1C:Enterprise 8.3. Administrator Guide. Chapter 9. Protection From Unauthorized Access: Features and Setup

1C:Enterprise 8.3. Administrator Guide. Contents


PROTECTION FROM UNAUTHORIZED ACCESS: FEATURES AND SETUP

To protect the 1C:Enterprise system from unauthorized use, you may use the HASP4 Net network protection system or the software licensing system. Any of these systems support concurrent use of 1C:Enterprise by a defined number of users (sessions), and these users may be located within the local network and beyond (if web clients or thin clients connected through a web server are being used).

The protection system to use depends on the software delivery.

Below is a detailed description of each protection mechanism.

9.1. HASP4 PROTECTION SYSTEM

To protect 1C:Enterprise from unauthorized access the HASP4 Net network protection system can be used. This protection system arranges for a specific number of users working with 1C:Enterprise at the same time (sessions). At that the users can both work in the local network or outside of it (web clients and thin clients connected to the infobase via a web server). The number of users is counted either by a dedicated program (HASP License Manager) or by the 1C:Enterprise back end.

IMPORTANT!

Interaction with HASP License Manager is only possible via IPv4.

No matter how users are counted, the network should contain one or more computers with HASP4 Net dongles plugged into their USB ports. The total number of users allowed to work with the software is defined as the number of licenses available to every dongle combined (there are some specifics, for description see page 183).

IMPORTANT!

It is not reasonable to plug multiple HASP4 Net dongles for 1C:Enterprise protection of the same series in the USB ports of one computer since no distinction is made between them, and in fact only one of them will actually be used (selected randomly).

HASP License Manager can both be launched as a regular Windows application, as a service (only in the following operating systems: Windows 2000/XP/Server 2003/Vista/Server 2008) and in Linux. When using the multi-user protection system, you do not need to install the HASP Device Driver on user PCs running 1C:Enterprise without dongles plugged into their USB ports.

TIP

To download the latest HASP Device Driver and HASP License Manager versions, visit Aladdin website at: http://sentinelcustomer.safenet-inc.com/sentineldownloads/.

9.1.1. Dongles Marking

Dongle Settings

Marking

Local dongle

ORGL8

Multi-user dongle (the number of users follows "NET": 5, 10, 20, 50, 100)

NET5 ORGL8

NET10 ORGL8

NET20 ORGL8

NET50 ORGL8

NET100 ORGL8

Multi-user dongle for 300 users

NET250+ ORG8A

Multi-user dongle for 500 users

NET250+ ORG8B

Local dongle for 32-bit server

ENSR8

Local dongle for 64-bit server

EN8SA

A 32-bit server dongle supports the execution of any number of 32-bit working processes on one physical computer.

A 64-bit server dongle supports the execution of any number of 32-bit and 64-bit working processes on one physical computer.

One computer can only have one dongle connected of each of the following series: ORGL8, ORGL8A, and ORGL8B.

The licenses are searched for in the following order:

„ In the ORGL8 dongle

„ In the ORG8A dongle

„ In the ORG8B dongle

The last dongle used to obtain a license can also be remembered. This dongle will be used to obtain a license for the next connection. If the license cannot be obtained from the remembered dongle, the available license will be searched for in the order described above.

9.1.2. Protection from Unauthorized Access

To prevent unauthorized access, 1C:Enterprise is delivered with a built-in security feature.

The ability to use the software at one or more workstations, also to use 1C:Enterprise server, is regulated by the license agreements in place.

One of the basic parts of the security system used is a dongle to prevent unauthorized access.

For the software purchased under One Workstation License Agreement or One Additional Workstation License Agreement to run, a dongle must be plugged into the computer USB port (for details of dongle driver installation, see page 188).

If software is purchased under Supplemental Multi-User License, the dongle should be plugged into the USB port of the computer with HASP License Manager software running (for details of installation and use, see page 189).

The information related to the latest modifications of the security system is available in readme.htm.

9.1.3. Specific Features of Counting Client Licenses

Depending on the client type and location of the dongle containing the client licenses (local or network location), multiple approaches to licenses counting are available. They are described in details below.

9.1.3.1. File mode

In this case the following options are available to obtain licenses.

Local dongle

It enables launch of an arbitrary number of software instances in the 1C:Enterprise or Designer mode on the computer the dongle is plugged into. Multi-user            dongle            available        via       a          network          using  license            manager

This enables concurrent operation of as many computers as there are keys for them. Any number of software instances can be launched in the 1C:Enterprise or Designer mode on one computer.

The number of the licenses is limited to the total number of available licenses from all network computers where the HASP License manager is installed and set up.

9.1.3.2. Client/Server mode

In this case the following options are available to obtain licenses.

Local dongle

It enables launch of any number of software instances in the 1C:Enterprise or Designer mode on the computer the dongle is plugged into. Multi-user           dongle            available        via       a          network          using  license            manager

It enables simultaneous operation of the computers with their number equal to the number of users allowed by the dongle. Any number of software instances can be launched in the 1C:Enterprise or Designer mode on one computer.

The number of the licenses is limited to the number of computers in the network with HASP License Manager installed and setup.

Multi-user dongle without license manager installed and multi-user dongle available via a network using HASP License Manager

When this arrangement is used, a dongle can both be located on the computer with 1C:Enterprise server installed (local multi-user dongle) or in the network. The claster mananger, on which the session data service is lset, is in charge of counting licenses. In this case the licenses are granted based on "one session – one license" principle. So if two instances of 1C:Enterprise are launched on one computer simultaneously (with any operation mode or client used), two licenses will be used by this computer.

IMPORTANT!

If the 1C:Enterprise server counts the client licenses, the client licenses having 0 in the Timeout column of the Aladdin Monitor software (to be downloaded at http://www.safenet-inc.com/sentineldownloads/) will be considered occupied. Therefore, using the same multi-user HASP keys in order to concurrently obtain client licenses with the help of the HASP License Manager and the 1C:Enterprise server is not recommended.

