Adobe Feature Restricted Licensing

Adobe Feature Restricted Licensing is an alternative to Adobe Named User Licensing for customers that have network limitations due to security concerns. If you have access to the Internet, Named User Licensing is the best choice. In both the Named User and the Feature restricted licensing methodologies, the license code is no longer embedded in the desktop software for perpetual use. Rather, it is a part of a subscription model where the desktop applications need to periodically validate that the application is entitled to the end user.

In Adobe Feature Restricted Licensing, computers are preconfigured by installing, a “licensing package” generated by an administrator on the Adobe Admin Console that was accessed on the Internet. This licensing package determines which desktop applications can be licensed, and which FRL licensing method, described below, to use. A licensing package is simply an installer that is executed on an end user’s computer, and generated through the Package Service in the Admin Console. The Package Service is the online version of the Creative Cloud Packager (CCP), which you may be using today to generate installation packages. There are three options for Feature Restricted Licensing, and they are described below.

adobe feature restricted licensing schematic

FRL – Connected: This is the simplest licensing method for customers to deploy. The computers must have access to the internet, but that access can be controlled by a firewall device that intercepts and unpacks all Adobe network traffic to verify its content. In this method, each application that is launched on a customer computer creates a license request which is sent over HTTPS, through the customer’s firewall, to the Adobe Admin Console which provides an Adobe-signed license specific to the computer making the request. The application is then licensed on that computer for a duration specified by the customer (up to the contract duration). The only information passed to Adobe is the MachineID, which is a SHA-256 hash of various computer characteristics, such as motherboard serial number and/or boot disk serial number; the license type; and OS Hostname, Type, and Version, which are recorded only for customer accounting purposes.

FRL – LAN: This method is for customers who maintain secure networks in which individual machines are not connected to the internet, but are connected to an internal LAN. In this case, the customer must deploy one or more instances of an internal licensing server (an Adobe-provided Java Application with a browser-based user interface), and package their desktop software, via the Package Service, to point to that internal server, rather than the external Adobe servers. The customer must do a periodic authorization of each internal licensing server instance (at least one per year) so as to enable the server to issue licenses and to reconcile the licenses issued by all the customer’s internal servers within the provisions of the customer’s contract. This authorization involves generating a plaintext CSV file which the customer can take outside of their secure network so that it can be uploaded to the Adobe Admin Console, which in turn generates a signed, plain text authorization file for the internal licensing server with server-specific certificates that the instance can use to generate product licenses. The end-user computers may be licensed up to the duration of the contract.

FRL – Isolated: This method is for customers who have air-gapped computers that are not on any network, and thus must have their licenses directly installed from media along with their licensing package and applications. It requires that the customer run an Adobe-provided executable, called the Census Tool, on each isolated computer to be licensed. This tool allows for both individual computer and bulk licensing of isolated computers. It provides a CRC32 checksum of the computer’s MachineID (see above for definition) that the customer can collect into a CSV file, take outside of their secure area, and upload to the Admin Console to create a licensing package. The computers will be licensed for up to the duration of the paid contract period. This option can also be used to generate Reactivation Codes to re-license an isolated computer without having to re-package or re-install the desktop software.

Should you need any further information, feel free to contact our pre-sales engineers. They will be able to assist you both technically and commercially.