In modern enterprises and networks, software is regularly being provided to computing devices such as personal computers, mobile devices, servers, routers, gateways, switches, IoT devices, and more. In addition to software itself, computing devices frequently need to receive updates, such as patches, fixes, and upgrades.
For several reasons, organizations often need to track the provisioning, usage, and status of software and updates throughout their universe of deployed computing devices. For example, organizations often desire to obtain security-related information regarding which users have particular software, what rights they have in the software, what features they use, how often they are used, whether the software is current or is lacking a particular update, and various other types of security-related information. In addition, organizations frequently desire to maintain metrics regarding software usage, and to do so maintain the similar types of information regarding deployed software. Further, because many software programs and updates are subject to license terms, there are often needs to ensure an authorized set of computing devices has particular software or updates, has current versions of such software, and is using the software in an authorized manner. Additionally, organizations often need to track this type of information regarding deployed software in order to ensure that only authorized software is permitted to communicate with backend systems (e.g., servers, databases, etc.). If unauthorized software is permitted to access such backend systems—or any software may do so without limitation—backend systems may consequently face security threats and load problems.
There is a lack of reliable, secure, and flexible techniques to monitor and control deployed software and software updates. For example, some approaches involve provisioning license keys (e.g., long strings of characters) together with software. Upon installation, an administrator may manually enter the license key. This approach is cumbersome and insecure, since administrators are tasked with manually entering the key, keeping track of the key in association with the authorized user, and concealing the key from unauthorized users. If an attacker or unauthorized user manages to obtain the key, they may potentially use it to obtain improper use of the software. Another approach involves providing client certificates to computing devices as a parameter of setup files (e.g., Microsoft Installer™ or MSI files, RPM files, etc.). This may enable only authorized software to be installed on trusted client devices. Nevertheless, this approach is complex (e.g., requires changes to setup files) and is vulnerable to insecurities if the certificates are stolen. An additional approach may involve creating custom setup files (e.g., MSI or RPM, etc.) on a per-customer basis, where the files include unique globally unique identifiers (GUIDs). The GUIDs may link the software to a particular user. While this may limit access to software based on users having a valid GUID, this approach is also complex and requires customization of setup files and hence the involvement of an administrator.
Accordingly, in view of these and other deficiencies in existing techniques for managing deployed software, technological solutions are needed for securely, efficiently, and flexibly coordinating the provisioning, use, and updating of software. Solutions should enable users to securely activate software on their own machines as needed, as well as allow administrators to do so when appropriate.
Techniques should ideally be quick and dynamic (e.g., just-in-time), and not require customization of setup files. Further, techniques should advantageously limit only authorized software instances to communicate with backend systems (e.g., servers, databases, etc.).