Sparx Systems Forum
Enterprise Architect => General Board => Topic started by: Modesto Vega on March 05, 2022, 04:50:22 am
-
Does anybody know where Sparx EA stores the connection to the PCS floating license store? I am trying to change the connection from a file based license store to a PCS license store and keep getting "network path not found error", which I suspect they are due to the file based license store no longer being available.
-
I suspect you need to set the keystore type. That corresponds to SKT in the link below.
https://sparxsystems.com/enterprise_architect_user_guide/15.2/product_information/zero_config_support.html (https://sparxsystems.com/enterprise_architect_user_guide/15.2/product_information/zero_config_support.html)
-
Thank you Eve, we managed to overcome the issue but not completely sure how as it involved a reboot and renaming a file, stored in the application data folder, with the word key either in the name or the extension.
-
:o
You don't need to manipulate any files to edit the windows registry.
-
:o
You don't need to manipulate any files to edit the windows registry.
Where I work "mere mortals" cannot edit the windows registry, it is not an option.
-
:o
You don't need to manipulate any files to edit the windows registry.
Where I work "mere mortals" cannot edit the windows registry, it is not an option.
You probably can.
There is a whole section of the registry (HKEY_CURRENT_USER) that can be edited without admin rights.
If they restricted access to RegEdit you might need to write a little script to edit the registry.
See https://github.com/GeertBellekens/Enterprise-Architect-VBScript-Library/blob/master/Projects/EA-Matic%20Scripts/Fix%20Mandatory%20User%20Settings.vbs (https://github.com/GeertBellekens/Enterprise-Architect-VBScript-Library/blob/master/Projects/EA-Matic%20Scripts/Fix%20Mandatory%20User%20Settings.vbs) for an example
Geert
-
Access to RegEdit is restricted and will hazard to guess that executing the script linked below could be consider a threat.
Assuming that the registry can be edited by unprivileged accounts is a very naïve view of security.
-
Assuming that the registry can be edited by unprivileged accounts is a very naïve view of security.
Why? That is really by design. There is a part that is meant to be editable by any user, and a part that is restricted to administrators.
Setting your options in EA changes the registry, do you consider that a threat as well?
Geert
-
[SNIP]
Setting your options in EA changes the registry, do you consider that a threat as well?
Sparx EA users should not have to access the registry to fix or change anything, including changing the connection to the PCS floating license server. All of this should be changed through the main user interface.
There is a fundamental issue with the way Sparx EA checks for license keys, it will never load without a valid license key. If Sparx EA cannot find/check out a valid license key, it should load with all of its functions/menus disabled, except for the function allowing changes to the location of the licenses.
[SNIP]
Why? That is really by design. There is a part that is meant to be editable by any user, and a part that is restricted to administrators.
Apologies in advance for the directness of the following comment, if you or Sparx Systems cannot see why certain organisations classify having unrestricted access to the window registry as a security threat, this explains why Sparx EA is often not considered as a "serious" enterprise architecture tool (emphasis intended). To be honest, having used it for many years, I think it is a pity it is not consider as more "serious" tool.
-
Apologies in advance for the directness of the following comment, if you or Sparx Systems cannot see why certain organisations classify having unrestricted access to the window registry as a security threat, this explains why Sparx EA is often not considered as a "serious" enterprise architecture tool (emphasis intended). To be honest, having used it for many years, I think it is a pity it is not consider as more "serious" tool.
You keep implying there is something inherently dangerous about having access to the registry. There really isn't.
The registry is not a magical hacking tool, it's merely a structured place to store settings.
You don't want regular users to have access to the restricted administrator part, sure, but that is already taken take of by Windows itself. The system won't allow you to edit the restricted parts if you don't have admin rights, regardless of the tools or scripts you use.
The parts that are editable for regular users are meant to be edited by regular users.
Having access to that part of the registry is no security threat at all.
Geert
-
You keep implying there is something inherently dangerous about having access to the registry. There really isn't.
