License Management
Traffic Manager documentation and product interfaces often make reference to the use of license keys to enable or disable product features and capabilities. Ivanti (or your designated support provider) generates these keys on a case-by-case basis, and such keys are normally tied to your specific product instance or service agreement.
For clusters of multiple Traffic Manager instances, you should obtain a suitable key (or set of keys) to cover the licensing requirement of the whole cluster. Unlicensed Traffic Managers operate with restricted performance as the Community Edition. For more information, see The Traffic Manager Community Edition.
ATTENTION
Although having differently licensed Traffic Managers within a single cluster is possible, Ivanti does not recommend this due to the potential for automatic cluster synchronization failure when unlicensed features on one or more cluster members have updates attempted upon them.
To view your currently installed license keys, click System > Licenses. This page displays each license key, identifiable by its serial number, and the Traffic Managers it is valid for. To view full details for a specific license, such as product variant, expiry date, and licensed feature set, click the fold-down arrow.
When multiple licenses are installed on a Traffic Manager instance, the Traffic Manager selects the license to use based on the following ordered criteria:
•Any installed license is preferred over the default, unlicensed, Community Edition.
•Any authorized license is preferred over non-authorized licenses.
•Remotely authorized licenses (including Flexible License Architecture (FLA) type licenses) are preferred over non-remote licenses (perpetual licenses).
•A license with a richer set of features is preferred over a license with a lesser set.
Adding and Removing License Keys
The first time you access the Admin UI of a newly-installed and configured Traffic Manager, you are presented with an “Unlicensed” page. This page provides the opportunity to either upload a license key or continue to use the Community Edition. Traffic Manager hardware appliances, virtual appliances, and certain cloud instances also provide the opportunity to upload licenses through the Initial Configuration wizard. For more details, see the version of the Pulse Secure Virtual Traffic Manager: Installation and Getting Started Guide most applicable to your product variant.
Beyond this, the System > Licenses page is the location to add and remove individual keys. New licenses can be uploaded using the “Install new License Key” section at the foot of the page. Click Choose File to provide the location of a standard text file containing the license data, and then click Install Key. If this operation is successful, your new license will appear in the list.
Unneeded or invalid keys present in the cluster can be removed by selecting the checkbox to the right of the offending license and clicking the Remove Selected Keys button. If you attempt to remove a key that will result one or more Traffic Managers becoming unlicensed, the Traffic Manager warns you of this and requires you to confirm the action by overriding the warning. If you choose to proceed, the affected Traffic Managers become Community Editions.
Registering with Pulse Secure Services Director
The Traffic Manager can send a registration request to a Services Director instance for remotely-managed flexible licensing. This capability is referred to as self-registration and is typically enabled at initial configuration, at which time you input the details of the Services Director instance with which you want to register your newly-configured Traffic Manager. The Services Director then uses the REST API of the Traffic Manager to query and issue configuration updates.
To learn more about Pulse Secure Services Director, see the Ivanti website at www.ivanti.com.
To register your Traffic Manager with a Services Director, click System > Licenses > Services Director Registration. Use the fields on this page to manually issue a registration request to a Services Director instance.
After the registration request is initiated, the Traffic Manager waits for the Services Director Administrator to approve or decline the request. If the request is approved, the Services Director pushes a suitable license to the Traffic Manager. To view status messages pertaining to the registration request, see the Event Log.
Enter your registration details in the form provided, according to the following requirements:
|
Field |
Description |
|
remote_licensing!registration_server |
The address, including port number, of the Services Director with which you want to register this Traffic Manager. For a Services Director VA, use the Service Endpoint Address. |
|
remote_licensing!server_certificate |
The server certificate of the Services Director, in a PEM-encoded format. This is automatically updated by the Services Director when the certificate is renewed. |
|
remote_licensing!owner |
The Owner you want to be associated with this Instance, if using auto-acceptance. |
|
remote_licensing!owner_secret |
The Owner secret, used to verify the identity of the Owner specified in remote_licensing!owner. This field is applicable only if using auto-acceptance of registration requests, and the validate_owners setting on the Services Director is true. |
|
remote_licensing!policy_id |
The auto-acceptance/registration policy ID to attempt to use for auto-acceptance. |
|
remote_licensing!comm_channel_enabled |
Whether communication with the Services Director should be channeled through the Communications Channel Agent. The Communications Channel Agent uses a long-lived TLS-encrypted websocket connection to handle bidirectional communications between a Traffic Manager and a Services Director. This is required for Traffic Manager instances behind a NAT gateway or other network boundary that impedes the Services Director’s ability to communicate directly with a Traffic Manager’s REST API. For example, when deploying the Traffic Manager inside of a container. Your Traffic Manager event log might display Communications Channel Agent connection failure warnings up until the Traffic Manager registration request is properly approved by the Services Director. The Traffic Manager retries the connection attempt once per second, although only shows connection failure message once every 15 seconds to reduce log clutter. A self-registration request to a Services Director which does not support the Communications Channel Agent feature automatically sets this value to "No". This facility is available only for Traffic Managers that perform self-registration with the Services Director. Traffic Managers added manually on the Services Director cannot use this feature. |
|
remote_licensing!comm_channel_port |
The port for the Communications Channel Agent running on the Services Director. The default value is 8102. |
|
remote_licensing!email_address |
(Optional) An e-mail address at which the Services Director Administrator can contact you. |
|
remote_licensing!message |
(Optional) A free-form message to be included with the registration request, and visible to the Services Director Adminstrator. Use this field to provide additional identifying information for your registration request, if needed. |
To send the registration request, click Save and Register.
A saved update to any of the fields in this section automatically triggers re-registration with the named Services Director. To manually request re-registration without altering the configuration, click Re-register.
To instruct the Services Director to treat a self-registration as if it were the first registration, regardless of previous attempts, tick the Force checkbox.