Page 1 HTRI HASP Manual This document is based on copyright information provided to HTRI by Aladdin Knowledge Systems. HASP
, TimeHASP
, and NetHASP
are trademarks of Aladdin Knowledge Systems. All rights reserved.
HTRI software is protected with blue or black TimeHASP devices and red NetHASP devices. TimeHASP devices protect your software investment on a standalone basis while the NetHASP devices protect software access connected on a network. Both types of devices connect to either the USB or parallel printer port and can be chained with a printer cable or protection keys from other vendors. Contents Files Distributed On Media........................................................................................................................2 HASP Installation.......................................................................................................................................2 TimeHASP Installation and Configuration.................................................................................................2 NetHASP Installation and Configuration...................................................................................................3 Windows 95/98/ME................................................................................................................................3 Windows NT/2000/XP/Vista and Windows 2003 Server.......................................................................4 Authentication and Operation....................................................................................................................4 Automatic Search Under IPX.................................................................................................................5 Automatic Search Under TCP/IP ...........................................................................................................5 Automatic Search Under NetBios..........................................................................................................5 NetHASP Custom Search......................................................................................................................5 General Custom Search Block..............................................................................................................6 Custom Search Under IPX ....................................................................................................................6 Custom Search Under TCP/IP...............................................................................................................7 Custom Search Under NetBIOS............................................................................................................7 HASP Diagnostic Utility.............................................................................................................................7 Generating a Diagnostic Report for HTRI Technical Services ..............................................................8 NetHASP Configuration Files....................................................................................................................8 Detailed Discussion of Client Configuration File (net hasp. i ni ) ........................................................8 NetHASP License Manager Configuration File ...................................................................................10 Frequently Asked Questions ...................................................................................................................12
HTRI HASP Manual January 2007 Page 2 Files Distributed On Media HTRI software distribution media include several utilities for the HASP devices. They are stored in the \ Net Di sk\ folder on the media root directory. Folder in \Net Disk\ Directory Contents NetHASP Configuration File Wizard The utility in this folder generates a client configuration file, net hasp. i ni , on computers that authenticate against a NetHASP device. Normally, the net hasp. i ni file is not required for client computers. You may need to create this file if you wish to access a specific NetHASP device or encounter problems connecting to a NetHASP device. NetHASP Device Drivers This folder includes software necessary for the device to communicate with the computer. This software is required for any computer connected to a HASP device. NetHASP Diagnostic Tools This folder includes a diagnostic tool used to troubleshoot and diagnose HASP connections. NetHASP License Managers Because the License Manager utility is necessary for network authentication, it must be installed on computers to which red NetHASP devices are connected. HASP Installation HTRI attempts to automate the installation process as much as possible. However, in some cases, manual interaction is required. TimeHASP devices require installation of the HASP device driver. The HASP device driver and license manager must be installed on any computer to which a NetHASP device is attached. TimeHASP Installation and Configuration The HTRI setup program automatically loads the latest tested device driver. However, it might be necessary to update device drivers with versions released after HTRI software is distributed or to reinstall the device driver. Obtain the latest device driver directly from Aladdin Knowledge Systems through the Internet link listed below. http://www.aladdin.co.il/support/hasp/enduser.asp The HASP device driver interfaces HASP-protected applications and the HASP. In other words, protected applications communicate with the HASP through the HASP Device Driver. The device driver is installed on computers running Windows 95/98/ME and Windows NT/2000/XP/2003/Vista through a program named HI NSTALL. EXE. Example command instructions are listed below. HTRI HASP Manual January 2007 Page 3
