Licensing Model Overview
Big Picture provides built-in licensing using short-lived, signed lease tokens instead of traditional offline license keys.
Why Lease-Based Licensing?
Section titled “Why Lease-Based Licensing?”Traditional license keys have fundamental limitations:
- Brittleness: Keys cannot be revoked or updated without reinstallation
- Security risks: Keys can be copied, shared, or cracked
- Limited visibility: Vendors cannot track actual usage or compliance
- Poor fit for modern deployment: Keys don’t work well with evergreen applications or enterprise IT policies
Lease-based licensing addresses these limitations by making licenses:
- Revocable: Leases can be revoked immediately without affecting installed software
- Verifiable: Each lease is cryptographically signed and time-bound
- Auditable: License usage is tracked server-side
- Flexible: Supports per-user, per-machine, floating, and feature-based models
Core Components
Section titled “Core Components”Entitlements
Section titled “Entitlements”An entitlement represents a customer’s right to use software. It defines:
- Which products are licensed
- What license type applies (per-user, per-machine, floating)
- When the license is valid (start and end dates)
- What features or capabilities are included
Entitlements are the source of truth for licensing decisions.
License Leases
Section titled “License Leases”A lease is a short-lived, signed token that grants temporary permission to use software. Leases:
- Are issued by license servers (cloud or local)
- Expire after a configurable duration (typically hours or days)
- Must be renewed periodically to continue using software
- Can be revoked immediately by the server
Clients present leases to applications, which verify signatures and expiration before allowing use.
License Servers
Section titled “License Servers”License servers evaluate entitlements and issue leases. Big Picture supports:
- Cloud license servers: Multi-tenant SaaS deployment
- Local license servers: Self-hosted for air-gapped or regulated environments
Both models use the same protocol and token format, enabling seamless migration between deployment models.
License Types
Section titled “License Types”Per-User Licensing
Section titled “Per-User Licensing”Each licensed user can activate the software on any machine. The license server tracks which users have active leases and enforces seat limits.
Useful for: Software used by individuals across multiple devices.
Per-Machine Licensing
Section titled “Per-Machine Licensing”Each licensed machine can run the software regardless of user. The license server tracks machine identities and enforces device limits.
Useful for: Software installed on specific workstations or servers.
Floating (Concurrent) Licensing
Section titled “Floating (Concurrent) Licensing”A pool of licenses can be used by any user or machine up to the concurrent limit. When a user starts using software, a license is checked out. When they finish, it’s checked back in.
Useful for: Software used intermittently by many users, where peak concurrent usage is lower than total user count.
Feature-Based Entitlements
Section titled “Feature-Based Entitlements”Entitlements can grant access to specific features or capabilities within a product. Applications check feature flags in leases to enable or disable functionality.
Useful for: Tiered product offerings or add-on features.
Lease Lifecycle
Section titled “Lease Lifecycle”- Activation: Client requests a lease from license server, providing user or machine identity
- Issuance: Server evaluates entitlements, checks limits, and issues signed lease token
- Validation: Application verifies lease signature and expiration before allowing use
- Renewal: Client periodically renews lease before expiration
- Revocation: Server can revoke leases immediately (e.g., for compliance violations)
- Expiration: Leases expire automatically if not renewed
Deployment Models
Section titled “Deployment Models”Cloud License Server
Section titled “Cloud License Server”License server runs as part of Big Picture SaaS or vendor self-hosted deployment. Clients connect over HTTPS to request and renew leases.
Advantages: Centralized management, automatic updates, no infrastructure to maintain.
Considerations: Requires outbound internet connectivity from client machines.
Local License Server
Section titled “Local License Server”License server runs inside customer network, potentially air-gapped. Server pulls entitlement updates outbound-only and serves leases locally.
Advantages: No external connectivity required, full control over license data, compliance with air-gap requirements.
Considerations: Customer must deploy and maintain license server infrastructure.
Telemetry and Reporting
Section titled “Telemetry and Reporting”Lease-based licensing naturally produces operational telemetry:
- License activations and deactivations
- Lease issuance, renewal, expiration, and revocation
- Concurrent license utilization over time
- Feature-level usage signals (when enabled)
This data supports:
- Vendors: Understanding adoption, utilization, and entitlement compliance
- Customers: Internal audits, capacity planning, and compliance reporting
Big Picture exposes this telemetry through well-defined events that integrate with existing observability systems.
Security Considerations
Section titled “Security Considerations”- Lease tokens are signed: Clients verify signatures before trusting leases
- Short expiration times: Limits damage from compromised tokens
- Revocation support: Leases can be invalidated immediately
- No offline keys: Eliminates key copying and sharing risks
- Server-side enforcement: License limits are enforced by servers, not clients
Related Concepts
Section titled “Related Concepts”- Security and Trust Model explains how lease signatures work
- What Is Big Picture? provides context on Big Picture’s overall approach
- See Workflows for operational guidance on license management