Hillstone CloudEdge License Management

System (LMS)

Reshape.Security
Embrace Cyber Resilience

© 2022 Hillstone Networks | All rights reserved.

 License Management Solutions

Agenda
Back Up: LMS Interaction Process

2 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

 License Management Solutions

3 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

 Hillstone License Management Solutions
Internet Authentication Local Authentication

License Management
Cloud-based License Solution
Management Solution (physical and virtualized)

vADC vWAF vADC vWAF vADC vWAF

Public Cloud Private Cloud (Internet) Private Cloud (Intranet)

4 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Solution 1: Public Network License Management

Hillstone Networks
Deployment Scenarios
Management • Public cloud
• Private cloud with internet access

Public Network
Authentication Process
Server 1. Customer orders the license of a VNFs and gets
the license file from Hillstone
Authentication Communication 2. Customer creates an instance of VNFs, imports
and verifies the license online
3. The instance of VNFs can be deleted, re-created or
migrated without impact to license status
vWAF
Benefits
• No management device or configuration needed
• Instant authorization and authentication
• License is independent of the virtual appliance
5 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.
Public Network Authentication Process

Verification process
1. Import license, configure public network
Public Network LMS Server authentication, reboot virtual appliance
2. Verification is successful contingent on valid license
3. Verification fails, request continues; reboots 7 days
later
Connect
2 Piracy judgment process
Regular Heartbeat 1. Series number is already in use and import series
1 Verify
number authentication fails
2. 16 hours later, authentication of the virtual appliance
is categorized as piracy; restarts 7 days later
vWAF
Migration and Reinstallation
• Start new instance of a virtual product and import
current license
• The obsolete instance must be shutdown within 8
hours
6 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.
Solution 2: Private Network License Management
Deployment Scenarios
• Private cloud without internet access
• Private cloud has large-scale virtualized product
deployments and needs dedicated license
License Authorization
management solution

Authentication Process
Manage • Customer orders LMS device/vLMS and licenses of
LMS VNFs
• Import licenses of VNFs
Admin • Configures LMS server for each instance of VNFs
Verify, distribute, recycle, manage • Instances connects to LMS
• LMS distributes, configures and manages all
licenses
• Adds licenses of VNFs as necessary

vWAF
Benefits
• Quick delivery and instant authentication
• Massive deployment by batch import/ export
• Flexible license distribution and management
• Ease of use and configuration
7 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.
Private Network Authentication Process

Distribution process
1. LMS imports the license of a virtual product
2. LMS configures distribution policy
Authorization Management System 3. The instance of virtual product connects LMS
4. LMS queries useable authorization and assigns it
5. The instance of virtual product keeps session
heartbeat with LMS
Regular Heartbeat
Piracy judgment process
Connect 1. An instance of virtual product using piracy SN
2 connects LMS
1 Distribute 2. LMS makes a determination within 8 hours
vWAF 3. The instance of piracy restarts

Recycling process
1. Mark manually on management page on LMS
2. The instance of the virtual product goes offline for 7
days; the authorization is marked as idle by system

8 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Deployment Methods for Private Network

Two methods to deploy LMS

Hardware version Virtualized version

1RU hardware box with 4 management Support Openstack, Ali Cloud,
interfaces; Huawei Cloud, Tencent Cloud;

Quick delivery, easy deployment, simple Centralized cloud resource

operation; management, reduced hardware cost.

9 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Fully Visualized License Management

10 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Convenient License Management

Supports license batch import of tar files into

the LMS.

Detects license imports to prevent incorrect

import and reduce risk.

Ability to delete expired or unusable licenses.

11 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Flexible Distribution Settings, Fully Automated
Lifecycle Management
License policy can be configured based on IP
and host name to implement a targeted license
delivery.

The policy manual distribution allows you to set

the recycling time to achieve auto license
recycling.

You can set the global automatic delivery policy

to implement the default automatic delivery and
delivery type settings.

12 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Multi-dimensional Recycling Operation for Easy
Operation and Maintenance

License recycling can be performed based on

equipment and Series number.

Support automatic recycling or recycling confirming

offline setting to complete the automatic closed loop;
prevent the license from being occupied after the
device is deleted.

