• No results found

Junos Pulse Secure Access Service

N/A
N/A
Protected

Academic year: 2021

Share "Junos Pulse Secure Access Service"

Copied!
40
0
0

Loading.... (view fulltext now)

Full text

(1)

Junos Pulse Secure Access Service

License Management Guide

Release

7.1

(2)

Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain.

This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

This product includes software developed by Maker Communications, Inc., copyright © 1996, 1997, Maker Communications, Inc.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Junos Pulse Secure Access Service Administration Guide

Revision History

January 2011—Integrate Version 7.1 new features

The information in this document is current as of the date on the title page.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at

http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.

(3)

Abbreviated Table of Contents

About This Guide . . . xi

Part 1

License Management

Chapter 1 License Server and License Client Overview . . . 3 Chapter 2 License Overview . . . 9 Chapter 3 Configuring License Servers and License Clients . . . 13

Part 2

Disabled Features

Appendix A Disabled Features . . . 21

Part 3

Index

(4)
(5)

Table of Contents

About This Guide . . . xi

Audience . . . xi

Document Conventions . . . xi

Documentation . . . xii

Obtaining Documentation . . . xii

Documentation Feedback . . . xii

Requesting Technical Support . . . xii

Self-Help Online Tools and Resources . . . xii

Opening a Case with JTAC . . . xiii

Part 1

License Management

Chapter 1 License Server and License Client Overview . . . 3

About License Management . . . 3

About License Servers . . . 4

Disabled Features . . . 4

About License Clients . . . 5

Leasing Licenses . . . 5

About Auto-Leasing . . . 5

Updating Client Configuration . . . 6

Surrendering Licenses . . . 6

Recalling Licenses . . . 7

Automated Downloading of License Keys . . . 7

Importing and Exporting Configuration Files . . . 8

Licensing Virtual Appliances . . . 8

Chapter 2 License Overview . . . 9

About Subscription Licenses . . . 9

Available Subscription Licenses . . . 9

Capacity-Derived Licenses and Client Platform Compatibility . . . 10

About License Allocations . . . 11

About Cluster Licenses . . . 11

Chapter 3 Configuring License Servers and License Clients . . . 13

Configuring a Device as a License Server . . . 13

Configuring a Device as a License Client . . . 15

Configuring the Automated Downloading of License Keys . . . 17

(6)

Part 2

Disabled Features

Appendix A Disabled Features . . . 21

Disabled Features on a License Server . . . 21

Part 3

Index

(7)

List of Figures

Part 1

License Management

Chapter 3 Configuring License Servers and License Clients . . . 13

Figure 1: Configured License Server With No Clients . . . 14

Figure 2: Available Counts Are Updated As Clients Are Configure . . . 15

Figure 3: Client Window After Installing Member License . . . 16

Figure 4: Surrendered Licenses On A Client . . . 18

(8)
(9)

List of Tables

About This Guide . . . xi

(10)
(11)

About This Guide

• Audience on page xi

• Document Conventions on page xi

• Documentation on page xii

• Obtaining Documentation on page xii

• Documentation Feedback on page xii

• Requesting Technical Support on page xii

Audience

This guide is designed for network administrators who are configuring and maintaining a Juniper Networks SA Series device. To use this guide, you need a broad understanding of networks in general and the Internet in particular, networking principles, and network configuration. Any detailed discussion of these concepts is beyond the scope of this guide.

Document Conventions

Table 1 on page xidefines notice icons used in this guide.

Table 1: Notice Icons

Description Meaning

Icon

Indicates important features or instructions. Informational note

Indicates a situation that might result in loss of data or hardware damage. Caution

Alerts you to the risk of personal injury or death. Warning

Alerts you to the risk of personal injury from a laser. Laser warning

(12)

Documentation

For a list of related SA documentation, seehttp://www.juniper.net/support/products/sa/. If the information in the latest SA Release Notes differs from the information in the documentation, follow the SA Release Notes.

