Protecting containerized applications is similar in many ways to non-containerized applications. The major difference is that, in most cases, there is no reliable way to uniquely identify an instance. And even if it would be possible to identify them, it might not be desirable since oftentimes containers spin up and down very frequently.

More specifically, the challenge from a software licensing perspective is to prevent end users from exceeding the maximum number of concurrent instances.

We will cover the offline use-case in this blog, but you can also watch the following video:

Solution

The general solution to restrict the number of concurrent users is to use a floating license model (allows to restrict how many instances can run concurrently) and generate a random identifier upon application start (i.e. not relying on any OS information).

If your clients will have an internet connection, your application can call the Cryptolens API directly as described here. In this case, Cryptolens will be responsible for keeping track of all active instances.

If your clients will be offline, they can install a local license server that will keep track of all instances. A tutorial on how it can be setup can be found here.

If you would have any questions or need advice on how to protect containerized applications, please reach out to us at support@cryptolens.io.