rPath Appliance Platform/Entitlement Service:Concepts

From rPath Wiki

The rPath Appliance Platform Entitlement Service appliance is designed to fit into a management infrastructure that includes rPath, an independent software vendor (ISV) and value-add resellers (VARs) using rPath-derived products, and the products provided by the ISV and VARs to consumers.

rPath™ Appliance Platform Update Service appliance includes a Conary repository where the building blocks of a product are created and maintained when an rPath-derived appliance is developed. The Update Service appliance repository contains mirrored labels from project repositories from one or more rBuilder Appliance instances used for internal appliance development.

An entitlement acts as a key to reveal and grant access to certain parts of the Update Service repository. If a distributed appliance does not have appropriate entitlements, it cannot receive software updates using the Update Service.

Entitlement Concepts

When an Entitlement Service appliance is deployed, the following activities represent the tasks related to entitlement management:

1. Services are created when the Entitlement Service appliance is first installed and as needed thereafter. A service is a resource provided by an Update Service appliance or another Entitlement Service appliance. Services are defined for the purpose of adding new entitlements.
2. Service Providers are collections of equivalent resources, e.g. a set of Update Services that are all mirrored from the same source, or an upstream Entitlement Service. The service provider defines what resources a service will provide to entitled users, and is created before the associated service.
3. Permissions define what parts of an upstream Conary repository are entitled, and can be modified at any time.
4. A product is created to represent a product, mainly in the form of a software appliance, that requires software license management. In the Entitlement Service appliance, a product is a collection of services provided to the reseller or direct consumer used to provide Conary updates for the appliance.
5. One or more product channels are added to a product, each representing a sales channel for that product. A direct channel is created automatically for each product, though it can be optionally disabled, and each reseller can be added as a separate product channel.
6. Entitlements are created in each product channel associated with a product. These entitlements provide access to all the services contained in the product.
7. Additional services to which a product will push the entitlement can be added to the product at any time prior to the first appliance installation.

Conary Concepts for Entitlements

For the typical Entitlement Service appliance user, these terms are not necessary for day-to-day entitlement management. However, system administrators and software appliance developers may find these terms helpful in understanding how entitlements are implemented on Conary-based systems.

• An entitlement is a random string up to 255 characters in length that is paired with an entitlement group to provide access to an Update Service repository on a Conary-based Linux system.
• An entitlement class is a classification for a given entitlement. An entitlement group is made up of one or more entitlements. In the context of the Entitlement Service appliance, the entitlement class is a product channel.
• An entitlement group owner is a Conary access group that is given permission to add and remove entitlements from a particular entitlement group. In the context of the Entitlement Service appliance, an entitlement group owner is a service.
• An access group is a container to which permissions can be assigned. An access group can be made up of users, entitlement groups, or both. The resources to which you have access depend on the collection of groups to which you belong. In the context of the Entitlement Service appliance, an access group is a service.