Obtaining Documentation

To obtain the most current version of all Juniper Networks technical documentation, see the products documentation page on the Juniper Networks web site at

http://www.juniper.net/techpubs.

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to

techpubs-comments@juniper.net, or fill out the documentation feedback form at https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include the following information with your comments:

• Document name • Page number

• Software release version

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies, review theJTAC User Guidelocated at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf. • Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:

(13)

• Find CSC offerings:http://www.juniper.net/customers/support/ • Search for known bugs:http://www2.juniper.net/kb/

• Find product documentation:http://www.juniper.net/techpubs/

• Find solutions and answer questions using our Knowledge Base:http://kb.juniper.net/ • Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications: https://www.juniper.net/alerts/

• Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/

• Open a case online in the CSC Case Management tool:http://www.juniper.net/cm/ To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

• Use the Case Management tool in the CSC athttp://www.juniper.net/cm/. • Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). For international or direct-dial options in countries without toll-free numbers, see http://www.juniper.net/support/requesting-support.html.

(14)
(15)

PART 1

License Management

• License Server and License Client Overview on page 3

• License Overview on page 9

(16)
(17)

CHAPTER 1

License Server and License Client

Overview

• About License Management on page 3

• About License Servers on page 4

• About License Clients on page 5

• About Auto-Leasing on page 5

• Updating Client Configuration on page 6

• Importing and Exporting Configuration Files on page 8

• Licensing Virtual Appliances on page 8

About License Management

Junos Pulse Secure Access Service software and Junos Pulse Access Control Service software include a license management system that lets you configure an SA Series SSL VPN Appliance, or a Junos Pulse Gateway as a license server to allow administrators to view all configured systems and move those licenses as needed. Other SA Series SSL VPN Appliances or IC Series devices on the network lease licenses from the central license server. Unused licenses are returned to the license server which can lease them out to other devices that need more capacity.

When configuring a device as a license server, that device functions only as a license server and several SA Series features are disabled.

Related Documentation

About License Servers on page 4

• About License Clients on page 5

• About Auto-Leasing on page 5

• About Subscription Licenses on page 9

• About License Allocations on page 11

(18)

About License Servers

The license server software can be run on any SAx000 or SAx500 appliances installed with SA Series 7.0 and later software, and has the license server license. Once you install the license server license, that appliance ceases to be anything except a license server; it will no longer accept end-user client connections. You can configure more than one license server, however each client can be associated with only one license server. A device cannot be both a license server and a license client at the same time.

NOTE: For MAG Series Junos Pulse Gateways, you must use the Secure Access Service personality and Secure Access release 7.1 or later as the license server.

Note the following about license servers:

• Only administrators can log in to a license server.

• Virtual appliances can not be configured as license servers. • A license server can not lease licenses from another license server.

• The license server manages and leases licenses associated with a user count, such as basic concurrent user licenses, EES (webroot), PRM (shavlik) and RDP (remote desktop) licenses.

• Once the license server key is applied, that device ceases to be anything but a license server. It will no longer accept client connections.

• License servers must have either an ACCESS-LICENSE-SVR or an

ACCESS-SUB-SVR-ZYR license (for example, ACCESS-SUB-SVR-1YR) in order to be recognized as a license server. If you are using SA Series 7.0 software you must use ACCESS-SUB-SVR-ZYR. If you are using SA Series 7.1 software you can use either ACCESS-LICENSE-SVR or ACCESS-SUB-SVR-ZYR.

Disabled Features

Only administrators can log in to an SA Series SSL VPN Appliance or IC Series device configured as a license server. An error message is displayed to non-administrator users attempting to log in to the license server. All existing end-user sessions are terminated when an SA Series SSL VPN Appliance or IC Series device is configured as a license server. Some SA Series and UAC features and windows are disabled on a license server. Related

Documentation

About License Management on page 3

(19)

About License Clients

Clients are configured as to which license server to communicate with. The client then requests the licenses (over SSL) that are allocated to it.

Clients must have a license member license to connect to the server. For example, SA2500-LICENSE-MBR, IC4000-LICENSE-MBR.