Please, note the following: if multiple multi-user ORGL8 series dongles are identified in a network, only one dongle will be selected randomly and once its licenses are all used, only one multi-user ORG8A dongle can be used followed by one multi-user ORG8B dongle. Where the client application selects the same network client key as selected by the server, the client application can stop searching for the license in other keys of the same series available in the network.

9.1.3.3. Web Client

Based on the infobase mode (the file or client/server), licenses are counted either by the web server extension module (for the file mode) or by the 1C:Enterprise server (in the client/server mode).

When this arrangement is used, the key can be located both on the computer with web server extension module (or the 1C:Enterprise server) installed or in the network. The web server extension module (or the 1C:Enterprise server) itself counts the licenses. In this case the licenses are used based on the "one session – one license" principle. Therefore, if two web browser windows with access to the same infobase are opened on a single computer, two licenses are spent.

IMPORTANT!

If the 1C:Enterprise server or the web server extension counts the client licenses, the client licenses having 0 in the Timeout column of the Aladdin Monitor software (to be downloaded at http://www.safenet-inc.com/sentineldownloads/) will be considered occupied. Therefore, using the same multi-user HASP keys in order to concurrently obtain client licenses with the help of the HASP License Manager and the 1C:Enterprise server (or web server extension) is not recommended.

The following should be taken into account: if multiple multi-user ORGL8 client keys are identified in the network, only one key will be selected randomly by the server and once all its licenses have been used, only one multi-user ORG8A key may be used followed by one multi-user ORG8B key. Where the client application selects the same network client key as selected by the server, the client application can stop searching for the license in other keys of the same series available in the network

9.1.3.4. The Thin Client Working through the Web Server

The thin client may be used to obtain licenses:

„ local key;

„ multi-user key available to the thin client through the HASP License Manager via the network;

„ the web server extension module or the 1C:Enterprise server.

If a license is received directly by the thin client, any number of system instances may be launched on one computer in the 1C:Enterprise mode.

A license may also be granted by the web server extension module (in the file mode) or the 1C:Enterprise server (in the client/server mode). In this case the web server extension module or the 1C:Enterprise server itself counts the licenses. The licenses are then spent based on the "one session – one license" principle. So if two instances of 1C:Enterprise are launched on a single computer, two licenses will be spent. When this arrangement is used, the key can be located both on the computer with a web server extension module (or the 1C:Enterprise server) installed or in the network.

IMPORTANT!

If the 1C:Enterprise server or the web server extension counts the client licenses, the client licenses having 0 in the Timeout column of the Aladdin Monitor software (to be downloaded at http://www.safenet-inc.com/sentineldownloads/) will be considered occupied. Therefore, using the same multi-user HASP keys in order to concurrently obtain client licenses with the help of the HASP License Manager and the 1C:Enterprise server (or web server extension) is not recommended.

The following feature of the license count with the help of the web server extension module or the 1C:Enterprise server should be taken into account: if multiple multi-user ORGL8 client keys are identified in the network, only one key will be selected randomly by the server and once all its licenses are used, only one multiuser ORG8A key may be used followed by one multi-user ORG8B key. Where the client application selects the same network client key as selected by the server, the client application can stop searching for the license in other keys of the same series available in the network.

9.1.3.5. The Local Key and the Web Client

If a local key is installed on the computer with the 1C:Enterprise server or the web server (for the file infobase mode) installed, the following can be launched:

„ an arbitrary number of designers on the computer with the key;

„ an arbitrary number of client applications (except for a web client) on other computers with client licenses available; „ with a file infobase mode:

     one arbitrary client application (including a web client) on any computer without a client key available;

an arbitrary number of client applications (except for a web client) on the computer with the key available.

„ one of the following with a client/server infobase mode:

     one arbitrary client application (including a web client) on any computer without a client key available;

an arbitrary number of client applications (except for a web client) on the computer with the key available.

In other words, you may develop and debug in the web client, but using the local key only.

NOTE

You may only launch one web client if the local key is used.

9.1.3.6. COM Connection

When 32-bit COM-connection is used, an available license is searched for in the following order:

„ Local client licenses

„ Local server licenses (both 32-bit and 64-bit versions)

„ Network client licenses

„ Client licenses on the 1C:Enterprise server (for the client/server mode) or on the web server (for the file infobase connected via a web server)

When 64-bit COM-connection is used, an available license is searched for in the following order:

„ Local client licenses

„ Local server license (only 64-bit versions)

„ Network client licenses

„ Client licenses on the 1C:Enterprise server (for the client/server mode) or on the web server (for the file infobase connected via a web server)

9.1.3.7. Web Service

No client licenses are required for web services operation. However, if an infobase providing web services runs in a client/server mode, a server license is required for 1C:Enterprise server operation.

9.1.3.8. The Terminal Server

In this case, the following options are available for obtaining licenses.

The Local Key

This allows operation of one user who connected to the terminal session with the "0" identifier only. It enables launching of any number of the system instances in the 1C:Enterprise or Designer mode. No local keys are available for terminal sessions with a session ID other than 0. The        Multi-user      Client  Key

Licenses from the multi-user client key installed on the terminal server are only available if the HASP License manager is installed and set up on the terminal server. Client licenses are counted similar to a multi-user client key available through the HASP License Manager via the network. One terminal session is counted as one workstation.

9.1.4. Obtaining a Server License

A dongle should be installed on the computer where a server cluster workflow or workflows (rphost) are executed. These workflows can belong to different server clusters. Availability of a server license is verified when a client application connects to a workflow.

A server dongle is a local key that is not available via the network.

9.1.5.         HASP Device Driver installation

9.1.5.1. For Windows OS

The HASP Device Driver installer (haspdinst.exe) is included in the delivery kit and is installed on the computer at the installation of the 1C:Enterprise server cluster.

To install HASP Device Driver, select Start – Programs – 1C:Enterprise – Advanced – Install HASP Device Driver.

HASP Device Driver can be also installed manually. To do this, run the haspdinst.exe program located in the \Program Files\1cv8\common\ directory with the -I key. The command line to install HASP Device Driver appears as follows:

haspdinst -i

TIP

We recommend installing HASP Device Driver prior to plugging the dongle into a USB port.

CAUTION

Do not unplug the hardware security dongle from the USB port during its operation.

When the HASP Device Driver is not required, it can be uninstalled. HASP Device Driver can be uninstalled by selecting Start – Programs – 1C:Enterprise – Advanced – Uninstall HASP Device Driver.

To uninstall HASP Device Driver, you can also use the following command line:

haspdinst -r

9.1.5.2. For Linux

HASP Device Driver can be downloaded from Aladdin company web site

(http://www3.safenet-inc.com/support/hasp/enduser.aspx).

HASP License Manager installation procedure involves the following steps (they need to be performed with the rights of administrator):

„ Unpack the archive by using the following command:

tar xzf HASP_SRM_LINUX_3.50_Run-time_Installer_script.tar.gz

„ Navigate to the directory with the unpacked driver:

cd HASP_SRM_LINUX_3.50_Run-time_Installer_script

„ Install the driver (note that the dot at the end of the command line is a must):

./dinst .

TIP

We recommend installing HASP Device Driver prior to plugging the dongle into a USB port.

CAUTION

Do not unplug the hardware security dongle from the USB port during operation.

To delete the key driver, navigate to the directory with the unpacked driver and execute the following command there:

./dunst

9.1.6.             HASP License Manager Installation

9.1.6.1. For Windows OS

1C:Enterprise distribution kit includes the utility lmsetup.exe, which is used to install HASP License Manager. The utility is located on the 1C:Enterprise installation disk and can be launched either from the command line directly or from the 1C:Enterprise installer menu.

HASP License Manager can be installed on any PC in a local network running under Microsoft Windows. Under any operating system HASP License Manager can be installed as a regular application, while in Windows 2000/XP/Server 2003/ Vista/Server 2008 it can also be installed as a Windows service.

IMPORTANT!

The license manager may work inconsistently if installed on a computer which is being used as a terminal server.

We recommend that you do not install the license manager on a computer being used as a terminal server.

To install HASP License Manager, first run the installer lmsetup.exe (the below example is for installation of HASP License Manager version 8.32).

   Fig. 69. Selecting Language

Select English language for the installer (see fig. 69).

Next you will need to agree to the suggested license agreement.

Fig. 70. License Agreement

If HASP License Manager is installed on a PC running Windows 2000/XP/

Server 2003/Vista/Server 2008, you will be offered two installation options for HASP License Manager: as an application (Application) or as a service (Service).

If HASP License Manager is installed on a PC running Windows 98/Me, this dialog will be skipped as only the application can be installed under these operating systems.

Fig. 71. Selecting Installation Mode

Next, select a folder where the HASP License Manager executable and help files will be located. If HASP License Manager is installed as a Windows service, the executable files will be located in the Windows system directory, and only the help file will be installed in the selected folder.

Fig. 72. Selecting License Manager Installation Path

At the next step of installation, select a group where the HASP License Manager start and help file icons will be located. By default, a new group named HASP License Manager is created, but you may also select an existing group or change the name of the group being created.

Fig. 73. Specify Group Name

If HASP License Manager is installed as a Windows application, you will be prompted to place the HASP License Manager icon in the Startup directory. If you do so, HASP License Manager will start automatically when the operating system starts. If you choose a different option, you will have to start HASP License Manager manually.

Fig. 74. Startup Mode Selection

At the next stage, install the HASP Device Driver, which is required for normal HASP License Manager operation. HASP License Manager uses this driver to communicate with the HASP4 Net dongle. If HASP Device Driver is already installed on the computer, you do not need to install HASP License Manager again.

Fig. 75. Security Driver Installation

When the installation process is completed, run HASP License Manager. If declined, it's possible to run it later manually. HASP License Manager procedures for various installation options are described below.

Fig. 76. License Manager Startup Necessity

Starting HASP License Manager as a Microsoft Windows Application

If HASP License Manager is installed as a Microsoft Windows application, start it by running nhsrvw32.exe that is copied to the hard drive of the computer in the HAPS License Manager installation process.

When you run it from the command line, you can specify various options for nhsrvw32.exe in order to better "instruct" HASP License Manager on using a network protocol to communicate with protected software.

Please note that you should only customize network protocol settings if using the default network protocols results in unstable operation or if protected software demonstrates significant delays in startup process.

Each option must be preceded by a hyphen ("-") or a slash ("/").

Example:

nsrvw32 -tcpip

or

nsrvw32 /tcpip

You can use the following options when you start nhsrvw32.exe:

addrpath=<path>

Determines the location to save haspaddr.dat to. By default, the file is saved in the folder where the HASP License Manager is loaded from.

ipx

Tells the HASP4 Net system to use the IPX protocol with SAP.

ipxnosap

Tells the HASP4 Net system to use the IPX protocol without SAP. When using

HASP License Manager for Win32, other protocols can be loaded using the -tcpip or -netbios options. In that case, HASP License Manager creates a file newaddr.dat containing the address of the workstation HASP License Manager has been run on. When loading HASP License Manager with one of the options, only those protected applications that have access to newaddr.dat will be able to exchange data with it.

ipxsocket num=<number>

This option should be used if you need to change the socket used by HASP License Manager for data exchange. The default socket is 7483 (hex).

localnet

Use this option to make HASP License Manager serve only the workstations in the local network. If the HASP License Manager receives queries from workstations outside of the local network, it returns error code 140.

