Community Forums
Results 1 to 5 of 5

Thread: Checking out licenses from vendor deamon tcp port

  1. #1
    Join Date
    Jul 2018
    Posts
    3

    Checking out licenses from vendor deamon tcp port

    I'm running lmgrd and a vendor daemon and can check out licenses from a tcp port specified on SERVER line (e.g. 27000).
    But I can also check out licenses from vendor tcp port which is chosen by OS by default on starting the license daemon.
    Here a question. Is this an expected behavior?
    If it is an expected one then can we avoid this feature rather than closing the port by firewall?
    The version is Windows v11.13.

  2. #2
    Join Date
    Mar 2018
    Posts
    28

    lmgrd is nothing but a communication traffic manager

    Hi,

    lmgrd - the license manager as the name indicates has a major purpose to manage the license communication (along with other as well). When a client sends the communication handshake to lmgrd, in response lmgrd asks the client to try on another port to fetch the license (i.e. the VD port). Now in your case, you are directly accessing the VD port, hence the lmgrd channel is given a pass and checkout succeeds.

    This is an expected observation. Could you elaborate on what you meant by "If it is an expected one then can we avoid this feature rather than closing the port by firewall?"

    Regards,
    Abhay

  3. #3
    Join Date
    Jul 2018
    Posts
    3

    Firewall should allow both the SERVER and VD port

    Hi Abhay,

    Thanks for the replay. I understand that it is an expected behavior.

    > Could you elaborate on what you meant by "If it is an expected one then can we avoid this feature rather than closing the port by firewall?"

    I have been assuming that user should checkout from tcp port on specified in SERVER line and the VD port is just for inter daemon communication.
    So I wanted to avoid user from checking out via the VD port for security point of view.
    But now it sounds making no sense to close the VD port because user client eventually checkouts from the VD port.
    Then I have to keep opening the two SERVER and VD port, correct?

  4. #4
    Join Date
    Mar 2018
    Posts
    28
    That's absolutely correct.

    For security reasons (from direct attack on VD), lmgrd kind of acts like the cover unit, hence it is in best practice to keep both the ports open. And also share only the lmgrd port to the end users to connect and fetch the licenses.

    Regards,
    Abhay

  5. #5
    Join Date
    Jul 2018
    Posts
    3
    Thanks a lot for the quick response. I understood

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •