Administrator's Online Documentation
|
|
|
KeyServer ® Administrator's Online Documentation |
| |||
| Home | Support | Legal | Contact Us |
|
This chapter is aimed at administrators who are familiar with KeyServer 4.2 or an older version. If you are new to KeyServer, there is little reason to read this chapter since the Getting Started and KeyServer Administrator's Reference chapters describe KeyServer 5.0 without any mention of prior versions.
Major new features introduced in KeyServer 5.0 are summarized below with comments that compare the new implementation to prior versions. While specific sections of the KeyServer Administrator's Reference are pointed to for detail, first be sure to read the Getting Started chapter for an overview of KeyServer 5.0 features and a to establish basic terminology.
The biggest changes in version 5.0 are to the KeyServer program itself, which has been completely rewritten with a cross-platform code base so the server program can now can run on Windows NT or Windows 95 or 98 as well as Macintosh or Power Macintosh.
The server is now implemented as an application program instead of a system extension. You no longer need to restart your KeyServer machine in order to upgrade, which makes it easier to host your server on a general purpose network services computer.
The Macintosh KeyServer is a "fat" application that runs native on PowerPC as well as 68K Macs. The networking implementation uses native Open Transport when available. This combination enables KeyServer to take advantage of new Macintosh hardware and software rather than relying on 68K emulation and classic networking emulation as in previous versions.
The term "Control" is now used in place of "Key" when referring to the collection of usage limits and license options for a program. The old "Active Keys" file is now called "Active Controls", and this same name is used to label the window in KeyConfigure that displays the KeyServer's active license control information. The term "key" has a very limited definition in KeyServer 5.0: it now refers to the actual data removed from a program as it becomes "keyed". Other related changes in terminology are fully explained in the "Getting Started" chapter.
In previous versions of KeyServer, each keyed program had just two separate usage counters. Licenses were taken from either the common or preferred license pool. In KeyServer 5.0, you can create twenty different license pools for each program, and each license pool has its own usage limit, time limit, and network/portable use options.
When you upgrade from a prior version, the existing common and preferred counters are converted to the new format. In KeyServer 5.0, licenses in any license pool that does not have an explicit group name associated with it will be available to all users, just as common licenses were available to all users in prior versions. Group membership in 5.0 is defined by both the active authentication method and by network "location", as discussed below.
For more information about using license pools, read the "Control Details" section of the KeyConfigure chapter in the KeyServer Administrator's Reference.
KeyServer 5.0 can be configured to follow a schedule that changes the allocation of licenses among different groups, depending on the day of the week or the time of day. This gives you the ability to automatically reserve licenses for a class that meets at a given time, or block use of programs (like games or Web browsers) during business hours. KeyServer will maintain license compliance across schedule boundaries, and will reclaim licenses from (newly) unauthorized users as the licenses are needed for the (newly) authorized users.
For more information about setting up schedules, read the "Control Details" section of the KeyConfigure chapter in the KeyServer Administrator's Reference Manual.
Once you have upgraded client computers to the 5.0 version of KeyAccess, you can enforce usage limits and other restrictions for any program, regardless of whether it is keyed or not. Unkeyed programs, under previous versions of KeyServer and KeyAccess, could be logged but not controlled.
KeyServer 5.0 makes an entry in its unkeyed programs database whenever a user launches an application it has not seen before. You can then instruct KeyServer to simply log usage of the program, control it as if it were keyed, or ignore the program altogether.
When you configure an unkeyed program to be controlled, you get all of the control functionality available for keyed programs, including multiple license pools and schedules. However, only users running KeyAccess version 5.0 will have their unkeyed program usage controlled. Users of prior versions of KeyAccess will have their software usage logged, regardless of how the unkeyed actions are configured.
 | You must be very careful when setting the unkeyed action for a program to "controlled". Unkeyed programs are identified by program signature only, so any usage limit will apply to all versions of a program and, by default, to everyone. Be careful not to mistakenly disable someone's individually owned program copy. |
For a discussion of the trade-offs between keyed versus unkeyed program control, consult the Getting Started chapter. For more information about controlling unkeyed programs, read the "Unkeyed Actions" section of the KeyConfigure chapter in the KeyServer Administrator's Reference.
Unlike in prior versions, more than one KeyConfigure can be connected simultaneously to KeyServer with administrative privileges. If one administrator attempts to open a settings dialog that is currently opened by another administrator, the settings can be viewed but not modified. The first person to open a particular dialog is the only one able to modify it until it is closed.
