Hardware fingerprint SOFT mode (default) vs HARD mode (opt-in)

The hardware fingerprint binds your license to the VM it was issued for. Two modes are available: SOFT (default, friendly with vMotion and clones) and HARD (strict, opt-in for large accounts).

What is in the fingerprint?

The hardware fingerprint is a cryptographic hash computed from stable VM identifiers: SMBIOS UUID, motherboard serial, MAC address of the first network interface, hardware fingerprint of the data disk, vTPM signature when available. A drift on one or two parameters is normal (live migration, NIC reset). A drift on all parameters indicates a clone.

SOFT vs HARD

SOFT (default)

  • Drift detected: persistent UI warning, audit log entry, no functional impact.
  • Compatible with: VMware vMotion, Proxmox live migration, Hyper-V Live Migration.
  • Clone (qcow2 copy, ESXi clone): detected by SOFT, but the appliance keeps working. A SN2O alert is raised.
  • Recommended for: 95% of cases (SME, mid-market with classic virtualisation).

HARD (opt-in)

  • Drift detected: full-screen license lock, services suspended, SN2O reissue required.
  • Compatible with vMotion: partial — a live migration that drifts the SMBIOS UUID triggers the lock.
  • Clone: immediately blocked.
  • Recommended for: large customers explicitly requesting it (audit compliance, supply chain).

Legitimate drift — reissue procedure

When a legitimate fingerprint drift triggers a SOFT warning or a HARD lock (large hypervisor migration, motherboard replacement, network card replacement), SN2O issues a new license bound to the new fingerprint:

  1. Open a ticket with SN2O specifying the cause of the drift (planned migration, hardware change).
  2. Run natalia-license-cli gen-fp on the appliance, copy the resulting fingerprint to the ticket.
  3. SN2O signs a new license with the new fingerprint and returns the .license.toml.
  4. Install via Settings → License → Install license (or via the lock screen if HARD lock).