This document contains common questions and answers about the optional product access management capabilities of products in the IBM i2 Intelligence Analysis Portfolio.
Question: Which products support product access management?
- IBM i2 Analyst's Notebook
- IBM i2 Analyst's Notebook Premium
- IBM i2 iBase User and Designer
Question: How can personal computers on the network receive permits?
Answer: Depending on deployment, the following apply:
Normal connected-to-the-server use : The entitled number of permits are stored on a server at the customer premises. When a user starts a product with access management enabled, a permit is requested from the server. Based on availability, either a permit is provided or the request is rejected (because a permit is not available). When the user shuts down the product, the permit is returned to the server.
Borrowing from a server : While there is a network connection from the client computer to the server, it is also possible to borrow a permit. Permits can be borrowed for a minimum of a day and for any period up to five years. While borrowed, the permit is stored on the local computer, and is only available for use on that computer. The local computer is used in favor of attempting to gain a permit from the server. While the permit is borrowed, it is not available for use from the pool of permits on the server. This borrowed permit is usable until the day count reaches zero. When the day count reaches zero, the permit is not usable on the computer that borrowed it. The permit is made available on the server again.
Borrowing remotely : If there is no network connection, it is possible to use tools on the product distribution media to borrow a permit remotely. When borrowed, the experience is the same as for borrowing from a network. Note that for this process to work, there must be a method for exchanging text files (for example, by email or USB stick).
Question: How can I deploy permits to computers that are not connected to the network, and is it possible to limit time of usage?
Answer: The responses 'Borrowing from a server' and 'Borrowing remotely' respond to this question.
The approximate process is as follows:
- On the remote computer
- Run a command-line tool (supplied on the distribution media)
- Send the resulting text file to an administrator that has access to the server
- On the network that is connected to the permit server
- The administrator runs another tool. This tool uses the file that is generated by the remote computer to borrow the required permits for the number of days required.
- The administrator sends the resulting text file to the user of the remote computer
- On the remote computer
- Run another command-line tool to apply the permits
Question: Is it possible to hand over permits on a USB flash drive?
Answer: Yes. Remote borrowing is possible, and borrowed licenses can be transferred on a USB flash drive.
Question: What is the upgrade path for customers that use software license management (SLM)?
Answer: The old software license management and new product access management are not compatible with each other. To take advantage of product access management, customers must uninstall any existing licensing mechanism before installation. Any SLM permits become redundant and product access management permits must be requested.
Question: Can the permits be maintained on different servers?
Answer: Yes. You can maintain permits on multiple servers. A basic scenario would be to use two servers on your network to ensure that some permits are always available. You might have half of the total number of permits on each server. Under default operation, the client broadcasts a request to all servers on the network, and uses the first one to respond. It is possible to configure the client to go to a specific server, and also to configure a search order. In this situation, configure half your clients to connect to server 1 first, and half to connect to server 2 first. This configuration balances your usage over the two servers and also gives a level of backup in the event of server failure.
Question: Is a mirroring of permits on different servers possible?
Answer: No. Mirroring is not supported. An alternative might be to set the search order as detailed in the previous answer.
Question: Is it possible to place a time limit on the allocation of a permit?
Answer: It depends on the deployment:
Normal connected-to-the-server use : When a user starts the product, the computer requests a permit from the server. While the permit is allocated, that permit cannot be used by anyone else until it is returned to the pool. When the user shuts down the product, the permit is made available for use on another computer again.
Borrowing from a server & Borrowing remotely: In the 'borrowing' scenario, a permit is allocated to the computer for a time period, ranging from one day up to five years. The advice is always to set a sensible 'borrowing' period. For example, if the user is working remotely for seven days, set the period for seven days.
Question: What is the smallest time period that a permit can be allocated for?
Answer: Permits can be borrowed for a minimum of one day.
Question: What happens to a permit if the computer that contains that permit is stolen? Is it possible to retrieve the permit?
Answer: There is no specific way to "pull" a permit back to the server. Where 'connected-to-the-server' use applies, the permit is returned as soon as the program is shut down. In the 'borrowing' scenario, the recommendation is to implement sensible borrowing times. For example, if the user is working remotely for 10 days, then set the borrowing time for 10 days. If the computer is stolen after seven days, on the 10th day the permit would be automatically returned. Alternatively, you can request a replacement permit file from IBM, which would then supersede your original permit file.
Question: Can I manage permits myself?
Answer: No. IBM provides a permit file that is structured according to your needs as defined in the request form. You are not able to configure the permit file after it is delivered. If the structure changes over time, come back to IBM and request a replacement permit file.
Question: Is it possible to limit the number of permits available for checkout?
Answer: Yes. Through some implementation setup, permits can be limited. In your design, identify at least two servers:
- The first server holds most of the permits that will be allocated/available.
- The second server holds a small set of permits that are not allocated and not advertised.
Question: Is it possible to report on concurrent usage?
Answer: Each transaction that is carried out by the server is logged in the following format:
0 1 MTY1NQ== Fri Mar 12 14:42:55 2010 1268404975 ANB.main v8 0 1 0 Administrator TestBed_Shwcase 184.108.40.2060 1 - - - - - - 0 - - - MA== 655259 MTI2OTA2MDIzNA==
Question: Are the product access management capabilities deployable and supported in virtual environments?
Answer: The virtual environments that are supported for each of the products that use access management are listed in the relevant system requirements documents.
Question: We have hundreds of desktops that require product access management capabilities. Can 'push' tools be used (for example, SMS)?
Answer: Like the rest of our products that use Microsoft Installer, silent installs across a network are possible. The parameters that are used are described in the IBM i2 Product Access Management Administration Guide.
Question: Is product access management a proprietary IBM solution?
Answer: No, product access management is based on third-party technology from SafeNet inc.
Question: What operating systems are supported by the Sentinel RMS that enables product access management capabilities?
Answer: Sentinel RMS includes support for the following operating systems:
- 32-bit versions of Windows Server 2000, 2003, and 2008
- 64-bit versions of Windows Server 2003, 2008, and 2008 R2
Question: Can IBM i2 Intelligence Analysis Portfolio products at version 8.9 be installed alongside older versions of those products?
Answer: No. 8.9 products are not compatible with earlier versions.
Question: Is it possible for an administrator to control when permits are required?
Answer: Yes. When a product is installed with product access management configured, a permit is always required, and the administrator controls access to permits.
Question: When permit files are requested, what information about my network is accessible by IBM?
Answer: The lock codes that are used to identify each server are generated using the server's MAC address and disk ID. The information is encrypted with an SHA-256 algorithm. We cannot work back to the original information that generated the code.
Question: In what country are the permit files generated?
Answer: The permit files are generated in the United Kingdom, and distributed from the United Kingdom and the USA. All supported countries can use the permits that are generated.
Question: Are there plans to support product access management in the Intelligence Analysis Platform?
Answer: Not currently.
|Smarter Cities||i2 Analyst's Notebook|
|Smarter Cities||i2 Analyst's Notebook Premium|
|Smarter Cities||i2 iBase|