Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Limiting Number of Concurrent Users and Software Licensing

Posted on 2004-10-07
Medium Priority
Last Modified: 2010-05-18
I want to understand how companies who sell software licenses for a certain number of concurrent users are able to enforce the number of concurrent users. I have a Microsoft SQL Server database and a .net application that is placed on the customers servers. Thanks for you help.
Question by:jamesh1031
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
LVL 12

Expert Comment

ID: 12252722
Not terribly well in some cases. I'm not an expert in this particular issue but I have had a go at this before.

One way is to use the concept of sessions: allow only so many concurrent sessions, optionally with the added restriction of only one session per user (based on login ID) . So if a user abandons a session instead of logging out nicely then that license will be held until the session times out. For web apps this is a breeze to implement.

You need some kind of token you can map to users to represent a session. When an attempt is made to start a session, you check how many tokens you have active. When a session ends, you remove the token from your active set.  How you want to handle the same user starting up two spearate sessions is a matter of choice. Clearcase seems to treat two separate logins on the same account via the web interface as two sessions. It also seems to take about 5 minutes to timeout a session.

Either have every client-side operation check it has a valid session token before executing. You might do this at the database level if your app is such that nothing useful can be done without db access. You can add all sorts of cryptographic tricks like regenerating the session token on each call based,  using a secure hash of the time and user login data or network address.

LVL 13

Expert Comment

ID: 12255041
you can use system stores procedure called   "sp_configure" but you have to run this first

USE master
EXEC sp_configure 'show advanced option', '1'

to do it in Enterprise Manager right click on the Server > Properties > Connections

LVL 13

Assisted Solution

davidlars99 earned 800 total points
ID: 12255055
here are meannings of everything you'll see there

[Maximum concurrent user connections]
Specify the maximum concurrent user connections. Entering zero means there can be an unlimited number of concurrent user connections.

[Default connection options]
Specify the default connection options for the selected server.

[Allow other SQL Servers to connect remotely to this SQL Server using RPC]
Allow other instances of Microsoft® SQL Server™ to connect remotely to this server by using a remote procedure call (RPC).

[Query time-out (seconds)]
Specify the number of seconds that must elapse during a remote query before the query times out. Specifying zero means that an unlimited amount of time can elapse.

[Enforce distributed transactions (MTS)]
Protect a server-to-server procedure by using Microsoft Distributed Transaction Coordinator (MS DTC) to coordinate distributed transactions.

[Configured values]
View or change the configured values for the options on this tab. If you change these values, click Running values to see whether the changes have taken effect. If they have not, you must restart the instance of SQL Server for the changes to be implemented.

[Running values]
View the current running values for the options on this tab. These values are read-only.

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 34

Expert Comment

ID: 12256133
Personally, I don't think you can alter (in most cases) the maximum concurrent  user connections on the SQL Server because companies use their servers for multiple application--not just yours.

   There are different ways you can handle it though.  Like mono suggested above, you can use a token/semaphore in your application to handle it (this usually has draw backs because of computer lockups and other problems--it leaves connections marked as active when they aren't) .  I think another good option, you could implement some functionality in your application to use SP_WHO to get a list of connections active against YOUR database (it has the user, so you can get a distinct count by user and SPID)--if the count is less than their licensed number, your application continues.  if the count returns the licensed amount of connections, you popup an error message  and then stop your application.

LVL 12

Expert Comment

ID: 12256355
Possible problems with basing it on connections to the DB is that the connections don't correspond to user sessions. At any time the number of application users may be greater than the number of active connections. Also the connecting user from the DB point of view is often the same for many users. Pure connection counts could prevent a single application user e.g. a human from making several simultaneous connections, e.g. running a background report while interatively querying. Connection pooling may muddy the wters further. The core issue that worries me with the sp_who approach is the possible lack of correspondence between the concepts of 'user' from the DB point of view and from the licensed application point of view.
LVL 34

Assisted Solution

arbert earned 400 total points
ID: 12256416
"The core issue that worries me with the sp_who approach is the possible lack of correspondence between the concepts of 'user' from the DB point of view and from the licensed application point of view. "

The coders should be able to figure that one out.

 Tokens/Semaphors are tough things to implement--I remember the user counts that Novell would keep track of (or loose track of) we were always killing dead connections because a PC went down.  Of course, the open connection blocked someone that really needed to make a connection.   We've even had the same problem with MSSQL licensing going haywire once in a while.

If you really want to limit them, you tell them it's going to be named user licensing.  The install of your software at each workstation using  a key or certificate.  Only these encrypted keys/certificates will allow your application to run.  So, you sell the company the certificates and your installation program will link that key to the computer based upon a value obtained from internal hardware.  So, this makes it impossible for the company to use this software on another machine without havin the rights to do so....Another thought, Dongles are becoming strong again.  Ship a certificate on a  usb drive they plug in to make the software licensed.
LVL 12

Expert Comment

ID: 12256551
> killing dead connections
Yes that's a common problem. I see that as being a problem with connection-based methods, more than semaphore based system. A semaphore based system has to age the tokens. With a lifetime of say 5 minutes from last access, you can avoid most of the problem.

The best approach also depends on the type of licensing model you want to adopt.

I hate dongle.
I hate licenses tied to machines even more. At least I can put a dongle in my pocket.

Tying the license to specific machines is a recipe for pain. Upgrade or replace the machine and you have to go through a license migration process.

Personnally I prefer licenses to be tied to named users or concurrent users. With named users, it becomes login based so that users can access it from whatever machine they like. A concurrent users system may or may not be implementable using DB connections, depending on how users map to connections. Inthe case of web apps for example, you often use a pool of connections that do not carry any user identity info and each user will be using anyting from 0 to several connections at any one time.

But if several users sharing a single login is a possible problem (it isn't practical for users to do that in many cases) then the hardware route (dongle/machine) may be best for you.
LVL 13

Expert Comment

ID: 12258155
SQL Server does not support concurrent licensing.

I.E.  If a user accessed the machine on one machine, then moved to another machine to access the sql-server both devices need to have licenses.  Thats 1 license / machine -- requiring 2 licenses for the single user based on Device CAL Licensing, based on User Cal Licensing this only requires 1 CAL license.

If you have > 20 users it is generally accepted that this is the price of a processor license and this should be considered giving you unlimited number of users on that licensed processor.

Prehaps have a look at the common FAQs for purchasing:

Normally for web-based applications due to the unknown number of users that will be required for licenses -- just buy the processor licenses as this then gives an unlimited number of connections.
LVL 34

Expert Comment

ID: 12258592
"SQL Server does not support concurrent licensing. "

By the comment above, I assumed he was talking about the concurrent user count of his .NET application....

"SQL Server database and a .net application that is placed on the customers servers. "

Author Comment

ID: 12258651
I am only talking about how I enforce a concurrent user count of my application. I assume that many of my customers will NOT have a dedicated server just for my application.
LVL 12

Accepted Solution

monosodiumg earned 800 total points
ID: 12259095
In that case something like a table of CurrentSessions(LastAccessTime, SessionKey). Every time someone attempts to log in , remove anhy expired records (LastAccessTime older than 5 minutes ago) and count how many are left. If it's less than the limit, add the record and allow the access. If not, deny access. Everytime the user hits the DB  the client app should supply a session key which should be in the table. The key is generated on login and cached by the client app.

Author Comment

ID: 12381057
I hope this is fair. Thank you for your help.

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question