Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Six Issues to Consider Before Building a License Manager
1. www.agilis-sw.com
White Paper
Six Issues to Consider Before Building
Your Own License Manager
Overview
As an independent software vendor (ISV), developing your own licensing tool to protect
your product may seem like a good decision – “We know how to develop software,
right?” – but this may not be the best strategy for you when all the issues are considered.
______________________________________________________________________________________
Copyright Agilis Software LLC 2010 Page 1
2. So you want to protect your software product with a license manager, and are now
debating whether to develop your own licensing tool or purchase a commercial solution.
Perhaps one of your developers, or your offshore development partner, is claiming they
can put together what you need at low cost, and you are tempted to give them the green
light.
Before you do so, here are some issues you should consider.
1. How confident are you that the tool you build will meet your needs?
When you embark on a development project you can’t test now what will emerge at the
end – you can’t evaluate it, see how it will fit into your operations flow, or present it to
key customers to obtain their feedback. With commercial licensing systems you can
obtain an evaluation license, see how it will fit into your operations, validate the end-user
experience, and be confident your chosen solution will meet your needs.
2. Will it actually be secure?
When you need a new lock for your front door, do you go to your workshop and craft a
lock yourself? Thought not. The commercial lock vendors have spent years figuring out
how to make their locks secure against lockpickers, similar keys, files, credit cards, bolt-
cutters etc.. They also make sure their locks are easy to fit in your door and continue to
work reliably, and their products have been tested and refined in the marketplace across a
multitude of users.
The same is true of licensing systems. Your developers may think it looks like a simple
problem (“We’ll just Google 'encryption’ ”), but they have probably not spent years
studying the subject and having their ideas tested across a range of licensing scenarios.
They may build in protection against the more obvious attacks, but in truth they will have
no idea of the possible holes in their system. And of course, if their system is hacked,
how will you even know?
It’s a jungle out there… and vendors of commercial licensing systems have probably
already built in protection against types of attacks your developers have never even
considered.
3. When will the solution be working?
Software development projects are notoriously prone to missed delivery dates.
Commercial licensing systems are available now: tested, documented, and supported.
Have you thought about how long it will actually take to deliver the complete licensing
solution you need? This is far more than just a client library and a command-line key-
generation tool. You’ll also need some or all of the following:
______________________________________________________________________________________
Copyright Agilis Software LLC 2010 Page 2
3. - A convenient way for your operations people to issue licenses
- Tracking and reporting on licenses issued
- An easy way to upgrade licenses
- A way to audit licenses issued
- Integration with your back-office or ecommerce systems when your volumes
grow
- A secure way for people in field offices to issue licenses
- A secure way for resellers or OEM partners to issue licenses
- Documentation for the client library and license-generation system
- User-level documentation for your end customers
- Testing across a wide range of deployment scenarios
- Internal controls – who is allowed to issue licenses?
- A quick and non-intrusive end-user experience across all deployment scenarios
(onshore/offshore, connected/disconnected, single user/volume user etc.).
4. Will it support new requirements that will arise?
The technology industry stopped thinking years ago that you solve a problem once and
then you are done for all time. However if you build your own licensing tool you will
necessarily build it to support your requirements as you perceive them right now.
It is a virtual certainty that unforeseen needs will emerge: you sign up a reseller, a large
company wants floating licensing, your business environment evolves and you now want
to offer subscription licensing too, your marketing department wants to start selling
different feature packages to market segments, your competitor launches a usage-based
licensing option and your prospects start asking for a similar purchasing model, a key
customer needs you to support a new computer platform, you want to increase security as
you start selling in China, and so forth.
If you choose to build an in-house point solution you are committing to continual
development as these new requirements come up – and to diverting development
resources from your core product to tweaking the license manager.
In contrast commercial vendors have seen hundreds of licensing scenarios across many
verticals and product markets, and have built support for them into their systems. When a
new need arises, your commercial licensing system probably already supports it (if you
chose it carefully).
5. “I don’t need to focus on my core product anyway”.
As well as taking development resources away from your core product while engineers
build the initial version of a licensing tool, you are signing up to a continual drain on
development time.
______________________________________________________________________________________
Copyright Agilis Software LLC 2010 Page 3
4. Your in-house licensing tool will need ongoing maintenance and support, so you should
think now about who is going to do this – and how you will feel when a key customer is
holding up payment until you deliver a new feature in your product and the developer
you need is busy patching a security hole in the license manager.
Finally, what happens if the developer who took the lead role in building your license
tool leaves your company? You could end up with a license system you are not even able
to support. (As a vendor of licensing solutions we have had many companies come to us
with just this problem).
6. “It will be more secure if we build it ourselves, as no-one else will know how it
works”.
Some ISVs might think that their protection will be more secure if they develop it in-
house and no-one knows what system they are using.
However, as demonstrated above, commercial license management vendors are going to
know far more than your developers about how to make licensing secure – they have
years of focused experience, and their protection mechanisms have been thoroughly
tested in the field. Also, any competent licensing system will ensure only the application
vendor can issue licenses for their own product; this is a good question to confirm when
you evaluate their product.
As with anti-virus software, firewalls, and even just door locks, just because a would-be
attacker might know what protection you are using does not mean they can circumvent it.
Conclusion
A savvy software development company will consider the risks and ramifications of
building their own license manager before approving the project. As with databases,
operating systems, word processors, application servers, and much more, the commercial
solutions embody long experience, deep expertise, and extensive testing, and are ready
and supported right now, so it is increasingly hard to justify an in-house development
project in a field outside your core expertise.
Agilis Software is an infrastructure software company headquartered in Santa Clara, CA in the heart of
Silicon Valley.
We develop and market software license management solutions that are relied on by software vendors and
hardware / software systems vendors in a wide range of industries and market segments. Our solutions are
particularly suited to agile companies with complex licensing requirements.
Agilis Software LLC URL: www.agilis-sw.com
5201 Great America Parkway, Suite 320 Email: sales@agilis-sw.com
Santa Clara CA95054 Tel.: (408) 404 8480
______________________________________________________________________________________
Copyright Agilis Software LLC 2010 Page 4