Open the Table of Contents

Defining a Modification Product

This section is relevant only for LDK Products/Entitlements.

A Modification Product is a modified version of either a Base Product or another Modification Product. A Modification Product can contain changes such as:

1. A software upgrade
2. Varied license terms
3. Added Features
4. Removed Features
5. Changes to memory data

When you define a Modification Product, you can add/remove Features and change the license terms for each Feature in the selected Product. By default, data stored in memory segments of the original Product remain in the Modification Product. You can overwrite original data.

You can edit the properties of a Modification Product if it has not yet been included in an Entitlement.

To define a Modification Product:

1. Enter a name in the Name field (maximum length 50 characters). The name must be unique in the selected batch.
2. (Optional) To add a description to the Product, click the Add Description link. The Description field appears. In this field, you can enter text to provide additional information about the Product (maximum length 510 characters).

3. If you need to change the locking type, you must first remove all the Features from the Product Features list. Then, in the Locking Type drop-down list, select the protection level for the Product:

   1. HL—The Product can be supplied with Sentinel HL keys only.
   2. SL User mode—The Product can be supplied with stand-alone Sentinel SL keys only.
   3. SL Admin mode—The Product can be supplied with network Sentinel SL keys only.
   4. HL or SL Admin mode—The Product can be supplied with either Sentinel HL keys or Sentinel SL keys (network).
   5. HL or SL (Admin mode or User mode)—The Product can be supplied with either Sentinel HL keys or Sentinel SL keys (network or stand-alone).
      If you prefer not to specify the protection level in advance, you can assign this locking type to a Product. With this locking type, the decision on which type of Sentinel protection key is to be shipped with the Product is made when each Entitlement is processed.

   A Product that has been defined with the Sentinel HL or SL locking type is always supplied with the Sentinel SL key-level of protection, even when it is shipped with Sentinel HL keys.

4. If Sentinel SL locking type is selected, the Clone Protection drop-down list appears so that you can choose a clone protection scheme. By default, this drop-down list is visible on the user interface(Software that is protected by a Sentinel HL key is not vulnerable to machine cloning).

   Only Products that contain features will be clone protected.

   Specify the clone detection scheme from the following:

   Platform Default	The platform default clone protection schemes are decided on the basis of the version selected from the Default Clone Protection Version drop-down list available under the Administration Console.
   Advanced	Physical Machine Following clone protection schemes are available to protect against the cloning of physical machines: PMType1: This scheme uses two components to verify fingerprints: hard drive serial number and motherboard ID. PMType2: This scheme uses various components such as CPU, ethernet card, optical drive, and PCI card slot peripherals, along with the hard drive serial number and motherboard ID to verify fingerprints. This scheme provides enhanced reliability against false positive clone detection and maintains the inherent security of the scheme. PMType3: This scheme is specifically meant for Android applications. It uses three components to verify fingerprints: CPU model, CPU serial number, and internal storage serial number. PMType3 scheme is available only for SL-UserMode locking type. If you select PMType3, clone protection for virtual machines will be disabled and the value of Rehost drop-down will be Leave as it is by default. PMType4: This scheme is specifically meant for Android applications. It uses five components to verify fingerprints: CPU model, CPU serial number, internal storage serial number, Android serial number, and Android Firstboot. PMType4 allows users to reinstall licenses on Android without the need for reactivation, provided that features are licensed using Perpetual or Expiration Date license type only. This scheme is available only for the SL-UserMode locking type. If you select PMType4, clone protection for virtual machines will be disabled and the value of Rehost drop-down will be Leave as it is by default. For all new users of Sentinel EMS, PMType4 clone protection scheme will be available by default. FQDN: This scheme uses only the machine’s FQDN (Fully Qualified Domain Name) to verify fingerprints. Disable: Protection against the cloning of physical machines will be disabled. Virtual Machine Following clone protection schemes are available to protect against the cloning of virtual machines: VMType1: This scheme uses three components to verify fingerprints: Virtual MAC address, CPU characteristics, and UUID. VMType2: This scheme accesses the VM Generation ID (if available) to avoid a snapshot restore attack by preventing the VM from returning to an earlier point in time. Additionally, it provides the protection given by the VMType1 clone protection scheme. This scheme is currently available only in case of AdminMode for the Sentinel SL locking type. The scheme is supported on Windows 8, Windows 10, and Windows Server 2012 R2 with the supported versions of the following virtual machines: VMware Player, Workstation, and ESXi. Hyper-V Server Additionally, the scheme is supported on some earlier versions of Windows with Hyper-V Server if Hyper-V integration services from Windows 8 or Windows Server 2012 is installed. VMType3: This scheme is designed to provide clone protection for the Microsoft Azure virtualization platform. It ensures that a protected application in a server virtualized environment cannot be used if the license is copied from one virtual machine to another. Currently, this scheme is supported on Windows (SL-AdminMode and SL-UserMode) and Linux (SL-AdminMode) operating systems. FQDN: This scheme uses the machine’s FQDN to verify fingerprints. This scheme provides increased reliability and provides flexibility of operation in a server virtualization environment. Disable: Protection against the cloning of physical machines will be disabled.

