We assume you remember dongles; they are still with us, especially as licenses for expensive and specialized software.  You plug one in your computer (or your application server) and the app pings it to make sure you're using a licensed copy.  Without acknowledgement from the license, you get no app access.

You may be familiar with dongle servers; these extend the reach of the license-seeking software across a network.  Such network-connected dongle servers hold a bunch of physical dongles and allow users anywhere on the network to access license-protected software, while keeping the one-user-per-license limit at any given time.  They allow licenses to be used as if user A in Phoenix unplugged her dongle and, when finished, passed it to user B in Baltimore.  In the process, dongle servers solve at least three problems:  a) getting more users to consecutively use each license b) keeping dongles from getting lost or stolen, as they're locked inside the dongle server box in a secure central location, and c) accommodating the app servers that have no USB ports because they're virtual; spun up today, gone tomorrow.  Or later today.

Clearly, dongle servers are a great thing in the age of virtual servers and Cloud.  But what happens when your apps are migrated to SuperCloud, i.e., Amazon Web Services (AWS), Microsoft Azure or Google Cloud?  You may port your applications there, but these cloud giants aren't going to babysit your physical dongles or swap them in and out. 

The good news? They don't need to. You can keep your dongle server on premises, on your own network, while still running the apps that they serve with licenses off site, in the cloud.  Household-name customers of SEH Technology, using their myUTN-800, are doing precisely that on a private cloud account with Amazon Web Services.  Using myUTN administration software, these customers assign any of 20 specific dongle ports to specific servers running virtually on AWS. After that, any user on their network or VPN can access that license as soon as it’s released by a previous user.  On-site, headquarters IT staff can swap different dongles in and out of the device server, enabling remote access to other applications, and more or fewer licensed users of each.

Mike Majewski, president of SEH Technology, notes that there are two ways to set up linkage between on-premise dongle server and cloud-hosted server. Option 1 is to set up an Internet-exposed IP address on your firewall that can be NATted to the dongle server. This safely lets AWS access the license. Option 2 is to set up a VPN connection between your network and AWS (see the figure). Since the device server encrypts the USB signaling on its own, this adds a second layer of security to a remote worker scenario.

This hybrid scenario – deploying virtualized application servers in the cloud and physical dongles on the customer site – combines the best of both environments.  It satisfies the licensing requirements of software publishers while securely sharing access around the globe and enjoying the hardware economies of cloud.