Installing and using the Key9 Proxy server for Windows
This document covers the setup of the Telos Alliance Key9 License Server Proxy for Windows on a computer in your facility. Many Telos products require this for licensing; however, no individual product support is covered in this document.
Some Telos Alliance products require a license to operate. These licenses activate (or deactivate) features allowing flexibility in your operating model and allowing for software updates, priority support, etc. These licenses are controlled by a cloud-located activation server, meaning your products must have access to this server.
Often the networks to which these products are connected are purposely not connected to the internet. For this reason, Telos Alliance offers this proxy server which can reside on a computer that DOES have access to the internet.
Here's a diagram of a typical configuration.
- Click here to download the Key9 Proxy and save it to a folder with read/write permissions.
- Open a command prompt with Administrative rights and navigate to the download folder.
- Create a configuration file. From the command prompt run;
>key9proxy.exe --configYou must type YES to agree to the EULA (End User License Agreement) to continue.
- Specify the Listen Interface and port. The default is [0.0.0.0:42131] which means listen for license requests on any network interface.
- Specify the server address.
- Specify the service user. Can be left blank.
- Run the proxy in test mode.
You will see the message;
Telos Alliance License Server Proxy v1.0.3. Copyright (C) 2023 TLS Corp.
I: 12:02:33 Started on windows-service
I: 12:02:33 Waiting client connections on 0.0.0.0:42131...
- Install as a service so the proxy server starts when the system is rebooted.
- Start the service
After the proxy server is installed, configured, and tested, you will need to configure all telos alliance products to point to the proxy server instead of the cloud license server.
The product configuration depends on the product. VXs does this through an unlinked web page.
If you modify the configuration file, you will need to restart the service before the new options will take effect.
When configuring the service, you may leave the username as blank.
It is safe to briefly take the proxy server down even if the products use it. The license refresh mechanism will retry later.
key9proxy.exe offers additional command line options. Executing the program without arguments will display help texts with the available options.
- Use ping to see if the cloud license server responds. The primary cloud server address is secure2.telos-systems.com.
- Use tracert to determine if the server is reachable.
- Use telnet to find out if a TCP connection may be established on the license server or on the proxy server:
telnet <ip-address> <port>where <ip-address> is the address of the machine and <port> is usually 42131. For example, telnet to 192.168.2.224:42131 should allow you to connect.
When a firewall is present, the only requirement is to allow outgoing TCP connections to secure2.telos-systems.com on port 42131. There is no need to open incoming ports since the products and the proxy always reach outward to the license server. The license server will never make an inbound connection. While most firewalls allow outgoing connections by default, for some customers, this has to be explicitly allowed.