Configuring an ICS Virtual Appliance as a Virtual License Server

Overview

Prior to the 8.3R1 release, ICS License Server software was supported on ICS hardware devices only. Now, ICS 8.3R1 has added VMWare-based Virtual License Server (VLS) and Cloud based License Server capabilities. The VLS facilitates a license server to run on a virtual machine and provide the same functionality as the hardware-based license server. A VLS leases licenses only to Ivanti hardware and ISA-Vs.

The VLS sends heartbeats every 8 hours to the Pulse Cloud Licensing Service. If it is not able to connect to Pulse Cloud Licensing Service for 24 days, then licensing functionality is disabled. PCS will log this information under Event Logs.

The Configure Clients page appears only after installing or downloading license server license for VLS. See the figure Flow Diagram for Leasing Licenses from a Virtual License and figure Flow Diagram for Surrendering Licenses to a Virtual License Server.

The following figure depicts the Flow Diagram for Leasing Licenses from a Virtual License Server

We still support leasing of licenses from 9.0Rx license servers to pre-9.0Rx license clients (VA-SPE).

The following figure depicts the Flow Diagram for Surrendering Licenses to a Virtual License Server:

Ivanti still supports leasing of licenses from 9.0Rx license servers to pre-9.0Rx license clients (VA-SPE).

Configuring a Virtual Appliance as a VLS

Booting a ICS Virtual Machine in VLS Mode

To boot a virtual machine in the VLS mode:

1.Select the Boot option.

2.During boot of a virtual machine, the following new console query is added to boot machine as a license server:

Do you agree to the terms of the license agreement (y/n/r)?.

Entering ‘y’ indicates that you have read and agreed to the terms described in the license agreement.

Do you want to enable Virtual License Server (y/n)?

Enter 'y' to boot as License Server.

3.Upon entering y, the virtual machine boots as a license server.

4.The virtual machine boots in VLS mode. After virtual machine comes up, only license server related UI items are exposed.

Obtaining License Keys

A VLS admin obtains an authentication code for his entitlement externally via e-mail. The admin must enter the authentication code in the license server download page to validate and fetch license keys. If validation is successful, the admin receives the license keys in return.

To obtain license keys:

1.Go to System > Configuration > Download Licenses.

2.Under On demand license downloads, enter the authentication code in the text box.

3.Click on Download and Install.

The following figure depicts a Download License and Install

4.Now, go to the License Summary tab to view a list of licenses installed.

Viewing the License Summary

By enabling VLS through an authentication code, the VLS just functions as a normal hardware-based license server. However, the VLS supports only Ivanti hardware licenses and VM subscription license. In addition, the VLS periodically sends heartbeat messages to the Pulse Cloud Licensing Service. This should help Pulse Cloud Licensing Service to identify any duplicate VLS instances. If the VLS is not able to send heartbeat messages to the Pulse Cloud Licensing Service for a prolonged period then, VLS enters into grace period and ultimately stops its functionality as a licensing server.

1.Under Summary, click the drop-down Licenses applicable for specific platform groups.

2.A list of Ivanti-V devices and Ivanti devices gets displayed. See Figure below.

The following figure depicts the License Summary – Ivanti-V and Ivanti Devices

The Configure Clients page appears only after installing or downloading license server license for VLS.

Supported Platforms

The following platforms are supported by a VLS:

ISA Virtual Platform

PSA-V

PSA-300

PSA-3000

PSA-5000

PSA-7000f

PSA-7000c

Core License Distribution from License Server for MSSP Deployments

For MSSP deployments, the Virtual Appliance was used to download licenses from Pulse Cloud Licensing Service through authentication codes. Considering high security environments where accessing cloud service is not allowed, the core license distribution feature is provided for leasing the core licenses from the license server.

The following two forms of leasing are supported:

Limited Core Licensing: In this licensing model, MSSP installs core packs on the license server that allows leasing a given number of cores to the license clients. An administrator can only lease cores and needs a separate license to lease concurrent or named users. Example: SKU PS-CORE-XXC-NYR where XX is 20, 40, 100, 250 and 500. The SKUs are stackable.

VLS/HLS can reclaim the number of cores allocated to a license client by deleting the license client entry.

