Microsoft Application Device License Control in SBC, VDI and Streamed Environments

Many Microsoft applications, including Microsoft Office™, Project™ and Visio™, are licensed on a per-device basis. This means a desktop application license is required for each and every device that is able to potentially access the application or server where the application is installed, regardless of whether a user executes and runs the application of not. 

This makes licensing Microsoft applications in virtual environments a tricky, potentially very costly, and misunderstood subject.  So, let us take just two minutes to cover some of the most common misunderstandings as to Microsoft Application/Device licensing in SBC (Microsoft Terminal Server and Citrix XenApp), VDI (Citrix XenDesktop and VMware View) and Application Virtualization/Streaming (Microsoft App-V, VMware ThinApp, Citrix Streaming, InstallFree etc) estates.

One misconception is that by ‘publishing’ or ‘streaming’ applications to a limited “user” group, that group is compliant with the Microsoft license agreement – in other words, Microsoft licenses their applications per user.  This is in fact in breach of the Microsoft licensing model, and can lead to legal action.

‘Publishing’ or ‘streaming’ applications to a limited “user” group is not a valid approach to license restriction, since users within the group can potentially access the application from any device that can connect to the server hosting the application binaries, or, any device the virtualization server can see or stream to. This means desktop application licenses may need to be purchased for devices where the user of that device does not actually use the application.

Furthermore, Microsoft technologies such as Group Policies and Software Restriction Policies cannot be used as a means of enforcing licensing control, as these methods apply to “users”, or groups of “users”.

For Microsoft applications which are licensed on a per device basis application access must be controlled at the “device” level.

AppSense Application Manager (is to my knowledge) the only officially, Microsoft approved and recognized means of controlling application access on a per device basis in SBC/Terminal Server, Virtual Desktop or streamed application environment with regards to license enforcement.

AppSense Application Manager operates with a kernel level filter driver within the Windows operating system. This filter intercepts all file execution requests prior to an application actually launching, to determine if the request is to be authorized or prohibited. Any unauthorized requests are blocked and the user receives a message, configurable by the administrator, stating that execution has been denied.

A flexible and granular rule set enables the Administrator to restrict access to applications by a range of variables, but specific to device based licensing, AppSense can restrict access based on device name or IP address. This enables AppSense Application Manager to effectively control, manage and in most cases, reduce the required number of Microsoft licenses.

AppSense Application Manager also provides detailed insight into user activity and application usage through reporting and auditing functionality. By reporting on application usage at a user and device level, AppSense Application Manager helps organizations verify compliance with Microsoft desktop application license models and provide estimates of license volume typically required across the user base.

To learn more about Microsoft Licensing and how AppSense Application Manager can be used to not only ensure compliance, but also reduce the amount of device licenses required, saving operational costs and providing almost immediate return on investment, please visit http://www.appsense.com/solutions/licensemanagement.aspx 

Furthermore, a copy of the Official Microsoft approved whitepaper on use of AppSense for application access and license control in virtual environments can be found at http://www.appsense.com/Files/Documents/Microsoft%20Application%20License%20Control%20(US).pdf