How do I implement license management for on-site installation of webapps (preferably cross-platform)?

Question

I have a web application running on a Gentoo-based LAMP stack. My customers buy the software as a service and I host everything. However, there is some demand for on-site deployment inside the clients' own networks.

Currently, because I host the system, there is no built-in license management in the app. I bill based on user accounts and data capacity (it's a processing and analysis app for metering data) and I just set up whatever the client pays for and the client can't setup those things himself. Even without on-site installation, that should be changed for better scalability anyway.

I am looking for a license managment framework and/or typical approaches that you have implemented yourselves or have seen to work well elsewhere. My requirements are:

• "safe enough" rather than "military grade"
• very much non-obtrusive
• prevent the owner of a license from running the system in multiple plants when he has only licensed one
• make the number of user accounts and the data capacity both reasonably tamper-proof and easy to up- / downgrade
• work without an Internet connection (having a completely self-contained system would be the main point of opting for the on-site solution), though it might be acceptable if there has to be a temporary connection during installation

For some of the on-site scenarios, there would be a requirement for some particular OS, typically some version of Windows Server, but various Linux distros are getting more popular as well, especially in the public sector.

From a user's point of view, I am quite satisfied with the license management in FogBugz, it seems Joel Spolsky is satisfied with it from a vendor's point of view, and it is cross-platform, so it would make a great reference of what I'm aiming at.

Answer 1

I am sure you can get to the serial number of the cpu on most os's; you could use that, after all if they transplant the cpu its safe to assume that the old machine would no longer be in use?

Secondly a web service could be used to find out the current data capacity and what the client has paid for.

Answer 2

I've seen one company that deploys their on-site web system using a pre-built linux VM image. Clients run it under VMWare and you don't need to worry about the actual OS on the client systems is. Plus they don't provide logins for the actual linux system running the web server, so the end users can't actually get in and modify anything.

I'm not sure how they handle the licensing limits, but they are in there. It might be a case of providing an updated VM image whenever a client requests more user licenses.

Although this doesn't directly address the need to prevent multiple instances running. I guess you could always do some sort of activation key system based on the system configuration.

Answer 3

Don't. Every hour that you spend writing a license key system is an hour that you are not spending fixing bugs or adding features. By writing a license management system, you are spending resources in order to reduce the value of your product!

Copyright your code, have a lawyer and be ready to prosecute anyone who violates your copyright, and call it a day.