The product I would like to protect has 2 components:
A. a central component managed by my company
B. another one installed at each customer’s premises.
Connectivity to the Cryptlex server from B is not guaranteed, but our customers agreed to ensure connectivity between B to A.
So, B will contact A, asking if its license is valid.
My understanding is that I cannot use the LexActivator package in this scenario.
Is this correct?
Where is the Component A hosted?
If it is in the customer’s premises you can simply protect A, and B can connect with A to know the license status.
If you host Component A, then you only need to protect Component B. So you can directly use LexActivator in Component B to validate it even if it is offline as LexActivator supports offline activations. So B doesn’t need to communicate with A to know its license validity.
Server A is hosted by us.
I understand this idea of offline activation, but it has a lot of drawbacks (license revocation, for example).
In your server A you can create a proxy endpoint which just proxies the request to Cryptlex and sends back Cryptlex response. That should solve the problem you may face in offline scenarios.
Our IPs are guaranteed to be static, you can also allow traffic to our IP addresses from client if that is possible.