Unlimited Core Leasing: In this licensing model, MSSP is allowed to lease as many core licenses from the license server as needed. Concurrent licenses are also made part of MSSP. Example: PS-MSP-XXC-NYR.

Both these licensing models are available as Subscription.

From Release 9.1R10, the following licensing reporting enhancements are introduced for MSSP deployments:

When the license client has concurrent users license installed locally, the client excludes the local installed count while sending lease usage to the license server.

When the license client has ICE license enabled or has an evaluation license installed which gives maximum platform limit for concurrent users, the license lease usage reported by client is zero.

The license client allows 10% extra usage over the licensed limit. This applies for maximum lease limit as well. In such case, the license client reports only the maximum lease limit usage. For example, if license client has leased 100 licenses and 110 users are logged in, license client reports only 100 as usage to the license server.

Configuring a License Client on the License Server

This section describes the steps to install and lease cores to license clients from license server.

Prerequisites

ISA/VLS device acting as license server

VA acting as license client

Unlimited Core Leasing

1.Navigate to System > Configuration > License Summary page and install MSP SKU on license server. Installing MSP SKUs will also enable license server functionality on VLS or PSA License Server . No separate license server license is needed.

On a PSA/ISA license server, leasing functionality must be explicitly enabled by selecting the Enable Licensing Server check box under System > Configuration > Licensing > Configure Clients.

The following figure depicts the MSP SKU on the License Server:

2.Navigate to System > Configuration > License Clients and configure license client as shown below:

Platform should be Virtual Platform (except for PSA Virtual Platform)

Product can be ICS / IPS

Virtual Platform can be one of ISA Virtual Platform, PSA3000-V, PSA5000-V, PSA7000-V based on requirement

  • If the license client is running on pre-9.0Rx, select Virtual Platform from the Platform drop-down list and select VA-SPE from the Virtual Platform drop-down list.
  • If the license client is running on 9.0R1 / 9.0R2, select PSA-V from the Virtual Platform drop-down list.
  • If the license client is a cluster, then both the nodes of the license client cluster should be configured to lease same number of cores.

The following figure depicts Configure License Client

The following figure depicts the Platform page on License Client before leasing Cores

3.Navigate to System > Configuration > Licensing > Configure Server section and configure license server details on license client.

4.Now, from License Summary page, click on Pull State from Server button and observe the core leased information on License Summary page as shown below.

The following figure depicts the License Summary Page - Core Leased Information

5.After successful leasing of cores, Platform Model is updated to PSA3000-V based on cores leased as shown below.

The following figure depicts the Platform page on License Client after leasing Cores

Limited Core Leasing

In case of Limited Core Leasing, install Limited Core SKUs licenses that will allow leasing up to maximum available cores as part of installed Core SKUs across different clients.

In addition to above Limited Core SKU, license server license needs to be additionally installed in order to enable license server functionality.

  • If PSA/ISA-V license clients are running Pre-9.0Rx builds, then admin will not be allowed to upgrade to 9.0R3 if there are no core licenses installed.
  • Admin has to install 2/4/8 core licenses and perform upgrade to 9.0R3 after which PSA/ISA-Vs can lease the cores from the license server.
  • Leasing of cores is allowed to Virtual Appliances running 9.0R3 onwards.

Enabling Reporting of License Analytics to Pulse Cloud Licensing Server (PCLS)

On VLS, installation of Unlimited Core license SKU via authcode enables reporting/uploading licensing analytics to PCLS by default.

On ISA license server, reporting of license analytics to PCLS does not get enabled by default. After installation of the license key, administrator has to explicitly install authcode by navigating to System > Configuration > Licensing > Download Licenses and authenticate the hardware by installing authcode under the On-Demand License Downloads section. This operation should be done on both the nodes of license server cluster.

The following figure depicts the Install Auth Codes

Adding PSA/ISA Virtual Platform as a License Client

1.Navigate to System > Configuration > License Summary page and install ICS SKU on the license server.

On a PSA/ISA license server, the leasing functionality must be explicitly enabled by selecting the Enable Licensing Server check box under System > Configuration > Licensing > Configure Clients.

The following figure depicts the available SKU on the License Server:

2.Navigate to System > Configuration > License Clients and configure the license client as shown below:

Platform should be ISA Virtual Platform

Product should be ICS

3.Enter the License counts and click Save Changes.