Leasing Licenses

If the concurrent user count is greater than its leased license limit, a license client requests the license server to increase its capacity until the maximum lease limit (MUC) is met. When the number of concurrent user drops, the client relinquishes the leases it no longer needs. When the license server receives a license lease requests, it first verifies that the client has been allocated the licenses it is requesting. The license server then checks that it has sufficient licenses before granting the request.

Reserved licenses are leased for 5 days at a time. Incremental leases are leased from a configurable time of 24 hours to a maximum of 10 days. Clients can renew their licenses at any time before the lease expires. The reply sent by the license server includes a new lease expiration date which is the minimum of the current time plus the incremental lease time and the license allocation expiration date. If a client does not renew a license before the lease expires, the license server reclaims the license. The renewal interval can be 4 hours to a maximum of 24 hours.

A minimum lease interval of 24 hours is built-in. Once a client acquires an incremental license lease, it is kept for at least 24 hours even if the load diminishes on the client.

NOTE: For IVS, license leasing is applicable to only the root IVS.

Related Documentation

About License Management on page 3

About Auto-Leasing

If a license client is unable to contact the license server because of network interruptions or license server maintenance, the license client can still increase its user count lease with the auto leasing feature.

Auto leasing is automatically enabled when the license server has at least 30% of the unallocated maximum capacity of all clients available. For example, suppose two clients are configured as follows:

client 1: reserved=200, maximum=600, leased=300 client 2: reserved=200, maximum=800, leased=600

(20)

licenses available. If the server has an ACCESS-1000U-1YR license, then auto leasing is disabled because 1000-900 is less than the 150 minimum license requirement. If the server has an ACCESS-2000U-1YR license, then auto leasing is enabled because 2000-900 is more than the 150 minimum license requirement.

During any one continuous disconnected state, auto leasing at a client can be used for only a 24-hour period starting from the time when the request is made.

The auto leasing feature is automatically disabled if the client is unable to communicate with the license server for more than 5 days. The cluster lease leader performs the auto-increments for all connected cluster nodes.

When connection to the license server is re-established, “normal” leasing rules are in effect. If license are available at the server, the client can request additional licenses. If licenses are not available at the server, any incremental licenses obtained at the client through the auto leasing feature are dropped immediately.

NOTE: Auto leasing works only with subscription licenses.

Related Documentation

About License Management on page 3

Updating Client Configuration

You can change a client configuration (at the license server) at any time. This change is communicated to the client the next time it contacts the license server for the next renewal. You can also click thePull State from Serverbutton in the client’s admin console to register any changes immediately.

If you reduce the maximum user count (MUC) value for a feature at a client, the current leased count is reduced immediately without waiting for the client to contact the server. An increase to the reserved user count (RUC) or MUC value does not impact the current leased count until after the client contacts the license server. If you remove all licenses leased to a client, those licenses are available immediately at the license server.

Surrendering Licenses

An administrator can surrender permanent user count licenses installed on a client to a license server so that they can be shared by other appliances of the same family. When surrendering licenses, the entire license is removed; you can not surrender portions of a license. You surrender a license only to the license server to which the client is registered. Once a license is surrendered, the license server can treat the licenses as if they were installed directly on the server.

(21)

NOTE: You can surrender only permanent licenses and concurrent user licenses. You can not surrender feature licenses (for example, SAx000-IVS, ICx000-OAC-ADD-UAC), cluster licenses (for example, SAx000-CL-100U) and duration-based licenses (for example, ACCESS-1000U-1YR,

SAx000-LAB) licenses.

Surrendered licenses have a duration of 5 days. The client automatically contacts the license server every 4 hours to extend the transfer by resetting the expiration date. If the client loses communication with the server for more than 5 days, the server can no longer lease these licenses. However, these licenses are not automatically returned to the client; they are returned only with the recall function.

