For many years, server computers have been widely used for performing computational services.
Traditionally, users of server capacity owned the server hardware and thus had control over the minimum capacity and/or other relevant attributes of the server system such as the number of users, latency, response times, etc. However, recently it has become increasingly common for users of computational services not to own the server itself but to rent the server capability required to perform the desired computational services. Such a server capability may then be offered using known virtualization techniques meaning that the customer has access to server functions/capabilities, but the actual server hardware may be shared with others.
License systems (or sometimes called license schemes) are widely used on servers to enforce agreements on what services can be used and possibly on limits of capacity for those services. Some of those licensing systems use pure software solutions in which the server system is equipped with a licensing software package that the service software requires to be in place and which must be activated by entering a license key (string). Other licensing systems use special hardware (e.g. in form of a USB dongle) that must be inserted in the server and which will activate the license for one or more licensed services. Besides the availability of a service, the (legal) license agreement may include statements on the capacity. Typically the customer and service provider agree on limits of the capacity (e.g. max number of connections per minute and/or a guaranteed minimum capability to handle a certain number of connections per minute).
In situations when the user of the computational service owns and has control over the server hardware, a licensing system may only need to enforce that certain agreed (upper) limits are not exceeded. However, when the user of the computational service rents the server capability from a service provider, the problem occurs in such a setup as to how both customer and service provider can be certain that the license agreements are met. A known technique is to install so-called observers that monitor (and can generate reports on) the behaviour of the service. An example of such a system is the so-called Virtual TAP system available from Network Instruments, Minnetonka, Minn., USA. However existing systems fail to address the above question in a setting where there are opposing interests by the user of the services and the provider of the service. For example, the provider of the service may allocate more resources to another customer's virtual server, thus causing the service capacity to fall below the agreed lower limit.
Current mechanisms for licensing of software or services have been developed in a setting wherein the customer owned or rented a hardware system (for the purpose of this description referred to as the “server computer”), and then installed the licensed product on this server computer (possibly with the assistance of the vendor of the licensed product). In this setup the customer had good control of the minimum capacity of the service. The service vendor on the other hand had, through his license system, means to control that agreed capacity limits were not exceeded.
When the server is a virtualized service—or what in cloud technology is also referred to as Platform as a Service (PaaS)—the customer may not own the physical hardware and server software but only has access to server functionality. In order to verify that he gets the agreed capacity, the customer might install probes that monitor the service using products as disclosed in the white paper “Application and Network Performance Monitoring in a Virtualized Environment”, March 2009, by NetworkInstruments (currently available as an internet publication at http://www.networkinstruments.com/assets/pdf/virtualization_wp.pdf).
However, solutions like this may not be suitable when the PaaS is under control of someone who has (e.g. economically) opposing interests. The PaaS vendor has an interest in allocating resources to others (i.e. hosting more customers). In-system observers can be tricked to report wrongly and external observers cannot access minimal capacity unless doing active capacity measurements which wastes capacity, or they must passively monitor and collect data from which capacity estimates could be computed.
Hence, it is desirable to provide a system by which customer and service provider can efficiently, reliably and trustworthily determine attributes of a server, even if the server is a virtualised server or execution platform. For example, in the context of verifying license agreements, it is desirable to provide a system by which customer and service provider can reliably and trustworthily obtain information allowing them to verify that certain agreed license terms on capacity are met even when the service is running on a virtualized server hardware.