Skip to content

Commit

Permalink
Update AWS.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@DoubangoTelecom
DoubangoTelecom committed Feb 15, 2024
1 parent 7ad0d51 commit 668de81
Showing 1 changed file with 46 additions and 40 deletions.
86 changes: 46 additions & 40 deletions AWS.md
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,69 @@
- [The issue](#container-issue)
- [The solution](#container-solution)
- [Pull your image (optional)](#container-solution-pull)
- [Run a container](#container-solution-run)
- [Setup (inside the container)](#container-solution-setup)
- [AWS issue](#aws-issue)
- [Binding the license to the instance](#aws-solution-instance)
- [Binding the license to the hardware](#aws-solution-byol)
- [Note about Microsoft Azure](#azure)

<hr />

This document explains how to run a licensed version of the SDK inside a container. **You can ignore it if you're using the trial version or if the license is tied to an AWS or Azure instance.**
This document explains how to run a licensed version of the SDK on [AWS (Amazon Web Services)](https://aws.amazon.com/) or [Microsoft Azure](https://azure.microsoft.com/en-us/). You can ignore it if you're using the trial version.

As explained at [https://www.doubango.org/pricing.html](https://www.doubango.org/pricing.html) our licensing model is per device/machine.
Each machine is uniquely identified using the hardware information (CPU model, motherboard, architecture, hard drive serial number...). The hardware information doesn't change even if the OS is (up/down)-graded or reinstalled. We don't use network information like the MAC address to make sure the SDK can work without [NIC](https://en.wikipedia.org/wiki/Network_interface_controller).
Each machine is uniquely identified using the hardware information (CPU model, motherboard, architecture, hard drive serial number...). The hardware information doesn't change even if the OS is (up/down)graded or reinstalled. We don't use network information like the MAC address to make sure the SDK can work without [NIC](https://en.wikipedia.org/wiki/Network_interface_controller).

[The machine's unique identifier](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#runtime-key) is built from the hardware information and generated as base64 encrypted key using the [runtimeKey](samples/cpp/runtimeKey/) application. You don't need to build the application by yourself, use the pre-built [binaries](binaries).
[The machine's unique identifier](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#runtime-key) is built from the hardware information and generated as base64 encrypted key using the [runtimeKey](samples/c++/runtimeKey/) application. You don't need to build the application by yourself, use the pre-built [binaries](binaries).
Once you have the [runtime key](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#runtime-key) you can generate the [token (license)](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#token) using the [activation](https://www.doubango.org/SDKs/LicenseManager/docs/Activation_use_cases.html) function. More information about the process at [https://www.doubango.org/SDKs/LicenseManager/docs/](https://www.doubango.org/SDKs/LicenseManager/docs/).

This document is about using [docker](https://www.docker.com/) containers on Ubuntu 18. Please [contact us](https://www.doubango.org/#contact) for any other scenario.
<a name="aws-issue"></a>
# AWS issue #
The problem with AWS or any virtual machine is that you don't control on which machine your instance will be launched. If your [license (Token)](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#token) was generated using a [runtime key](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#runtime-key) from **machine A** and your instance is launched on **machine B**, then the hardware information will not match.
To fix this issue we propose two possible solutions:
- 1/ Binding the license to the instance
- 2/ Binding the license to the hardware

<a name="container-issue"></a>
# The issue #
The problem with a container or any virtual machine is that you don't have access to the devices (hard drive, usb...) attached to the host machine.
It's possible to run a container as super user using `--privileged` option in order to have complet access to the host but we are avoiding it for obvious reasons.
<a name="aws-solution-instance"></a>
## Binding the license to the instance ##
The license is bound to the instance identifier and other information attached to it. Your license will remain valid even if the hardware change.
The information attached to the instance will not change even if it is restarted but **it'll be lost if you terminate the instance.**

<a name="container-solution"></a>
# The solution #
A container can have access to the CPU information used by our license manager but not to the information related to the hard drive or motherboard. The solution is to give a container the rights to have access to the missing information.
**We only provide read only access for security reasons and we highly recommend running the container as non root user.**

We consider you already have [docker](https://www.docker.com/) correctly installed. If not, we recommend the guide at https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04.

