Currently, a system management server can be installed in a customer's facilities in a disconnected mode. In that mode, the server does not “call home” to the system management server provider's network or to any other proprietary service, and it is able to operate completely independently. That includes management of entitlements, allowing client machines to consume software channels and other services.
A conventional signed “certificate” is issued to the customer, which has the number of entitlements listed for each item. The numbers are then copied to the database tables and the system management server restricts access if the limit is reached. Nothing, however, prevents customers from tampering the database tables, such as increasing the raw numbers in the database tables to bump up their entitlements. Since the system management server is installed in the customer's internal network, no direct verification of the system management server state and correctness of the information reported is possible.