When the physical and virtual worlds meet: How to manage USB software in the cloud

Man walking up staircase to the sky

Over the last decade, there has been a significant shift to the cloud and using software-as-a-service. However, dongles are still very popular among software companies as a means of protection for intellectual property and high-value software. But can you use USB dongles with cloud software to protect your data, and if so, what's the best way to go about it?

A physical dongle is one of the most secure ways software vendors can protect their products from piracy and misuse. However, the biggest problem for cloud-based applications is that because the infrastructure is virtual, there is no physical port in which to plug in a USB dongle.

In the early days of virtual machines, USB support was patchy at best - or missing altogether. These days many virtual environments support USB, but the next problem is the safekeeping and management of such USB dongles, as well as being able to easily access them.

One solution is to deploy a USB dongle server. These have been used in the past to provide a USB port for a network, allowing a computer to span beyond the local network to the internet.

Protecting high-value software-as-a-service

British Columbia startup ESP Estimating offers its clients, electrical contractors, a cloud-based custom estimating database for a monthly subscription. This solution also uses a third-party software platform called Accubid. This is specialised installed software, costing over $4,000 per license, and is meant to be run on a single PC or a networked server. The software usually checks with a physical dongle inserted in the PC or server at each electrical contractor's location. To run Accubid, the estimator is required to work from a physical PC with the USB license plugged into it on the local network.

But ESP uses the cloud and virtual machines to deliver its software to the client, and these VMs don't have USB ports. Sentinel dongles, supplied by Gemalto, would not work with pooled, session-based remote desktops; they require a one-to-one, PC-to-dongle connection.

ESP solved the issue by using SEH Technologys myUTN-800 dongle server and user-dedicated virtual PCs. This enabled administrators to assign a USB port to each virtual machine, using SEHs own interface.

Each virtual machine then makes the connection to the dongle server and presents the license to the Accubid software for verified access. Each of ESP's clients sees only their own specific Accubid licenses that have been purchased, providing a completely secure isolated environment for each contractor.

The solution gives end users access to all purchased Accubid licenses across a geographically distributed and mobile workforce, including owners, estimators, and project managers. Once used, the dongles can be freed up for a new user. Customers benefit as the dongle server ensures that software licenses are never circumvented.

In addition, by storing the dongles securely and centrally in the locked dongle server, they are safe from loss, damage, wear and tear, and theft.

Helping cloud providers offer more security

The use of a USB dongle server can help cloud hosting providers overcome the problem of hosting services for licensed software that's protected by USB hardware keys or dongles.

Virtual server environments are not well equipped for handling USB devices, and it can be next to impossible to provision USB dongles with virtual servers and assign them to a specific customer's virtual machine.

For German cloud provider Terra Cloud, in order to fulfil its customers security demands, it found the need to host dongles in virtual environments indispensable.

The problem was that the cloud provider has no reliable way to connect dongles to virtual servers and assign exactly the right virtual machine to a customer. This was problematic for customers using a German accountancy package called Datev. These customers would outsource their data processing to hosted external servers, but still had to fall back on a physical server.

Using a physical server can be much more expensive than a virtual one, and for many companies this makes things economically unattractive. Instead, Terra Cloud looked to use a dongle server that could be used with virtual servers.

The hosting provider's administrators can use the myUTN-800 Dongle Server to provide up to 20 protected software licenses centrally and securely across a network via 20 USB 2.0 Hi-Speed ports.

Using USB dongles in the cloud

Using a dongle server allows users to be independent of USB interfaces in virtualised environments with Citrix XEN, VMware, and Microsoft Hyper V. This means that such dongles can always be safely and easily accessed across the network and the internet. It acts as a virtual cable extension via the network, meaning these dongles can be used as if they were locally connected. It also enables several users to access a USB device via the network, just as if it were locally attached. A user who no longer needs the device can simply release it so another person can use it.

For cloud providers, the dongle server can create a management VLAN, and also support several other VLANs with the option that every VLAN can use the same IP range. The direct assignment of a USB ports to VLANs enables operation in a multi-tenant facility.

The dongle server provides safe and simple dongle management in virtualised environments, making external hosting via data centres financially attractive for customers. Such solutions can scale up as and when for new customers with similar needs.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.