Administrator's Reference
|
|
|
KeyServer ® Administrator's Reference |
| |||
| Home | Support | Legal | Contact Us |
|
KeyAccess -- Macintosh |
|
KeyAccess is the users' interface to the KeyServer. All events related to using controlled programs are sent from KeyAccess to the KeyServer, and KeyAccess is the means by which the KeyServer's commands are carried out at the client's computer. A copy of KeyAccess running on a Macintosh can connect up to any KeyServer, including a KeyServer running on a Windows computer.
KeyServer-controlled programs are accessible to you only when have KeyAccess in your Extensions Folder. To install KeyAccess on the Macintosh, drag it into the System Folder of the active System disk, choose a KeyServer (explained under Choosing a KeyServer below), and restart the computer. KeyAccess will automatically connect you to the KeyServer each time you restart your computer.
Once you are connected to the KeyServer, KeyAccess will get KeyServer's permission whenever you launch a controlled program. Since requesting a license from KeyServer is automatic, silent, and instantaneous, you will generally not be aware of KeyAccess' presence on your computer unless your administrator has chosen to require a logon password, or if KeyAccess has occasion to provide you with a message, for instance to inform you that a license you've been waiting for is available.
On restart the KeyAccess icon supplies you with a quick status check of your client's connection to the KeyServer. This icon appears with the other INITs at startup and indicates the status of your connection with the KeyServer, as detailed below.
 | This icon appears while KeyAccess is loading at startup. If it does not change to one of the icons below, KeyAccess has properly loaded, but has not found the KeyServer. |
 | This icon is drawn after KeyAccess has properly loaded and established a connection to the KeyServer you selected in the Chooser. |
 | This icon is drawn if KeyAccess was unable to load. The problem will be detailed in an alert box when the Finder appears. Read the message, fix the problem, and restart your Macintosh. |
Note that if you are running Open Transport and connecting to the KeyServer via TCP/IP you may get your connection at startup without seeing the second icon above. If Open Transport is configured so that TCP/IP loads before KeyAccess, KeyAccess waits until Finder time to connect to the KeyServer. This has no effect on your ability to get licenses from the KeyServer.
KeyAccess loads and connects to a KeyServer each time you start or restart your computer. Under normal circumstances, KeyAccess is completely invisible; you do not need to perform any special task or login sequence to have access to KeyServer-controlled programs.
KeyAccess connects each client computer to the KeyServer just as the LaserWriter file in a computer's System Folder connects to a LaserWriter. To choose a KeyServer, select the Chooser command from the apple menu. If the KeyServer is running on a Macintosh you have the option of connecting to it via AppleTalk or TCP/IP (provided your network supports TCP/IP and your KeyServer is configured to allow IP access). If the KeyServer is running on Windows you must use TCP/IP to connect your Macintosh client, as KeyServers running under Windows do not support AppleTalk connections.
This section tells you how to get each of these connections - AppleTalk or TCP/IP to a Macintosh KeyServer, and TCP/IP to a Windows KeyServer process. Note that while a KeyServer can support both TCP/IP and AppleTalk connections, each user must connect using either TCP/IP or AppleTalk.
To get a connection of either type you first need to open the Chooser. Click on the KeyAccess icon after the window pictured below appears.
Select a KeyServer from the list under the words "Select a KeyServer" (there may be more than one listed if your network has more than one KeyServer). KeyAccess remembers your selection, and connects to this KeyServer by default. You can always change the default KeyServer by using KeyAccess within the Chooser.
You can attempt to connect to any KeyServer listed here but it is of course important that you know which is the correct one. Since KeyServer is likely to support a unique set of programs, you may not be able to launch your applications if you make an incorrect selection here. Any KeyServer listed may or may not be authenticating attempted logons, so be sure the KeyServer you select is the correct one. Once you have selected a KeyServer and clicked Logon, your logon will be confirmed by a message, and KeyAccess will connect you to that KeyServer automatically each time you restart your computer.
If your network has Zones, make sure you have selected the Zone in which the KeyServer computer is located.
