0

My host OS is Windows. Using VMWare I installed an image of Linux CentOS 5. In this VM I have installed a software named "mySoft".

I want to sell the VM to one person to run only on his computer. This person will have permission to run and use "mySoft" and won't be root.

I want to restrict this VM so it can't be used (or at least "mySoft" can't be used) on any another computer even if it belongs to the same person I sold it originally.

In another word, I want a restriction on distribution (copy or move) of VMWare Linux!

Majid Rafei
  • 1
  • 1
    This is a little confusing.  Is person A running your software on a Linux host, or is he running your VM under his own copy of VMware?  And are you saying that it is OK for person B to use this VM by copying the OS virtual files from computer A?  Please [edit] your question to make it clearer. – G-Man Says 'Reinstate Monica' May 25 '15 at 09:57
  • thanks to jcbermu and the response, I have edited my question. – Majid Rafei May 25 '15 at 10:01
  • The VM is just a set of files on a host. If you don't control access to the host, you don't control the distribution of the VM. What you could consider is make the software on the VM depend on a USB dongle so the VM will not run as is on a different machine. But this does not restrict access to the material in the VM, you can mount virtual discs on other VM systems without booting, or (with the appropriate software) on the host. – Anthon May 25 '15 at 14:05
  • @Anthon: this isn't entirely true. VMware does have the ability to manage a VM that runs on a host that you do not control. It's just that the feature may not be exactly suitable to the last bit ... and I guess the reason why access control is tied to encryption is because it's the easiest way to expire something: wipe the private key and your virtual disks are no longer usable ;) – 0xC0000022L May 26 '15 at 15:44

1 Answers1

1

VMware does have this more or less built-in under "Access Control":

Access Control settings in VMware Workstation 11

The type of restrictions can be managed or fixed. Managed apparently lets you manage instances from your VMware cloud account. Also check out "VMware Solution Exchange (VSX)" for more information on virtual appliances using VMware.

Simply expire your software after a given time and abuse should be preventable.

Also generally VMware assigns a new uuid.bios value (see the .vmx file) and a MAC address based on that. You can probably tie your software to that MAC address. But it's probably a weaker protection than limiting the VM to one month at a time, say.

Another way would be to require the VM to have internet access and devise a licensing scheme where the server returns required data only if your restriction criteria are met.

But really DRM is a double-sided sword and seldom effective against the determined attackers. Come over to RE.SE to find out more.

In the "Advanced Restrictions" dialog reachable if you pick "Fixed" for the type of restriction and click the focused (in the screenshot) "Adcanced" button, you see this:

Advanced Restrictions

Community
  • 1
0xC0000022L
  • 16,593
  • By means of restriction option I just can add an access password, which when I sell the VMWare Linux to one person then I should give him/her the access password too, so that he/she can open the VMWare Linux and use the software "mySoft". I want a restriction on VMWare Linux so that the first person (who I have sold the VMWare Linux to him/her) can not copy and use it in another computer! – Majid Rafei May 25 '15 at 13:16
  • By the way, I do not want to apply a time period limitation. I just want a restriction on distribution. – Majid Rafei May 25 '15 at 13:20
  • @Majid Rafei: Restrictions like that used to exist in the VMware ACE range of VMware products, I don't think they exist any longer. However, the dialog shown above has several restriction options on any VM that you encrypt. Restriction and encryption password may differ. Also, I gave you at least one perfectly feasible solution - server-side information that cannot be replaced locally by any means. – 0xC0000022L May 25 '15 at 21:50