LICENSE GUARD FOR ONPREMISE

Project Title: License Guard

Summary/Introduction

License Guard is a secure, cloud-based license management system for on-premise software. It provides a centralized hub to control and verify licenses for applications like Vulnvision, send automated communications to users, and analyze usage data to inform future business decisions.

Problem Statement

On-premise software vendors face a significant challenge in managing licenses, ensuring compliance, and understanding user engagement. Traditional licensing methods are often manual, prone to fraud, and lack the real-time insights needed for effective business strategy. License Guard solves this by providing a modern, automated, and intelligent solution.

Technologies Used

• Frontend: TypeScript, Material-UI

• Backend: Python  with a focus on building a robust REST API.

• Database: PostgreSQL for storing license data, user information, and logs.

• Cloud Services: AWS (EC2 for the server, S3 for file storage, SES for emails)

• Other Tools: Docker, CI/CD pipelines (GitHub Actions), and a message queue like RabbitMQ or Redis.

Key Features

• Centralized Dashboard: A web-based admin portal to manage all on-premise installations, view active licenses, and monitor their status in real time.

• License Validation API: A secure API endpoint that the on-premise Vulnvision application calls to verify its license key, check expiration dates, and confirm user permissions.

• Automated Email Notifications: The system automatically sends emails to users for license expirations, renewal reminders, and service updates.

• License Revocation: Administrators can instantly revoke licenses from the cloud dashboard, disabling the on-premise software for that user.

• Reporting and Analytics: Generates detailed reports on license usage, user activity, and geographical distribution of installations.

Challenges & Solutions

• Challenge: The primary challenge was securely connecting the on-premise application to the cloud-based license server. An on-premise installation might have a variety of firewall and network configurations.

• Solution: I designed a lightweight, client-side agent for the Vulnvision software. This agent uses a simple, encrypted HTTPS request to communicate with the License Guard API. The communication is one-way from client to server, which simplifies firewall configuration for the end-user while maintaining security with API keys and digital signatures.

• Challenge: Implementing the AI component to derive meaningful insights from raw usage data was complex, as it required careful feature engineering and model training.

• Solution: I started with a basic machine learning model to detect anomalies in license usage, such as an unusual number of installations for a single license key or a sudden spike in activity from a new location. This initial model provides alerts for suspicious activity, which can then be manually reviewed, serving as a first step towards more sophisticated, automated fraud detection.

What I Learned

This project gave me a deep understanding of cloud architecture, distributed systems, and the complexities of B2B software delivery. I learned how to design a secure and reliable API for external consumption and gained hands-on experience in using cloud services to build a scalable and resilient application. The AI component was particularly rewarding, as it allowed me to apply machine learning to solve a tangible business problem, highlighting the value of data beyond simple storage.