zPDT license servers
Alternative zPDT® license and serial number servers that provide enterprise-wide management are available for ZD&T systems. However, the software licensing does not support the native zPDT systems.
- Due to security concerns, some PCs no longer have usable USB ports. The physical distribution of tokens might present a problem.
- Rack-mounted blade PCs might not have normal, dedicated USB ports. A token in a work location can be easily carried away.
- If multiple tokens are used, or are changed, the CP serial numbers become unpredictable. The consistency of the z Systems® serial numbers might be important for some software licenses (for z Systems software) and might be important for some z Systems operating systems.
- In some cases, especially related to cloud usage, a hardware token at any location is difficult to manage.
In a simple configuration, a local token is installed in a USB port on the base machine running zPDT. In this case (one token installed in a local USB port), the token supplies both the zPDT license and the serial number used for the z Systems CPs, assuming that the local zPDT system has never been connected to a remote Software-based License Server or server, and has never used multiple local tokens. This configuration is used by the majority of zPDT users.
Figure 1 also indicates UIM components. UIM means Unique Identification Manager; this is a function that provides a consistent z System serial number to zPDT. The UIM function can be used with remote UIM servers. In principle, these are separate servers from the license servers and might be on different Linux® PCs. In practice, the remote UIM servers are almost always installed on the same Linux PC having the remote license server. These topics assume that a UIM server is installed concurrently with an LDK-SL or SHK license server. There is also a local UIM component with operational zPDT systems (clients) not indicated in the figure.
A license server is accessed (via TCP/IP) by a client PC running zPDT and the zPDT operational license is supplied this way. The licenses needed to decrypt z/OS® IPL volumes are also provided by the server. The client machine does not have a token and does not need a USB port. A client machine must have access to the license server as long as zPDT is operational on the client. Likewise, the client machine has access to a UIM server that supplies consistent serial numbers for the z Systems CPs.
All zPDT systems have remote client functionality but, by default, it is not configured for remote operation. If a token is installed zPDT operates normally (with a local token). If a remote client function is configured, then zPDT attempts to connect to remote servers to obtain a zPDT license and serial number.
The owner of the client machine must do some minor configuration work to enable clients to use remote license servers and UIM servers; the enabling this interface differs for SHK and LDK-SL servers. Before enabling client access to a remote server the server networking environment (IP address, domain name, firewall controls, appropriate tokens for the server) must be arranged.
tokenproducts.) The LDK technology can use both
software license(denoted by LDK -SL) or new hardware tokens (denoted by LDK-HL). At the time of writing, zPDT does not use the newer hardware tokens (LDK-HL).