If you want to connect to a Macintosh- or Windows-based KeyServer over a TCP/IP connection you need to know the IP host name or network address of the KeyServer. You can get this information from your KeyServer administrator. Then, instead of clicking on the name of the KeyServer in the Chooser, click the Configure... button. The following window appears:
Since the computer in the above example has not yet been connected to a KeyServer via TCP/IP, the IP Host box is unchecked; there is no value associated with it and the "Log On" button is dimmed. To initiate an IP connection, click in the IP Host checkbox. The following window appears, allowing you to enter the IP address of the KeyServer machine. Note that if your KeyServer administrator has set up a DNS entry for the KeyServer, you can enter that value instead, as shown here:
After you've entered the KeyServer's address (or DNS entry), click OK. You will be returned to KeyAccess's Configure window. Click the Logon button next to the IP Host checkbox. KeyAccess will attempt to get an IP connection to the KeyServer. If the connection is successful you'll get a message telling you so, and informing you that KeyAccess will connect you to this KeyServer automatically each time you restart your computer.
The Configure window allows you to set some other KeyAccess options, as well. If you check the first option, Remove messages after 5 minutes, each message you receive from the KeyServer remains on your screen either until you manually dismiss it (by clicking OK or Cancel) or until five minutes pass. Usually you do not need to check this option. However, if you frequently run backup programs or print large documents while you are away from your computer, the arrival of a KeyServer message would delay these jobs indefinitely (until you manually dismiss the message). In this case, you should opt to have messages removed so your computer will be delayed for a maximum of 5 minutes.
Checking this option has the drawback that, if you are away from your computer when a message arrives from the KeyServer, it may be removed from your screen before you have a chance to read it. Also, if a license you are using is set to expire after a certain amount of time, the message announcing that the license has timed out is unlike any other messages in that it will not disappear until you manually dismiss it.
Note that checking Remove messages after 5 minutes will have no effect in the case of messages telling you either that a license has timed out, or has been left in the background longer than the time specified by your administrator. These messages can appear at intervals shorter than five minutes, and if you were away from your desk for a long period of time, the messages could needlessly accumulate, causing you to have to dismiss a large number of them when you return to your computer.
If you want to keep your clock synchronized with the KeyServer's clock, check the second option, Synchronize clock with the KeyServer. The KeyServer checks your clock each time you start up, and automatically adjusts any minor discrepancy. If your clock differs from the KeyServer's clock by more than a few minutes, you are given a chance to cancel the otherwise automatic re-adjustment.
KeyAccess defaults to the Give hints for efficient use option. If you launch a KeyServer-controlled program from an AppleShare (or other) file server, KeyAccess tells you that you can get better performance by copying the program to a local hard disk. This feature helps reduce unnecessary load on a file server, and the network. You may wish to turn this message off if you only launch applications from a server for a specific reason. Users without a hard disk are not bothered by this message, since presumably they have no choice but to launch server-based applications.
Your administrator can request that the KeyServer control launches of unkeyed, as well as keyed, applications. If the KeyServer is set to control or log unkeyed programs, the Record launches of unkeyed programs checkbox will be set on, and the selection itself will be grayed. If the administrator has chosen not to control or log unkeyed programs, this selection will still be grayed but the checkbox will be set off (unchecked). If this selection is enabled and you can click the checkbox on and off, your administrator has left it up to you whether your unkeyed launches will be recorded in KeyServer's log files.
If you have Apple Remote Access enabled, the Remote Network option allows you to configure KeyAccess to automatically dial your modem and make the ARA connection. If you don't have ARA, this selection is grayed. For more information, see the Remote Access Section, below.
The IP Host option allows a user to connect to the KeyServer via TCP/IP, as discussed above.
The Request for Notification tells you if you are in the queue for a license. You will see a notification here only when you've had an program launch denied because all of its licenses were in use, and if you clicked OK when KeyServer offered to put you in the queue. If you're waiting for a license, the lower half of this dialog box contains two options. The first option is to remain on the waiting list (this is the default). If you choose the second option, Clear the Request, the KeyServer removes you from the waiting list, and you are not notified when the license is available.
If you're not currently queued for a license, the message will indicate that there is no notification pending. For more information, see Notification, below.
After you have configured your copy of KeyAccess, click OK, and your settings take effect. If you don't want your changes to be saved, click the Cancel button.
