Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!mit-eddie!apollo!molson From: molson@apollo.COM (Margaret Olson) Newsgroups: comp.sys.apollo Subject: NLS servers Message-ID: <4014e53a.1837d@apollo.COM> Date: 5 Dec 88 23:13:00 GMT Reply-To: molson@apollo.com Organization: Apollo Computer, Chelmsford, MA Lines: 44 Folks, There have been some questions in the group about why application licenses are locked to NLS servers. I'll try to explain the tradeoffs we faced and why we picked to do things the way we did. In designing the license server, we had the following concerns: -scalability -availability -response time -security If licenses could be freely moved from one server to another there would be no real security in the network licensing system: users could just move licenses from one server to another, and then restart the original server from the original database (or passwords). This would allow the unscrupulous to increase the number of licenses at will. In order to provide adequate security AND moveable licenses, you need strongly consistent replicated databases. Licenses would be locked to a *group* of replicated servers, rather than to one server. Although this would provide continued service in the unlikely event that a server fails, it has serious problems. First of all, no operation on the server could occur without the notification of all of the other servers. This would be quite expensive. Secondly, in the event of a network partition replicas in the minority partition would have to shut down. You could solve this problem by having several sets of replicated servers, but then you just have essentially the same arrangement that NLS has now - staticly paritioned licenses. In the end, we felt that replicated servers would solve a problem that occurs very rarely (failed disks) and was not worth the runtime expense. Replicated servers do nothing to solve the problems of network partitions, which in a large network are quite frequent. By the way, in the unlikely event that a server node dies, I believe that your service rep can move the nodeid prom to a new machine. This will allow you to move your license database to this new machine. Since the prom can only be in one place at a time, there is no security hole here. Margaret Olson Apollo R & D molson@apollo.com