Showing results for 
Search instead for 
Did you mean: 
FAQ: Keyless Feature Enablement in Storage Foundation HA


Starting with Storage Foundation HA 5.1, you can enable features using keyless licenses. The primary objective of keyless is to improve the customer experience with Storage Foundation HA (SFHA) and make it easier to deploy, manage and use our products. Keyless licensing continues to apply for all future releases starting with SFHA 5.1. Starting with Storage Foundation HA 6.1, ApplicationHA supports keyless licensing. Note that a customer continues to be required to have valid licenses for the product he/she is running. Entitlement does not change in 5.1 and beyond.

Review the information provided below as well as the attached pdf to learn more.

Frequently Asked Questions (FAQ)

  • What is the advantage of using keyless versus standard licensing?
    • Keyless simplifies the task of a system admin deploying SFHA in a production environment. It also results in better overall system availability in a production environment by removing the need for temporary license keys.
    • Before 5.1, license keys were required for SFHA to be functional on a host. If at time of deployment, a system admin didn't have the appropriate key handy (which can happen for a variety of reasons), he either had to incur delay in delivering a working server (which isn't always an option), or he needed a work-around. That work-around generally involved frantically getting a temporary key and deploying it in Production. Temporary keys expire with disastrous effects on SFHA hosts after a reboot and dealing with left-over temporary keys is a common problem in large scale environments.
  • Is keyless right for me and my organization?
    • This depends on your processes and how you manage entitlement in your datacenter.
  • I am a system admin and want keyless, but my procurement folks absolutely need traditional keys in order to buy software and track entitlements, compliance, etc. How can I get around this?
    • Keyless requires that a host be connected to Storage Foundation Manager (SFM). SFM can provide detailed reports on the SFHA estate in a given environment and could potentially be used by procurement for tracking.
    • Alternatively, you can continue to use license keys in SFHA 5.1 and beyond,.
  • Is there a business case? How do I measure the ROI of keyless?
    • No, there is no business case. The benefits of keyless can be measured in better availability (by removing the need for temporary keys) and streamlined operations for the customers and Symantec (removing the need to deal with urgent cases of customers needing a temporary key).
  • I want to go keyless but only use the minimal install. How would I get the Storage Foundation Manager (SFM) managed host package?
    • You can download the SFM managed host software by clicking here. Alternatively, you can copy the package from the SFHA 5.1 DVD and utilize native packaging commands such as pkgadd, rpm or installp to install the package. VRTSsfmhis the SFM managed host package name.
  • Can I still use my 'standard' UxRT 5.0 MP3 keys with 5.1?
    • Yes, you can continue to use your 'standard' keys.
  • What is the difference between a keyless tag and a keyless_EVAL tag, for example, SFHAENT and SFHAENT_EVAL? And when would I use one rather than the other?
    • There are no EVAL keys supported for releases after SFHA 5.1.
  • What if I try keyless, can I go back to keys? Do I need to re-install / get new bits?
    • Yes, you can go back to keys. In fact, keyless can be used for rapid deployment of the software if it will take some time to get the keys. Keyless can be used for 60 days while keys are obtained. Once the keys are acquired, simply install the keys with vxlicinst and run "vxkeyless set NONE" to turn off keyless.
  • Can I go keyless without using Storage Foundation Manager (SFM)?
    • Not if you intend to use the product on a host for more than 60 days. If you need to go beyond 60 days, you must utilize SFM in order to use keyless licensing. Failure to utilize SFM will result in periodic reminders/nags which will get more frequent as time goes by.
  • I purchased keyless, so why am I being nagged every X days / X hours for being out of compliance?
    • You must install Veritas Operations Manager 2.1(or higher)Managed Host on your system and configure the server.
  • Can I go keyless in releases prior to 5.1?
  • No.SFHA Keyless licensing is applicable starting with  the SFHA 5.1 release and will be applicable for all future releases.
  • Can I use old keys to get past the nagware (compliance alerts) in 5.1?
    • Yes, but you must run "vxkeyless set NONE" to turn off keyless. This will remove all keyless keys and leave the keys installed with vxlicinst as the only licenses on the system.
  • Can I maintain a mixed environment in my data center: keyless and keys? Or does it need to be all or nothing?
    • You can definitely have a mixed data center. Use keys on the servers that make sense and use keyless when that makes sense.
  • Can I use temp (EVAL) keys to stop the out of compliance alerts?
    • There no temp (EVAL) keys starting with our 5.1 release and beyond.
  • Normally, the installation process will ask for the license key. Is this still going to happen and/or how do I invoke keyless licensing?
    • The Installer will ask for a license or continue with keyless. The installer with run /opt/VRTS/bin/vxkeyless to set the keyless keys and enable the specified products and levels. To be in compliance, the customer must still install the Storage Foundation Manager 2.1 server (or Veritas Operations Manager 3.0 and above) and make sure the SFM 2.1 (or Veritas Operations Manager 3.0 and above) managed host connects to the server. If the host is out of compliance there will be a reminder message to either remove the keyless keys or install the SFM 2.1(or Veritas Operations Manager 3.0 and above) software.
  • Do I still use vxlicinst and vxlicrep to access keyless licensing?
    • These commands are available but no longer necessary on hosts which are completely keyless. To install keyless keys, use the vxkeyless set command. To generate a keyless key report, use the vxkeyless display command. The vxlicrep command is available and will report all keys: real keys and keyless keys. The keyless keys will be identified with the VXKEYLESS feature bit set.
  • If I automate the building of systems with native installer (ie. Jumpstart), how do I enable keyless licensing?
    • It is recommended that you automate the license key installation as well or else manual intervention will be required. To automate the use of vxkeyless:
      • Run "/opt/VRTSvlic/bin/vxkeyless displayall" manually
      • Choose one or more licenses from the displayed list (e.g. SFCFSRACENT_VVR and VCS_GCO)
      • Add a call of "/opt/VRTSvlic/bin/vxkeyless -q SFCFSRACENT_VVR,VCS_GCO" to your automated script
  • Do I still need NFR keys? How do I get them?
    • Yes there is still NFR keys. You can get the keys from the license certificate and portal (if registered). The license portal URL is:
  • Do I still need EVAL keys? How do I get them?
    • There are no EVAL keys for the 5.1 release and beyond. The customer will need to use keyless keys.
  • I have been running keyless for 60 days and have Storage Foundation Manager (SFM) ((or Veritas Operations Manager 3.0 and above) configured and I just started getting the 'nagware' message. What is the problem?
    • Keyless checks if the host is being managed by a SFM Central Management Server (CMS). Please check the following:
      • The SFM CMS (or VOM CMS) have been un-configured or deleted
      • There is a network issue between the managed host and the CMS
      • The managed host has been un-configure at the CMS
  • I have been using EVAL keys on 5.0 and I am going to upgrade to 5.1 will I have any problems?
    • When the EVAL key expires and SFHA is re-started (e.g. system reboot) the features that are related to that key will not work. You will either need to get a PERM key from Symantec or run the vxkeyless command.
  • I can set SFCFSRACENT_VVR but not SFCFSRACENT_VVR_GCO. Is it missing or is this intended?
    • This is intended. GCO requires a VCS license and VCS does not come with SFCFSRAC. SFCFSRAC customers who want GCO will need to purchase VCS_GCO as well.
  • If I do not want to do keyless. How do I get 'standard' keys?