nbname=<name>

Assigns HASP License Manager a NetBIOS name. The option has the same effect as -nethaspnb name.

netbios

This option forces the HASP4 Net system to use only NetBIOS. When using HASP License Manager for Win 32, you can load other protocols with the -tcpip or -ipxnosap.

portnum=<number>

If you are using TCP/IP, this option allows you to specify the network port to be used by HASP License Manager. The default port is 475.

srvname=<name> [,name]

 

Assigns one         or            more      IPX,        TCP/IP or                 NetBIOS HASP License Manager. Up to six names can be assigned.

tcpip

names     to

This option forces the HASP4 Net system to use only TCP/IP. When using HASP License Manager for Win32, you can load other protocols with the -ipx or -netbios options.

use lananum=<x> [,x]

Tells HASP License Manager to work with specific communication channel numbers. userlist

Limits the number of users served by HASP License Manager. By default the value is 250.

Starting HASP License Manager as a Microsoft Windows Service

HASP License Manager can be started as a Microsoft Windows service only if it has been installed as a service. As mentioned above, this is only possible in Microsoft Windows 2000/XP/Server 2003/Vista/Server 2008 environments.

When HASP License Manager is installed as a Microsoft Windows service, it is configured to start automatically, i.e. the HASP License Manager service will start every time Microsoft Windows starts.

If necessary, you can change the service’s startup settings to start and stop it manually.

To start, stop and customize the HAPS License Manager service manually, use

Start – Control Panel – Administrative Tools – Services system menu. In the service list that is displayed, find the HASP Loader service and right-click it. Using the context menu, you can perform all the required actions with the service.

9.1.6.2. For Linux OS

HASP License Manager for Linux may be downloaded at the Aladdin

website (http://sentinelcustomer.safenet-inc.com/sentineldownloads/?s=License+Manager&c=End+User&p=all&o=all&t=License+Manager&l=all).

NOTE

To ensure successful operation of the HASP License Manager, a protection key driver that may be downloaded at the Aladdin website (http://sentinelcustomer.safenet-inc.com/sentineldownloads/) should be installed depending on the version of Linux OS being used.

Perform the following actions (under the Administrator account) to install the HASP License Manager:

„ Copy the file downloaded into the directory where the HASP License Manager will be located (e.g., /opt/hasplm).

„ Unpack the archive by using the following command:

tar xzf hasplm_linux_8.30.tgz

„ Add the HASP License Manager launch command (to the exit 0 command) to the /etc/rc.local file from the directory to which it was unpacked.

/opt/hasplm/hasplm

Adding the command to the rc.local file will result in automatic launch of the HASP License Manager upon system restart.

„ Launch the HASP License Manager:

hasplm

If you need to set up HASP License Manager with the help of an nhsrv.ini configuration file (see page 310), and to do this specify the configuration file path in a HASP License Manager command-line:

/opt/hasplm/hasplm -c /etc/nhsrv.ini

9.1.6.3. Configuring HASP License Manager using a Configuration File

Some settings of the HASP License Manager can be specified by the nhsrv.ini configuration file (see page 310).

If dongles for numerous user licenses are used (for 300 or 500 users), pay attention to the NHS_USERLIST option when configuring HASP License Manager.

9.1.7. 1C:Enterprise Setup to Work with HASP License Manager

1C:Enterprise can communicate with HASP License Manager via IPX, TCP/IP or NetBIOS network protocols. By default, a network protocol is selected automatically. You should always use this mode except when automatic protocol selection and communication is unstable or causes long delays.

NOTE

HASP License Manager is always called via UDP. Indication to TCP/IP in the nethasp.ini file will be ignored.

The nethasp.ini configuration file is used to customize the parameters of 1C:Enterprise interaction with the HASP License Manager (see page 306).

Sample nethasp.ini file:

[NH_COMMON]
NH_TCPIP=Enabled

[NH_TCPIP]
NH_SERVER_ADDR=192.168.0.13
NH_PORT_NUMBER=475
NH_TCPIP_METHOD=UDP
NH_USE_BROADCAST=Disabled

In the above example the protection server is located in the network and has 192.168.0.12 as its address, 475 network port is used, UDP packets are used for operation and TCP/IP broadcasting is disabled.

When you install 1C:Enterprise, a sample nethasp.ini file is copied to the 1C:Enterprise configuration files directory. This file actually consists entirely of commented-out strings and does not predefine default parameter values, but it does contain the most complete list of parameters that can be used to customize interaction of 1C:Enterprise with HASP License Manager.

9.2. THE SOFTWARE LICENSING SYSTEM

The Software Licensing System enables users to collaborate without employing any additional physical devices. To do this, a special file – the platform software license – is required. The file includes encrypted information which is necessary for the system to function properly: license parameters and details of the computer for which the license is activated. To activate the license, you need a special number, called the PIN, and the serial number of the kit. The delivery kit contains several PIN codes. The number of PINs in the delivery kit and the number of concurrently active PINs are defined by the license version.

When a license is required, the 1C:Enterprise (client or server) application searches for license files across all the paths available (see page 209). Then the license parameters and details of the computer for which the license is granted are retrieved from the files. If the parameters of the current computer are equivalent to the details received, then the number of users and the license type (client or server) are verified, otherwise the license is rejected. The access to the file is defined by the access rights of the operating system being used. When the user who is running the application is not eligible to access the license file (or the directory where the file is located), the license cannot be obtained. The following types of software licenses exist:

„ Single-user client license. This allows you to run any number of client applications on one computer.

„ Multi-user client license. This allows you to run a maximum defined number of client applications from any computers. The number of concurrently running client applications is determined by the nominal value of the license.

