Custom Clone Protection Schemes

>What Is a Custom Clone Protection Scheme? >Prerequisites for Creating a Custom Clone Protection Scheme >Creating a Custom Clone Protection Scheme >Custom Clone Protection Scheme Attributes >Actions for Custom Clone Protection Schemes

New to Sentinel EMS? See How to Use Sentinel EMS?

What Is a Custom Clone Protection Scheme?

A clone protection scheme prevents unauthorized application usage by protecting against the cloning of physical or virtual machines. Cloning involves creating an image of one device (including your software and its legitimate license) and copying this image to other devices. Sentinel LDK detects cloning by comparing machine fingerprints and disables protected software that is locked to Sentinel SL keys when the fingerprint no longer matches. Clone detection is effective whether the protected software is installed on a physical device or on a virtual machine.

Sentinel EMS provides two types of clone protection schemes—Platform Default and Custom Clone Protection Scheme. The Platform Default scheme automatically applies the best clone protection scheme for the environment on which a protected application runs. However, software vendors with customized devices that use proprietary fingerprints and expect locking to include one or more of these proprietary fingerprints cannot use the Platform Default clone protection scheme. To address this, a custom clone protection scheme can be used that allows locking applications to vendor-defined criteria. When deploying on VMware ESXi servers, a custom clone protection scheme can be used to lock applications to Fully Qualified Domain Names (FQDN) instead of the Platform Default scheme for greater flexibility.

Prerequisites for Creating a Custom Clone Protection Scheme

A role that includes Catalog (Namespace) permissions for the relevant namespace. (You cannot move custom clone protection scheme from one namespace to another.) At minimum, the vendor user needs the Add permission. For details, see Roles.

Creating a Custom Clone Protection Scheme

You can create custom clone protection schemes for use with one or more products in a namespace. After a custom clone protection scheme is created, you can associate it with a product.

To create a custom clone protection scheme:

1.From the navigation pane, select Catalog > Custom Clone Protection to view the Custom Clone Protection Schemes page.

2.Click the Add Custom Clone Protection button.

3.Fill in the custom clone protection scheme attributes.

4.Click Save. The Add Custom Clone Protection Scheme page closes, and the custom clone protection scheme is added to the list on the Custom Clone Protection Schemes page.

Custom Clone Protection Scheme Attributes

The table below describes the attributes related to custom clone protection schemes.

Attribute	Description	Required/Optional	Valid Values
Name	A descriptive name of the custom clone protection scheme.	Required	>1-18 characters >Must be unique >Do not use names reserved for predefined schemes: PMType1, PMType2, PMType3, PMType4, and FQDN for physical machines, and VMType1, VMType2, VMType3, VMType4, and FQDN for virtual machines. >The combination of name and machine type is unique. For example, you can have a scheme named 'TestScheme' with machine type Physical and another scheme with the same name but machine type VIRTUAL.
Machine Type	Specifies whether the custom clone protection scheme applies to physical or virtual machines.	Required	One of the following: >Physical: Applies to clone detection for physical machines. >Virtual: Applies to clone detection for virtual machines.
Scheme Criteria	Parameters that determine whether a given machine on which the licensed application runs is cloned.	Required	Select one or more parameters based on the machine type. For Physical Machine Type: >CPU: Identifies the machine based on CPU characteristics. >Ethernet Address: Uses the MAC address of the network interface. >FQDN: Uses the Fully Qualified Domain Name of the machine. Not supported on Android. >Hard Disk: Uses the hard disk ID (on a PC) or SD card ID (on an Android device). >IP Address: Uses the machine’s IP address. >Machine ID: Uses the motherboard identifier (on a PC) or Android serial number (or first boot identifier if the serial number is not available). >SID: Uses the security identifier (SID) on Windows or machine ID on Linux. >Custom ID1: Uses a vendor-defined identifier. >Custom ID2: Uses a second vendor-defined identifier. For Virtual Machine Type: >CPU: Identifies the virtual machine based on CPU characteristics. >Ethernet Address: Uses the MAC address assigned to the virtual machine. >FQDN: Uses the Fully Qualified Domain Name of the virtual machine. >IP Address: Uses the virtual machine’s IP address. >Machine ID: Uses a unique identifier assigned to the virtual machine. >SID: Uses the system security identifier (SID) on Windows or machine ID on Linux. >VM Generation ID: Uses the unique identifier assigned to the virtual machine instance. >Custom ID1: Uses a vendor-defined identifier. >Custom ID2: Uses a second vendor-defined identifier. NOTE   Use vendor-defined identifiers in specialized environments where licenses must be bound using vendor-defined system identifiers, such as proprietary hardware information, virtual environment attributes, or software environment hashes.
Minimum Matching Criteria	Specifies the minimum number of selected criteria that must match during license validation to prevent the machine from being identified as a clone.	Required	Any number from 1 to the number of criteria selected in Scheme Criteria
All Selected Criteria Must Exist	Specifies whether strict enforcement is applied for clone detection. When enabled, all selected criteria must be present on the machine and the C2V fingerprint file.	Optional	Yes OR No Default: No
Description	Description of the custom clone protection scheme. Use this field to document the purpose or details of the scheme.	Optional	Maximum: 512 characters

Actions for Custom Clone Protection Schemes

Action		Description
	Edit	Updates information for an existing custom clone protection scheme.
	Delete	Deletes the custom clone protection scheme. (Available only for non-deployed schemes.)