This article is intended as a guide to enable automatic licensing for those who are running FME Flow in a locked down environment. If your FME Flow host machine has internet access, online licensing should just work! So please attempt requesting a license before setting up any of the specific rules listed below.
Introduction
Automatic licensing is the recommended approach for licensing FME Flow (formerly FME Server). This method will send your licensing information to Safe Software over the internet to automate the licensing installation. Currently, there is a manual method available for Standard engines but this should only be used in circumstances when no other option is available. CPU Engines require automatic licensing.
Outbound Connection Only
FME Flow licensing has been designed so that no inbound connection is required. If your FME Flow is for internal purposes only we recommend that all incoming requests are blocked to ensure maximum security.
Explicit Outbound URLs and Ports
URLs that send data
The URLs, ports, and HTTP methods that must be open for outbound requests have also been restricted. We recommended you block all other ports and HTTP methods.
https://fme-licensing.safe.com:443 - Only the GET HTTP method.
https://sns.us-east-1.amazonaws.com:443 - Only the POST HTTP method.
These first two URLs are used when you request a New License (or Refresh) from within the Web UI. When your license is configured for use with CPU Engines, FME Flow will also periodically make requests to these URLs to update Safe Software on CPU engine usage.
Data that is sent
by Request New License:
- Form Data (First Name, Last Name, Email, Company, Industry, Machine Key, Serial Number)
- IP Address
- FME Flow Version, Build, and OS
- Credit Usage for CPU Engines
by Refresh License:
- Machine Key, Serial Number
- IP Address
- FME Flow Version, Build, and OS
- Credit Usage for CPU Engines
by the automated/scheduled CPU Engine credit check:
- Credit Usage for CPU Engines
- Machine Key, Serial Number, Client ID, Locale, Number of Engines, Build
URL that doesn't send data
http://checkip.amazonaws.com - Only the GET HTTP method.
The final URL is optional (but recommended) and is used to determine the public IP address, if access is denied the public IP is set to empty. This call is only made when requesting a New License (or Refresh) from within the Web UI and is not used for ongoing communication with the backend for CPU Engine licensing. No data is sent from FME Flow to this endpoint.
Only outbound connections are required for each of these URLs; there is no requirement to open any ports or URLs for inbound connections.
Comments
0 comments
Please sign in to leave a comment.