-
Title
FAQs on Quest Authentication Services (QAS/VAS) licensing -
Description
Frequently asked questions on Quest Authentication Services (QAS/VAS) licensing.
-
Resolution
How do you define a server from a licensing perspective?
A server is any Unix host - physical or virtual - where you have the QAS client package(s) installed and the QAS code being executed. For each machine QAS is installed on (and therefore presumably executes on) there needs to be a server license. All servers in an environment where some user could potentially log in, and execute QAS code, must be licensed individually. This usually corresponds to a computer object in Active Directory (AD).In a cluster situation, if multiple machines use one computer object, and they use it at the same time, they each need a license (Load balancing situation). If only one machine uses the computer object at any one time, then only one license is needed for the set of machines (failover situation).
How can I install the license?
- Through manual installation on each Unix host.
- Centrally in Active Directory through Group Policies using the QAS Group Policy (VGP) utilities.
- Licenses can be installed in the QAS Application Configuration in AD through the QAS Control Center. Licenses in the QAC will be installed automatically when they are joined to the domain.
Where is the license file manually installed on the Unix host? Any considerations?
To manually install a license file, copy the file to the /etc/opt/quest/vas/.licenses directory and ensure that the file's permissions are set to 0644.
Can I rename the license file before placing it in the /etc/opt/quest/vas/.licenses directory? Any special naming requirements?
The license file can be renamed. There are no special naming requirements.
However, do NOT modify the contents of the license file in any way, as any modifications will invalidate the license signature, and the license will then be considered invalid. When copying the license file treat it as binary, do not copy and paste.
Can I install multiple licenses?
Yes, multiple licenses can be installed in the licensing directory.
Each valid, unexpired license will be used in calculating the server limit.
What happens once we run out of machine licenses? Are subsequent machines prevented from joining the AD?
Once the licensed limit of servers is exceeded, it will not stop additional QAS clients from joining.
There is no code that attempts to determine or restrict based on Server licenses, it is a contractual limit.
Can I use a 3.0/3.5 license with 4.x?
Yes, the 3.0 & 3.5 licenses will work with version 4 of QAS, but will not work with version 5.
Can I use a 4.x license with 5.x?
No, the 4.x licenses will work with version 4 of QAS, but will not work with version 5.
Can I use a 5.x license with 6.x?
Yes, the 5.x licenses will work with version 6.x of QAS.
What will happen if no license is installed or it expires?
When no license is installed, vastool will operate correctly, but the rest of the QAS components will not work.
If all licenses expire, then vasd will exit and cease to function.
What will happen once we reach the number of user licenses?
As of QAS 4.0 there are no longer any user limits in QAS. All valid licenses allow for an unlimited number of users.
Starting from version 4.x licensing is per AD joined client, not per user.
What command can be used to determine the number of machines counting against the license?
An LDAP query can be run to find out the number of non-Windows systems. However, please note that depending on your infrastructure setup (any obsolete computer object entries in AD, any computers taken out of the infrastructure etc.), this may or may not give you an accurate picture.
/opt/quest/bin/vastool -u host/ search "(&(objectCategory=Computer)(!(operatingSystem=Windows*)))" name operatingsystem | grep operating | wc -l
Running the following will identify all the non-Windows systems being reported by your AD:
/opt/quest/bin/vastool -u host/ search "(&(objectCategory=Computer)(!(operatingSystem=Windows*)))" name operatingsystem