4

We have a web server application that is hosted within Tomcat, and we have a license model that allows our clients to request a license (which sends us a license file with the MAC addresses of the machine that they requested it from) and once we validate that they have paid their bills (manual process), we send them a license file which will only work on the machine that the MAC address is tied to.

This works well, but we are now looking at putting together an AMI so that our clients can use our product on AWS, and also makes it easier for clients to trial our product (as no setup required with an AMI).

However, when you stop/start an instance on AWS, it loses its MAC address.
We are happy to change our license model, but my question is, what options other than MAC address do I have for validating our product is licensed?

  • Let me know if you need further information via the comments.
Horcrux7
  • 23,758
  • 21
  • 98
  • 156
jakc
  • 1,161
  • 3
  • 15
  • 42

3 Answers3

1

Why don't you issue certificates?

This is the process (an automated way) I think.

  1. You issue a cert for them to install.
  2. Your application makes a request to a service to validate.
  3. Your service accepts or denies.

You could do this manually is have a short lived cert that the application would have to verify before running. That would be the license and could be tied to a particular instance.

Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
0

Are you able to utilize the "Paid AMI" version of AWS? http://aws.amazon.com/articles/866

Alternatively, the application could be configured with some sort of credentials (Order Number(s) + email address, or Customer Number + email address, for example) which are used to obtain authorization from your remote server upon restart, and periodically thereafter. Obviously there'd have to be some hysteresis time, to allow for fail-over while not permitting duplicate machines running on the same license.

Andy Finkenstadt
  • 3,547
  • 1
  • 21
  • 25
0

If you will use Amazon EC 2, you can replace the MAC Address validation by the Amazon Instance ID. Check this post where explain how to obtain it: Find out the instance id from within an ec2 machine

Community
  • 1
  • 1
Ernesto Campohermoso
  • 7,213
  • 1
  • 40
  • 51