Hibernating Rhinos Ltd
Oren Eini l CEO l Mobile: + 972-52-548-6969
Office: +972-4-622-7811 l Fax: +972-153-4-622-7811
Hi,
we're considering integrating RavenDB into our customer's application. The only real option for us would be to run it embedded within the context of our other services (we cannot deploy or maintain independent servers).
This makes the ISV licensing pretty much the only viable option, however I've got a few questions before heading further down this path:
- Can an ISV embedded license expire and what effects would this have on the servers in production?
- This is less about what happens if we don't renew the license - but rather about if we would have to deploy a new license to all instances in time (which might be next to impossible in our specific case)
- What options do we have available to secure access to the embedded server?
- I ask because we might run RavenDB in a CQRS setup, where we might split writing (from event sourced projections) and reading into separate services. I.e. we might need to connect other processes to the embedded instance
- From what I can tell, I could use UseEmbeddedHttpServer and connect from the other processes, but we still would have to restrict access to the other service user.
- Can we manage the authorisation/authentication at runtime from code? How does this affect access through the embedded document store directly (i.e. is it connecting as the windows user that the embedded service is running as)?
- In short: I'm afraid that I might lock us out of the embedded instance, if we restrict access to a specific user or group and later change membership of the service that is hosting the embedded instance.
- We don't really control this environment (i.e. operations is outside of our control)
--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You cannot deploy new instances to production with an expired license.Existing instances will continue to work, and by default, will fetch the new license from the license server automatically.
Note that when using the embedded option, there is no security, and you can modify the authentication directly.
Hibernating Rhinos Ltd
Oren Eini l CEO l Mobile: + 972-52-548-6969
Office: +972-4-622-7811 l Fax: +972-153-4-622-7811
You cannot deploy new instances to production with an expired license.Existing instances will continue to work, and by default, will fetch the new license from the license server automatically.
Do the ISV embedded instances need an internet connection? Or what do you mean with license server?
Also, what exactly do you mean with deploy? For example, I'd like to embed Raven into a Windows Service. This service might get restarted sometimes...
Note that when using the embedded option, there is no security, and you can modify the authentication directly.
I'm only considering ISV embedded at this point. So you're saying that it is not designed with any authentication and I could not (reasonably) connect to it from another process?
Hibernating Rhinos Ltd
Oren Eini l CEO l Mobile: + 972-52-548-6969
Office: +972-4-622-7811 l Fax: +972-153-4-622-7811
--
Hibernating Rhinos Ltd
Oren Eini l CEO l Mobile: + 972-52-548-6969
Office: +972-4-622-7811 l Fax: +972-153-4-622-7811
I'm sorry but I don't follow?
I thought the ISV Server is more like the regular RavenDB server?
How does the online activation work? Is that something that we have to host, or is the license checked against your servers?
The license is otherwise just a file, or a configuration setting (which can be set through the application configuration file), correct?
The file/string license has an expiration baked into it?
Consider the following scenarios:
We distributed the application, which was built with a license that expires in 1 month. This application went through tests in a plant and will be deployed for the first time.
Scenario 1: The installation and start of the service happens while the included license is still valid. This should work fine, even if the plant is currently offline? Any further updates, even from expired licenses, should work, as long as the database still exists (i.e. backups are even more important)?
Scenario 2: The actual deployment to production happens just as the license expires (or maybe they rolled back to an older version which has an expired license). We extended the licensing however for yet another year but have not yet built and delivered a new version. What happens now?
Scenario 3: A new deployment is added on the same server for a new tenant. This causes a new database to be installed - so this is similar to Scenario 2.
Hibernating Rhinos Ltd
Oren Eini l CEO l Mobile: + 972-52-548-6969
Office: +972-4-622-7811 l Fax: +972-153-4-622-7811
Thank you for your help so far :)
I still don't fully understand how the license can be verified online.
I assume that the online license check is made based on the license that the server has available locally. This should pass, even if the local license expired - i.e. the online license verification knows that license X expired, but that it has been renewed as license Y?
I mean there has to be some benefit from online license checks in comparison to checking the license file locally.
In short: an embedded server with a local but expired license would still start (initial start), if it can connect online and the license has been renewed?
Also, when I said "server" in Scenario 3, I meant "machine". I.e. we actually end up deploying the application multiple times on the same machine. We separate tenants on the process and filesystem level.
For example, we might have "ApplicationServer tenantA" and "ApplicationServer tenantB" services running (each having their own embedded Raven instance).