Views:

Authored By

Alissa Wilczynski, Matthew Sutton

Abstract

This article is for server administrators using a Zemax OpticsViewer network softkey license. It covers logging license usage, password protection, user and computer restrictions, as well as the detachable license (check out) feature to use a license seat when not connected to the network. 

Contents


This article is for server administrators using a Zemax OpticsViewer network license. It covers logging license usage, password protection, user and computer restrictions, as well as the detachable license feature to use a license seat when not connected to the network.

Before getting started

Before proceeding with this article, you need to complete the steps to setup the network license on the keyserver. For instructions on how to do this, see "How to configure the keyserver and clients for OpticsViewer network licenses."

 

Introducing the Sentinel Admin Control Center

The Sentinel Admin Control Center on your network license server contains all the advanced settings to secure, control and monitor the network license and client machines. By default, this Sentinel Admin Control Center (ACC) page is accessible from any client machine as well as the server machine, unless you restrict remote admin access or set a password. The options to secure the server are covered below. 

To get started with configuration, on the keyserver machine hosting the network license, open the Zemax License Manager (ZLM) from Windows Start...Zemax License Manager. Then select Launch Sentinel Admin Control Center. This is located under the "Troubleshoot" section. Note: You can also open a browser window on the server machine and go to http://localhost:1947.

 

Zemax License Manager

 

After doing so, your web browser will open to the Sentinel Admin Control Center Help page. 

 

Sentinel_Admin_Control_Center

 

Click on Sentinel Keys. This page shows all available licenses found on this machine and elsewhere on your network. Licenses with "Location: Local” are hosted on this machine. Licenses hosted on other machines will show the "Location: XXXXXX," where "XXXXXX" is the computer name. You can click on the computer name to open the Admin Control Center on other machines (if permissions on those machines allow). 

Note: Zemax licenses are listed as "Vendor: 114811." If you have Sentinel licenses from other vendors, they will be listed with a different Vendor number. 

 

Keys

 

For the local machine, you can then select Features, under either Actions of from the left-hand navigation pane. The Features page will tell you details about each license, including the total number of seats available under "Limit" (in the screen shot below, the Limit is 5) and the type of Zemax license under "Product" and "Feature." This example is a Professional Edition OpticsViewer Network license.

 

Sessions

 

This section has provided an overview of the general UI and functionality in the Sentinel Admin Control Center. The following sections will describe more specific functionality. 

 

Configuration settings

This section provides a more detailed discussion of the most important settings in the Sentinel Admin Control Center (ACC). These include allowing remote access and setting a password. Each section below will refer to the following image describing different regions of the ACC.

 

Configuration_Settings

Allow remote access

To allow other machines remote access to the ACC on your machine, under Basic Settings, check Allow Remote Access to ACC. This option is checked upon the default installation. When checked, the Sentinel Admin Control Center page is accessible from any machine that can view the server. Client machines can access the Control Center by navigating in an internet browser to http://{network.host.IP.address}:1947. With this option enabled, other machines can view the Sessions to identify who is accessing a particular license or change settings via the Configuration page. See the next section on how to set a password to restrict access to the admin control center, or just the configuration settings.

Removing the check from this box will only disallow remote access to the Sentinel Admin Control Center on the server. It does NOT keep users from accessing installed licenses. 

Tip: To confirm that removing the check mark from "Allow Remote Access" is set, try to access the server's Sentinel Admin Control Center page from another machine. Substitute the machine name for "localhost", so it would be something like http://servername:1947. You will get a "403: Forbidden" error.

Set a password

By default, there is no password set to access the ACC on your machine. This means that if "Allow Remote Access to ACC" is checked, any other machine on the network can access your machine's ACC. You can add a password to prevent local and remote users from changing settings or seeing the license information on the server without authenticating with a password. If you only need to lock out remote users from access to the keyserver's Admin Control Center, you can remove the check the "Allow Remote Access to ACC" box at the tops of this page instead.

To set a password follow these steps:

  1. Choose either Configuration Pages or All ACC pages. For example, if you would like to view current licenses, but restrict the ability to modify any of the configuration settings, you will want to password protect the Configuration Page. To restrict viewing any pages in the Sentinel Admin Control Center without a password, choose All ACC Pages. Note: If you set a password for "All ACC pages" your softkey license will not be visible in the Zemax License Manager on the server, as the license manager has no way to enter a password when retrieving key information. However, clients will still be able to see and use the license. 
  2. Select Change Password.

 

Change_Password

 

  1. You will be asked to supply a new password. If there is no current password set, leave Current Admin Password blank. Enter a password in the New Admin Password field and Re-enter new admin password. Click Submit to confirm it.