   • See Protection Against Cloning for more information about clone protection.
   • For a more detailed description of each of the clone protection schemes see How Sentinel LDK Detects Machine Cloning.

5. If Sentinel HL locking type is selected, the following check boxes appear:

   1. Upgrade to Driverless: See Upgrading Sentinel HL keys to Driverless Configuration for details.
   2. Use Virtual Clock: If you select this option, you will be able to manage time-based licenses for Sentinel HL (Driverless Configuration) keys where no real-time clock is available. A virtual clock will be maintained in such keys.
      For Products that are licensed with Sentinel SL keys, Sentinel HL Time keys, and Sentinel HL NetTime keys, V-Clock is always available. For details, see Enabling V-Clock for Sentinel HL (Driverless Configuration) Keys.

6. Enter Ref ID 1 and Ref ID 2 if required (maximum 250 characters). You can enter information that identifies the Modification Product in a different system, for example, a Product code in your company's ERP system.
7. The Features from the Base Product are displayed in the Product Features pane. You can add additional Features or remove existing Features from the Product. as follows:
1. Click Add Features. The Add Features to Product pop-up appears.
2. Select the Features to add. Click Add Features to Product. The associated Features are displayed in the main screen.
3. To remove a Feature from the Product, click Remove in the same row. To remove multiple Features, select the check boxes and click Remove.
8. From the Excludable check box,
   1. select Can be excluded if you want to enable the order taker to exclude the Feature while generating Entitlements.
   2. select Always include if you want that the Feature should never be excluded.
9. The Features from the Base Product are displayed in the Product Features pane. For individual Features you can use the links provided in the same row. To perform an action for multiple Features at one time, select the check boxes for the Features and use the buttons provided at top-right of the pane.
   
   You can perform the following actions in this pane:
4. Add Features—To add additional Features to the Product.
5. Remove—To remove newly added Features.

   If you remove a pre-existing Feature, it will still remain as it is in the Product.

6. Modify—To change the license terms for existing Features. In the pop-up that appears modify the license terms as needed. For example, you can increase/decrease execution counts and concurrent instances. This option is not available for newly added Features. See Defining License Terms for an LDK Product for details.

   If for an existing Feature the license type is Specify at entitlement time, then use Overwrite instead of Modify to change the license terms.

   

7. Overwrite—To define fresh license terms for existing or new Features. In the pop-up that appears define the license terms. See Defining License Terms for an LDK Product for details.

   

8. Cancel—To remove these Features from the Product.
9. Leave—Leave the Feature as it is in the Product.
10. Select the Memory tab to define memory areas and write data for secure storage. (See defining new memory segment for details).
11. When you have finished defining the Product details, click:
    • Save as Draft—To save the Modification Product as Draft so that you can update its details later.
    • Save as Complete—This finalizes the Modification Product.

    The new Modification Product is displayed in the Products page just below the Base Product.