„ Combined client license. This offers you the option of a group of single-user licenses or a single multi-user license. If any of the single-user licenses is activated first, you will not be able to activate the multi-user license, and only the single-user licenses may then be used. If the multi-user license is activated first, there will be no way of activating the single-user licenses.

„ A server license for a 32-bit server. This allows you to use any number of 32-bit workflows (rphost) on one computer.

„ A server license for a 64-bit server. This allows you to use any number of 32-bit or 64-bit workflows (rphost) on one computer.

Multi-user licenses may be located on the 1C:Enterprise server, the web server extension module computer or the terminal server. The client computer may only host single-user licenses. Software licenses located on the server (of "1C:Enterprise" or terminal) may be combined without any limitations.

When a software license is activated, information about the computer (the key parameters) for which the license is obtained is gathered. If any of the key parameters is changed during operation, you will have to activate a software license again (using new PIN code). The computer’s parameters are scanned at most once per day. Here is a list of the key parameters:

„ the name of the operating system

„ the version of the operating system – for Windows OS only two first digits are analized

„ the serial number of the operating system (only for Windows OS)

„ the OS installation date (only for Windows OS)

„ the network name of the computer

„ the motherboard model

„ the RAM size

„ the BIOS type and version

„ a list of the processors and their parameters

„ a list of the network adapters and their MAC addresses

„ list of network adapters and their MAC addresses, but the key parameter comparison procedure does not take into account:

     Bluetooth network adapters;

network adapters connected via IEEE 1394 or USB;

WAN and RAS software adapters;

adapters that do not have a MAC address and VEN_ and DEV_ data from the PNP identifier.

„ a list of hard discs and their parameters, however the key parameter comparison procedure does not take into account:

     external storage devices connected via IEEE 1394 and USB.

NOTE

When the system verifies whether software license parameters match current computer details under Linux OS, it does not analyze the name and version of the operating system.

When 1C:Enterprise is used on virtual machines, you will need to activate a software license for each virtual machine. When it operates on the virtual machines, the software license is bundled with the virtual machine parameters (virtual machine parameters are equivalent to the parameters of a real computer and are listed above). If these parameters change, you will have to activate a new license for a new PIN.

Please remember the following when changing the computer’s key parameters:

„ Only deleted devices and none of those added are analyzed when information about the computer is verified. For instance, if one network adapter was installed on the computer when a software license was purchased, you can add another network adapter without activating another software license. You cannot, however, replace one network adapter with another.

„ You can increase the computer’s operating memory, but not reduce it. For instance, if a license was activated for a 2 GB RAM system, you can increase the memory to 6 GB and then reduce it to 4 GB without having to activate another software license. However, if you reduce RAM below 2 GB, you will need to activate another software license.

„ Any changes are analyzed as of the computer’s current state in comparison to the state when the license was activated.

The http://1c-dn.com site helps you obtain a software license on electronic media. Use this page to forward the prepared license request file to the Licensing center and to receive the license data file from the Licensing center. The web service http://users.v8.1c.ru/LicenseCenter/ws/lm.1cws can be used to automatically obtain a software license.

9.2.1. License Versions

The following user software licenses are available:

Type

Number of Licenses

Set of PIN codes

 

 

 

Users

Active

Supplied

Single-user, 1 user

1

1

1

3

Combined, 5 users

5

1

5

8

5

1

3

Combined, 10 users

10

1

10

14

10

1

3

Combined, 20 users

20

1

20

25

20

1

3

Multi-user, 50 users

50

50

1

3

Multi-user, 100 users

100

100

1

3

Multi-user, 300 users

300

300

1

3

Multi-user, 500 users

500

500

1

3

You can define the type of combined license which is most appropriate for your work. If you activate a single-user license first while you are working with a combined license, it is considered that a set of single-user licenses has been selected, and thus further activation of the multi-user license becomes impossible. If a multi-user license is activated first, it is considered that a multi-user license has been selected for your work, and thus further activation of the single-user licenses becomes impossible.

NOTE

Additional pins provided within the delivery may be used if the key license parameters are modified.

The following server software licenses are available:

Type

Description

Set of PIN codes

 

 

Active

Supplied

Server, 32-bit

Allows using any number of 32-bit working processes on one physical computer.

1

3

Server, 64-bit

Allows using any number of 32-bit and 64-bit working processes on one physical computer.

1

3

9.2.2. Protection from Unauthorized Access

To prevent unauthorized access, 1C:Enterprise is delivered with a built-in security feature.

Your ability to use the software at one or more workstations, and the ability to use the 1C:Enterprise server, are defined by the license agreements in place.

9.2.3. Specific Features of the Client License Count

Depending on the client type and location of the software license files, several approaches to counting the licenses are available. These are described in detail below.

9.2.3.1. The File Mode

In this case, you may only use single-user licenses, which allows you to launch any number of system instances in the 1C:Enterprise or Designer mode on the computer to which the license is attached.

1C:Enterprise terminal mode is an exception. In this case, you can use a multiuser license infobase in file mode. For more details, see page 204.

9.2.3.2. The Client/Server Mode

In this case, the following options are available for obtaining licenses.

Single-user Software License

This allows you to launch any number of system instances in the 1C:Enterprise or Designer mode on the computer to which the license is attached.

Multi-user Software License

The 1C:Enterprise server counts the licenses.

When this arrangement is used, the software license files are located on the computer where the 1C:Enterprise server is installed. The server itself is in charge of counting the licenses. The licenses are then spent based on the "one session – one license" principle. So if two instances of 1C:Enterprise are concurrently launched on a single computer (with any run mode or client used), two licenses will be spent.

9.2.3.3. The Web Client

Depending on the infobase operation mode (file or client/server), the web server extension module (in the file mode) or the 1C:Enterprise server (in the client/server mode) is in charge of counting the licenses.