Command Operation HI NSTALL. EXE i Installs device driver HI NSTALL. EXE - comput er t ype=NEC i Installs device driver on older NEC computers HI NSTALL. EXE ? Views the full list of options available HI NSTALL. EXE i nf o Queries the computer for resident device driver information HI NSTALL. EXE r Removes the resident device driver HI NSTALL. EXE kp r Kills any process attached to the resident device driver and removes the resident device driver The HASP Device Driver loads dynamically under Windows 95/98/ME/2000/XP/2003/Vista if it has not been previously installed on the computer. After HASP Device Driver installation, HASP applications may require a reboot (one time only per computer). The HASP Device Driver loads dynamically as soon as the HASP is accessed following the system reboot. If installing an upgraded version of the HASP Device Driver after running a HASP-protected application, reboot the system to load the new driver version dynamically. No reboot is required if the device driver is installed or updated on systems running Windows NT4/2000/XP/2003/Vista. NetHASP Installation and Configuration NetHASP devices require installation of the device driver and license manager on computers attached to a red NetHASP device. No software installation is required on the client computers. The only software that needs to be installed on the computer acting as the network key server is the device driver and license manager. Because network configurations vary significantly from one enterprise to another and the NetHASP is typically configured on one computer in a workgroup or domain, the HTRI setup program does not automatically configure the NetHASP software. Installation and configuration of the NetHASP device is dependent on the network system. Windows 95/98/ME 1. Connect the red NetHASP device to the USB or parallel port. 2. Locate the program LMSETUP. EXE in the \Net Disk\NetHASP License Managers\Win32 folder on the distribution media. 3. Run LMSETUP. EXE. 4. Click Next at the prompt, and accept the license agreement. 5. Select the typical installation, custom installation (if you want to use command line switches), or removal of the license manager. 6. Select the installation folder and program folder for the license manager. 7. Select the option to load the device driver. HTRI HASP Manual January 2007 Page 4 Windows NT/2000/XP/Vista and Windows 2003 Server 1. Connect the red NetHASP device to the USB or parallel port. 2. Locate the program LMSETUP. EXE in the \Net Disk\NetHASP License Managers\Win32 folder on the distribution media. 3. Run LMSETUP. EXE with Administrative privileges. 4. Click Next at the prompt, and accept the license agreement. 5. You have the option to install the NetHASP License Manager as an application or a service. HTRI recommends loading the license manager as a service. 6. Select the installation folder and program folder for the license manager. 7. Select the option to load the device driver. Authentication and Operation The most critical stage in NetHASP system installation is ensuring that the NetHASP client (the station activating the protected application) finds the NetHASP License Manager. A communication session can begin only after the NetHASP License Manager is located. The NetHASP automatic search lets you connect the NetHASP, load the NetHASP License Manager, and activate the protected application, without any changes to the NetHASP system or the environment in which it is installed. Nevertheless, the search mechanism implemented by the NetHASP custom search feature allows fine-tuning of the NetHASP system with simple client-server adjustments. Both the automatic and custom mechanisms are described below. An automatic search takes place when the NetHASP client does not find a NetHASP configuration file (such as net hasp. i ni ). The NetHASP- protected application then uses the following algorithm to search for the NetHASP License Manager: Begin Detect the active communication protocols; Loop up to 3 times on the procedure below: 1. Perform a NetHASP LOGIN using the IPX protocol, allow n seconds for success; if LOGIN succeeds continue using IPX; else 2. Perform a NetHASP LOGIN using the TCP/IP protocol, allow n seconds for success; if LOGIN succeeds continue using TCP/IP; else 3. Perform a NetHASP LOGIN using the NetBIOS protocol; if LOGIN succeeds, continue using NetBIOS; else 4. Return beginning and double the value of n; If all fails after the 3 rd loop, return and log a NetHASP error.
HTRI HASP Manual January 2007 Page 5 Initially, when the NetHASP search loop begins, n =2 seconds. Before following the automatic search algorithm, the NetHASP system first checks the protocols that are installed and performs only the relevant steps. For example, if only the TCP/IP protocol is detected, only step 2 in the above algorithm is performed. It is performed up to 3 times (if needed), doubling the value of n each time. Automatic Search Under IPX Under IPX the NetHASP system uses a SAP broadcast mechanism to automate the search for the NetHASP License Manager. That is, the NetHASP client broadcasts, while all IPX active NetHASP License Managers listen. The first one to answer the client, enabling a NetHASP login, provides the NetHASP services. With the automatic search under IPX, clients and NetHASP License Managers on separate segments can communicate. Automatic Search Under TCP/IP Under TCP/IP the NetHASP system uses a UDP broadcast mechanism to automate the search for the NetHASP License Manager. That is, the NetHASP client broadcasts, while all TCP/IP active NetHASP License Managers listen. The first one to answer the client, enabling a NetHASP login, provides the NetHASP services. With the automatic search under TCP/IP, NetHASP clients cannot access NetHASP License Managers located in other subnets or on the Internet. To cross subnets/Internet, you need to customize the search mechanism. Automatic Search Under NetBios Under NetBIOS the NetHASP system does not limit the search to n seconds. The search time remains 4 to 6 seconds during each segment of the loop. determines which lana numbers (communication channels) are in operation and uses them for communication. uses the default NetHASP NetBIOS name (AladdinHaspV012.0). Under NetBIOS, the automatic search mechanism operates according to the application type running on the NetHASP client: Software searches all detected lana numbers for a NetHASP key. That is, the search does not end when a NetHASP License Manager answers, but rather when a NetHASP License Manager with the right NetHASP key answers. The Win32 NetHASP License Manager monitors all detected lana numbers. Because communicating on all detected lana numbers takes time, an attempt is made to communicate on a single lana number per iteration. If communication fails, the next iteration uses the next detected lana number. If more than three lana numbers are detected and the algorithm loop terminates its three iterations, step 3 in the algorithm repeats, using the remaining unchecked lana numbers. NetHASP Custom Search Under various environments you might want or need to customize the NetHASP search mechanism. The NetHASP configuration file (net hasp. i ni ) is read by the NetHASP client (the protected application) to customize the search mechanism. If the NetHASP client finds a local net hasp. i ni file, it reads it and uses the information. If not, an automatic search takes place. HTRI HASP Manual January 2007 Page 6 The \Net Disk\NetHASP Configuration File Wizard folder on the HTRI distribution media contains a utility, NHI NI WI Z. EXE, that steps through a series of questions to generate a base configuration file. No installation or setup is required to run the utility. The utility can be copied to a local drive and invoked, or it can be invoked from the distribution media. The NetHASP client searches for the net hasp. i ni file in the following locations: Path and filename specified by the HKLM\ SOFTWARE\ HTRI \ NETHASP- I NI - LOC registry key Executable folder Current folder (usually start directory specified in shortcut) Windows system folder Windows operating system folder Folders in %PATH% environment variable General Custom Search Block You can change the initial value of n, the first search period in the NetHASP algorithm loop, from its default value of 2 seconds. In the [ NH_COMMON] section, set NH_SESSI ON =<seconds> where <seconds>is the desired initial search period. Setting the NH_SESSI ON keyword in the [ NH_COMMON] section applies to all protocols. To set the session value for each protocol independently, set the value of NH_SESSI ON in each protocol section separately. Custom Search Under IPX The procedure for using broadcast services to locate the NetHASP is given below. 1. Load the License Manager with the - i px switch. 2. Edit the net hasp. i ni file as follows: o In the [ NH_COMMON] section, set NH_I PX =ENABLED. o In the [ NH_I PX] section, set NH_USE_BROADCAST =ENABLED. 3. Copy the file to a location accessible by the application. The procedure for instructing the client to use the address file appears below. 1. Load the License Manager with the - i pxnosap switch. 2. Edit the net hasp. i ni file as follows: o In the [ NH_COMMON] section, set NH_I PX =ENABLED. o In the [ NH_I PX] section, set NH_USE_BROADCAST =DISABLED. 3. Copy the file to a location accessible by the application. This procedure causes the client to look for the address of the computer with the License Manager in the newhaddr.dat file. Note that HTRI programs cannot use the Bindery to locate the License Manager. HTRI HASP Manual January 2007 Page 7 Custom Search Under TCP/IP NetHASP will not cross most firewalls or packet filters. To support UDP, most firewalls use packet filtering. TCP connections can be supported with either proxies or packet filtering. NetHASP uses port 475 for both TCP and UDP, and the NetHASP License Manager defaults to this port number. To configure your firewall to allow NetHASP to work, please consult your network administrator. If the client must cross subnets to contact the NetHASP key server, set up a computer with a specific IP address to act as the License Manager. 1. Load the License Manager using the - t cpi p switch. 2. Edit the net hasp. i ni file as follows: o In the [ NH_COMMON] section, set NH_TCPI P =ENABLED. o In the [ NH_TCPI P] section, set NH_TCPI P_METHOD =TCP. o In the [ NH_TCPI P] section, set NH_SERVER_ADDR =IP address of the key server. 3. Copy the file to a location accessible by the application. To use a port other than 475 for TCP/IP authentication, follow the procedure below. 1. Load the License Manager with the - t cpi p and - por t num=<port number>switch. 2. Edit the net hasp. i ni file as follows: o In the [ NH_TCPI P] section, set NH_PORT_NUMBER =<port number>. 3. Copy the file to a location accessible by the application. Custom Search Under NetBIOS The NetBEUI protocol does not cross segments. If the protected application runs in a NetBEUI environment where the NetHASP License Manager and the NetHASP clients are on separate segments, the NetHASP clients cannot find the NetHASP License Manager. In this case, you need to load the IPX/SPX compatible transport with NetBIOS and set it as the default protocol to enable the communication to cross segments. HASP Diagnostic Utility There is an optional HASP diagnostic utility that can be installed through the setup program, Di agnost i x. exe, distributed on the HTRI distribution media in the folder labeled \Net Disk\NetHASP Diagnostic Tools\DiagnostiX. This utility collects information regarding HASP authentication problems. HTRI recommends running the utility to generate a report that can be sent by email to Technical Services (Support@HTRI.net). Di agnost i x. exe is a setup program that installs the utility. The installation procedure is listed below. 1. Invoke the Di agnost i x. exe program. 2. Click Next at the Welcome dialog. 3. Specify the installation path to the utility, and click Next. HTRI HASP Manual January 2007 Page 8 4. Specify whether you wish to save files replaced during installation to a backup location. You can click Browse to specify the location where replaced files will be stored. Click Next. 5. Click Next to copy the files into the utility directory. 6. Click Finish to close the installation program. Generating a Diagnostic Report for HTRI Technical Services A diagnostic report aids in troubleshooting and resolving HASP problems. Follow the procedure below to generate and send the report to HTRI Technical Services.. 1. Install the program, Di agnost i x. exe, as described above. 2. Select Start | Programs | Aladdin | DiagnostiX | Aladdin DiagnostiX. 3. From the Edit menu, select Create Report. 4. In the subsequent dialog box, select the folder in which you want the report to be created. 5. Send the file named r epor t . zi p stored in the folder specified in step 4 to HTRI (Support@HTRI.net). NetHASP Configuration Files The NetHASP system implements two configuration files. The client configuration file, net hasp. i ni , is primarily used to direct the client to the key server. The server configration file, nhsr v. i ni , is used to configure the license manager. Detailed Discussion of Client Configuration File (nethasp.ini) The client configuration file consists of four sections as listed below. [ NH_COMMON] settings common to all protocols [ NH_I PX] settings specific to the IPX protocol [ NH_NETBI OS] settings specific to the NetBios protocol [ NH_TCPI P] settings specific to the TCP/IP protocol There is a base net hasp. i ni file in the folder labeled \Net Disk\NetHASP License Managers that includes the options that can be configured. Each line in the file begins with a semicolon (;), indicating that the line is commented and inactive. The keywords in the file are not case sensitive. A complete listing of all configuration options is listed below by section. HTRI HASP Manual January 2007 Page 9 [NH_COMMON] Keyword Possible Values Description Default NH_I PX enabled, disabled Use the IPX protocol. NH_NETBI OS enabled, disabled Use the NetBIOS protocol. NH_TCPI P enabled, disabled Use the TCP/IP protocol. NH_MACHI NE IBM, NEC Set the type of computer from which the protected application is activated. IBM NH_SESSI ON <number> Set the maximum length of time during which the protected application tries to establish communication with the NetHASP License Manager. 2 seconds NH_SEND_RCV <number> Set the maximum length of time for the NetHASP License Manager to send or receive a packet. 1 second [NH_IPX] Keyword Possible Values Description Default NH_USE_BI NDERY enabled, disabled Use IPX with bindery (ignored under Win32 API). This switch replaces the older switch named NH_USE_SAP. disabled NH_USE_BROADCAST enabled, disabled Use the IPX Broadcast mechanism. enabled NH_BC_SOCKET_NUM <number> Set the socket number for the broadcast mechanism. The number is hexadecimal. 7483H NH_USE_I NT 2F_NEW, 7A_OLD 2F_NEW means that the IPX protocol will use interrupt 2Fh ONLY. 7F_OLD means that the IPX protocol will use interrupt 7Ah ONLY. 2F_NEW NH_SERVER_NAME <name1>, <name2>,... Communicate with the NetHASP Server with the specified name. Maximum of 6 names with up to 7 case-insensitive characters each.
NH_SEARCH_METHOD localnet, internet Define whether the protected application communicates with only License Managers on the local network or with any NetHASP License Manager on the Internet. internet NH_DATFI LE_PATH <path> Specify the location of the NetHASP License Managers address file.
