Developers Support Sales Changelog Github Website

Entitlements to be used on LLS instances

To use the Zentitle2 entitlements in the environment where the LLS has been installed, they must be exported from the Zentitle2 and imported into the LLS at the Customer site.

Think of it as installing the licenses at the Customer's remote site. Because they are running in a disconnected/dark environment, they have to go through a multi-step process to install them in that location. There's no direct connection to the Zentitle2 servers, so this process is required.

Once your Local License Server (LLS) is running and activated at the Customer location, you can export any entitlement, add that to the LLS instance, and use the LLS Licensing API to activate seats and manage features.

Once entitlements have been deployed to the LLS instance, they will operate functionally like the rest of Zentitle2. They can be modified or removed post-installation.

Entitlement Token details and security

The entitlement is exported from the LLS as an encrypted token. The token can be generated multiple times and always contains a snapshot of the latest entitlement’s state.

Each token is digitally signed and encrypted so that the LLS server can verify the authenticity and integrity of the data represented in the token. Only the LLS instance selected during the entitlement export process can decrypt the token and import the data.

The token contains the following information:

  1. Version number - identifies a token version, should be increased when there is a breaking change introduced to the token’s format

  2. Token ID - LLS keeps track of all the applied tokens so that the same entitlement token cannot be imported twice by accident.

  3. Session ID - unique entitlement export session identifier. For each entitlement, LLS keeps track of the currently active session. That way, the user cannot accidentally import a token that has not been applied in LLS before but has been generated for one of the previous (and no longer active) entitlement export sessions.

  4. Issue date - the date when the token has been generated. LLS doesn’t allow importing an export token with a lower issue date than the one in the previously applied token so that the old data doesn’t accidentally override the entitlement.

  5. Payload: serialized entitlement data. LLS inspects the entitlement data and updates/creates the entitlement record in the LLS DB accordingly.

Entitlement export session

The entitlement export session starts when the first entitlement token is generated for the given LLS server and lasts until the entitlement is withdrawn from the LLS and imported back to the server.

Over time, there can be multiple export sessions even for the same entitlement and LLS server if the cycle [export entitlement into LLS] -> [withdraw entitlement from LLS] repeats.

Entitlement export

Entitlements can be exported only to an active Local License Server (check License Management for more details).

To keep track of an exported entitlement's expiration date in Zentitle2, an entitlement with the license start type set to Activation is automatically activated during the export. Otherwise, the entitlement needs to be activated manually first.

Entitlement export on Zentitle2

  • In Zentitle2, go to the page of the entitlement that you want to export and edit the entitlement host.

  • Change the host to Local License Server and select the name of the LLS to which you want to export the entitlement.

  • After clicking the Export button, you will receive the Entitlement Token. Either copy the token or download it as a file. Then, switch to the LLS to install it on the customer site.

NOTE: This entitlement is hosted on the Local License Server. After making any changes, be sure to generate a new token and follow the Refresh process in the Server Interface.

After closing the Entitlement Token dialog, you can see that the host has been changed to "Local License Server" with the name "Test Server."

Entitlement import on LLS at the Customer

  • Go to the Entitlements page in the LLS Server Interface and click the Import Entitlement button.

  • Upload/paste the token provided in the Zentitle2 interface.

  • Then, click "import."

After a successful import, the entitlement is hosted on the Local License Server.

Now, you can use the LLS Licensing API to activate seats and perform other actions on this entitlement as if hosted in the Zentitle2 cloud.

Entitlement management on Zentitle2

In Zentitle2, you can explore all the entitlements exported to a specific Local License Server by going to the Account Settings -> Local License Server page and clicking on the link in the Entitlements column in the Servers list.

Current limits in LLS

  • Only entitlements without active seats can be exported.

  • There is no insight into the current seats and features usage in the Zentitle2 interface, as the entitlement is hosted elsewhere.

  • The overdraft seat limit is not supported in LLS, as it is hard to monitor and regulate the overdraft seat usage in the LLS's offline environment. Even if the exported entitlement configures the overdraft seat limit, its value is ignored, and the maximum activation count depends solely on the seat count.

Updating Entitlements on LLS (entitlement refresh)

After the entitlement has been imported into the LLS, it can still be modified in the Zentitle2 UI (disabled, settings updated, activation codes added, etc.).

A new entitlement token will be generated in Zentitle2 and then applied in the LLS to effect the changes.

As the number of used seats inside the LLS is unknown while editing the exported entitlement in Zentitle2, the seat limit is consistently enforced when editing the seat count. If the new seat count is lower than the number of used seats in the LLS, activations that do not fit the seat limit inside the LLS are destroyed when the new entitlement token is applied in the LLS.

  • In Zentitle2, go to the LLS server and the associated entitlement you wish to change.

  • Edit the entitlement details and save them as you would with any entitlement management task.

  • Then, go to the "entitlement host" section and click on the Generate token action to generate a new entitlement token containing the latest entitlement state.

If there are some pending entitlement changes in Zentitle2 (that have not been included in the latest entitlement token), a warning about a required token refresh is displayed on the entitlement page.

  • Copy/download the entitlement token with the latest entitlement data.

Switch to the LLS server Interface

  • In the Server Interface, go to the Entitlements page, find the edited entitlement, go to its details page, and click the Refresh button.

  • Paste/upload the Entitlement token.

  • Click the refresh button.

  • The entitlement has been updated on the LLS, and you will receive a confirmation message.

Entitlement removal from the Customer installation

Following this process allows you to remove entitlements from an LLS instance securely.

  • In the Server Interface, go to the entitlement you want to delete and click the "remove from server" button.

You will be presented with the warning screen, which informs you that clicking the Remove from Server button will instantly delete the entitlement and generate a confirmation token.

  • Click on the Remove from Server button.

Make sure to download the Entitlement Removal Confirmation, as it's available only at this stage of the entitlement removal process. It acts as proof that the entitlement has been deleted from the LLS.

  • You will receive a confirmation screen to show you have completed the removal.

  • Copy/download the removal token.

Switch to the Zentitle2 Interface

  • In Zentitle2, go to the details page of the entitlement that has been removed from LLS.

  • Then, edit the entitlement host record.

  • Select "Cloud"

  • Paste/upload the Entitlement Removal Confirmation.

  • Then, click the "move entitlement to cloud" button.

After clicking the Move entitlement to Cloud button, the entitlement host will be changed back to Cloud, the associated export session will end, and the entitlement will become available in the Zentitle2 Licensing API again instead of being associated with an LLS instance.

When the entitlement is exported again, either to the same or another LLS instance, a new export session starts.

PreviousLLS License End-User ManagementNextLLS Licensing API

Last updated

Zentitle2

Service terms

© Copyright - Nalpeiron, all rights reserved Website use subject to Terms and Conditions. See our Privacy Policy Use of Zentitle is subject to our Service Terms and Conditions