13 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

 Signature Database Update

Advantages:
Public Network
Server p Resolve upgrade issue of devices that cannot access the Internet
p Convenient management of multiple signature databases
Download Database File p Convenient to upgrade the signature databases of intranet devices in
batches
p View signature database information for easy troubleshooting
Administrator
p Secure connection (over HTTPS)
Import Database File
License Management
System
(LMS)

APP, IPS, AV, URL DB

vWAF
14 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.
 Pay-as-you-go (PAYG) Licensing
Key Features
• Pay-as-you-go licensing enables
billing to tenants based on the
usage
• Update credit usage daily. Monthly
and yearly summarization available
on webUI
• Configuration over WebUI or
Restful APIs
• Support HA mode
15 | See. Understand. Act.
Working Mechanism
Pay-as-you-go licensing requires:
• PAYG platform license: Activate
PAYG mode of LMS
• PAYG VNFs (CloudEdge, vADC
and vWAF) license: enable credit
calculation for a specific VNF
Platform Limitations
• Only hardware LMS support pay-
as-you-go licensing
• Can NOT support both normal and
PAYG licensing at the same time
• Both PAYG VNF license and PAYG
platform license are required
• The SN on PAYG platform license
should be the same as the SN of
LMS
© 2022 Hillstone Networks | All rights reserved.
Standard REST API for Easy Third-party
Integration

The following functions can be

CMP implemented through the cloud

platform:
REST API
License
p Automation of vFW's full lifecycle
Management management
Virtualized resources System
(LMS) p Automated license management
Create vFW License Management + Signature Database Upgrade p Automated distribution and reuse of
licenses
p Unified management platform to
simplify maintenance
vWAF

16 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Hillstone LMS Solution Highlights

• Quick license file • Distribution, recycling • Dedicated user interface

delivery and migration • Easy to deploy and
• •Instant
x license • Split one license for configure
authentication several users • Automatic recovery
• No internet access • Centralized management
dependency

Quick delivery and instant Flexible license distribution and

Ease of use and configuration
authentication management

17 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

LMS Hardware Specification

Specification LMS-30

Devices Support 1-1000

Networks Interfaces 4 GE

Dimensions (W x D x H, mm) 1U (430 X 300 X 44)

Power Supply Single, 100-240 V, 50 / 60 Hz

18 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

How to Order the Hardware-based LMS Solution

SKU Product Model SKU Description

Virtual security products’ private cloud authorization management
SG6K-LMS-30-IN LMS-30
system
Virtual security products’ private cloud authorization management
SG6K-LMS-UID-IN LMS-UID
system -user ID and authorization

• Two SKUs must be ordered simultaneously.

• A single UID is for a single client, single project only.
• Please contact your Hillstone sales representative for more details on ordering.

19 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

 Back Up: LMS Interaction Process

20 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Registration & Automatic Delivery Process

vWAF LMS
1. Register
• Configure and
connect to LMS 2. Choose authorization
• After the
connection fails,
the distribution is 3. Respond and distribute
repeated in 120-
179s. 4. Delivery success
5. Record

6. Perform restart on demand

21 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

 Manual Delivery Process

vWAF LMS
• Configure and 1. Register
connect to LMS
• After the connection
2. Configure delivery policy
fails, the distribution
is repeated in 120- 3. Deliver authorization
179s.

4. Import authorization 5. Response unreceived; redeliver again

6. Record
5. Confirm response
7. Issue restart according to judgment

22 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

 Authorization Verification Process

Authorization file imported

vWAF
LMS
• Configure and 1. Verify
connect to LMS
• After the connection 2. Determine the validity of authorization
fails, the distribution
is repeated in 10-59s.
3. Verification fails
5. Restart and delete
authorization 4. Respond
3. Verification succeeds
5. Work normally 4. Respond

23 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

Heartbeat Process

vWAF LMS
• Reconfigure the connection 1. Heartbeat
to the LMS
• Restart 2. Heartbeat is normal
• Every 8 hours after the first
connection
3. Respond

• Resend in 10-59s if no 1. Heartbeat

response

2. Reboot and delete

the license after
disconnection for 30
consecutive days.
24 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.
 Cloning Judgment Punishment Process

vWAF
LMS
• Reconfigure the 1. Verify, heartbeat
connection to the
LMS 2. Cloning judgment, no cloning
• Restart
• Every 8 hours after 3. No clone response
the first connection

2. Receive two consecutive

4. Reboot and heartbeats from the first registered
delete the 3. Clone response device by the same VSN
authorization

25 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

 Recycling Process

vWAF
LMS
3. Reboot and 1. Choose to
delete the 2. Issue recycling instruction recycle • Manual
authorization authorization configuration
• Match the auto
• Execute LMS recycling policy
instruction 4. Delete success response 5. Record
• Disconnected
LMS timeout
6. Issue the restart instruction
according to judgment

26 | See. Understand. Act. © 2022 Hillstone Networks | All rights reserved.

 +1 408 508 6750
inquiry@hillstonenet.com
5201 Great America Pkwy, #420
Santa Clara, CA 95054
www.hillstonenet.com