I am not implying anything. It is not up to me, Sparx Systems or you to dictate the security policies of any organisation. If an organisation choses to restrict registry access, it is not up to me, you, or Sparx Systems to question the policy. Restricting access to the registry is not an uncommon practice.
-
Restricting access to the registry is not an uncommon practice.
By that you mean disabling or removing Regedit?
That would be the same as registricting access to text files by removing notepad.exe
Geert
-
Restricting access to the registry is not an uncommon practice.
By that you mean disabling or removing Regedit?
That would be the same as registricting access to text files by removing notepad.exe
Geert
I haven't used the words "disabling" or "removing", I have used the word "restrict". Please think RBAC, certain roles have access to the registry, while certain roles do not. Most users are typically in the latter group. Having to access the registry to change the keystore location, is not necessary and should be done via the Sparx EA user interface.
-
Having to access the registry to change the keystore location, is not necessary and should be done via the Sparx EA user interface.
I surely agree that EA should provide a convenient user interface to change the keystore location (don't they already, or does that only show if you don't have a location already?) but that still means accessing the registry (using the tool EA instead of Regedit or another tool)
Geert
-
[SNIP]
I surely agree that EA should provide a convenient user interface to change the keystore location (don't they already, or does that only show if you don't have a location already?) but that still means accessing the registry (using the tool EA instead of Regedit or another tool)
This is my point, there does not seem to be a convenient user interface to change the keystore location without having first obtained a valid key. If Sparx EA (v 15.2.1560) cannot find the configured keystore location, the user interface always "bombs out" when you try to point Sparx EA to a valid keystore location.
Managing the keystore location seems to be a complete afterthought that was never properly integrated into the software.
Edit: By the way this only happens with floating licenses. It des not happen with local licenses.
-
Having to access the registry to change the keystore location, is not necessary and should be done via the Sparx EA user interface.
Which is the normal circumstance for any newly installed copy of EA. The first time EA loads it prompts for the license. Part of that interface allows selecting a keystore to retrieve the license from.
The subject of this thread (at least prior to the last 2 posts) has instead been about changing it outside of the user interface. EA's API requires a valid license to work, so an API to change this isn't going to help. If you can't change the registry, then you pretty much need to use the UI.
If there is an error that is preventing the license management dialog from showing when starting EA, I'm not sure you've described that. I would expect that dialog to show after the error you have described. Personally, I can easily create a situation from my home pc can't connect to our keystore service and EA does prompt me to connect to another one.
If that doesn't happen for you, then submitting that as a bug report (https://sparxsystems.com/support/forms/bug_report.html) seems appropriate.
-
[SNIP]
The subject of this thread (at least prior to the last 2 posts) has instead been about changing it outside of the user interface. EA's API requires a valid license to work, so an API to change this isn't going to help. If you can't change the registry, then you pretty much need to use the UI.
I don't think the subject of the thread has changed. The user interface does not behave as expected.
To summarise, after a copy of Sparx EA has been installed and properly configured
- Sparx always behaves as if it had been newly installed if it cannot find a key (or the keystore).
- If the copy of Sparx EA was configured to use a file based keystore and the keystore is no longer available, it is not possible to change the license store location through the user interface because it keeps complaining it cannot find a network path (presumably the location of the original keystore).
Lastly, if using floating licenses, Sparx EA always behaves as if it was newly installed if
- it cannot access the location of the license store, and
- presumably, the last used key has expired.
I will submit a bug report.
-
file based keystore
Ah, that's going to be your problem. File based keystores are known to have serious issues and considered to be deprecated (by me at least) since a decade or so.
Maybe Sparx should simply disable the thing instead of dragging all this historical garbage into the future.
Geert
-
[SNIP]
Maybe Sparx should simply disable the thing instead of dragging all this historical garbage into the future.
I don't disagree but the problem is that, if you want floating licenses, you need PCS. PCS is not cheap and not easy to install/configure and troubleshoot in a complex corporate environment. Also the PCS vs/and Prolaborate message from Sparx Systems is unclear.