In a cluster, each node surrenders and recalls its licenses independently of the other nodes. There is no concept of a surrender leader. However, an administrator can log in to a cluster node and surrender or recall licenses for that node or any node within that cluster.

Recalling Licenses

An administrator can recall licenses surrendered to a license server at any time. The recall operation can be done only at the client where the licenses were surrendered. Recalled licenses are available immediately at the client regardless of whether the client can communicate with the license server. If the license server/client communication is down at the time of the recall, the client continues to contact the license server. When communication is again established, the server stops leasing those licenses. If the license server had already leased those licenses at the time of the recall operation, those leased licenses are valid at those clients only for the next 5 days. The license server does not recall the licenses it already granted.

Automated Downloading of License Keys

Administrators are given the option to automatically download license keys from the Juniper Networks LMS server using the Download and Install button on the Download Licenses page. This feature is applicable for all license keys (subscription-based, capacity-based, and so forth.) Communication is done via https.

The automated download process uses the following schedule for contacting the LMS server:

• Once every 3 months if there are no expiring licenses.

• Once a month if a license is expiring within the next 3 months • Once a week if a license is expiring within the next 2 weeks

• Once a day if a license grace period is expiring within the next week

(22)

• Configuring the Automated Downloading of License Keys on page 17

Importing and Exporting Configuration Files

License information will not be imported when importing a configuration file containing the new license scheme on a device running software prior to Secure Access 7.0 or UAC 4.0. Devices will continue to run with their current license scheme.

Existing permanent licenses are overwritten for devices running Secure Access 7.0 (and later) and UAC 4.0 (and later) and importing configuration files containing the new license scheme. Time-based licenses are merged with the licenses in the imported configuration file.

Related Documentation

About License Management on page 3

Licensing Virtual Appliances

Virtual appliances do not allow licenses to be installed directly on them. As such, virtual appliances can be only license clients and not license servers.

Related Documentation

(23)

CHAPTER 2

License Overview

• About Subscription Licenses on page 9

• Capacity-Derived Licenses and Client Platform Compatibility on page 10

• About License Allocations on page 11

• About Cluster Licenses on page 11

About Subscription Licenses

Subscription licenses and renewal licenses (identified by a -R appended to the license name) have a start and end date embedded within them. Customers initially purchase a subscription license that is valid until a specified date. When the license expiration date nears, customers can renew their licenses.

When the license is installed, the start and end date are interpreted relative to the local time and time zone on the machine. The start date begins at 12:00 am; the end date ends at midnight of the end date (12:00 am of the following day). If the start date is in the future, the subscription or renewal license is not activated till the start date. A renewal license is automatically activated only if there is a corresponding expired subscription license in the license server.

A subscription license can only be renewed by a corresponding renewal license and a renewal can be activated only by the expiration of a corresponding subscription license.

Available Subscription Licenses

The following subscription licenses are available (X and Z will be replaced by the appropriate number of user and/or year count):

• ACCESS-EES-XU-ZYR—Enhanced endpoint security • ACCESS-RDP-XU-ZYR—Embedded RDP applet • ACCESS-XU-ZYR—Concurrent user count subscription

(24)

NOTE: With SA Series 7.1 software, you can use either the

ACCESS-LICENSE-SVR or the ACCESS-SUB-SVR-ZYR to identify a license server. With SA Series 7.0 software, you must use the

ACCESS-SUB-SVR-ZYR.

For MAG Series Junos Pulse Gateways, you must use the Secure Access Service personality as the license server.

Both capacity-based licenses (such as ACCESS-EES) and time-base licenses (such as ACCESS-SUB) stack. For example:

• If you purchase two ACCESS-ES-10K-1YR licenses, they stack to 20K for 1 year. • If you purchase both a one ACCESS-10K-1YR license and one ACCESS-ESS-10K-2YR

license, they stack for 20K for 1 year and 10K for the second year.

• If you purchase both an ACCESS-SUB-SVR-1YR and an ACCESS-SUB-SVR-2YR licenses, they stack to a three year license.

