[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-discuss] Possible to uniquely identify KVM guests?
|
From: |
Jakob Bohm |
|
Subject: |
Re: [Qemu-discuss] Possible to uniquely identify KVM guests? |
|
Date: |
Thu, 16 Apr 2015 15:53:13 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
On 16/04/2015 13:45, Caspar Smit wrote:
Hi All,
I searched the mailinglist archives for an answer but couldn't find
any so I hope this question wasn't asked already.
I'm looking for a way to uniquely identify a KVM guest on different
hosts (to prevent running a single license multiple times).
For instance I have a Windows 7 KVM Guest running an application which
requires a license. Once the license is installed it is possible to
clone the VM to a different identical host (keeping all UUID's and MAC
adresses of the vNIC the same) and the license still works because
there is no difference.
Is there a way to distinguish clones of the same VM from inside the
Windows Guest? Maybe some unique Registry key?
Kind regards and thanks in advance,
Caspar Smit
Sounds like you are the one writing the license enforcing
code, sosome people around here will refuse to help on
principle.
However, as a more pragmatic person, I can offer these
tidbits ofhelp:
1. The Windows Registry is just some files on the disk
and won'tidentify cloning (except as a side effect
of other code detectingit somehow.
2. Cloning the MAC address while staying on the same
(virtual)network segment is going to cause severe
communicationsproblems, so is less likely to be
practical. But people mightwork around this by
placing each clone behind its own NATrouter, each
giving it the same RFC1918 IPv4 address, while
letting an outer NAT router map all these clones
to the samepublic IPv4 address. This will be
less workable for IPv6,IPXand other non-NAT
protocols. It would also limit the boxesability
to communicate with each otherdirectly.
3. It is potentially possible that someof the
virtualizationspecific CPUID or virtio interfaces
will provide some perinstance identifiers, but it
is also likely that those maychange when doing a
virtual power off/on (i.e. stopping andstarting
the qemu process itself).
4. If your license checking code is talking to one
of youroutside servers anyway, it could itself
change a uniquevaluestored inside the virtual
machine (on disk or registry)each time it does
that, and your server could then objectif the
unique values start deviating in ways that cannot
be explained by snapshot rollbacks/ restores of
computerbackups.
5. If your license checking code is not phoning
home (whichis the morally right thing to avoid),
but is talking toother locally networked copies
of your software, youcould try to detect if two
licensed copies with the samepermanent unique
install time ID (randomly generated during
installation or license issuance) start directly
orindirectly talking to each other.
6. If your license checking code and the application
beinglicense checked is not networked at all, then
the taskbecomes near impossible, and you will have
to rely onhuman/legal means of preventing bad
behavior.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded