Wednesday, May 16, 2012

Ports for network licenses based on FlexNet

This post should cover all you need to know about FlexNet/FLEXlm ports being used by vendors like Autodesk.

Port 2080 is used for by the vendor daemon, for example adskflex.exe
Port 27000-27009 is used for the lmgrd.exe

The first lines in an FlexNet license file look like this.

SERVER LABSERVER 03D054C0149B
  USE_SERVER 
  VENDOR adskflex port=2080

LABSERVER is the host name of the server where the Network License Manager resides.

03D054C0149B is the Ethernet address/Host ID of the server where the Network License Manager resides.

adskflex is the name of the server-side vendor daemon. In this case Autodesk’s.

2080 is in this example the network port number reserved and assigned for use only by Autodesk products running the Autodesk vendor daemon. Normally there is no need to change this port.

The port lmgrd.exe uses can optionally be changed.

SERVER LABSERVER 03D054C0149B port=27000
USE_SERVER
VENDOR adskflex port=2080

It’s good practice to specify the port for the vendor daemon in the license file. Specifying a port for each vendor if multiple vendors exists on the license server will help to avoid conflicts if the license server is restarted. To keep the port fixed helps if you want to report on it using lmutil.exe or the license report solution JTB FlexReport.

If you have a firewall between the license server(s) and the client computers, you need to open some TCP/IP ports on the server for license-related communication. Open port 2080 for adskflex, and open ports 27000 through 27009 for lmgrd. If these port addresses are restricted by a router or firewall software, users on the remote side of the router will not have access to licenses controlled by the Network License Manager. The Autodesk Network License Manager needs unrestricted access to the two TCP ports used. Ping Firewall rule called "File and Printer Sharing (Echo Request - ICMPv4-In)" might need to be enabled.

When you set up clients to find network licenses it is good practice to include the port otherwise all ports between 27000 and 27009 will be tested until the license server is found and if you have many license servers this can take some time.

Bad example: ADSKFLEX_LICENSE_FILE=@server1; @server2

Good example: ADSKFLEX_LICENSE_FILE=27000@server1;27000@server2

FlexNet debug log can be used to find out what the License Manager and vendor daemon ports being used are.

According to Autodesk’s TS67745: “Note: Specifying a port outside of the 27000-27009 range should be avoided unless the vendor specifies that a particular port outside of the range should be used instead.”

But on the other hand “Do not use the default 27000 TCP port.” according to Potential Security Vulnerability in FlexNet license manager and according to FlexNet Version 11.10.1 download available “Note! For security purposes, best practice is not to use a default port for the license server. Instead, specify a port number outside of the range 27000 through 27009.”

More about Autodesk Network License Manager can be found here and if you want a solution to report on the license usage JTB FlexReport will help.

2 comments:

  1. So Autodesk is saying not to use a port outside of 27000-27009, but Flexera recommends using a port outside of 27000-27009 (?) I'm confused.

    ReplyDelete