I want to quickly distinguish our Hybrid Cloud offering from our Private Cloud offering since I thinks this may keep coming up in this thread.
In the Hybrid Cloud offering (this is our 'classic' or previous offering that's been available for quite some time) we don't store any data on our servers. However, because some communication does happen with our servers (e.g. for registration), we heard from businesses and enterprises that they would like a completely on-prem solution to guarantee no data goes to our servers.
This completely on-prem solution is the AeroFS Private Cloud. It's a virtual machine that is packaged as either an OpenStack image or an OVF/OVA file (supporting VMWare/Virtualbox), and in this VM absolutely no communication happens with our servers, period.
I'm curious how you can make money on selling software as an appliance, and guarantee that a customer won't just replicate the system to have more servers?
As the other reply said, to a certain extent you have to trust your customers. Big companies don't want to be exposed to liability - I know of a large organization that accidentally skimped on their license accounting for a database product (not Oracle) and got handed a $40m bill. They negotiated it down from there, but still, people lose their jobs over things like that.
Along those lines, the contracts that customers sign should always include a clause that says you have the right to audit them if you believe they are not in compliance. Typically, you don't want to do that unless you absolutely have to, but it can be a useful tool when renegotiating enterprise "all-you-can-eat" support contracts.
Still, there's technical stuff you can do. Log the IP address, hostname, hostid, mac address, and so on into your logs on startup. Then, when a customer submits a support case and uploads log files, store that info somewhere. Or create a "support package" that includes anonymous usage data and ask customers to upload.
But the absolute last thing you want to do is deal with licenses and keys and hard limitations. All you'll do is piss off your customers when they hit their hard limit under a deadline at Friday at 4pm.
It's becoming increasingly common with this kind of hybrid product that has both hosted and on-premises offerings. You either trust your customers or you don't. And if you want their business, you need to trust them. Sure, some will take advantage of this - but most will do the right thing.
In addition, the customers that have requirements for this kind of offering are the last who are likely to skimp on payments. If a customer wants on-premise solutions, they do not want it calling home. Period, for any reason, not ever. These tend to be more regulated environments, where product licensing is taken seriously.
[edit: object and predicate should match. or something like that.]
You could have a look at Owncloud (http://owncloud.org).
I played around with it a couple of days ago and seems to be quite powerful. It acts very much like Dropbox and can be installed on any web server that supports PHP.
That doesn't help with the clients. If someone doesn't trust AeroFS not to leak data, why would they be able to trust the AeroFS client not to leak data? The server is only one half of the problem.
In the Hybrid Cloud offering (this is our 'classic' or previous offering that's been available for quite some time) we don't store any data on our servers. However, because some communication does happen with our servers (e.g. for registration), we heard from businesses and enterprises that they would like a completely on-prem solution to guarantee no data goes to our servers.
This completely on-prem solution is the AeroFS Private Cloud. It's a virtual machine that is packaged as either an OpenStack image or an OVF/OVA file (supporting VMWare/Virtualbox), and in this VM absolutely no communication happens with our servers, period.
(and you can easily verify that)