Cloning

After carefully installing and configuring many software packages on one computer, it is often convenient to then "clone" this master image onto multiple target computers. This is often useful when setting up a lab so that every computer has exactly the same set of software on it, and the same basic configuration. This general process is often referred to as "cloning" or "ghosting". Note that KeyServer can be used to distinctly control which programs are licensed to run on each target computer even when the installed software may be identical.

Some configuration details like the name and IP address for each target machine must be unique. Therefore some configuration files or registry settings must be exempted from the duplication process or immediately customized on each target computer. Cloning can be used to distribute KeyAccess as part of the master image, but some of its configuration settings must be exempted from duplication. If you are making an image that will only be used to restore a single computer to its original state (e.g., using products such as "Deep Freeze" and "Drive Shield"), then all files can (and probably should) be included in the image. If a master image will be cloned to more than one computer, consult the lists below for KeyAccess-related files and settings that must be excluded from the master image.

Virtual Computers

A virtual computer is implemented simply as a file (or small collection of files) within some host computer, and therefore a virtual computer is especially easy to clone (either consciously or otherwise). But beware: the same precautions described below should be followed within any virtual computer image before it is cloned. When following the instructions below, KeyServer will create a new computer record for the virtual computer that is identified (by default) by the letter V prefixing the computer ID (as seen in the Computers window). KeyServer can be configured to use other ID types for Virtual Computers - see the Computer ID Types documentation for more.

  Depending on the particular virtual computer technology and network setup configuration, there may be some surprises. In particular (depending on how the ethernet hardware interface is virtualized), cloned virtual computers running on multiple hosts may all attach themselves to a single computer record in the KeyServer's Computer window! Obviously this will lead to some confusing anomalies in license control and reporting. You might see multiple active sessions in the "Users of KeyServer" window that all correspond to the same computer in the Computers window.

To avoid this problem, every cloned instance of a virtual computer must be customized with a distinct virtual ethernet hardware address. This requirement is in addition to the more obvious requirement that the virtual computer name must likewise be made unique to avoid name conflicts in the domain. Fortunately, the various virtualization technologies and KeyServer generally provide configuration options that will result in distinct computer records for each distinct instance of a virtual computer. Alternatively, a different Computer ID type can be configured for use on VMs. Feel free to call Sassafras for help through this maze.

Windows file list

The following files and directories should NOT be copied from one computer to another:

  • KeyAccess Audit, which is located in one of these directories depending on OS version and KeyAccess version:
    • C:\ProgramData\KeyAccess\
    • C:\Documents and Settings\All Users\Application Data\KeyAccess\
    • C:\Documents and Settings\All Users\Application Data\
    • C:\ProgramData\
    • C:\WINDOWS\
    • C:\WINNT\
  • KeyAccess Offline, which is located in one of these directories depending on OS version and KeyAccess version:
    • C:\ProgramData\KeyAccess\
    • C:\Documents and Settings\All Users\Application Data\KeyAccess\
    • [User Profile Dir]\Local Settings\Application Data\
    • C:\WINDOWS\
    • C:\WINNT\
  • portable.dir, which is a directory and is located in one of these directories depending on OS version and KeyAccess version:
    • C:\ProgramData\KeyAccess\
    • C:\Documents and Settings\All Users\Application Data\KeyAccess\
    • [User Profile Dir]\Local Settings\Application Data\
    • C:\WINDOWS\
    • C:\WINNT\
  • [Any Drive]:\portable.dir\

The following registry settings should NOT be copied from one computer to another:

  • registry: HKEY_CURRENT_USER\SOFTWARE\Sassafras\KeyAccess\Settings\pref
  • registry: HKEY_CURRENT_USER\SOFTWARE\Sassafras\KeyAccess\Settings\settings
  • registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyAccess\Settings\pref
  • registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyAccess\Settings\settings

Note: The KeyAccess client install creates a keyacc.ini file in the windows directory even when you accept the default, "store settings in registry". The line, "registry=2" in keyacc.ini tells KeyAccess to consult the registry for additional settings, so keyacc.ini must be included in the cloned image. If you have customized the client install (using the k2clientconfig utility) so it stores all settings in the keyacc.ini, then this file must be edited before cloning. Remove all lines beginning "previd" or "prevhw".