Once you have selected a KeyServer in the Chooser, you might want to click Log On to see if you have to enter your name and password. If the KeyServer requires a password, the dialog pictured below appears, and you should enter the proper information. Once you have typed this information, you are authenticated to the KeyServer.
Some KeyServer administrators may choose a different method to determine whether a user is authenticated. For instance, only users whose computers are located in a special range of IP addresses may be authenticated. In such a case no password is required, so you will not see this dialog; you will be automatically permitted (or denied) access to the KeyServer.
There may be programs that demand authentication every time you launch, whether or not you have previously typed your proper password. In these situations, the KeyServer prompts you for your password automatically; you do not need to open the Chooser again. The authentication dialog box is presented, and you must type your name and password in order to continue (you always have three chances to type your password correctly).
Your KeyServer administrator might also choose to limit access to individual programs. If you are not allowed to use a KeyServer-controlled program, you will be alerted to this fact when you launch it.
Certain programs might have a limit on the length of time you can use the license before you must quit the application. Timed Usage is set and adjusted by the KeyServer administrator on a program-by-program basis. When you launch a timed-use program, the KeyServer notes the hour, minute, second (and date, if applicable). When the license expires, you will be asked to quit from the program. You may then re-launch the program, or get in line to be notified when a license is again available.
If you often find yourself having to quit and relaunch a particular application without having to wait in line, you should notify your KeyServer administrator; a timed setting can be configured to automatically reassign the license to you if there is no one in the queue when your current interval expires.
When KeyAccess alerts you that a license has timed out, you are given two minutes to save your work and quit the program. If you do not quit, you are reminded one more time before the application presents you with a request to save your work or quit without saving. Once you have been asked to quit a program, the KeyServer makes the license available to any new users, even if you don't quit the program immediately; at this point KeyServer no longer counts the license as in use, and considers further use a license violation.
Again, your administrator can also allow timed use license to be extended automatically. In this case you are transparently granted a time extension for the controlled program provided there is no one waiting to use it.
Administrators interested in setting up licenses this way should see the discussion of the Options Tab in the KeyConfigure chapter.
The KeyServer administrator can decide which controlled programs are available for off-site use, i.e., without a network connection. In order to use these programs while disconnected from the network, you need to obtain a portable key for the program. Portable keys are created and manipulated by a special program called KeyCheckout, which your administrator may allow you access to, although access might be restricted according to the administrator's wishes. If you need to use keyed programs while you are not connected to your network, contact your KeyServer administrator, who can either create a portable key for you, or can give you the KeyCheckout program so that you can create portable keys yourself.
In general, portable keys can be stored on any disk except a remote file server volume. This means you can store portable keys on your hard disk, on a floppy disk, on a removable cartridge, and so on. When a portable key is stored on one of these disks, it is placed in a special folder named "Portable Keys (don't move)". If you store portable keys on your System disk, the Portable Keys folder is located in the Preferences folder. On other disks, the Portable Keys folder is located in the disk's main window.
You should never move a Portable Keys folder, nor should you move a portable key file by using the Finder. Doing so will render your portable key(s) permanently invalid.
If you need to move a portable key from one disk to another, use KeyCheckout, which always shows you each of your mounted volumes. Use the mouse to drag the portable key from one volume to another.
Every portable key has an expiration date, after which you will not be able to launch the keyed program without a connection to the KeyServer (or with another portable key). KeyAccess provides two reminders -- one reminder when there is less than one week remaining to the key, and one reminder when there is less than one day remaining -- so that you have time to either finish what you are doing, or request an extension on the portable key (ask your KeyServer administrator for details). To find out what the expiration date is for a particular key, launch KeyCheckout and double-click on the portable key in KeyCheckout's main window (see the KeyCheckout chapter).
Setting your computer's system clock back in time has no effect on your portable keys (they still time out when appropriate). On the other hand, if you set your clock forward by a large amount, your portable keys could time out earlier than expected, even if you later set your clock back to the proper time. If you do set your clock forward by more than twelve hours, KeyAccess displays a warning message and lets you cancel the new time setting. You can set your clock forward and back to account for daylight savings time or for minor adjustments for a change in time zones, and you will not be bothered by the warning message. However, all forward changes in your clock could reduce the time remaining until the expiration of portable keys.
