Below are additional information about Virtual License Server on top of the first VLS FAQ KB Article:
• What is VLS outbound access requirements?VLS requires communication with the PCLS (pcls.pulseone.net) on port 443 (HTTPS). The PCLS is hosted in AWS. This requires the customer to open outbound port 443 on their firewall to allow communication between VLS and PCLS.
• Can we know the IP addresses for PCLS, so that these can whitelist them on customer firewalls?PCLS is hosted in AWS, this means that the IP address of PCLS can change dynamically. This will cause some problems for customers that have restricted internet access from their networks, or only “whitelist” IP addresses for external services.
• Why does the VLS need to communicate with the PCLS?In the initial communication with PCLS, the VLS provides the auth code to the PCLS which replies with the license keys generated against that auth code. Subsequently, the VLS checks-in (heartbeats) with the PCLS every 8 hours. This allows us to monitor and prevent cloning of VLS instances.
• What happens when the license server loses connection to PCLS for more than 24 days? What’s the procedure for recovery beyond 24 days?Licensing functionality will get disabled if there is no connectivity to PCLS for more than 24 days. To reactivate VLS, customer must re-enter the authcode (it can be an existing authcode) to establish connection with PCLS. After this, license server functionality will get restored.
• Do we send any alert/notifications when VLS loses connectivity to the PCLS?VLS logs major event logs in case it is not able to connect to PCLS. PCS can be configured to send SNMP traps for major|critical log messages. This should help admin to take appropriate action.
If VLS is not able to connect to PCLS for > 24 days, VLS logs a critical event log:
Major LIC30639 2017-07-26 00:30:45 - ive - [127.0.0.1] Root::System()[] - Unable to connect with license download server pcls.pulseone.net
Major LIC30543 2017-07-26 00:30:45 - ive - [127.0.0.1] Root::System()[] - License server lowlevel
protocol error, server=pcls.pulseone.net, Code = [7] :Could not connect
• What kind of information is communicated from VLS to PCLS?As of now, VLS only reports basic information like machine ID, UUID, and MAC address. In future, we plan to piggyback on this
communication mechanism to report additional metrics for telemetry, proactive support etc.
• What if customer has a high security “dark environment” that does not allow opening ports on the firewall.We are working on plans to support such closed environments. The solution will remove the need for the VLS to communicate with PCLS. This is only to be used for mission critical dark environments and not other wise.
• Which Hypervisors are supported?As of 8.3R3, only VMWare is qualified. We will be looking to qualify additional hypervisors in the upcoming releases.
• Is vMotion supported for maintenance or load distribution etc?Yes, vMotion is qualified.
• If the customer backs up the VLS and restores the backup in case of primary VLS instance site crash etc, will that work?It should, as long as the VM IDs remain same.