 

Change Password

 

  1. After submitting the new password, you will get an authentication popup to enter the new password. Leave the User Name field empty, as there is no username required. Type the new password you just set and you will get logged back in to the Admin Control Center. 

 

Admin_Control

 

  1. If you need to remove the password, just click Change Password again. You will be prompted for the current password. Just leave both New and Re-enter Admin Password fields blank and Submit. If you do not have or forgot the current password, move the to next section of this article.

Reset a password

If you forget the password you set, it can be removed. To do so:

  1. Using Notepad, open the file "hasplm.ini" located in C:\Program Files (x86)\Common Files\Aladdin Shared\HASP folder.
  2. Delete the encrypted password (everything after the equals sign) on the line adminpassword. Re-save the file. You will need administrator rights to do so. 

 

Admin_Password

 

  1. Restart the Sentinel LDK License Manager service using the instructions below.
  2. Close and re-open all instances of your web browser.

Additional built-in help on the password feature can be found here.

Log errors

Basic access and error logs are available so you can see any errors with loading the licensing service, accessing the license from clients, and license activation or transfer issues.

To begin logging errors, navigate to Configuration...Basic Settings and select Write an error log file. We suggest you do not check this box unless directed by Zemax support when troubleshooting an issue. To limit the size of the log files you can set a size limit. When the log file reaches the size specified (0 - 9999 KB) in Size Limit, the file is closed and a new log file is started. If Size Limit is set to 0, the log file is never closed.

To view the error log file, it is a text file called error_114811.log located in C:\Program Files (x86)\Common files\Alladin Shared\HASP

Manage license access

This section describes how to manage both user and client access to the license hosted on the keyserver. It discusses the settings needed to view active license sessions, restrict access to specific licenses, and log license usage. 

View active sessions

Select Sessions along the left-hand navigation to see each license seat in active use. From here, you can see each current user’s ID, IP Address, machine name, and login time. There is also a Disconnect option but OpticsViewer will not release a license seat unless the end-user closes the application.

Note: The sessions list does not include detached/checked-out licenses in use by client machines. See the section "View checked out licenses" to view information on checked-out licenses. 

 

Sessions_Keyserver

 

Restrict users

In this section, we discuss how to allow or deny access to the license from specific users on the local network. The default with no rules set is to allow all users access to the network license. See the section "Restricting client machine license access" for details on how to restrict license access for specific client machines. 

Click Show Recent Users to display a list of users who have recently accessed licenses on this machine. From the popup window that appears, you can explicitly select to block or allow users individually "on the fly" so you don't have to add them to the "User Restrictions" list manually.

You can also combine user and machine rules (like allow certain users only from a certain machine access to a license) by replacing @all with the IP address or machine name. Further details on rules are available on the Configuring User Settings page in the ACC.

When restricting access to license for specific users, you should note the following about the user restrictions list:

  • The username is based on the WIndows username. To verify the format of the username, click the Show Recent Users button.
  • The list of rules is processed from top to bottom (similar to Apache and other products).
  • Note that allow=all@all will automatically be the added as the last item on the list. If you want to restrict all users except certain ones, just make sure deny=all is at the bottom of the list, but above allow=all@all like Example B below.

Also note that you can add rules so only certain users or computers can access certain products. This eliminates the need to host licenses on different servers if you want to have separate rules for each. See example c and d below. 

To allow or deny access to a specific product or key ID (license) for a specific client, follow the instructions below.

  1. In the ACC, navigate to Features and identify the desired Product or Key ID from the list. Note: we recommend using Product rather than Key ID, as the Key ID field will change after a license replacement.
  2. After noting the Product or Key ID, navigate to Configuration...Users.
  3. Use the User Restrictions field to modify which users have access to the desired license.

    Tip: If you want to verify what the usernames are, click Show Recent Users. It will give you a list of those who accessed the license in the last 24 hours or so.
    Tip: Before beginning, be sure to add a rule to allow the server access to the license. This ensures the Zemax License Manager can see and transfer it properly. To do so, include the following line as the first rule on the list and submit it. Replace SERVERNAME with the actual name of the machine listed at the top of the Admin Control Center. 

allow=all@SERVERNAME

Three examples of the syntax required for this process are outlined below: 

    1. Allow all users except user1, user2, and user3 access to all licenses. 

allow=all@all
deny=user1@all
deny=user2@all
deny=user3@all

 

User Restrictions

 

  1. Allow only user1, user2, and user3 access to licenses. Notice the "deny=all@all" after the list of users and before "allow=all@all".

allow=user1@all
allow=user2@all
allow=user3@all
deny=all@all
allow=all@all

 

User Restrictions

 

 

  1. Deny USER1 access to an OpticsViewer Premium-Network license (Product 21) with Key ID 410177719861922512. Allow USER2, USER3, and USER4 access to the same license. 

