We are OEMs that are currently dealing with a few of our customers copying our IP from our GE iFix systems. I am trying to get any “best practices” that any of you use that can prevent any of these problems in Ignition? Specifically, these scenarios we are interested in mitigating:
Our systems are Virtual Machine based. How would we prevent a company from copying our virtual machine with Ignition installed and licensed? Basically, we do not want a company to clone our VM and put it on their “copy system”.
We need to be flexible to let customers add their own users to our Ignition setup (through Active directory or adding users in the Gateway Webpage), how do we prevent them from taking Gateway backup files and copying the pages/code out for themselves and re-selling?
This is just a bit of things we are dealing with more and more and we want to protect our systems so that another company cannot take our IP and re-sell it.
Granted, this is half the battle as the other lies in preventing our PLC code from being stolen… I’ll take suggestions for that, but I’m more interested in the Ignition side of IP theft prevention.
Your sales representative can get you more info on this. We've got a few different ways to help OEMs manage this problem; ie locks inside the gateway configuration that can't be removed without a specific license key.
The Ignition licensing system looks at a collection of hardware details that are usually difficult to replicate in another piece of hardware. I don't know the recipe involved, so I don't know if an unmodified clone would be detectable.
There's no fool-proof way to protect your jython code and user interface designs. The closest thing you can do within the project is to use Protected Resources, but those can by broken with an administrator password reset inside the gateway.
The only relatively strict way to control your source code is to distribute the bulk of it in the form of a Java add-on module, that you license per install. The module could include a home-grown licensing system that more strictly checks the operating environment than Ignition's own licensing system, if you discover loopholes that your users are exploiting. I use a variant of the idea to supply "feature codes" in my Ethernet/IP add-on modules.