You Know Where The Door is – Use It!.. But Do You Have To?

January 17, 2010

Yes. Something that has happened  several times before has happened again this week.

A Reseller/Solution Provider implements a Citrix/Terminal Services/VDI/Streamed Application solution for an end user client.  The end user  has since received a Software Asset Management review, and at the end of it, the client receives a big un-budgetted invoice from Software Vendor XYZ because their Citrix/Terminal Services/VDI/Streamed Application solution does not enforce a ‘Per Device’ based application access control and licensing model.  As a result, the end user client gets upset and in the case this week, the Reseller/Solution Provider was shown the door and lost the Client.

As mentioned, I have seen this many times before, and I must sound like a broken record to my reseller techies, but this scenario keeps happening and can be avoided!

Now, before you blame it all on one particular application vendor, just remember that MOST if not ALL of your typical Software Vendors have a DEVICE based model for licensing, not user based.  It’s pretty simple, if a device can potentially access the application (regardless of where the actual code executes, or, even if it executes or not) that device needs a licence.  Even if you try and block access to the application at the user level with GPO’s, SRP’s or white and black lists at a user level, this does not comply as the authorized users can still access the application from all devices and so all devices still require a licence.

For example, If I own 50 PC’s and install Application A on each PC I need to buy 50 licenses. I can’t just say I only have one user login, so I only need one license – the world doesn’t work like that.

And “network techniologies” (CTX/TS/VDI/STREAMED APPS) are no different. If I can run the application for any single one of my 400 thin clients, then either I need to buy 400 device licenses of the application, or I need a way of enforcing the number of devices that can execute it.

If you want to see this explained you can can see me white board this on the AppSense YouTube Channel here -> Whiteboarding a per device licence scenario

Now I understand not everyone sees things the same way, but my experience is the Reseller/Solution provider is often the scape goat in these scenarios when it all goes pear-shaped.  So, for the partner to protect their rear end, and be a bit proactive, some of our Aussie Solution Providers highlight this to the end user by sending a short email, not only to the IT Manager who may be running the project, but also to the CFO and CIO who sign the cheques.

This email points out that the Solutions provider is bound by their status with Software Vendor XYZ to inform the client that the solution they are looking to implement does not fulfill the licensing requirements of the Software Vendor they are wanting to use and they may be liable for additional licence fees and even financial penalties in the event of an audit.. if, they do not also include a per device application access control solution as part of their overall SBC or VDI solution.

I was having this discussion in the office this week when, Hey Presto – in jumps AppMan with his  favorite AppSense product Application Manager – he’s a jovial fellow, looking resplendent in his red outfit.  Sure he’s not the tallest guy in the office, he could do with a few visits to the gym (couldn’t we all?) and yes I agree some of his hair has left the building for greener pastures but everyone with a wife and kids has that issue :-)

However, his heart ‘s in the right place.  He wants everyone to be compliant with their software licensing, he doesn’t want to see companies paying out for licences they don’t need, and he only wants to see Trusted/Authorized Applications running on corporate architecture (more info on how AppMan and his solution Application Manager can help with per device software licensing can be found here).

In addition, there’s a side benefit – not only will AppSense Application Manager enforce a per Device licensing model, it’s also one of the most effective security products on the market.  Trusted ownership ensured only software that is installed by a Trusted Owner (typically the IT Team) it’s allowed to run. Any file installed by a user will instantly be blocked.

Effective and bullet proof, that’s AppSense Application Manager. And as I always say when the subject of security comes up, It’s not that the security team at your organisation has done a bad job, it just they don’t know what they don’t know, so how can they protect against something they do not know about, or some piece of code that has only just been written today by someone they dont know of?  On the other hand,  AppSense Application Manager will show you EVERY file users try to execute, so you do now know what is going on.

And maybe, just maybe, if we all work harder at helping our clients, we can all join a Gym, take some measures to stop our hair falling out, avoid any software licensing issues and costs.. and all live happily ever after :-)

For more information on cost reduction in your environment, please visit the cost reduction pages on the AppSense website.

