Microsoft Application Device License Control in SBC, VDI and Streamed Environments

Many Microsoft applications, including Microsoft Office™, Project™ and Visio™, are licensed on a per-device basis. This means a desktop application license is required for each and every device that is able to potentially access the application or server where the application is installed, regardless of whether a user executes and runs the application of not. 

This makes licensing Microsoft applications in virtual environments a tricky, potentially very costly, and misunderstood subject.  So, let us take just two minutes to cover some of the most common misunderstandings as to Microsoft Application/Device licensing in SBC (Microsoft Terminal Server and Citrix XenApp), VDI (Citrix XenDesktop and VMware View) and Application Virtualization/Streaming (Microsoft App-V, VMware ThinApp, Citrix Streaming, InstallFree etc) estates.

One misconception is that by ‘publishing’ or ‘streaming’ applications to a limited “user” group, that group is compliant with the Microsoft license agreement – in other words, Microsoft licenses their applications per user.  This is in fact in breach of the Microsoft licensing model, and can lead to legal action.

‘Publishing’ or ‘streaming’ applications to a limited “user” group is not a valid approach to license restriction, since users within the group can potentially access the application from any device that can connect to the server hosting the application binaries, or, any device the virtualization server can see or stream to. This means desktop application licenses may need to be purchased for devices where the user of that device does not actually use the application.

Furthermore, Microsoft technologies such as Group Policies and Software Restriction Policies cannot be used as a means of enforcing licensing control, as these methods apply to “users”, or groups of “users”.

For Microsoft applications which are licensed on a per device basis application access must be controlled at the “device” level.

AppSense Application Manager (is to my knowledge) the only officially, Microsoft approved and recognized means of controlling application access on a per device basis in SBC/Terminal Server, Virtual Desktop or streamed application environment with regards to license enforcement.

AppSense Application Manager operates with a kernel level filter driver within the Windows operating system. This filter intercepts all file execution requests prior to an application actually launching, to determine if the request is to be authorized or prohibited. Any unauthorized requests are blocked and the user receives a message, configurable by the administrator, stating that execution has been denied.

A flexible and granular rule set enables the Administrator to restrict access to applications by a range of variables, but specific to device based licensing, AppSense can restrict access based on device name or IP address. This enables AppSense Application Manager to effectively control, manage and in most cases, reduce the required number of Microsoft licenses.

AppSense Application Manager also provides detailed insight into user activity and application usage through reporting and auditing functionality. By reporting on application usage at a user and device level, AppSense Application Manager helps organizations verify compliance with Microsoft desktop application license models and provide estimates of license volume typically required across the user base.

To learn more about Microsoft Licensing and how AppSense Application Manager can be used to not only ensure compliance, but also reduce the amount of device licenses required, saving operational costs and providing almost immediate return on investment, please visit http://www.appsense.com/solutions/licensemanagement.aspx 

Furthermore, a copy of the Official Microsoft approved whitepaper on use of AppSense for application access and license control in virtual environments can be found at http://www.appsense.com/Files/Documents/Microsoft%20Application%20License%20Control%20(US).pdf

Managing Roaming Users & Printers Across Desktop, Citrix & VMware

Managing user printers and printer policies across Desktop, Server Based Computing ( SBC – Microsoft Terminal Server & Citrix XenApp) and Virtual Desktop Infrastructure (VDI – Citrix XenDesktop & VMware View) environments is becoming increasingly complex.

Administrators are spending huge effort (meaning they are also missing on investigating other projects) managing complex logon scripts to perform printer mappings, and, when printers are not available, for example if the user has roamed or changed desk or location or changed desktop delivery mechanism, IT must answer a support call and manually map the printer for the user.

AppSense Environment Manager solves this issue by automatically mapping the local or closest printer to the user and thier device (no matter how their desktop is being delivered to them), without the need for any complex logon scripts.  This not only reduces the time and costs associated with ongoing IT operations, but also improves the user experience and ensures all printed documents, including confidential data, is printed to the correct printer.

Using a combination of conditions (when an action is to apply) and actions (the application of a specific policy, in this case, mapping a printer) AppSense Environment Manager will dynamically map any pre-determined printer based on Client IP or MAC address conditions.  As an enterprise focused product, this all achieved and configured in a very simple and intuative management console as opposed to traditional complex logon scripts and policy actions.

Further more, it is common practice for many enterprise environments to have dedicated printers mapped and used exclusivly by specific applications, such as ERP or Finance applications.  AppSense Environment Manager is again used by thousands of organzations around the world to help provide a logical and cost effective solution to ensuring certain applications always print to the same secure printers. Please see the screenshot below showing that when the JD Edwards application is launched, and the user is running the application on a client within a set IP address range, then a specific printer is automatically mapped as the only printer available for the application.

In this scenario, printers can be enforced as the only printer available for a specific application, based on either application name or, application IP address if it is delivered from a silo via streaming or publishing technology.   With that said, AppSense Environment Manager can also provide security in that the user can not change the printer, yet requried flexibility of allowing the user to change specific settings such as paper trays, paper sizes, formats & finishing etc..

In conclusion, printing can be a troublesome, time consuming issue, but it needent be.  AppSense Environment Manager is not only proven to resolve these issues, but also reduce opertional costs and provide a strong ROI.

For more information, please visit www.AppSense.com