<a name="container-solution-pull"></a>
## Pull your image (optional) ##
Only required if you don't already have your own image. In our case we are using `ubuntu` image.
**/!\\IMPORTANT: The license will be definitely lost if you terminate the instance.**

To generate a [runtime key](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#runtime-key) for this option you need to run the [runtimeKey](samples/c++/runtimeKey/) sample application like this:
```
docker pull ubuntu
./runtimeKey --type aws-instance --assets ../../../assets
```
To check that the image is correctly downloaded: `docker images`.

<a name="container-solution-run"></a>
## Run a container ##
To run a container using the previously downloaded image (`ubuntu`) you'll need some additional parameters.
The command:
The SDK uses [libcurl](https://curl.haxx.se/libcurl/) under the hood to query the information associated to the instance. [libcurl](https://curl.haxx.se/libcurl/) is loaded at runtime to avoid linking.

On Linux, install [libcurl](https://curl.haxx.se/libcurl/) like this: `sudo apt-get install libcurl-dev`


On Windows, copy [libcurl.dll](https://github.com/DoubangoTelecom/LicenseManager-SDK/blob/master/binaries/windows/x64/libcurl.dll) and [zlib1.dll](https://github.com/DoubangoTelecom/LicenseManager-SDK/blob/master/binaries/windows/x64/zlib1.dll) from https://github.com/DoubangoTelecom/LicenseManager-SDK/blob/master/binaries/windows/x64/ to your application's root folder or [binaries](binaries) folder.

<a name="aws-solution-byol"></a>
## Binding the license to the hardware ##
This is implemented through [Bring Your Own Licensing (BYOL)](https://aws.amazon.com/blogs/mt/simplified-byol-experience-using-aws-license-manager/) offer from Amazon.
You'll need a dedicated host subscription. More information at [https://aws.amazon.com/blogs/mt/simplified-byol-experience-using-aws-license-manager/](https://aws.amazon.com/blogs/mt/simplified-byol-experience-using-aws-license-manager/).
There are addition subscription costs for this method but it guarantee the hardware information will never change.

To generate a [runtime key](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#runtime-key) for this option you need to run the [runtimeKey](samples/c++/runtimeKey/) sample application like this:
```
docker run -v /run/udev:/run/udev:ro -v /dev:/dev:ro -it ubuntu
./runtimeKey --type aws-byol --assets ../../../assets
```
- `-v /run/udev:/run/udev:ro`: The format is "name of the volume to mount:the destination:the access rights". In this case we need `ro` (read-only) access rights. More info at https://docs.docker.com/storage/volumes/
- `-v /dev:/dev:ro`: See above

In short, we want to allow the [udev](https://en.wikipedia.org/wiki/Udev) tool running inside a container to get access to the hardware information on the host. [udev](https://en.wikipedia.org/wiki/Udev) runs on userspace and doesn't require root access. The SDK will run `udevadm info --query=property --name=...` to retrieve hardware information. You can run the same command inside the container to check if the SDK will succeed.
<a name="azure"></a>
# Note about Microsoft Azure #
Everything explained above about Amazon AWS applies to Microsoft Azure. The only difference is how the runtime key is generated.

To attach the license to the Azure VM instead of the hardware (recommended):

<a name="container-solution-setup"></a>
## Setup (inside the container) ##
- Update:
```
apt update
./runtimeKey --type azure-instance --assets ../../../assets
```
- Install [udev](https://en.wikipedia.org/wiki/Udev):

To attach the license to the hardware instead of the VM:

```
apt install udev
./runtimeKey --type azure-byol --assets ../../../assets
```

That's it, now you're ready to run the [runtimeKey](samples/cpp/runtimeKey/) application to generate the [runtime key](https://www.doubango.org/SDKs/LicenseManager/docs/Jargon.html#runtime-key) for [activation](https://www.doubango.org/SDKs/LicenseManager/docs/Activation_use_cases.html).
You'll need libcurl. See above on how to install it.

0 comments on commit 668de81

Please sign in to comment.