Hi,
I'm trying to do software protection for my software which will run on an ESXi guest VM. I googled and found that there was a mechanism to get BiosUUID of a guest VM from inside the guest. The one that I get matches the
esxcli vm process list output in the ESXi host. But, I see that its very easy to modify the .vmx configuration file to keep the UUID same whenever the VM is cloned or moved and the hypervisor seems to allow 2 VMs on the same machine with identical UUID (I mean when manually modified). This creates a license check problem for us. My software will only be installed in a guest VM with no access to host at all. Is there any way I can get around this issue and uniquely identify a VM so that license check fails when the VM is cloned or moved.
this has been discussed in the following thread in great detail -
Re: Software protection running in a VM
HTH,
~Sai Garimella
Thanks alot. I'm already using the method stated in the above mentioned thread to get the UUID of a VM and that works. But my concern is that ESXi host allows 2 VMs with the same UUID to co-exist. I did a small experiment....created 2 VMs. By default, they had separate UUIDs. I then manually modified the .vmx file of 1 VM from the ESXi host and changed uuid.bios value to that of the other VM. Rebooted both VMs and they came up without any errors. I ran the
"esxcli vm process list" command and that showed me same UUID for both my VMs. In this case, someone can easily get around a software license in case its based on the bios UUID.
how do you validate if it was a physical server?
We can always include some hardware specific information in the license along with the Bios UUID. But, my concern is why has the BIOS UUID been made so easily editable and shouldn't the VMKernel disallow duplicate UUIDs when it detects it and cause boot up error or something? Isn't that a bug?
What's the provision for vendors who want to disallow moving/cloning of the VM containing their software ?