Note the following:

• ACCESS-SUB-SVR licenses have a maximum of 3 years. LMS will reject requests that stack ACCESS-SUB-SVR licenses to more than 3 years.

• Renewal licenses must match the license being renewed. For example, if your ACCESS-ESS-10K-1YR licenses is about to expire, you can only renew another ACCESS-ESS-10K-1YR license. You can not renew it as an ACCESS-ESS-10K-2YR license.

Related Documentation

About License Management on page 3

Capacity-Derived Licenses and Client Platform Compatibility

Capacity derived licenses can be leased only to the same platform family (x000,x500). For example, an IC4000-ADD-100E capacity derived license can be leased to an SA6000 but not to an IC4500. Capacity derived from an ACCESSX500-AD-1000U license can be leased to anyx500 device.

NOTE: x500 licenses cannot be directly installed onto an x600 license server

and vice versa.

Non-platform or non-family-specific licenses can be leased to any platform. For example, capacity derived from an ACCESS-1000U-1YR license can be leased to any SA or IC device.

(25)

About License Allocations

Before a device can lease licenses from the license server, you must first allocate licenses to that particular device. License allocation information consists of the following: • License client ID—You must assign a unique ID to each license client to identify that

client. The client identifies itself with the license server using the client ID. • User count license properties:

• Reserved user count (RUC)—The number of user count licenses reserved for this client. A license leased to this client can not be less than the RUC number.

• Maximum user count (MUC)—The maximum number of user count licenses this client is allowed to request. This number must be greater than or equal to the RUC. Requests for licenses greater than the RUC are granted only if the license server has additional licenses available at the time of the request.

• Incremental Lease Quantum (ILQ)—Clients can request an increase or decrease its user count lease only in multiples of this number. The incremental lease quantum must be at least 25 unless the difference between the MUC and the RUC is less than 25. The incremental lease quantum must also be at least 10% of the difference between the MUC and the RUC. This restriction eases excessive protocol traffic. • Expiration date—The date when the client configuration expires. When the client

configuration expires, the server no longer accepts lease requests from the client. You can use this, for example, to define a 2 year service to a customer.

As you allocate licenses, the license server does not allow the sum total of the reserved user count to exceed the total license count installed on the license server.

Related Documentation

About License Management on page 3

About Cluster Licenses

The licenser server can lease licenses to both standalone clients and clustered clients. Note the following for leasing licenses to clustered clients:

• Only one cluster member, identified by the SA Series or UAC software, makes lease requests on behalf of all cluster members. This member can query, renew, and increment licenses for other cluster members when the members are connected to the cluster.

• Each cluster member participating in license leasing must have the -LICENSE-MBR license installed.

When setting up the cluster license information, it is not necessary to enter the cluster configuration at the license server. This information is retrieved dynamically as each

(26)

The initial communication between the cluster to the license server retrieves the reserved counts for all cluster members registered with the license server. Incremental requests are the sum of all members in the cluster that are not at their maximum configured capacity.

For example, suppose a cluster has 2 nodes configured as follows: node 1: reserved=50, maximum=100, incremental=10

node 2: reserved=50, maximum=100, incremental=10

The initial query retrieves 50+50=100 licenses. Each incremental lease request increments the current lease by 10+10=20 licenses up to a maximum of 100+100=200 licenses. Related

Documentation

(27)

CHAPTER 3

Configuring License Servers and License

Clients

• Configuring a Device as a License Server on page 13

• Configuring a Device as a License Client on page 15

• Configuring the Automated Downloading of License Keys on page 17

• Surrendering and Recalling Licenses on page 17

Configuring a Device as a License Server

The following outlines the steps to configuring a device as a license server. These steps assume that you have already performed the license key generation and activation steps outlined in theSecure Access Administration GuideandUnified Access Controller Administration Guide.

NOTE: For MAG Series Junos Pulse Gateways, you must use the Secure Access Service personality as the license server.

After you download or receive your license keys by using email:

1. In the admin console, chooseSystem > Configuration > Licensing > Licensing Summary.

2. Click on the license agreement link. Read the license agreement and, if you agree to the terms, continue to the next step.

