Accessing Mentor FlexLM License Server via SSH Port Forwarding

Your FlexLM License server might be behind a firewall that makes it unaccessible even if you are VPNed into that network.  The FlexLM server could be only listening to machines on a certain subnet of addresses or have some other reason to communicate with only certain machines.  That firewall makes things like my post Installing Mentor Questa on Ubuntu much more difficult to complete if you wanted to run something like Mentor Questa on your remote machine.

One way to make it work was described in the source article Accessing Cadence/Synopsys/Mentor/FlexLM License Server via SSH Port Forwarding with many useful comments of people doing their own twists to the article make it work.  This source article got me going, but his approach wasn't one I could do, or I don't think I could do, without being the guy in charge of the FlexLM License server.

Below is my recipe with an explanation based on that blog entry, and a collection of the comments, that will allow you to do the necessary ssh forwarding to be able to communicate with a FlexLM server as if you were at a machine on its native network.

Diagram

Below is a graphical view of the approach I am doing.  A ssh LocalForward from the local machine, through workstationx (requires a VPN to access from local machine - workstationx can communicate with flexserver), to flexserver (the FlexLM server).

Diagram of Approach to Accomodate FlexLM Server Firewall / Settings

Diagram of Approach to Accomodate FlexLM Server Firewall / Settings

 

Error FlexLM Server

Below is the error you will get if you cannot communicate with a FlexLM server.

> lmstat
lmstat - Copyright (c) 1989-2013 Flexera Software LLC. All Rights Reserved.
Flexible License Manager status on Sat 2/1/2014 23:40

Error getting status: Cannot connect to license server system. (-15,570:115 "Operation now in progress")

Edit /etc/hosts

The first step is to edit your local "/etc/hosts" file to tell it your license server name(s).

BEFORE
127.0.0.1 localhost

AFTER
127.0.0.1 localhost flexserver

Find the FlexLM and mgcld Port

Next, we have to figure out the port numbers for both the FlexLM server and the mgcld (Mentor License Daemon).  Questa just needs these two ports / services to do all of the licensing it needs.  The FlexLM server is easy; since if you do the following command on a machine that does have access with the license server, you will have the port number you need.

> echo $LM_LICENSE_FILE
5280@flexserver

In this case, you know that the FlexLM server is port 5280 of flexserver.  But, you don't know what the port for mgcld is.

You could simply ask your IT administrator what the port the Mentor License Daemon is on.  The downside is that this port could change each time the license server is restarted and then you would have to ask again - unless they fix the port number for the Mentor demon.  My company did not fix the port number.

The second option is to just look for the port yourself.  To do that, you would normally do a "nmap" which is a, now standard, port scan application.  If you can do that: great.  But, you might be at a company that does not allow the use of the "nmap" command unless you have root access.  In that case, you could use the Port Scanner Python script from Extreme.

The Port Scanner Python script does a great job at finding open ports without the use of "nmap" - only requiring Python.  Tell it the IP address (number) of your flexserver and enter ports 1025 to 65536.  Somewhere in this list of ports will be your mgcld server.

Port  5280 is open
Port 6709 is open

Let's assume the output of the Port Scanner Python is as above.  We know that 5280 is the FlexLM server so then the 6709 is the mgcld server.

Edit ~/.ssh/config

The next file to edit on local machine is "~/.ssh/config".

Host workstationx
LocalForward 5280 flexserver:5280
LocalForward 6709 flexserver:6709

What these edits do is setup, whenever you ssh to workstationx, a connection from workstationx to flexserver on the specified ports and make that connection seem local to local machine.

Final Steps

Starting from local machine VPN into your network, then ssh to workstationx.

> ssh workstationx

In a different terminal of local machine, while the ssh to workstationx is still active, run the following commands.

> export LM_LICENSE_FILE="5280@localhost"
> lmstat
> vsim

The first command sets up the environment variable "LM_LICENSE_FILE" which most of the FlexLM clients and tools use.  We are setting it to localhost so that requests are sent to localhost and then forwarded through workstationx and then to flexserver (the "~/.ssh/config" edit).

"lmstat" is the normal program you run to see if your FlexLM servers are working properly.  You should see that you get good output that looks something like the below.

"vsim" is the main program for Mentor Questa.

> lmstat
lmstat - Copyright (c) 1989-2013 Flexera Software LLC. All Rights Reserved.
Flexible License Manager status on Mon 1/27/2014 22:25

License server status: 5280@flexserver
License file(s) on flexserver:
/tools/flexlm/license/mgcld.lic:

flexserver: license server UP (MASTER) v11.11

Vendor daemon status (on flexserver):

mgcld: UP v11.11

Now, you are all set to use Questa on your local computer using ssh to forward around a firewall.

Mentor Questa 10.3 Running Natively in Ubuntu Linux 12.03

Mentor Questa 10.3 Running Natively in Ubuntu Linux 12.03

Tips

In these examples, I am using hostnames without domain names such as workstationx.  When you are filling out these values you will most likley want to use the fully qualified name like workstationx.companyx.com.