Field
The instant disclosure relates to emulated computer systems, and in particular to securely deploying emulated computer systems.
Description of the Related Art
There are many challenges involved in deploying a customer downloadable emulated computer system with a full complement of customized features and capabilities. The delivery of such a system should be accomplished with a minimum of customer interactions that are required to enable and configure system features. The customer should be able to seamlessly download an installation package, install the emulated computer system, and start the machine in such a way that all customized features and capabilities are available from the start. Also, the system delivery should be accomplished in a secure manner that protects the vendor's proprietary information. That is, the customer should be able to run the emulated computer system with full entitlement on the target machine, but the customer must be prevented from changing characteristics of the target machine or cloning additional instances without proper authorization from the vendor.
Conventionally, to deliver a customer-specific emulated computer system, the vendor constructs a target machine in-house according to the machine model and feature styles defined by an order from the customer. The customer's desired features and capabilities typically are fully defined by the ordered styles, and are installed by the vendor or the vendor's manufacturer. The customer's desired features and capabilities typically include the installation of additional hardware and software features associated with specific styles.
Each of the features desired by the customer typically are activated or enabled using one of several conventional methods. For example, according to one conventional method, the features are enabled and limited by the existence of the hardware installed on the target machine by the vendor's manufacturer. Alternatively, the capabilities of the target machine (e.g., the amount of memory, the number of instruction processors, the speed of instruction processors, and the speed of input/output (I/O) processors) are established using capacity management keys. Also, in some conventional methods, certain software features are enabled and limited by restricting the software set that is installed by the vendor manufacturer. Other software features are enabled using software keys.
Although each of these methods still are used to customize downloadable target machines, it is desirable for secure mechanisms to be employed to enable specific features while also preventing unauthorized cloning of downloadable machines onto additional hardware platforms. Furthermore, for customers who install additional hardware in anticipation of enabling features to which they are not entitled, it is desirable for a secure mechanism to be put in place to restrict the use of the additional hardware.
Conventionally, it is possible to use a key-based mechanism to establish and control customer feature entitlement. However, such keys should be constructed such that the licensed entitlement is locked to a specific hardware instance. The biggest drawback to using this conventional type of key-based mechanism is that the keys cannot be constructed and sent to the customer as part of the download because there would be nothing to prevent installation of the software on multiple instances. Therefore, it is desirable that there be some mechanism that provides or includes hardware identity information in the keys so that licensing can be restricted to only the target machine or machine hardware.