In the unlikely event that you lose the disk on which our portable key is stored, or that disk becomes corrupted, you should tell your KeyServer administrator. Your administrator can issue a duplicate of your lost key with no effect on KeyServer's in-use count for the program. Even if you can make a new portable key yourself (using KeyCheckout), you should still notify your KeyServer administrator, so that the lost key can be recovered for another user.
You may want to ask your administrator if you can read the KeyCheckout chapter for more details on using portable keys.
Apple Computer's Remote Access software provides a simple way to connect to a remote network over the telephone lines. KeyAccess has the capability to automatically call a remote network, connect to a KeyServer on that network, get a license for a program, and hang up the modem.
If you have Apple Remote Access software installed on your computer, you can configure and use KeyAccess' Remote Access support. Within the Chooser, click on the KeyAccess icon, and click the Configure button. Check the Remote Network box to tell KeyAccess where to call. Type your name, the Remote Access password, and the phone number of the remote network. Note that your Remote Access password is not necessarily the same as your KeyServer password (if you have one). Your Remote Access password is set up on the computer that answers your call.
Once you have set up your Remote Access identity, KeyAccess can use it to get licenses from a remote KeyServer. When you launch a controlled program, and KeyServer cannot be found on the local area network, KeyAccess calls the specified phone number, and connects to the remote network. Once connected, KeyAccess locates and logs on to the KeyServer and requests a license. In order to maintain strict compliance with most software licenses, it is necessary for your Macintosh to remain connected to the remote network as long as you are using a KeyServer- controlled program.
The KeyServer administrator can configure some programs to continue running even when the user has disconnected from the network. With these programs, KeyAccess automatically disconnects the Remote Access connection as soon as the license is received. If all licenses are in use, KeyServer displays the usual Notification request dialog box and offers to notify you when the next license becomes available. Remote access remains connected unless you cancel the notification request.
If you want to stay connected to a remote network regardless of the configuration details or availability of any controlled program, you should use the Remote Access application to create and maintain the connection. This way, your local network becomes part of the remote network, and all the network services including KeyServer are available without interruption.
One powerful feature of KeyServer is its ability to tell you when you can use a controlled program, and then guarantee that you have access to that program for a period of time. This service, called notification, avoids the frustration of having to repeatedly launch a program, just to find out whether all of the licensed copies are still in use.
Typically, when you double-click on a controlled program, you are able to use that program immediately. However, if the maximum number of copies of the program is already in use by other people on your network, you are presented with the notification request dialog.
If the KeyServer cannot give you a license immediately, it asks you if you want to be notified when a license becomes available (e.g., when someone who is currently using the program quits). If you click OK, you are placed on a waiting list for the current program. The other users waiting ahead of you will get notification first, and when it is your turn to be notified, you will see the dialog below:
If you click Cancel, you forfeit the available license, and the next user in line is told that it is available. If you click Reserve, the license is reserved for you for five minutes. If you launch the program within the 5-minute reservation period, you are given the license. Otherwise, the reservation expires and the license is made available to other users.
The KeyServer only allows you to be on one waiting list at any given time. If you are already on a program's waiting list, and you launch a program for which there are no licenses left, the alternate notification dialog box appears. If you select the first option, Request notification for:, you are placed on a waiting list for the current program. If you select the second option, you remain in the line you were in previously, and are not placed in the line for the new program. Selecting the last option, Cancel all notification requests, tells the KeyServer that you do not want to wait for any licenses.
If you launch a program for which you are currently awaiting notification, KeyAccess asks if you wish to remain on the program's notification queue through the dialog pictured above. If you click OK your position in the queue is preserved, and notification will be given when appropriate. If you click Cancel, you relinquish your position in the queue.
During the operation of KeyAccess, you may encounter various messages or error alerts, informing you of some special condition or action that must be taken. These alerts are generally self explanatory, but some messages may suggest that you contact the KeyServer administrator for assistance or to report a problem.
| |||
| Home | Support | Legal | Contact Us |
|