When this arrangement is used, the software license file may be located on the computer where the web server extension module or the 1C:Enterprise server is installed. The web server extension module (or server) itself counts the licenses. The licenses are then spent based on the "one session – one license" principle. So if two instances of 1C:Enterprise are concurrently launched on a single computer (with any run mode or client used), two licenses will be spent.

9.2.3.4. The Thin Client Working through a Web Server

The thin client may be used to obtain the following types of licenses:

„ a single-user software license;

„ the web server extension module or the 1C:Enterprise server.

If a single-user software license is used, you can launch any number of system instances in the 1C:Enterprise mode on the computer to which the license is attached.

If the web server extension module or 1C:Enterprise server is used to obtain the license, the web server extension module counts the licenses in the file mode, and the 1C:Enterprise server does this in the client/server mode. The licenses are then spent based on the "one session – one license" principle. So if two instances of 1C:Enterprise are concurrently launched on a single computer (with any run mode or client used), two licenses will be spent.

When this arrangement is used, the software license file may be located on the computer where the web server extension module or the 1C:Enterprise server is installed.

9.2.3.5. Single-user Software License and the Web Client

If a single-user software license is installed on the computer with the 1C:Enterprise server or the web server (for the file infobase) installed, the following can be launched:

„ an arbitrary number of Designers on the computer with a single-user software license;

„ an arbitrary number of client applications (except for a web client) on other computers with client licenses available.

„ one of the following launch methods is available:

one arbitrary client application (including a web client) on any computer without a client key available;

an arbitrary number of client applications (except for a web client) on the computer with a software license.

In other words, you may develop and debug in the web client, but using the singleuser software license only. At that, when a web client is used, it is only possible to launch the Designer on the local computer, and other types of clients cannot be launched.

9.2.3.6. The COM Connection

When a 32-bit COM connection is used, a search for an available license is conducted in the following order:

„ single-user software licenses

„ multi-user software licenses

„ client licenses on the 1C:Enterprise server (for a client/server mode) or on the web server (for a file mode connected through a web server)

When a 64-bit COM connection is used, a search for an available license is conducted in the following order:

„ single-user software licenses

„ multi-user software licenses

„ client licenses on the 1C:Enterprise server (for a client/server mode) or on the web server (for a file mode connected through a web server)

If the COM connection is launched from the code executed on the 1C:Enterprise server as an in-process COM server, and the server uses the server software license, the COM connection uses the server software license. Otherwise the COM connection searches for the client software license in the order described above in this section.

9.2.3.7. Web Services

No client licenses are required for web services operation. However, if an infobase providing web services runs in a client/server mode, a server license is required for 1C:Enterprise server operation.

9.2.3.8. The Terminal Server

When using Windows systems, take into account the following points: as regards the software licensing system, the ‘work place’ is defined by the session identifier number. All license queries sent from the same computer with the same session ID are considered as having been received from the same work place. For instance, if there is a computer with a single-user software license installed, this license can be used by any number of applications launched interactively. However, launching a client application (in any form) from any Windows service on such a computer will be perceived as a terminal server analog and require an additional license. This specific aspect applies to all software licenses (not only to single-user licenses).

The following aspects of license accounting can also be considered.

Single-user Software License

Any number of system instances can be launched in the 1C:Enterprise or Designer mode under one terminal session.

The software licenses (both single and multi-user) activated for the terminal server are combined if the license files are available to all users of the terminal server. Multi-user            Software         License

A multi-user software license may be activated for the terminal server and used both in the file and client/server mode of the system. In this case you may launch any number of system instances in the 1C:Enterprise or Designer mode for the number of concurrent connections to the terminal server (terminal sessions) matching the number of users for which a multi-user software license is activated.

The software licenses (both single and multi-user) activated for the terminal server are combined if the license files are available to all users of the terminal server.

9.2.4. Activating and Obtaining a Server License

A software license should be activated for any computer where a server cluster workflow or workflows (rphost) are executed or the manager of the cluster to which licensing service is assigned is run.

Availability of a server license is verified when a client application connects to a working process.

9.2.5.             Activating a Software License

9.2.5.1. General Rules

One of the basic parts of the security system used is a 1C:Enterprise software license. To activate a software license, use the special Assistant. To launch the Assistant, use the Tools – Licence obtaining command of the Designer.

To activate a license, you need to:

„ Select a computer to activate the software license: the current or the server computer.

When activating any software license, select To 1C:Enterprise server computer if you plan to use the activated license for a computer with the 1C:Enterprise server installed and that is not the computer from which you are activating the license. In this case, the file with a software license activated will always be located in the directory that contains the profile of the account under which the 1C:Enterprise server is run (the default value: usr1cv83) on the computer where the 1C:Enterprise server is run.

Otherwise select This computer. A multi-user software license is an exception to this. You should choose This computer for a multi-user software license only if Designer is run on the terminal server or within the terminal session. In this case, you can also select whether to place the activated license file in the current user’s profile directory or in the directory available for all system users. These are directories of the computer where the software license is being activated.

NOTE

When the This computer option is selected, the user activating the license should have administrator rights.

„ Select an operation:

     obtaining an initial license

obtaining a repeat license

updating a license

„ Select the users to whom the license should be made available: all users of the selected computer or only the current user. The selection defines which license set will be available for use.

If license files are located in the directory with the profile of the user activating the licenses, other users of that computer cannot access the licenses. For example, if a single-user license is activated on a terminal server and located in the current user profile directory (User1), then another user (User2) will not be able to work when User1 is not working. To provide access to an activated license for all users of the computer, it should be placed in the directory for all system users. Then, in our example above, the single-user license would be available for any user of the terminal server provided that others are not using it at the same time (as this is a single-user license).

