Skip to content

Launch Control

Overview

Launch control is a variant of Solidshield Activation with ephemeral one-time launch tokens, bound to the unique execution context variables. Launch tokens are immune to replay attacks, executing the same software twice on the same machine, will require a new unique launch token.

Use cases

Example use-cases for Launch control:

  • Licensing: bind a software to a licensing server, so it runs only if the server validates its launch.
  • Floating licenses for virtual appliances: when delivering your products as a virtual machine image, it is not possible to control how many virtual instances are running. Launch Control can cap the amount of simultaneously running instances.
  • Confidentiality shutdown for emergency situation: useful in scenarios where the physical safety of where the software runs can be compromised.

Launch control setup

  • Solidshield hosted launch control servers, requiring Internet connection
  • SolidBond dongle local USB-form factor server, secured by chain-of-trust

Supported targets

  • ELF x86-64
  • ELF x86
  • PE x86
  • PE x86-64
  • Java

Technical details

Check Custom configuration paragraph for an example.

Custom configuration

Launch Control allows specifying a configuration JSON file, so to override a few important run-time parameters. An example configuration file might be:

{
   "token-servers": ["10.155.155.1:7007"],
   "randomize-servers-list": false,
   "connection-timeout": 300,
   "connection-retries": 10
}
Property Description
token-servers An array of pairs. Protected application will attempt to connect to each server in the list, until a connection can be established.
randomize-servers-list If set to true, the list of servers will be shuffled, before starting connection attempts. This is very useful to perform client-side load-balancing, having multiple clients randomly addressing any of the available servers.
connection-timeout The amount of milliseconds to wait before quitting a connection attempt for timeout.
connection-retries How many times the list of servers will be iterated before exiting, with exit code 127.

As an example of redundant configuration, having two Launch Control servers installed on two distinct machines, identified by IP addresses 192.168.1.17 and 192.168.1.18. a working launch-config.json file would look like this:

{
   "token-servers": ["192.168.1.17:7007", "192.168.1.18:7007"],
   "randomize-servers-list": true,
   "connection-timeout": 500,
   "connection-retries": 3
}

Run-time parameters

Environment variable Description
SLD_LAUNCH_CONFIG Path pointing to the Launch Control config JSON file

Error Exit codes

Exit Code Description
126 Error parsing supplied Launch Control config JSON file.
127 Cannot connect to any Launch Control server
Last update: 2019-04-29