​​​​deny=USER1,product:21,key:410177719861922512

  1. Deny all users at COMPUTER1 access to the same license.

deny=all@COMPUTER1,product:21,key:1410177719861922512

  1. Press Submit when you are finished.

Restrict client machines

In this section, we discuss how to allow or deny access to the license from specific client machines on the local network. The default with no rules set is to allow all client machines access to the network license. See the section "Restricting user license access" for details on how to restrict license access for specific users. 

Before getting started, note that Allow Access from Remote Clients must remain checked on the keyserver machine, or clients will not be able to see the license on the server.

You can also restrict certain computers from using the license. Click Show Recent Client Access to display a list of users who have recently accessed licenses on this machine. You can block or allow machines "on the fly". That way you don't have to add them to the "Access Restrictions" list manually. 

When restricting access to license for specific clients, you should note the following about the access restrictions list:

  • You can use either an IP address or computer name. We recommend using the computer name as IP addresses are generally dynamic and may change.
  • These rules are shared by all Sentinel Licenses you have installed on the machine. For example, if you have both OpticsViewer Pro and Premium network licenses, you cannot block computers from one or the other. You would need to move one license to another machine or VM then set rules on that machine.
  • The list of rules is processed from top to bottom (similar to Apache and other products).
  • Note that allow=all@all will automatically be the added as the last item on the list. If you want to restrict all users except certain ones, just make sure deny=all is above allow=all@all like Example 2 below.

To set the rules manually, the rules are similar to the above "Users" settings page. Examples are below. See the Configuring Access from Remote Clients page in the ACC for other details.

  1. Allow all machines except the 5 machines listed to use the license.

 

Access_from_remote_clients

 

  1. Allow only the 5 machines listed access to the license. Notice the deny=all is after the list of users and before "allow=all@all".

 

Access_from_remote_clients

 

Log license usage

Sentinel Admin Control Center logging is available but is limited in the information it tracks. It makes a simple text file based on about 20 predefined parameters. Basic access logs let you see how many sessions have been open at once in the past as well as checked out license seats. 

TIP: If you would like to see more detailed license usage over time using a pre-built spreadsheet, I recommend following the article Monitoring concurrent users to track network license utilization instead.

  1. Check the Write an Access Log File box. To limit the size of the log files you can set a size limit. When the log file reaches the size specified (0 - 9999 KB) in Size Limit, the file is closed and a new log file is started. If Size Limit is set to 0, the log file is never closed.
  2. Check the Include Remote Requests box. This is what enables logging usage of the license seats by client machines.

The following optional check boxes are available:

  • Include Local Requests: Logs license requests from the current machine (Normally not useful for servers, unless you also run your Zemax application on the server)
  • Include Administration Requests: Logs requests made to Sentinel License Manager by Admin Control Center (no license information is tracked). The admin requests are logged with [ACC] or [SRM] prefixes in the log file.  
  1. Click Submit at the bottom of the page. 
  2. Click the Edit Log Parameters button to configure the formatting and set the information you want to log. See the ACC Edit Log Parameters page for details on how to format the log files. Note: You can include commas in between each parameter of the "log parameters" page if you want the file to be saved in a comma-delimited format that you can open with Excel or other software.

 

Configuration

 

The log files are text files and so can be opened with Notepad or similar editors. To view the access log, it is stored with the filename access.log in one of the following folders:

  • ..\Program Files (X86)\common files\aladdin shared\HASP\log (if Write Log Files Daily is checked)
  • ..\Program Files (X86)\common files\aladdin shared\HASP\ (if Write Log Files Daily is not checked)

 

License check out

This section will describe how to manage license seat check out settings on the keyserver machine. For details on the check out process for client machines, refer to "How to configure the keyserver and clients for OpticsViewer network licenses." 

Softkeys are able to permit license check-out on a client machine, which allows the client to remove a seat from the network key. It will be hosted on the local machine for a limited loan period. During this loan period, the client machine can be taken offline while maintaining access to its license seat. Note that client machines do not need any configuration to use this feature, it is built in to the Zemax License Manager. To maximize the availability of seats, we recommend clients not check out a license seat unless they have a specific need to use it offline or dedicate a seat for a period of time. 

Note: This feature is for softkey licenses only. Red USB network keys are not capable of license check out.

By default, when the license is initially activated on the keyserver, license check-out is disabled. To enable the check out functionality on the server, navigate to Configuration...Detachable Licenses and check Enable Detaching of Licenses.

 

Configuration

 

In the Detachable Licenses section, there are two settings that can be used to restrict access to detached (checked out) license seats: Max Detach Duration and Reserved Licenses. 

  • Max Detach Duration: The duration of the license loan can be set for any period from 1 - 9999 days. Licenses automatically expire after the specified duration. Checked out licenses can be checked back in early any time by the client, as long as the client can communicate with the key server machine. Note that licenses cannot be checked back in early from the server machine, only from the client machine. 

Tip: We recommend keeping the duration as short as practical. We suggest 1-2 weeks. If a client computer with a checked out license seat fails, lost or stolen, you will lose access to that license seat until the specified duration runs out. For example, if you check out a license for a 30 day duration, and the client computer is stolen on day 1, you will need to wait 29 days for the check out period to expire. If you encounter this situation, and need a temporary license seat, feel free to contact the Zemax support team. Include your softkey license number (Such as L100000). Note that temporary licenses are available for 30 days or less.

  • Reserved Licenses: A certain number or percentage of all available license seats can be reserved on the network and made unavailable for check out.  In the example screenshot below, we have reserved 5 licenses (or seats) on a 15-license network soft key. This means that 10 licenses could be checked out to individual client machines for offline use, but 5 licenses would only be available on a first-come, first-served basis.  If you are hosting more than one network license on a single server (for example both OpticsViewer Professional and Premium) it is possible to configure different settings for each by using the “Per-Product Settings” option.

Tip: If you have more than one Zemax network license on the server, select the "Per Product Settings" button on the right. You may configure different detachable license settings for each license.

 

View checked out licenses

If you'd like to see which client machines have checked out a license seat for offline use, first click the Products link on the left-hand navigation. Then, locate the product you'd like to view. Look for the Detached column. 

 

Detached

 

If this column contains only a dash (-) for a given product, then no license seats are checked out for that product. If there is a number displayed in this column, click the number to display a list of computers that have checked out a license seat. It will also display the date the loan period will expire.

 

Detached

 

Restarting the Sentinel LDK License Manager service

This is useful if it's not practical to restart the entire license server machine, and can be used to fix the following issues:

  • The license server or client machines are not able to see the softkey license in the Zemax License Manager 
  • You change a configuration setting on the keyserver and it doesn't take effect after clicking "Submit".
  • License check out on the client fails even if the detachable license feature is enabled on the server.
  • You need to release license seats from the server that appear in the session list but are not accessible to other users.

You may either open the Start menu, and search for services.msc, or open Control Panel...System and Security...Administrative Tools...Services. Right-click on Sentinel LDK License Manager and select Restart. It will typically take 30-60 seconds to be ready. 

 

Restart

 

FAQ

How can I enable license check-out on the key server so that my colleagues can work offline?

See the "License check out" section above. 

Where do I set the length of the checked-out license loan period?

See the "License check out" section above and set the number of days in "Max. Detach Duration"

What if clients get an error when checking out a license even though check out is enabled on the keyserver? 

See Restart the Sentinel LDK License Manager service on the server. 

How can I keep X seats reserved for first-come, first-serve use while allowing the others to be checked-out?

See the "License check out" section above. You may set a fixed number (X) or a percentage of all licenses to keep locked in the general license pool, unavailable for check-out. 

Can I check a license seat back in early from the key server machine if the client machine is broken or stolen? 

No. Checking in an offline license has to be done from the client machine. If the client machine is no longer available due to machine failure or theft, you will need to wait until the check out loan period expires to get the seat back. See the "License check out" section for details. 

In the Zemax License Manager, the there are less than the total number of available seats I expect to see. Why?

First, check for licenses that have been checked out (detached) as well as open sessions in the "View checked out licenses" section above. If the total number of seats is still not what you expect, this means that the server has not properly released a session after OpticsViewer was closed. To resolve this, follow the instructions in "Restart the Sentinel LDK License Manager" section above. 

I set a password on my keyserver. Now I can't see my network license in the Zemax License Manager.  What do I do? 

The Zemax License Manager cannot prompt for the Admin Control Center password and therefore will not see the licenses if a password is set for "all ACC pages". This will also keep you from transferring or updating your network license through the Zemax License Manager. Visibility of the license from client machines will not be affected by a password on the server. If you want to avoid this issue, there are 2 options.

  1. Set a password only for "Configuration pages". 
  2. Temporarily remove the password, do what you need to with the Zemax License Manager, then enable the password when you are done. 

Where can I find additional help for the Admin Control Center?

Besides the documentation here, there is either the "Help" link on the left side of the Admin Control Center page, or you may access context-sensitive help for each section by clicking the “Help” button in the lower right corner of each page which will take you to the proper subsection of the Help index.

 

Help

This article explains the use of the Sentinel Admin Control Center to manage softkey and red USB licenses.