Switching to CodeMeter
When you are a newcomer to software licensing, you have the great opportunity to design the perfect solution for your needs from the ground up. However, many developers have been using some form of software protection for many years already, be it our own legacy product WibuKey, a solution from a competitor, or even a custom technology made by themselves. When thinking about switching to CodeMeter, one question will be on their minds: “What about the old licenses?”
Knowing Your Requirements
One important criterion before making the switch is knowing your requirements.
Security is a key pillar in this respect: How important is it for you to protect your software against reverse engineering? How important is copy protection?
Another key principle to consider is the integration of licensing in your established processes: Does it matter whether the processes are the same for all products? Do you have to be able to create new licenses for older versions of your products?
The third and equally important criterion is the budget you have available.
Picking the Right Migration Scenario
Once you know your requirements and priorities, you need to find the right migration scenario for your needs. A popular strategy for moving forward from this point is to allow a transition period in which parts of the old system continue to be used, while the installed CodeMeter base is slowly expanded until it is ready for a complete switch-over in the second phase. Another strategy is to migrate individual products to CodeMeter, while the bulk follows later.
We will take a look at typical scenarios:
CodeMeter Binding Extension
With CodeMeter Binding Extension, you can bind a software-based CmActLicense to an old dongle or other device. This puts the entire CodeMeter functionality at your disposal without having to replace dongles or retrofit older machines. Existing users can keep their old devices, but new clients receive a CmDongle or CmActLicense.
You can also start to use CodeMeter License Central immediately and optimize your license creation and management processes. You can use CodeMeter Protection Suite, but without the added benefit of being able – at least not without major limitations – to lock down licenses with traps in your code.
In this scenario, the strength of your copy protection depends on your old protection hardware’s ability to provide a securely readable and unique ID. CodeMeter 6.30 introduced the option of linking a CmActLicense with a specified device. Your user can have several CmActLicenses on his hardware at the same time. All CmActLicenses whose assigned devices are connected are activated and can be used immediately; any CmActLicenses on devices that are not connected at the time will be locked and not available.
The disadvantage of this scenario is that it puts considerable limitations on new license management features, such as the ability to migrate or return licenses.
CodeMeter Runtime Extension
Version 6.40 expanded the CodeMeter Binding Extension to become the CodeMeter Runtime Extension. In addition to binding licenses to a named device, license data can also now be stored on the device (if sufficient storage space is available). This gives even legacy devices a complete “CodeMeter make-over”.
The CmActLicense automatically appears when the device is connected and disappears when the device is removed. Depending on the memory, licenses can now also be returned or transferred, and traps can be integrated.
Two Protection APIs
In the old system, you only used the API of the dongle in question. A common strategy is to continue to use the old integration in parallel with the CodeMeter API for a transition period of two to three years. In this period, you start distributing CodeMeter, but continue to use it in the same way as your old system, before making the complete switch after the time has elapsed.
The transition period keeps the number of dongles you need to replace to a minimum; customers who have bought your product in the last two or three years already have CodeMeter on board. Full-scale replacements are only required for older clients with active maintenance contracts.
This solution is cost-efficient and enables a smooth switch-over. Its disadvantage is that you can only start using the full capabilities of CodeMeter Protection Suite and CodeMeter License Central after you make the final transition. You will only benefit from the added security and uniform processes after that point.
Any protection against illegal copies can only be as strong as its weakest link, which often turns out to be the API of the legacy dongle.
Two Protection APIs and Protection Only License
A protection only license allows you to benefit from the stronger security of CodeMeter Protection Suite even while you are still using two separate protection APIs. Unfortunately, this does not yet include the use of traps, which are a key component of our Blurry Box technology.
A protection only license is a CmActLicense that is not bound to a specific device. You simply distribute it alongside your software and install it automatically with your installer. It gives you a type of basic license that is available on any computer and that you can use to encrypt your software with CodeMeter Protection Suite. This safeguards your software against reverse engineering.
CodeMeter as a Secure ID
This is a popular scenario for transitioning from an existing complex licensing system to CodeMeter. CodeMeter, usually in the form of a CmDongle, is integrated into the existing system and used as a secure binding property. The old system continues in use for a period of two or three years. After that point, your installed base of CodeMeter-equipped systems is so broad that you can begin a replacement of the remaining older devices. In this scenario, the user can use older versions as well after that point, because they had been fitted with CodeMeter in the transition period.
Parallel New Devices
A very simple, but drastic scenario would be a “cut-off”. In this scenario, you distribute all new licenses with CodeMeter, and older software continues to be used with the older licenses only. The process is very simple, and CodeMeter Protection Suite and CodeMeter License Central can be used in full for the newer software.
Clients with existing maintenance contracts would now have a new and an old license and can use these separately on two computers at the same time. This means that a decision needs to be made as to whether the risk of having duplicate licenses at the time of the release outweighs the ease of the process.
This scenario is particularly common when the transition goes from a software-based license to a dongle or vice versa. In such cases, the decision is explicitly between the mobility of the dongle and the easier activation of a software license without additional hardware, which makes it harder to argue for both mechanisms at the same time.
The strongest, but admittedly most costly solution is to replace all protection devices with CmDongles. They offer the strongest protection, because all capabilities of CodeMeter Protection Suite are immediately available for your use. It also includes all CodeMeter features, such as CodeMeter License Central or the ability to return, migrate, or borrow licenses.
By contrast to the previous scenario, in which the old license stayed with the user, the old dongle or activation is returned or voided in the field. This takes away the ability to duplicate licenses, but it also stops the user from using the old version of the licensed software. Whether this is possible depends on the terms and conditions for the software in question; traffic control software, for instance, needs to be able to run legacy versions as well for auditing reasons, which run-of-the-mill office applications usually do not need.
Patching Older Versions
A patch is required to prepare older versions for CodeMeter. This can be a simple or a complex process, depending on how the old protections are integrated. One popular route is to move all protection queries into a dedicated DLL. This is not an ideal solution in terms of security, but it offers the optimum scenario for patches. All that is needed is to modify the old DLL to return the right responses for new CodeMeter compatibility licenses.
This patch allows older versions to continue to be used, even if the older device does not exist anymore or has been voided by you. The user can continue to use his software, but needs a CmDongle that is licensed for the new version as well. In practice, this means that he cannot operate two versions of the software on two different computers at the same time.
There is no one-size-fits-all solution for switching to CodeMeter when a licensing system is already in place: depending on your specific needs, the transition process will differ from case to case. Our Professional Services team is available to help and advise you for preparing and making the transition to CodeMeter.
KEYnote 32 – Edition Fall 2016