„ Select how you want to obtain the license:

     automatically

on electronic media

manually

„ To obtain a license on electronic media, select the stage involved in obtaining the license:

     create a license request file

receive a license from the Licensing Center

„ To obtain a repeat license, enter the current pin which should be disabled „ Enter the kit registration number and pin as well as information on the user „ When obtaining a license manually:

     name the set of figures displayed by the Assistant (48 characters) to the Licensing Center employee

type the software license data provided by the Licensing Center operator into a special field (120 characters)

„ When obtaining a license on electronic media:

     enter the license request file name. This file should be forwarded to the Licensing Center

enter the Licensing Center response file name. This file should be received at the licensing center beforehand

NOTE

You should remember than when you are downloading a file received from the Licensing Center, the parameters (information on the software product and license owner) specified in the license activation dialog should exactly match the parameters specified when the license request file was created.

When activating licenses, remember the following:

„ If a software license was initially activated online or on an electronic medium, it can only be re-activated or updated using the same method.

„ If the license was initially activated manually, you can re-activate or update it only in the same manner by phone.

„ If an additional client software license needs to be activated from a computer where the software license has already been activated, the additional license should be activated in exactly the same way as the previous software license on that computer. When you activate a server license and a multi-user software license and it is possible to launch Designer on a computer with the 1C:Enterprise server installed, it is recommended that you activate both licenses

on the server computer, in which case the This computer or All users of this computer option should be selected.

„ Network devices and external data storage media connected by USB and IEEE 1394 are excluded from the process which checks the computer’s license file.

But if the license is received on a medium, the computer parameters, including the devices connected via USB and IEEE 1394, must match when the license file is being created on the basis of the response from the licensing centre. If this is not the case, then when a response file is loaded from the licensing centre, the receipt dialogue will display the following error message: Reply from Licensing center does not match the entered license or owner data. Check distribution kit registration number, PIN code and license owner data. In this case, in order to complete the license activation you must restore the computer configuration existing at the time the license query file was created: for example, insert the same external storage device to the USB port and download the same licensing centre response file. After that the data storage device may be disconnected.

If the computer parameters cannot be restored, you will have to repeat the procedure for receiving the license using an additional PIN code.

CAUTION

It is not recommended to locate one software license file simultaneously in several different directories available to 1C:Enterprise applications. This can make a license file unfit for use, as this constitutes a license agreement violation.

If a software license file is received automatically, it will be placed as follows:

„ For a computer with the 1C:Enterprise server installed:

     For Windows: in the %ALLUSERSPROFILE%\Application Data\1C\licenses (%ALLUSERSPROFILE%\1C\licenses for Windows Vista and above) directory of the account under which the 1C:Enterprise server is run.

For Linux: the /var/1C/licenses directory.

„ For the current computer: the user will be prompted to specify the users to whom the license being obtained will be available:

     If the current user is selected, the file will be placed as follows:

□ For Windows: in the %USERPROFILE%\Local Settings\Application Data\1C\1Cv8\Conf (%LOCALAPPDATA%\1C\1Cv8\Conf for Windows Vista and above) directory of the account under which the license is obtained.

□ For Linux: in the ~/.1cv8/conf directory (~ is the home directory of the account under which Designer is run).

If all users are selected, the file will be placed as follows:

□ For Windows: in the %ALLUSERSPROFILE%\Application Data\1C\licenses (%ALLUSERSPROFILE%\1C\licenses for Windows Vista and

above) data directory for all users of the computer.

□ For Linux: the option is not supported.

The                   %ALLUSERSPROFILE%\Application                      Data\1C\licenses

(%ALLUSERSPROFILE%\1C\licenses or Windows Vista and above) and the /var/1C/licenses directories are created when the respective operating system is installed on the computer. Consider the following specifics related to these directories:

„ For Windows: write and read rights in the directory created are granted to the account under which the 1C:Enterprise server is run (to be selected in the system setup window, see page 29). If the Install 1C:Enterprise server as a Windows service check box is not selected, rights for the directory created are not assigned and the default option is used.

„ For Linux: during the installation process the group is created. It should contain all user accounts from which 1C:Enterprise servers are running in daemon mode. Rights for the directory created are assigned as follows:

     Directory owner: root. Rights: read and write (rwx).

Owner group: grp1cv8. Rights: read and write (rwx). Other users’ rights: read only (r-x).

9.2.5.2. Recommendations regarding activation

This section does not include tips on how to select licenses to be activated (singleuser or multi-user) for combined software licenses.

Recommendations on activating client licenses are provided depending on the infobase and the computer from which the license is activated. Recommendations on activating the 1C:Enterprise server license are also based on the computer from which the license is activated.

NOTE

The client application run under Linux does not allow you to activate the license using the All users of this computer option.

File mode of the infobase

Client computer

We recommend activating a single-user license using the This computer and All users of this computer options.

There is no point in activating a multi-user license.

Terminal Server

We recommend activating any software license using the This computer and All users of this computer options.

Infobase in file mode via a web server

Designer can be run on the computer

We recommend installing a thick client on the computer with a web server and activating any license with the aid of Designer using the This computer and All users of this computer options.

Designer cannot be run on the computer

Install a server of the required bit set and activate the license for the server computer from any network computer with a thick client installed. The server application will make it possible to activate a software license even when the server license is not available. We recommend activating any license using the 1C:Enterprise server computer option.

Infobase in Client/Server mode

Client computer

We recommend activating a single-user license using the This computer and All users of this computer options.

To activate a multi-user license, it is recommended that you apply the 1C:Enterprise server computer option.

There is no point in activating a multi-user license to This computer.

Terminal server

We recommend activating any software license using the This computer and All users of this computer options.

1C:Enterprise Server Computer

We recommend activating any software license using the This computer and All users of this computer options.

Server license

Client computer

We recommend activating any software license using the 1C:Enterprise server computer option.

1C:Enterprise server computer

We recommend activating any software license using the This computer and All users of this computer options.

9.2.6. Location of Software License Files

A software license is a .lic file that may be stored in different locations of the file system.

