Can the network license manager be configured to work inside a firewall?

74 Ansichten (letzte 30 Tage)
Is it possible to have the network license manager running inside a firewall with client machines outside of the firewall?

Akzeptierte Antwort

MathWorks Support Team
MathWorks Support Team am 4 Mär. 2019
It should be possible to run the network license manager inside a firewall with MATLAB clients outside of the firewall, however the MathWorks has not officially tested the full-time use of the network license manager through a firewall. Thus this configuration is not fully supported.
The network license manager operates using two TCP ports. In order to use a firewall with FLEXnet, you will need to configure your license to use static ports and then open these in the firewall. To do so, follow the steps below:
The first port the license manager uses is specified as the last argument of the SERVER line in the license file. This port is used for the initial connection to the license server. For example this line below:
SERVER license-server-1 0011aabbcc22 27000
shows that the license manager is using port 27000. If you do not have a port number on the end of this line, you will need to specify a port. By default MathWorks uses port 27000 upon installation, however you can specify any open port on the machine.
To verify which ports are in use on your system, you can use the "netstat" utility. This utility is called from the DOS prompt for Windows, or through a terminal window on Linux/Unix/Mac. To use the utility, execute the following command:
netstat -a -p tcp
The other license manager port is specified in DAEMON line of the license file. By default, the vendor DAEMON (MLM) uses a random open port. In order to use a firewall, you must specify an open port on your system for MLM. This specification is done in the license file by adding the flag 'port=' to the end of the DAEMON line. For example:
DAEMON MLM "C:\Program Files\etc\win32\mlm.exe" port=1711
In this example, MLM is tied to port 1711. Again, this must be a free port on the machine. If a port number which is already in use is chosen, a "port in use" error message will be generated when the license manager is restarted.
If you changed the ports, you will need to restart the license manager for the changes to take effect. Once the license manager is started successfully with the changes, you will need to open the ports in the firewall. Once open, you should be able to check out a license through a firewall.
NOTE: If client machines have a firewall, you will need to open the two ports on the client firewall as well.
  4 Kommentare
Walter Roberson
Walter Roberson am 2 Nov. 2022
TCP sockets can be configured as either of two different ways.
The default easier way is that the receiving socket can be configured to not accept additional connections if the desired port is in use. This is relatively easy to program the servers, as they know that there can only be one connection at a time.
The other way is that the receiving socket can be configured to "reuse" socket connections. There is a useful discussion of that at https://lwn.net/Articles/542629/
That discussion mentions a standard practice of having a single listening process that tells the connection which port to use, with the requester going back and forming a new connection to the port it was told. That is (or at least was) the configuration used by RDP services on Unix systems: you connect to the RDP server, ask for a service, it creates a process and tells you which port the service is listening on, and you drop the connection to the RDP server and connect to the port you were told.
At the moment, I do not recall how MLM is configured. As you noted, it would not generally need to hold the connection open. On the other hand, the license manager has to be able to handle hundreds or thousands of people all using the software at the same time, with initial licenses connections and with requests to be allocated toolbox licenses, and with checks to see if the license is still valid... so I don't think the license manager could really afford to hold on to the single port. My vague recollection from many years ago is that it allocates a port for each connection, but I am not at all certain about that after all of these years.
Walter Roberson
Walter Roberson am 2 Nov. 2022
https://www.ibm.com/support/pages/how-serve-license-key-client-machines-through-firewall contains useful information. The places that ibmratl daemon are mentioned correspond to the MLM daemon.

Melden Sie sich an, um zu kommentieren.

Weitere Antworten (0)

Kategorien

Mehr zu Manage Products finden Sie in Help Center und File Exchange

Tags

Noch keine Tags eingegeben.

Produkte

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by