3. Enter your license key(s) and clickAdd. 4. Click theConfigure Clientstab.

5. Select theEnable Licensing servercheckbox.

6. (optional) ClickAdvanced Settingsand enter the following values: • Incremental Lease Duration

(28)

An example is shown inFigure 1 on page 14.

Figure 1: Configured License Server With No Clients

Then:

1. In the admin console of the license server, chooseSystem > Configuration > Licensing > Configure Clients.

2. ClickNew Client.

3. Enter the Client ID. The ID is defined on the client device under System > Configuration > Licensing > Configure Server.

4. Enter the client password and confirm it. The password is defined on the client device under System > Configuration > Licensing > Configure Server.

5. (optional) Enter the client configuration expiration date. 6. Select the client’s platform from the list.

7. For each feature you want to lease to this client, enter:

• Reserved Count— the number of licenses to reserve for this client. The reserve count must be less than the available amount displayed.

• Incremental Count— the incremental number of licenses to grant when the client requests more licenses. If the number of licenses on the client plus this incremental value is greater than the maximum count, no additional licenses are granted. • Maximum Count— the maximum number of licenses a client can receive for this

(29)

Available counts are updated as you configure the client. For example, seeFigure 2 on page 15.

8. ClickSave Changes.

The License clients table displays the client information you entered. If the client is a member of a cluster, the cluster name is also displayed after the client contacts the server.

Figure 2: Available Counts Are Updated As Clients Are Configure

Related Documentation

Configuring a Device as a License Client on page 15

• Configuring the Automated Downloading of License Keys on page 17

• Disabled Features on a License Server on page 21

Configuring a Device as a License Client

These steps assume that you have already performed the license key generation and activation steps outlined in theSecure Access Administration GuideandUnified Access Controller Administration Guide.

After you download or receive your license keys by using email:

1. In the admin console, chooseSystem > Configuration > Licensing > Licensing Summary.

2. Click on the license agreement link. Under Installed License Details, read the license agreement and, if you agree to the terms, continue to the next step.

3. Enter your license key(s) and clickAdd. 4. ClickSave Changes.

(30)

Figure 3: Client Window After Installing Member License

To configure this SA Series SSL VPN Appliance as a license server client:

1. Enter the name of the license server. You can specify the IP address or hostname. 2. Enter a unique ID for this client. This ID is used to communicate and verify this client

with the license server.

IDs can contain alphanumeric characters. There is no restriction on the number of characters.

You will need to enter this ID on the license server when adding clients. 3. Enter and confirm a password for this client.

You will need to enter this password on the license server when adding clients. 4. Select the network to communicate with the license server from the Preferred Network

menu.

If the preferred network is configured correctly and enabled, it is used. Otherwise, the internal network is used.

5. Select theVerify SSL Certificatecheckbox if you want the client to verify the server’s SSL certificate when establishing communication with it.

If this client is part of a cluster, you can change configuration information for this node or any node within the same cluster by selecting the node name from the pull-down menu. You can also selectEnter clusterto update general cluster configuration information.

Related Documentation

Surrendering and Recalling Licenses on page 17

(31)

Configuring the Automated Downloading of License Keys

To configure the SA Series SSL VPN Appliance or IC Series device for automated query and downloading of license keys from the Juniper Networks LMS system:

1. In the admin console, chooseSystem > Configuration > Licensing > Download Licenses.

2. Select the preferred network to communicate with the Juniper Networks LMS system. 3. SelectEnabledif you want to automate the downloading of license keys.

4. ClickSave Changes.

You can, at any time, clickDownload and Installto immediately query the Juniper Networks LMS server and download updated license keys.

Related Documentation

Configuring a Device as a License Server on page 13

• Configuring a Device as a License Client on page 15

Surrendering and Recalling Licenses

Surrendering and recalling licenses can be done only at the license client. You can surrender only installed user count licenses.

