Using xGT on a custom server

If installed as a Red Hat package, the xgtd server binaries are encrypted using the Sentinel Rights Management System (RMS) and require a license or connection to a license server to run. Before xgtd can be unencrypted, however, the lsinit binary must be run, which intializes persistant storage utilized by the licensing API. lsinit must be run with root access.

xgtd can obtain a license by either acquiring a license local to where xgtd is being run, or from a separate license server that is connected via a subnet.

Standalone license

To run xgtd with a standalone license, the environment variable LSHOST must be set as follows:

LSHOST = NO-NET

By default the license file must be in the same folder as the xgtd binaries and named 'lservrc'. If the license file is not in the same folder, or has a different name, the LSERVRC environment variable must be set as such:

LSERVRC = /path/to/license/file

Network license

If xgtd is being run with a network license, a host must be running the Sentinel RMS license server application named lserv64 in the xgtd install directory. Information on the license server application can be found here: Sentinel RMS License Manager Documentation.

The license server uses UDP (User Datagram Protocol) and defaults to the network port 5093. From Gemalto's documentation, the license manager uses port numbers 5093 and 5099. If they are blocked by a firewall this may result in unexpected behavior. The license manager uses port 5093 for transferring data between the License Manager and the client, and this port can be changed using the -port command line option when launching the license manager.

To run the license server, the lserv64 binary must be run with root access, and the licenses to be served should be either in the same folder as the license server executable or specified using the -s command line variable. For example:

sudo lserv64 -s /path/to/license/file

Further license server configuration options can be found here: Sentinel RMS License Manager Options Documentation.

To obtain a license from a license manager, the client containing the encrypted xgtd binary must set the LSHOST variable to the hostname of the host running the license manager.

Obtaining a code for hardware-locked licenses

If xgtd is to be run with a hardware-locked license, the license must be generated using hardware information from either the system where the standalone license is to be used or the system where the license server is to be run. To generate this hardware code, use the echoid64 program located in the xgtd install directory. The emitted hardware code can be changed to use different criteria based on the values described in the echoid.dat file located in the same directory.