HTRI HASP Manual January 2007 Page 10 [NH_NETBIOS] Keyword Possible Values Description NH_NBNAME <name> Assign a name to the NetHASP License Manager. Maximum of 1 name with up to 8 case-insensitive characters. NH_USELANANUM <number> Assign a lana number to be used as a communication channel. [NH_TCPIP] Keyword Possible Values Description Default NH_SERVER_ADDR <address1>, <address2> Set IP addresses of all the NetHASP License Managers you want to search, separated by commas. Unlimited addresses and multiple lines are possible. Address format examples: 192.114.176.65 (IP address) ftp.aladdin.co.il (local hostname)
NH_SERVER_NAME <name1>, <name2>,... Communicate with the NetHASP Server with the specified name(s). Maximum of 6 names with up to 7 case-insensitive characters each.
NH_PORT_NUMBER <number> Set the TCP/IP port number (optional). 475 NH_TCPI P_METHOD TCP, UDP Send a TCP packet or a UDP packet. UDP NH_USE_BROADCAST enabled, disabled Use the UDP Broadcast mechanism. enabled NetHASP License Manager Configuration File In the NetHASP License Manager configuration file you can fine-tune settings for the NetHASP License Manager. The filename of the NetHASP License Manager configuration file is nhsr v. i ni . A copy of nhsr v. i ni is included with the HASP utilities in the folder labeled \Net Disk\NetHASP License Managers on the HTRI distribution media. Each line in the file begins with a semicolon (;), indicating that the line is commented and inactive. A complete listing of all configuration options is listed below. HTRI HASP Manual January 2007 Page 11 [NHS_SERVER] Keyword Possible Values Description Default NHS_I P_USERLI ST <number> Maximum number of concurrent logins. Maximum is 65520. 1000 NHS_I P_SERVERNAMES <servername1>, <servername2> Specify the NetHASP Server names. This should match the names clients search. Maximum of 6 names with up to 7 case-insensitive characters each.
NHS_ADAPTER_I P <IpAddr- SubMask>,<IpAddr- SubMask>,... Specify the IP address of one or more network cards to which the NetHASPLicense Manager listens. Applicable only for the Win32 License Manager. Example: 10.1.1.111-255.255.0.0
[NHS_IP] Keyword Possible Values Description Default NHS_USE_UDP enabled, disabled Use UDP. enabled NHS_USE_TCP enabled, disabled Use TCP. enabled NHS_I P_PORTNUM <number> Set the TCP/IP port number (optional). Clients must use the same port. Applicable only for the Win32 License Manager. 475 NHS_I P_LI MI T <IpAddr1>, <IpAddr2>, Specify the range of stations the NetHASP License Manager serves. Applicable for the Win16 and Win32 License Managers. Example: 10.1.1.1, 10.1.1.*, 10.1.1.9-99
HTRI HASP Manual January 2007 Page 12
Frequently Asked Questions Question: Answer: How can I determine whether a HASP Device Driver is installed on my computer? Run hi nst al l . exe / i nf o. Hi nst al l displays installation status information such as the HASP Device Driver installation date and version number. Question: Answer: Does the HASP Device Driver support bi-directional communication? Yes. The HASP Device Driver automatically recognizes the settings of the parallel port and operates accordingly. In cases where the HASP Device Driver cannot recognize the parallel port settings, you can customize the Hi nst al l utilities to instruct the HASP Device Driver to work according to the parallel port configuration. The customization is performed with the - por t mode switch. For further information about the - por t mode switch, please refer to the help file hdd.hlp stored in the folder \Net Disk\NetHASP Device Drivers on the distribution media. Question: Answer: Does the HASP Device Driver load dynamically? Yes, under Windows NT/2000/XP/2003/Vista, the HASP Device Driver loads dynamically. This means that you do not need to reboot your system after installing the driver. Under Windows 95/98/ME, the HASP Device Driver loads automatically when it has not been installed on the computer previously. Question:
Answer: Do I have to install the HASP Device Driver on each computer in my network that accesses the NetHASP key? No. The HASP Device Driver needs to be installed only on the computer that acts as the NetHASP License Manager, or on computers that use a local TimeHASP. Question: Answer: You havent answered my question! How do I get more help? Please see our website at http://www.HTRI.net for the most current support information, or alternatively, contact HTRI Technical Services at Support@HTRI.net.