Up to now our floating license management has been based around the following components:
the license server manager, lmadmin, provided by Flexera
the vendor daemon, hexrays, provided by Hex-Rays
As of the IDA Pro new release (9.0) and its new licensing model these have been replaced by:
The Hex-Rays License Server, and
lsadm command line tool
Both components are provided by Hex-Rays.
Server setup
Two binaries and processes: lmadmin or lmdrd server + hexrays vendor daemon
Single binary (license_server)
Ports required
Two ports required, plaintext communication
Single TCP port, communication protected by TLS
OS supported
Server available for Windows, Linux, or macOS x64. Manual service configuration on Linux.
Server available for Linux x64 only. Automatic configuration of systemd service at install time.
Moving from the 8.4 to the 9.0 license server management infrastructure is really easy:
First make sure that you have the license server admin guide at hand.
Follow the installation steps (section 2 of the admin guide).
Install an IDA 9.0 instance and test your installation by trying to connect to the license server, to select a license, borrow and finally return it.
You are now ready to switch.
Since an 8.4 client will not be able to connect to the new license server (and a 9.0 client won't be able to connect to the 8.4 license server), you should make sure that all users are using the new clients which are configured with the correct server and port. If your workflow requires using 8.4, you can keep the old server running until all users have switched to the new IDA version. Then you can stop and decommission the old server.
This manual describes the installation, management, and interaction with a Hex-Rays License Server deployment. It is primarily intended for administrators, and will focus on the setup and management of the Hex-Rays License Server.
While we will (at least superficially) make use of the command-line client used to access/manage the server, this manual will not offer a detailed explanation of its usage: there is a dedicated document for that (the lsadm user manual).
The first step is to install the Hex-Rays License Server, which is the central component of the deployment. It is recommended to have the lsadm user manual ready before proceeding.
After your purchase of a Hex-Rays product with floating licenses, go to the customer portal, where you will find:
an installer for the Hex-Rays License Server
the installer for the product you have purchased
a license_server.hexlic will be available after License Server activation, under Licenses tab
All those will be necessary, so please go ahead and download them.
You will also need root access on the host where you will be installing the server.
This chapter explains how to install the Hex-Rays License Server.
The command-line client lsadm is bundled with the Hex-Rays License Server installer. To install both Hex-Rays License Server and lsadm, simply run the installer and follow the instructions.
Every Hex-Rays product using floating licenses, such as IDA, is also a client of Hex-Rays License Server. For installation instructions for these products, please refer to their documentation.
The Hex-Rays License Server can be installed on x64 Linux servers. We have tested it on Debian and Ubuntu, but other major flavors of Linux should be fine too.
To install the server, run the Hex-Rays License Server installer as root and follow the instructions (the server will not require root permissions; only the installer does.)
If your Linux system is based on systemd (e.g., Debian/Ubuntu, Red-Hat, CentOS, ...), it is recommended to let the installer create systemd units so that the server will start automatically at the next reboot.
In order for the Hex-Rays License Server license to be activated, it must be bound to a Host ID (an Ethernet MAC address.) From a command prompt, run /sbin/ifconfig, and lookup the "ether" address for the network interface through which the server will be accessible.
In this case, our MAC address is: bf:e2:91:10:58:d2
Go to Hex-Rays customer portal and activate your license for license server. During that process, you will need to provide the MAC address of the device where the license server will be running. Once the activation is complete, you'll be able to download the following files:
license server certificate bundle
license_server.hexlic (license key)
Those need to be copied in the Hex-Rays License Server installation directory. As root:
At this point, the server should be ready to run.
If your system is already in production, skip this section. Using the --recreate-schema option as in the example below, will re-create an empty database.
On the first install, you will need to initialize the database the server will use:
Testing the server
Now that the server is installed and has a database to work with, we can test that it works:
Good, the server appears to run! If you are observing more worrying messages than this one, please refer to the troubleshooting section.
At this point, you may want to either let the server run, or stop it (Ctrl+C will do) and restart it using systemd:
...and make sure it runs:
If you don't see a running license_server process, please refer to the systemd diagnostic tools (e.g., journalctl) for more info.
This chapter explains in detail how to perform regular administrator tasks.
Currently, there is no dedicated procedure to back up the Hex-Rays License Server database. It can be done by temporarily stopping the Hex-Rays License Server and making a copy of the sqlite3 database. The server must be stopped only during the backup of the sqlite3 database and then can be immediately restarted.
Alternatively, it is possible to use sqlite3 backup functionality to make a backup of the database.
Switching to the newest versions of the Hex-Rays License Server is recommended in order for the team to benefit from its improvements and new features.
The upgrade procedure consists of the following steps:
stopping the server. E.g., sudo systemctl stop hexlicsrv if you are using systemd to manage the server.
performing a backup of the database
putting the new server instead of the old one
restarting the server. E.g., sudo systemctl start hexlicsrv
This chapter explains how to solve typical problems with the Hex-Rays License Server.
By default, the Hex-Rays License Server listens on the TCP port 65434 on all interfaces. Please ensure that this port is enabled in your firewalls.
The Hex-Rays License Server uses secure TLS connections with the clients. The TLS layer requires the certificate (.crt) and private key (.key) files. Usually, they are attached to the email message with the activation information.
The following files shouldn't be readable by everyone on the system, but only by root and hexlicsrv:
hexlicsrv.conf: this file file holds the connection string to the database the server will use, and might contain credentials.
hexlicsrv.crt: the certificate chain
hexlicsrv.key: the private key file
licensesrv.hexlic: the license file
As a precaution, the Hex-Rays License Server will refuse to start if these files are readable by unauthorized users.
Please make sure they:
have hexlicsrv:hexlicsrv ownership: chown hexlicsrv:hexlicsrv hexlicsrv.crt hexlicsrv.key licensesrv.hexlic hexlicsrv.conf
are not world-accessible: chmod 640 hexlicsrv.crt hexlicsrv.key licensesrv.hexlic hexlicsrv.conf
The licensesrv.hexlic file is tied to the MAC address of the first network interface. If they do not match, the server will not start. To change the MAC address, please contact support
There are no special precautions to take: restoring the sqlite3 database from a backup should be enough.