Hi;
I'm using a 3rd party API to license and protect our .Net applications and components.
One product provides a special network server and typically runs under Windows Server.
When a user installs our product they must activate it with an activation key - they get this key from us either manually or as a result of an e-commerce purchase.
The protection API relies on a hosted service that allows us to ensure a key is never activated on more than one machine.
Now, I'm trying to address the risks inherent when customers use VMware to run our product.
If a customer installs and activates it in a VM legitimately but then makes copies of the VM itself, they'd be able to run our product umpteen time if they wanted to.
So, can anyone shed light on how to address this?
We can store a machine-specific info into the license automatically when a key is activated (this is then saved as part of the license on the remote license server) so this providers some potential.
However I'm naïve with respect to VMs and copies of them, if a customer literally just copied a VM and tried to start that (so they have two instances running on their LAN) then would that work ?
Surely the machine name, IP address or MAC address would be duplicated? what actually happens if someone does that?
I've heard you can "clone" a VM, so how does that work? does that create a duplicate but automatically give the copy a new name, IP, MAC etc?
If so - and cloning is the only way a real customer would create duplicate VMs - then we could associated the MAC address (or something) with the initial license activation and then have checks in our app whenever the app is started.
In this scenario our app would first see of the license has been activated (this is a purely local check using the 3rd party API) and if that passes, we'd then grab the MAC address from the license (we can store this as "user data" it seems when its first activated) and compare it with the current machine MAC address - if different we deactivate the license (which then forces a user to reactivate with an activation key).
So my main question is really how do users typically create copies of VMs for use within their organization, how does copying (cloning?) take care of unique IDs like machine name, IP, MAC etc etc? and how have you handled this kind of challenge yourself if you're an ISV?
Thanks for any ideas/insights.
Hugh