DRAGEN Cloud Licensing
Credential based authentication is required for users that run DRAGEN on the cloud with the Bring-Your-Own-License (BYOL) model. DRAGEN must have access to the DRAGEN License server at runtime, license.dragen.illumina.com.
To verify connectivity to the license server, you can query the healthcheck endpoint which will return a 200 status code and a small JSON body if successful.
Running DRAGEN Cloud BYOL with Credential Licensing
BYOL users must provide credentials to DRAGEN at runtime, using one of two options.
Providing Credentials via License Credentials File
The suggested method for specifying your credentials is through a file passed in to DRAGEN at runtime. The file can be pointed to using the option --lic-credentials <path to file>
. This method provides a more secure way to pass credentials, which avoids accidental credentials leaks from command line console logs.
The License Credentials File should be formatted as follows;
Note: when using the License Credentials file, a default license server domain will be used based off the version of DRAGEN being used;
DRAGEN 4.4 and above: https://license.dragen.illumina.com
DRAGEN 4.3 and earlier: https://license.edicogenome.com
If you wish to override this behavior, you can add the credentials-3 option to the credentials file. Note, do not specify the protocol (i.e. https).
Providing Credentials via Command Line
Alternatively, you can simply provide your credentials over the command line using the option --lic-server <license server URL with credentials>
.
The license server URL should be formatted as follows;
Instance Identity
DRAGEN Cloud runs access the local instance identity document via the Instance Metadata Service to be used with credential authentication. It uses the IPv4 local address. If access to the local address is not allowed, authentication will fail.
Alternately, the user may save the instance identity document(s) and point DRAGEN to use them instead, if the user does not want to allow applications to access this service. The instance identity document(s) only need to be saved once per account and region, and those files can be re-used subsequently. This is achieved using the command line option --lic-instance-id-location <instance identity folder>
.
AWS Instance Metadata Service (IMDSv1/IMDSv2)
DRAGEN supports both AWS IMDSv1, and the more secure AWS IMDSv2. AWS IMDSv2 must be enabled on the AWS instance, otherwise, IMDSv1 is used by default. DRAGEN software will automatically detect the IMDS version in use and adapt its behavior accordingly.
Notes
Currently, input streaming from an S3 bucket is supported only with IMDSv1.
IDMSv2 is only supported in DRAGEN versions 4.3 and above.
Saving the IMDSv1 document:
Saving the IDMSv2 document:
The instance identity folder must contain three files, respectively named pkcs7
, signature
, and document
.
Azure Instance Metadata Service (IMDS)
Saving the IDMS document:
The instance identity folder must contain two files, respectively named instance
and document
.
Retrieving License Information using dragen_lic
There are two options for retrieving information for your licenses using the packaged dragen_lic tool. Examples for each one are below.
Basic Output (i.e. no additional arguments). This is the recommended method to view license information by a human user as the output is more readable.
JSON Output (i.e. using the -j flag). This is the recommended method to view license information by a machine user as the output is already in a machine readable JSON format.
Note: Just like running DRAGEN as noted above, you must specify your credentials using the --lic-credentials
or --lic-server
command line options.
Note: Retrieving license information using the dragen_lic tool is only supported on DRAGEN 4.4 and above.
Retrieving License Information using API endpoint
Alternatively, you can retrieve license information using our License Server endpoint specified below without the use of DRAGEN. License information is returned in a JSON format.
GET request to https://license.dragen.illumina.com/api/v2/query_quota. Your user credentials must be provided as a Basic Authorization header. An example of this using the curl tool is shown below.
Usage Reporting
Usage reporting is a key component of the DRAGEN Licensing infrastructure. After each individual run, usage data will automatically be uploaded to Illumina's License server. Usage data entails the following information for each individual run
run date
run duration
licensing quota consumed (number of bases) in that run
run status
software version used for the run.
instance identity document
Last updated
Was this helpful?