To surrender user count licenses:

1. In the admin console, chooseSystem > Configuration > Licensing > License Summary. 2. Under Installed License Details, select the checkbox next to the license you want to

surrender and clickDelete.

The Installed License Details table displays the license as being surrendered along with the date it was surrendered. When the client has successfully communicated the surrender status to the server, the License Summary page on the license server displays the surrendered license and the client that surrendered the license.

(32)

Figure 4: Surrendered Licenses On A Client

Figure 5: Surrendered Licenses On A License Server

To recall user count licenses:

1. In the admin console, chooseSystem > Configuration > Licensing > License Summary. 2. Under Installed License Details, select the checkbox next to the license you want to

recall and clickRecall.

Related Documentation

(33)

PART 2

Disabled Features

• Disabled Features on page 21

(34)
(35)

APPENDIX A

Disabled Features

• Disabled Features on a License Server on page 21

Disabled Features on a License Server

The following windows and features are disabled in the administrator console when a device is configured as a license server:

• System > Status> Meeting Schedule • System > Status > Virtual Desktop Sessions • System > Configuration > Secure Meeting

• System > Configuration > User Record Synchronization • System > Configuration > Sensors

• System > Configuration > Virtual Desktops • System > Configuration > NCP

• System > Network > Network Connect • System > Clustering

• System > Virtual Systems • System > IF-MAP Federation • System > Log/Monitoring > Sensors • System > Log/Monitoring > User Access • System > Log/Monitoring > Client Logs • Maintenance > Push Config

• Maintenance > Troubleshooting > Monitoring > Cluster • Maintenance > Troubleshooting > User Session • Maintenance > Archiving > Secure Meetings

(36)

In addition, the following services are halted on the license server: • Mail proxy services

• Meeting processes • Agentman daemon • Federation server • Federation client

(37)

PART 3

Index

(38)
(39)

Index

A

allocating licenses...11

C

configuring license client...15 license server...13

customer support...xii

contacting JTAC...xii

D

documentation comments on...xii

downloading licenses automatically...7

E

exporting licenses...8

I

importing licenses...8 incremental count...14

L

license recalling...17 surrendering...17 license client configuring...15 license clients about...5 license key...5 license server configuring...13 disabled features...4, 21 license servers about...4 hardware...4 license key...4 capacity-derived...10 downloading automatically...7 configuring...17

importing and exporting...8

leasing...5 recalling...7 subscription-based...9 surrendering...6 virtual appliances...8 with clusters...11

M

manuals comments on...xii

maximum count...14

R

recalling licenses...7

reserved count...14

S

support, technicalSeetechnical support surrendering licenses...6

T

technical support contacting JTAC...xii

V

verify SSL certificate...16

(40)

Figure

Table 1 on page xi defines notice icons used in this guide.
Figure 1: Configured License Server With No Clients
Figure 2: Available Counts Are Updated As Clients Are Configure
Figure 3: Client Window After Installing Member License
+2

References

Related documents

For cases where it is not possible for the client computer to connect to the network where a license server resides, it is still possible to check-out a concurrent license using

If the concurrent user count is greater than its leased license limit, a license client requests the license server to increase its capacity until the maximum lease limit (MUC) is

 When the root node of the tree or of any of the three sub-trees is selected, the four lists will display all of the installed network licenses, profiles, VAR license as well as

• Client Access Licenses (CALs): To access the Lync Server 2013 services, a Client Access License is required.. Three CALs are available for

- Open the License Manager and Click Options >> Enterprise License Server… - On the Primary Server, the Host Name / IP Address must be 127.0.0.1. - On a Client or

Findings that both indicate higher social anxiety with higher media consumption (unauthentic and authentic) may be related to the finding of a positive correlation between

In 2006, the regrowth rate was significantly affected by month and the interaction of month x species x height, but it was not affected by the interactions of month x species and

Cisco License Manager is a secure client/server-based application to manage Cisco IOS Software activation and license management for a wide range of Cisco platforms running Cisco