-
[SNIP]
Maybe Sparx should simply disable the thing instead of dragging all this historical garbage into the future.
I don't disagree but the problem is that, if you want floating licenses, you need PCS. PCS is not cheap and not easy to install/configure and troubleshoot in a complex corporate environment. Also the PCS vs/and Prolaborate message from Sparx Systems is unclear.
You can still use the "standard" license server. That is a service you can install on any server. This doesn't have the downsides of the file based license server.
Geert
-
If you mean the Keystore Service, it has not been updated since 2016. Does it support IPv6? I have a vague recollection of having read something in this forum saying it does not, which is the reason why we did not install it on an interim basis while we were sorting out all the PCS installation and configuration issues we run into.
-
If you mean the Keystore Service, it has not been updated since 2016. Does it support IPv6? I have a vague recollection of having read something in this forum saying it does not, which is the reason why we did not install it on an interim basis while we were sorting out all the PCS installation and configuration issues we run into.
I believe we are using the PCS-based Licence Server without having to install full PCS. We access it via HTTP.
I may be wrong as our infrastructure group set it up.
Paolo
-
If you mean the Keystore Service, it has not been updated since 2016. Does it support IPv6? I have a vague recollection of having read something in this forum saying it does not, which is the reason why we did not install it on an interim basis while we were sorting out all the PCS installation and configuration issues we run into.
About the IPv6 compatibility, yes that might be an problem, not sure. I haven't had any issues with that yet.
But it is anyway a lot better than the file based keystore.
BTW I'm not sure if you need to pay for PCS if it's only used to serve licenses and connect to your models.
IIRC there are a few free options as well.
Geert
-
Yep, I remembered correctly
The unlicensed (free) version supports repository connections and license server.
https://sparxsystems.com/products/procloudserver/compare-editions.html (https://sparxsystems.com/products/procloudserver/compare-editions.html)
If you want to use things like webEA or Prolaborate you have to use a paying license.
Geert
-
From memory, the unlicensed version requires a direct database connection between Sparx EA and the database repository - i.e., an unlicensed version of PCS cannot write data to a database repository. The comparison page does a few linguistic contortions with the word repository by differentiating between "repositories" and "pro repositories". AFIK, a "pro repository" is a repository to which PCS can write data to.
But we are going seriously off-topic now (although happy to continue).
-
From memory, the unlicensed version requires a direct database connection between Sparx EA and the database repository - i.e., an unlicensed version of PCS cannot write data to a database repository. The comparison page does a few linguistic contortions with the word repository by differentiating between "repositories" and "pro repositories". AFIK, a "pro repository" is a repository to which PCS can write data to.
But we are going seriously off-topic now (although happy to continue).
I don't think that's wat it means; the main goal of PCS is to provide a access path to a database.
Having a direct database connection defeats the whole point of PCS.
Geert
-
From memory, the unlicensed version requires a direct database connection between Sparx EA and the database repository - i.e., an unlicensed version of PCS cannot write data to a database repository. The comparison page does a few linguistic contortions with the word repository by differentiating between "repositories" and "pro repositories". AFIK, a "pro repository" is a repository to which PCS can write data to.
But we are going seriously off-topic now (although happy to continue).
Our floating licence store runs on one of our specifically licence servers. There is no connection with any other Sparx related artifact. It just controls the issued licences.
Paoloo
-
[SNIP]the main goal of PCS is to provide a access path to a database.
Having a direct database connection defeats the whole point of PCS.
Geert
Agreed on both counts, but this requires a paid version (Token, Team Server or Enterprise Server). But are you sure that an unlicensed version of PCS can be used to create content - i.e., write to the database?
-
Yes, Unlicensed supports unlimited number of repositories, and all repository types.
There is no mention of "read-only" modus anywhere.
The "Pro Repository" feature is required for WebEA, Prolaborate and integrations such as Jira or ServiceNow
Geert