We have a small .Net program that we sell with individual licenses. The individual licenses are enforced by registering a key file that is generated using information from the machine used to install the program (MAC address, etc.)
Now, we have a customer request for a site-wide license, such that they can deploy to as many machines on their site as possible. From the technical POV I’m not sure what are the usual approaches for this; our old approach won’t work since we can’t map the license to any machine-specific information.
Any suggestions?
A few more details:
- the program is a client-side program that includes an Office Add-In
- the machines to be installed on may or may not have internet access
- we aren’t restricted to .Net-only approaches, I’m just looking for a general idea of how this sort of thing is usually handled
Take a look at how Windows does this.
They have a volume licensing program. Basically, they ship a customer a license server and give them a key to activate the server. After that is done, the server is used to issue local keys and activate local installations that use those keys.
From here: Windows Server 2008, Volume Activation 2.0 and KMS (Key Management Server)
There are software techniques, such as a central license server – not unlike how DRM works. The best solution depends heavily on the details of your app and what your customers are willing to tolerate.
However, it seems to me that the industry standard in this area is trust your customer, and rely on contract terms to prevent illegal proliferation. In other words, issue a single license key. Then, if someone calls for support or asks for an upgrade, ask for the same license key. If a customer who isn’t supposed to have the key reports that they do, then the original customer gets some sort of penalty or bill for letting the software out of their control; the terms would be spelled out in your contract with them. Many companies seem to end up just collecting data along those lines, but never actually go as far as collecting penalties.
Another approach is that your software could ping a central server on the Internet (if it’s available), and report its license key. The server then authorizes the application to run. If the key leaks from the customer, then the old one gets invalidated, and the customer is required to update all of their existing clients.
The other approaches outlined are good if the program is expensive and you estimate the risk of piracy is moderate to high.
If this is a low-cost thing and not that likely to be broadly distributed by your licensee or their employees, the cost of implementing a license server may not be worth it. You might opt to go with an obvious notice instead indicating who the program is licensed to and what the restrictions are.
The complexity of requiring your customer to install a license server may break the deal as well. You need to balance that in along with the time/cost of implementing it.
Ideally, you should consider a licensing solution that includes product activation. That way you can issue a licence to a company, and track the usage of that particular licence.
The licensing solution you choose should also support dynamic licence configuration, so that if you suspect fraud you can disable a licence (or particular features on it) and that change will take effect immediately upon all installed clients.
Finally, the licence should be uniquely identifiable, so that if you discover it’s been released into the wild, you can simply disable it and issue your customer with a new one.
Disclaimer & plug: the company I co-founded produces the OffByZero Cobalt turnkey licensing solution for .NET, which does all of the above and more.
The best way to do this is to deploy a license server on any one machine on the customer’s network. Your software will then contact the license server (every time at startup or just once as part of activation) to retrieve a license for use.
Check out our CryptoLicensing which supports a ready-made customer-deployed license server which requires no config by the customer - he just has to run a single exe file.