In prior versions, you had to take care to close KeyConfigure as soon as practical so another administrator could connect. Now with multiple administrative sessions, it is only important to close configuration dialogs as soon as practical so another administrator can edit settings in the same dialog.
The IP port used by prior KeyServer versions was not configurable. With 5.0, you can change the IP port number in order to conform KeyServer service to an existing IP firewall, or to enable more than one KeyServer process to run on the same computer. However, the KeyShadow architecture is supported only for KeyServer using its standard IP port.
The Network Access dialog now contains three "panes", one for each supported network protocol. Each protocol, including AppleTalk, can be enabled or disabled, unlike prior versions which always serviced AppleTalk clients.
Rather than disable a protocol entirely, you can configure source address filtering. Under each protocol tab, you can enter multiple address ranges and specify whether to allow or disallow access. By attaching a list of group names to an address range, you specify that group members can log into KeyServer only from specific address ranges. When you setup a license pool for a controlled application, you can restrict access to a specific group.
Group membership can be further restricted, beyond the address range requirements, by invoking one of KeyServer's many authentication methods. Unlike previous versions, the authentication method's requirements for group membership are applied in addition to the network location requirements. The old Location Filter and Zone Filter authentication methods are obsolete since their functionality has been taken over by the Network Access configuration dialog.
For more information about address filtering, read the "Network Access" section of the KeyConfigure chapter in the KeyServer Administrator's Reference Manual.
As in prior versions, it is very important to backup the data files that control your software licenses. In version 5.0, there are several data files in addition to Active Controls (formerly called Active Keys) that need to be backed up.
In KeyConfigure's Admin menu, use the "Change Backup Schedule..." item to specify a schedule for automatic backup of important KeyServer data. At the specified time, on the days you choose, KeyServer will copy seven files:
| Files in Backup |
| Active Controls |
| KeyServer Preferences |
| Location Filter Database |
| Machine ID Database |
| Portable Use Record |
| Reservations Record |
| Unkeyed Programs Database |
Copied files are placed in a separate subfolder for each day, giving you up to seven revolving backup sets within the Backup Folder. By using a shortcut or alias to the Backup Folder, you can automatically store the backups on a remote volume.
| By default, a newly installed KeyServer 5.0 is not scheduled to make any automatic backups. You must explicitly set up a schedule and you should explicitly configure a shortcut or alias to the Backup Folder so your backup information will be stored separately from the KeyServer computer. |
For more information, read the "Backup Schedule" section of the KeyConfigure chapter in the KeyServer Administrator's Reference.
New in KeyServer 5.0, you can now sort the Users window by a number of criteria including user name, KeyAccess version, network address, etc.
When you select the "Sort Users Now" item from the Admin menu, KeyServer sorts its user list once, in the order you choose. The sort is performed by the KeyServer for network performance reasons, and the sorted results are sent to KeyConfigure as needed to fill the users window. Furthermore, in order to keep this non-essential work to a minimum, KeyServer does not keep the user list sorted. When KeyConfigure next updates the user window, the list may no longer be strictly sorted, but you can always just use the "Sort Users Now" item to sort again.
The addition of the Unkeyed Actions window to KeyConfigure 5.0 is major change to both functionality and user interface. Other interface changes are minor in comparison. A quick scan of the KeyConfigure menus will reveal some of these new changes.
The new Control Details dialog (formerly the Key Details dialog) has been reorganized into five tabbed panes in order to reduce complexity and make it easier to find the setting you are looking for. The General pane contains a new Notes field, which you can use for anything you choose. You might use this field to reference purchase information for the program license. This field is not interpreted or used by KeyServer.
The KeyVerify utility replaces the old StylEdit program for testing client to KeyServer communications. KeyVerify displays status information so you can tell the difference between a connection to the KeyServer versus a shadow connection and you can tell when the KeyVerify launch is being supported by a portable key.
KeyAudit is now included for Windows as well as for Macintosh. Just as in the previous KeyAudit for Macintosh, now on Windows you can transform unkeyed program copies that are found on a client computer into keyed copies with the push of a button.
Several report modules are now available for off-line processing of KeyServer log files. Drag a log file onto the Drop Report program in order to quickly summarize usage statistics without the network or memory overhead of KeyConfigure.
| |||
| Home | Support | Legal | Contact Us |
|