Default is 1.)

Yes

Synchroniza-tion to FNE retry count

fne.syncTo.retry
Repeats

(Defined on back-up license server only) The amount of time between synchronization attempts when an initial attempt fails. The value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. The default is 60s.

Yes

Synchroniza-tion to FNE retry repeat interval

Security Policies

security.enabled

The option that enables (true) or disables (false) administrative security on the license server.

When administrative security is enabled, operations used to administer the license server are “secured” (that is, credentials are required to perform them). See Managing Administrative Security on a Local License Server or CLS Instance.

When this option is true, the remaining policies in this Security Policies section are in effect.

(Default is false.)

Yes

REST Security enabled

security.token.
duration

The duration of the JSON web token (generated when a user successfully authenticates credentials on the license server). When the token expires, credentials must be re-entered to re-authorize.

The value can be specified with an optional unit-suffix letter—s, m, h, d, or w—indicating seconds, minutes, hours, days, or weeks. If no suffix is used, the server assumes the value is in seconds. The default is 1d.

This policy is not editable in the FlexNet License Server Manager.

Yes

N/A

security.http.
auth.enabled

The option that enforces the use of HTTPS to perform secured administrative (and possibly licensing) operations on the license server.

When false, the policy enforces the use of HTTPS to perform secured operations. (An error is generated for any attempt to perform a secured operation using HTTP.)
When true, the policy allows either HTTP or HTTPS to perform secured operations. (This is the default.)

This policy is not editable in the FlexNet License Server Manager.

Yes

N/A

security.ip.
whitelist

The list of IP addresses for those components (devices) that you determine should have access to the license server without having to provide credentials. For example, you might want a machine in your IT department to have such access to the license server for fixing issues or performing maintenance.

List only IP4 or IP6 addresses; and separate each address with a comma, as this example value shows:

111.222.2.2,111.333.3.3 

This policy is not editable in the FlexNet License Server Manager.

Yes

N/A

security.
anonymous

The option that determines whether or not users need credentials for “read” access to the license server’s endpoints:

When the value is true, all user accounts are automatically given “read” rights (ROLE_READ) and do not need to provide credentials for “read” access.
When the value is false, a given user account must be explicitly assigned ROLE_READ in order to perform “read” operations. (The exception occurs when no role is assigned to an account, in which case ROLE_READ is assigned as the only role by default.) Credentials are then required to perform any “read” operation. If an account is not authorized for ROLE_READ, no “read” access is given. This setting provides additional protection against unauthorized queries on the license server.

This policy is not editable in the FlexNet License Server Manager.

(Default is false.)

Yes

N/A

Logging Policies

logging.
directory

The directory to which the license server writes the log for the license server. The default is ${base.dir}/logs, where ${base.dir} points to the flexnetls/producer_name folder in the service’s or user’s home directory.

No

Logging directory

logging.
threshold

The lowest level of log-message granularity to record—FATAL, ERROR, WARN, INFO, LICENSING, POLICY, or DEBUG. For example, if FATAL is set, only messages about fatal events are recorded. However, if WARN is set, fatal-event, error, and warning messages are recorded.

(Default is INFO.)

Logging categories

FATAL—Errors that prevent the server from starting up

ERROR—Serious errors

WARN—Warnings

INFO—Informational messages

LICENSING—Server responses such as, for example, capability responses and JSON replies

POLICY—Additional information for checkout filters (these are selective license filters customizable by the publisher)

DEBUG—Additional debug-level information. The license server should not use a logging level of DEBUG for a long period, because it can have a negative impact on license server performance. It is not recommended to use DEBUG on production license servers.

Yes

Logging threshold

graylog.host

The host name of a Graylog server, if any, to which logging messages are sent.

Yes

Graylog host

graylog.
threshold

The lowest level of log-message granularity to record—FATAL, ERROR, WARN, INFO, LICENSING, POLICY, or DEBUG. For example, if FATAL is set, only messages about fatal events are recorded. However, if WARN is set, fatal-event, error, and warning messages are recorded. (Default is WARN.)

Yes

Graylog threshold