|This FAQ is valid for|
This page contains:
In order to run properly, each installation of easyDCP KDM Generator+ needs three different sets of files issued separately for each installation:
During the activation process all of those files are generated using appropriate functions in the easyDCP web shop at http://www.easyDCP.com. Licenses and Server Certificates are bound to the particular hardware easyDCP KDM Generator+ is running on. Signer certificates are not tied to the hardware.
Important: If some hardware components in the production machine are changed or the machine stops operating at all, the license and server certificates will not work anymore. Using the migration function in the easyDCP web shop, a license can be ported to another machine. However, a server certificate cannot be used on another hardware. Likewise, it is not possible to re-use the certificates if certain hardware components get replaced on the system. And once the server certificates cannot be used anymore.
ALL (D)KDMs ISSUED FOR THESE SERVER CERTIFICATES ARE LOST AND CANNOT BE RECOVERED.
We recommend our easyDCP KDM Generator+ customers to set-up a second computer serving as backup machine for their (D)KDMs. If used properly, existing (D)KDMs can be recovered and ported to a fresh installation, in case the production machine is not working anymore. The set-up is simple and your existing (D)KDM workflow requires only small changes.
NOTE: You can use your existing easyDCP KDM Generator+ instance to issue backup-(D)KDMs of your existing (D)KDMs for your new backup easyDCP KDM Generator+ instance. This is a one-time-only job and should be performed as soon as possible.
This chapter gives an overview over the recommended workflow when using two instances of easyDCP KDM Generator+ in parallel.
Figure 1 shows a block diagram comprising two activated instances of the software, both identified by their Server Certificate. As mentioned above, the Server Certificate is bound to a specific hardware and installation of the operating system and cannot be used on another installation.
Figure 1: Two activated instances of easyDCP KDM Generator+ running on different hardware
Figure 2 shows one of the common applications using easyDCP KDM Generator+. Here, the Main Unit (MU) receives certain input data:
Figure 2: Standard KDM generation process using one installation of easyDCP KDM Generator+
As result easyDCP KDM Generator+ generates a batch of KDMs for the selected Cinema Servers (step 3).
Based on the workflow described above, we recommend generating a Backup DKDM for the Backup Unit (BU) shown in Figure 1 whenever a new key is used as input format (step 1). Basically, the processing-steps are identical to the description given in 4.1, but instead of only ingesting certificates from the Cinema Servers we also point our Main Unit of easyDCP KDM Generator+ to the Server Certificate of our Backup Unit (Figure 3, step 2). By doing this, easyDCP KDM Generator+ issues a Backup DKDM that can be read from the Backup Unit later. In case the MU is not available anymore, the Backup KDM can be used to recover the original keys that were used to encrypt the DCP.
Figure 3: KDM Generation Process using the Backup Unit (BU)
In case of a hardware crash or when the system components used to assemble the Main Unit’s system hash change, it is possible that the Server Certificates of the Main Unit cannot be accessed anymore. In this case it is possible to move the main unit onto a new hardware or issue a new set of license and certificates for the new configuration of the main unit. In any case, the previous Main Unit’s Server Certificates must be replaced. Through the easyDCP-web shop it is possible to get new licenses and certificates on the fly. Indeed, none of the old (D)KDMs of the former Main Unit (MU) will work with the new installation, called New Main Unit (NMU) here, since the new Main Unit is identified by a new Server Certificate. In order to get (D)KDMs working on the NMU it is necessary to use the BU as shown in Figure 4. Please note that the BU of KDM Generator+ is used instead of the MU.
Figure 4: Issuing DKDMs for the New Main Unit (NMU) using the Backup Unit (BU)
By ingesting both, all Backup-KDMs (1) as well as the Server Certificate from the New Main Unit (NMU – step 2) new DKDMs for the New Main Unit are generated.
Step 1. Download the easyDCP KDM Generator+ Installer for your target OS from your license status again and install it.
Step 3. www.easydcp.com will offer you: "Activate your complementary license". Select it for activation.
Now your license status shows a new entry called: "easyDCP KDM Generator+ Backup"
Step 4: Download the license and certificate data set and import it into your easyDCP KDM Generator+ Backup system.
NOTE: The complementary license is locked for migration. If you need to migrate your easyDCP KDM Generator+ Backup system please contact us at info@easyDCP.com.