Internally, the Licence Server uses a pool of connection threads to accept incoming licence requests. The Licence Server and a client initially communicate using a dedicated TCP/IP port. Once the client has established a connection, the normal procedure is for it to request a list of available licences then send a request to allocate the specified licences.
The Licence Server grants the client the requested licences and the TCP/IP connection is closed to reduce network traffic. A polling UDP broadcast thread then takes over on a dedicated port to continuously confirm the connection between the Licence Server and all the clients who have been granted licences.
If a client does not respond to server broadcast messages within a specified interval (90 secs) the Licence Server will revoke the licences and make them available to another client. The client also listens for server broadcasts and will revoke its licences if it doesn't receive a broadcast message within the same interval. The client is then required to establish a new connection to the Licence Server and request the licences again.
Managing Ports
Clients always initially connect to the Licence Server using the TCP/IP port specified in the Licence Server Administrator (Default TCP/IP port: 3000). If the default port is already in use, an alternative TCP/IP port can be configured, which will also need to set for each client who will otherwise assume to use the original, default port.
NOTE: Take care to also consider suitable changes in firewall configuration on the server and clients where alternate ports to the default are being used.
Once each client has been allocated a licence it is assigned a unique UDP port for its IP address to listen for incoming messages. The Licence Server then transmits UDP messages to each client to maintain communication with the server for the lifetime of its session. The Licence Server manages the UDP Ports assigned to each client; a client may be the Licence Administrator, Impact, nServer, or the Licence Tester.
UDP Port Configuration
The first UDP port, by default, is also 3000. Depending on the number of clients connected from the same IP address to the Licence Server, the UDP port allocated may change from connection to connection.
When a client connects, the Licence Server determines if any other clients are connected from the same client IP address and assigns a unique UDP port for the client. It uses the first available UDP port starting from that specified, but not exceeding the total number of ports configured. See below for example port configurations.
The first UDP port is always the first allocated listening port for each client process on each workstation or server. This includes the Licence Server, so when it is started it always allocates the first UDP port to receive incoming UDP messages from other clients on the network. Therefore running additional clients on the same server as the Licence Server will require an additional UDP port for each.
Total UDP Ports
The total UDP ports on the Licence Server must be configured to allow for the maximum number of unique UDP ports that would be required on any single workstation or server on the network.
The total UDP ports is not a sum of required UDP ports, and it is not affected by the number of licences (CALs) installed on the Licence Server. It is only affected by the maximum number of client processes that will be connecting to your Licence Server from the workstation or server with the highest number of clients.
UDP Messages
The Licence Server process always uses the first UDP port to listen for incoming UDP messages from all clients on the network. By default, the first UDP port is 3000, so the Licence Server will always listen on port 3000 for all incoming UDP messages.
For the Licence Server to send outgoing UDP messages to each client it must know two things:-
- The IP address of workstation or server running the client process
- A unique UDP port on that workstation or server that the client process is listening on.
As each client connects the Licence Server determines if any existing client processes are running on the same workstation or server by examining the IP address and the UDP ports already in use. It then allocates an available unique UDP port for the client process to listen on.
In the simplest example (using the default port of 3000), the Licence Server will listen for incoming UDP messages on port 3000 and send outgoing UDP messages to a client process on another workstation or server using port 3000.
When you run additional client processes such as the Licence Administrator or Impact on the same workstation or server it will require an additional UDP port for each process to listen on.
Example UDP Port Configurations
All the examples given only list the unique UDP ports required for processes listening for incoming messages. The Licence Server always listens on the first UDP port configured.
- Typical Impact Installation
- Licence Server (1 UDP port) + Licence Administrator (1 UDP port) on server.
- 1 x Impact client on each physical workstation (1 UDP port)
Total (maximum) UDP ports required is (2 > 1) = 2.
- Multiple Impact Instances Installation
- Licence Server (1 UDP port) + Licence Administrator (1 UDP port) on server.
- 3 x Impact clients running on same physical workstations (3 UDP ports)
Total (maximum) UDP ports required is (3 > 2) = 3.
- nServer only Installation (same server)
- Licence Server (1 UDP port) + Licence Administrator (1 UDP port).
- 1 x nServer (1 UDP port)
Total (maximum) UDP ports required is 3.
- nServer and Impact Installation (same server)
- Licence Server (1 UDP port) + Licence Administrator (1 UDP port).
- 1 x nServer (1 UDP port)
- 1 x Impact client (1 UDP port)
Total (maximum) UDP ports required is 4.
- Multiple nServer Pools Installation
- Licence Server (1 UDP port) + Licence Administrator (1 UDP port) on server.
- 3 x nServer application pools on same server (3 UDP ports)
- 4 x nServer application pools on second server (4 UDP ports)
Total (maximum) UDP ports required is (2 + 3 > 4) = 5.
- Terminal Services Installation (Licence Server on same server)
- Licence Server (1 UDP port) + Licence Administrator (1 UDP port) on server.
- 10 x Impact clients running on Terminal Server (10 UDP ports)
Total (maximum) UDP ports required is 12.
Firewall Configuration
To configure a firewall for use with the Licence Server you need to open up a single TCP/IP port and multiple UDP Ports as per the configuration set within Licence Server Administrator.
Suitable ports exceptions need to be added on the server hosting Licence Server to allow connections to occur for the full range of TCP/IP and UDP ports configured. These rules should be enabled for both inbound and outbound traffic rules, and for each of the relevant network profiles (e.g. Domain, Private, Public). In addition, all clients that need connect to Licence Server will also need these rules.
TIP: Where the Windows Firewall is being used, often it is easier to add an "app or feature" exception to the Windows Firewall to avoid needing to manage explicit port ranges and protocols. The same technique can be applied on the server and any client. For example, on the server you may add an exception to "C:\Program Files (x86)\Arden Software Ltd\Licence Server\LicSrvr.exe" and on an Impact client "C:\Program Files (x86)\Arden Software Ltd\Impact 2022\Impact.exe".
WARNING: It may be a security risk to open the UDP port range beyond what is specifically needed, including changes to firewall settings, so only configure the number of ports needed.