OS X file list

The following files should NOT be copied from one computer to another:

  • /var/root/Library/Preferences/KeyAccess Audit
  • /var/root/Library/Preferences/KeyAccess Offline
  • /var/root/Library/Preferences/KeyAccess Prefs
  • /var/root/Library/Preferences/Portable Keys (don???t move)/ -- nothing in this directory should be copied to another computer
  • /Library/Preferences/KeyAccess/KeyAccess Audit
  • /Library/Preferences/KeyAccess/KeyAccess Offline
  • /Library/Preferences/KeyAccess/KeyAccess Prefs
  • /Library/Preferences/KeyAccess/Portable Keys/ -- nothing in this directory should be copied to another computer

If you want cloned clients to point to the same KeyServer as the computer you took the image from, you should be sure to copy the file /Library/Preferences/com.sassafras.KeyAccess.plist

Carbon Copy Cloner

Carbon Copy Cloner is an OS X utility from Bombich Software. In order to exclude the KeyAccess files from the images it writes, edit the file at Library/Preferences/com.bombich.ccc.plist (probably relative to your home directory). Find the cacheItems section that starts with:

<key>cacheItems</key>
<array>
Add the following items to the end of the array:
<array>
    <string>var/root/Library/Preferences/KeyAccess\ Audit</string>
</array>
<array>
    <string>var/root/Library/Preferences/KeyAccess\ Offline</string>
</array>
<array>
    <string>var/root/Library/Preferences/KeyAccess\ Prefs</string>
</array>
<array>
    <string>var/root/Library/Preferences/Portable\ Keys\ (don???t\ move\)</string>
</array>
<array>
    <string>/Library/Preferences/KeyAccess/KeyAccess\ Audit</string>
</array>
<array>
    <string>/Library/Preferences/KeyAccess/KeyAccess\ Offline</string>
</array>
<array>
    <string>/Library/Preferences/KeyAccess/KeyAccess\ Prefs</string>
</array>
<array>
    <string>/Library/Preferences/KeyAccess/Portable\ Keys</string>
</array>

Symantec Ghost

Symantec Ghost is a Windows utility from Symantec. In order to exclude the KeyAccess files from the images it writes, you should first manually delete the registry entries listed above, then run ghost.exe with the flag -skip=@skipfile. *

skipfile should contain the following text:

[ghost exclusion list]
*\Documents and Settings\All Users\Application Data\KeyAccess Audit
*\ProgramData\KeyAccess\KeyAccess Audit
*\Documents and Settings\All Users\Application Data\KeyAccess\KeyAccess Audit
*\Local Settings\Application Data\KeyAccess Offline
*\ProgramData\KeyAccess\KeyAccess Offline
*\Documents and Settings\All Users\Application Data\KeyAccess\KeyAccess Offline
*\portable.dir\
[end of list]
Alternatively, you could create the image, and then use Norton Ghost Explorer to remove these manually.

*Note: when the master image uses the NTFS file system the ghost tools mentioned above can't be used so you will have to manually delete the files and directory. Before deleting, use the task manager to shutdown keyacc32.exe and then freeze the master image before rebooting.

Other Programs

There are many other utilities which can be used for cloning, for which we don't have specific instructions on how to exclude files. If you use one of these products, and know how to configure excluded files, please send us an email describing how: support@sassafras.com.

On a somewhat related issue, when using an image restore technology such as "Deep Freeze" (in order to revert a managed computer back to an initial state), similar cautions apply. The settings listed above should be excluded from the reversion. For details regarding "Deep Freeze", read tech note #3704.