SDK and samples for ISVs integrating with the Batch Software Entitlement Service
Перейти к файлу
microsoft-github-policy-service[bot] 76bf797e4c
Microsoft mandatory file (#146)
Co-authored-by: microsoft-github-policy-service[bot] <77245923+microsoft-github-policy-service[bot]@users.noreply.github.com>
2022-10-24 14:46:21 -07:00
docs Implement leasing API in test server (#125) 2019-02-22 14:24:39 +13:00
img Revise walk-through (#32) 2017-05-04 13:46:40 +12:00
scripts fix git command for retrieving short commit identifier 2018-07-24 13:23:00 +10:00
src Reduce default output width when listing certificates (#132) 2019-02-28 11:52:49 +13:00
tests Implement leasing API in test server (#125) 2019-02-22 14:24:39 +13:00
.editorconfig Update build targets and references for .NET Core 2.0 (#60) 2018-04-19 12:42:43 +12:00
.gitignore Improve unit test coverage (#18) 2017-03-26 19:36:32 +13:00
Directory.Build.props Change case of Directory.Build.props so that it's found on case-sensitive file systems (#102) 2018-04-19 13:02:44 +12:00
LICENSE Update license file to enable detection by GitHub (#12) 2017-03-22 08:59:08 +13:00
README.md Document the need to handle trailing / on AZ_BATCH_ACCOUNT_URL (#104) 2018-04-19 12:58:46 +12:00
SECURITY.md Microsoft mandatory file (#146) 2022-10-24 14:46:21 -07:00
azure-batch-software-entitlement.sln Moved sestest specific unit tests to dedicated sestest.Tests project (#108) 2018-04-24 11:21:42 +12:00
build-windows.ps1 Add use of shell commands to verify a token to the walk-through (#117) 2018-07-24 10:44:06 +12:00
build-xplat.ps1 Convert builds into a psake build script (#61) 2018-04-19 12:42:59 +12:00
clean-build.ps1 Convert builds into a psake build script (#61) 2018-04-19 12:42:59 +12:00
integration-test.ps1 Improve integration test script (#73) 2018-04-19 12:45:38 +12:00
publish-archives.ps1 Add versioning to builds (#64) 2018-04-19 12:43:16 +12:00
sesclient.ps1 Modify convenience scripts to search for exe (#92) 2018-04-19 12:53:23 +12:00
sestest.ps1 Restrict the search for sestest.dll to within the out/sestest directory (#98) 2018-04-19 12:53:45 +12:00
test-coverage.ps1 Integrate test coverage reporting into the psake build script (#66) 2018-04-19 12:45:37 +12:00
version.txt Add versioning to builds (#64) 2018-04-19 12:43:16 +12:00

README.md

Software Entitlement Service for Azure Batch

The Software Entitlement Service of Azure Batch allows a software package to verify it is running in an environment where usage metering takes place. This SDK provides tooling and documentation to support software vendors integrating with the service.

The SDK includes the following:

  • Software entitlement library code for integration into applications. The interface is native C++ and is provided as source code ready for use.

  • A command line utility (sestest) is provided to assist with testing of the integration. This utility supports token generation and can emulate a software entitlement server for testing outside of the Batch environment.

  • A command line client (sesclient) to demonstrate use of the software entitlement token and the library code.

  • Reference documentation on the REST API, detailing the interaction between the library code used by the software application and the software entitlement server.

  • A guide to compilation for getting the supplied source ready for use.

  • A full walk-through to take new partners through the end to end process of compilation and use.

  • A repository guide that identifies key documents, folders, scripts and classes for developers working with the code.

  • Release notes that detail the changes between releases.

Overview

Azure Batch will provide two environment variables (1) for consumption by a metered software package - a software entitlement token and a URL for a software entitlement server for verification of that token. The software package will retrieve both environment variables (2) and securely contact the appropriate server requesting an entitlement to execute (3). The Software Entitlement Server will check the entitlement for the software package (4) and respond with either Approved or Denied (5).

Task Scheduling

The Batch service provides two pieces of information to a metered software application through environment variables:

Variable Definition
AZ_BATCH_ACCOUNT_URL The URL of an endpoint for the batch service account.
Sample: https://demo.westus.batch.azure.com
AZ_BATCH_SOFTWARE_ENTITLEMENT_TOKEN An encoded string containing the actual software entitlement token.

The software package will check that the provided batch account endpoint specifies a known host (such as *.batch.azure.com or one of the equivalents for national clouds); if it does not, the software package should not consider itself entitled. If the endpoint is known, the software application will request a software entitlement from the specified server over a secured HTTPS/TLS connection.

The software package is not expected to decrypt or otherwise process the software entitlement token aside from passing it to the Software Entitlement Service for verification.

How it Works

The software entitlement token will be an encrypted and signed JWT token containing information about the virtual machine, the task and the permitted software packages.

The software application will authenticate the software entitlement server by only contacting known hosts and by pinning the HTTPS/TLS connection to a certificate chain known to be issued by Microsoft Azure.

The software entitlement server will authenticate the software package by comparing the request with details found inside the encrypted and signed entitlement token, including the application id, network address, and current time.

Prerequisites

The sestest command line application and associated assemblies are written in C#7 and require version 1.1 or higher of .NET Core to be pre-installed. The tool was written with Visual Studio 2017; it should compile with just the .NET Core SDK installation.

The C++ source for the client library requires libcurl and OpenSSL libraries as packaged by vcpkg. The library was also written with Visual Studio 2017; it should compile with any modern C++ compiler.

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.