Communication between the eWay-CRM server component and the eWay-CRM license server

Each server component of eWay-CRM requires a constant functional connection to the central licensing server to operate correctly. Communication is conducted with the domain name ls.eway-crm.com on port 443 via the HTTPS protocol. TLS/SSL v1.2 or newer client support is required for communication on the server hosting the eWay-CRM server component.

Contents

The following chapters provide a complete list and description of when, how, and what the hosting server communicates with the licensing service.

• License Key Update
• Update Availability
• Authentication Tokens
• AI Evaluation (only when the feature is enabled)

License Key Update

Both components of the server (eWay-CRM web service and eWay-CRM Timer service) download the license key at startup and then periodically (every 3 hours). The license key is also downloaded by the web service when the Users section in the Admin Center is loaded. The license key is a digitally signed file containing the following information:

• unique identification of the server and specific eWay-CRM customer
• set of available features and licenses for eWay-CRM
• billing summary
• timestamp

Even if a customer has purchased lifetime licenses (on-premise), eWay-CRM still requires an up-to-date license key for proper operation. A license key timestamp older than 3 hours is considered an error by the system, and the user will later be informed of the lost connection to the licensing server — see the article Notification About Unpaid Invoices or Expiring License. For subscription-based licenses, an outdated license key will stop the license and lock the system, even if the customer has a valid subscription. The eWay-CRM server component will not receive information about the paid subscription without a connection to the licensing server.

The license key is issued to the server component based on identification data unique to each customer, including a hardware fingerprint of the server itself. If there is a hardware change or eWay-CRM migration to another server, the licensing server can detect this and switch to the new server fingerprint. However, if more than one server component requests the customer’s license key, only one fingerprint is considered valid, and the other will not be able to download the current license key. The server component whose fingerprint is not valid for the customer is considered disconnected from the licensing server.

Update Availability

Both server components (eWay-CRM web service and eWay-CRM Timer service) download information about available updates for the eWay-CRM server component and the desktop Outlook client application at startup and then periodically (every three hours). Update availability information is also downloaded when the Updates section in the Admin Center is opened.

When an update installation is initiated from the Admin Center, eWay-CRM Timer also downloads information of the checksums and locations of update files from the licensing server. The update files are then downloaded via HTTPS on port 443 from the following domains:

• ls.eway-crm.com
• download.eway-crm.com
• apps.eway-crm.com

After downloading, the checksum is verified against information obtained earlier from ls.eway-crm.com.

Like the license key, update availability is provided based on identification data, including the server hardware fingerprint. If the data doesn’t match, the server component cannot download either the license key or update availability information.

Authentication Tokens

The eWay-CRM web service also retrieves authentication tokens from the licensing server for other functions that directly communicate with the corresponding service. Authentication tokens are issued only when the eWay-CRM web service provides valid identification data. These services include:

• Subscription management, payment details, and billing in the Admin Center
• Gathering user feedback
• Distribution of training and educational materials to eWay-CRM client applications
• Integration with QuickBooks
• Synchronization with Microsoft Office 365

AI Evaluation (only when the feature is enabled)

The eWay-CRM web service sends the following parts of an email message to the licensing server in our cloud for AI analysis:

• subject
• sender, recipient, and cc email addresses
• email send and receive timestamps
• full email body, including formatting and images
• information on whether the eWay-CRM user is the recipient or sender of the email

This data is sent when:

• converting an email to a contact, deal, or project
• extracting suggested tasks (including for emails not saved in eWay-CRM)
• adding Summary and Tone to emails stored in eWay-CRM

Neither input nor output of AI analysis is stored on the license server side or elsewhere in the cloud (except for the web service if hosted in the cloud). Not even in the license server error logs. In the license server log, we only record that a specific customer (billing name) is analyzing an email. For debugging, only the SHA256 hash of the email subject is stored, which does not constitute data storage, as the subject cannot be reconstructed from the hash. It is a one-way conversion.