TIP

It is not recommended to locate one software license file simultaneously in several different directories available to 1C:Enterprise. This can make a license file unfit for use, since this constitutes a license agreement violation.

The following steps must taken to obtain a software license:

„ A list of software license files is generated for all directories where software licenses may be stored.

„ The process of obtaining the required (client or server) license for each file in the list is executed until the license is obtained or the end of the software license list is reached.

9.2.6.1. For Windows OS

In Windows OS, software license files may be stored in the following directories (the directories are listed according to the search order):

„ A directory with the configuration files of the platform version being used. By default this is C:\Program Files\1cv8\8.3.XX.YYY\bin\conf.

„ The %USERPROFILE%\Local                 Settings\1C\1Cv8\conf (%LOCALAPPDATA%\1C\1Cv8\conf for Windows Vista and above) directory of the account under which the system operates.

„ The directory specified in the conf.cfg file located in the bin\conf directory of the specific version. For details on the format of the conf.cfg file, see page 251.

„ The %ALLUSERSPROFILE%\Application            Data\1C\1ñv8\conf (%ALLUSERSPROFILE%\1C\1ñv8\conf for Windows Vista and above) data directory for all users of the computer.

„ The %ALLUSERSPROFILE%\Application            Data\1C\licenses (%ALLUSERSPROFILE%\1C\licenses for Windows Vista and above) data directory for all users of the computer.

„ The %ALLUSERSPROFILE%\1C\licenses data directory (%ProgramData%\1C\ licenses for Windows Vista and later) for all users of the computer.

If no license has been found in those directories, the search is performed in the %APPDATA%\1C\1cv8\ directory. If that directory contains the location.cfg file, then a directory specified in the location parameter will be used for the search (see page 267).

9.2.6.2. For Linux OS

In Linux OS, software license files may be stored in the following directories (the directories are listed according to the search order):

„ The conf directory of the version installed. The path to this directory would appear as /opt/1C/v8.3/i386/conf in the 32-bit version of 1C:Enterprise, and as /opt/1C/v8.3/x86_64/conf in the 64-bit version.

„ The ~/.1cv8/conf (~ is the home directory of the account under which the 1C:Enterprise server operates) directory.

„ The directory specified in the conf.cfg file located in the conf directory of the version installed. For details on the format of the conf.cfg file, see page 251.

„ The /var/1C/licenses directory.

9.3.                 DEFINING THE POSSIBILITY TO START

9.3.1. At client application start

At startup, 1C:Enterprise verifies the possibility to start with the following algorithm (if the license needed is identified at some step of the algorithm, no further search is made):

1.     On the computer with a client application installed:

     the system tries to obtain a license from a software license file or a HASP dongle file from which the license was obtained during the last successful connection (see page 182);

the system searches for software licenses on a local computer;

the system searches for a local HASP key;

the system searches for a multi-user HASP key available via HASP License Manager.

If a basic configuration is used, the client application searches for a basic version license on the local computer.

2.     On the cluster manager computer to which the session data service is assigned, the system:

     tries to obtain a license from a software license file or a multi-user HASP dongle file from which the license was obtained during the last successful connection (see page 182);

searches for software licenses on the computer of the 1C:Enterprise server cluster manager;

searches for multi-user HASP dongles installed on the computer of the 1C:Enterprise server cluster manager;

searches for a multi-user HASP dongle available via HASP License Manager.

3.     On the cluster manager computer to which the licensing service is assigned, the system:

     tries to obtain a license from a software license file from which the license was obtained during the last successful connection (see page 182);

searches for software licenses on the computer of the 1C:Enterprise server cluster manager.

If searching for the HASP protection key is disabled (UseHwLicenses=0 parameter) with the help of the 1CEStart.cfg configuration file (see page 241), available licenses are not searched in the HASP protection keys available on the client computer (both local and network ones), and the system will not try to obtain a license from the remembered key when defining the launch option.

9.3.2. At server start

When a client application connects to the 1C:Enteprise server, the system verifies whether a server license is available (if the required license is identified at a certain step, no further search is made):

„ When searching for a license on the work flow computer serving the connection with the infobase, the system:

tries to obtain a license from a software license file or a HASP dongle file from which the license was obtained during the last successful connection (see page 182);

searches for a 32-bit server software license (only for on the 32-bit 1C:Enterprise server);

searches for a 64-bit server software license;

searches for a 32-bit server local dongle (see page 182) (only for on the 32-bit 1C:Enterprise server);

searches for a 64-bit server local dongle (see page 182).

„

When searching for a license on the cluster manager to which licensing service is assigned, the system:

tries to obtain a license from a software license file from which the license was obtained during the last successful connection (see page 182);

searches for a 32-bit server software license (only for on the 32-bit 1C:Enterprise server);

searches for a 64-bit server software license.

9.3.3. If the license is not obtained

The following actions will be performed if the search above did not produce any licenses:

„ The Designer and the thin and thick clients will launch the Assistant to obtain a software license.

„ The web client will display the following error message:

License not found. Software protection key or acquired software license not found!

License not found on the 1C:Enterprise server. Software protection key or acquired program license not found!

„ If the user refuses to obtain a software license, the Designer and the thin and thick clients will also display the error messages noted above.

A software license file is considered available for use if:

„ The file is not on the blacklist.

„ The file has a correct format.

„ The file is attached to the current computer.

„ The file contains an available license.

„ No other license files obtained for the same PIN and software serial number are being used in the network. Should such a situation occur, the license file becomes unfit for use and will be added to the blacklist.

NOTE

Licenses supplied with the HASP keys and software license files may be combined and used concurrently. If the licenses are used together, the software licenses are used first, followed by the licenses obtained from the HASP keys.

Leave a Reply

Your email address will not be published.

 

1C:Enterprise Developer's Community