I Love my Hyper-Wee

October 28, 2009

Yes, there I’ve said it, I’m in love with a technology that’s not from AppSense :-)

We had to present at a recent Microsoft Partner event.

Two things Microsoft wanted us to show:

  1. License control for Microsoft Apps in Citrix/Terminal Server/VDI/Streamed App environments, and
  2. How we can simplify Windows 7 migrations.

After a couple of demos from my trusty partner Jacob, they were also all over us about App-V integration.

There was a problem though – none of my demos were running on Hyper-Wee, I mean Hyper-V (must stop listening to PerfMan, his accent is starting to have an effect on me).

So the challenge.

I don’t normally do much between 12 and 6 in the morning, just lying around the house, so let’s rebuild everything on Windows 2008 and Hyper-V.

So a new disk was already available, remove the old one (Dual boot Vista and Win 2003 running VMware Server for VM’s). Demo laptop is a HP (the best) 6710b 4GB ram Dual core 2.4 GHz, with a 300 GB 7200 rpm disk.

Obtain a license, the media and boot up Windows 2008 – 64 bit – yes that’s right, the person who always said 64 bit was not the answer was now asking the question – can I get 64 bit to run all my apps and more importantly will all my drivers work.

To enable Hyper-V you need 64 bit so there was really no option. :-)

The first thing I noticed, Windows 2008 64 bit took around 20 minutes to load!!!!

I sat there thinking there must be something else I’ve missed, surely you can’t load a new O/S in 20 minutes – including the time to format a 140GB partition !!!

But that was it.

Bit of research on the web and now I have to download and run a service pack to get Hyper-V up and running.

Knew there was a catch – the service pack takes about an hour to install :-)

Still not that much effort and time required to get to a new platform. Now the tricky part, what will be the easiest way to get my demo servers back up and running.

More research – turns out there is a freebee download utility available from here which you point at a VMware VM which converts it to a VHD drive, and voila, it runs on Hyper-V.

I did find some extra info about Vm’s that have a SCSI disk as their base – you need to muck around with them a bit and add an IDE disk, so I decided to convert my VMs that used an IDE drive, and rebuild the ones using SCSI.

The longest part of the process was rebuilding the Windows 2003 DC for my AppSense Management Centre.

One thing I was looking for though – a “sleep” mode so I could have my servers boot quicker. When you are meeting a client the last thing you want to do is spend 15 minutes setting up before you start the preso or demo.

I suppose it’s o.k. if you have a big Irishman with you who can tell bad jokes for a while to distract the client, but most of the time I was by myself at appointments.

By accident I discovered the best feature (in my experience) of Hyper-V. Automatically it will snapshot servers if you turn off the host while they are still running. Very cool.

So here’s how my setup for a demo now goes…

08:30 power on laptop, shake hands, exchange cards

08:31 Login to Windows 2008 64bit

08:33 start Hyper-V consoles for my AppSense Management Centre, and my XP desktop

08:34 Demo Environment Manager Personalisation, the crowd goes…..   Oooh…… AAAAAh

08:35 My work here is done

Well not really, but my point is this sucker boots fast, starts my servers faultlessly, and just works.

Of course I have Performance Manager 64 bit running and I have configured it to favour the VM’s as far as CPU and disk priority goes and this definitely helps.

I’m a bit old school, so if I can get something that works for me, I’ll just stick with it. It takes a rocket – or a Microsoft Partner event – to get me to change.

But now that I’ve jumped the 64 bit fence, I’m glad I’m here :-)

Only thing I do have though, is how do I get my Wireless LAN on my notebook working – damn those 64 bit drivers :-)

My login’s too cold – it’s not all about TS and VDI

August 17, 2009

Goldilocks was hard at work managing “Three Bears Industries”. She added a default printer here, mapped a network drive there, and sorted out a few group policy settings. All in a days’ work for the over worked, under paid IT administrator.

She heard a noise a the front door – “The Bears are back!!!” she exclamed, and slipped quietly out through the back door and on to her next client.

“My Login makes me tooo Hot – Hot and bothered from waiting!!!!! ” yelled Papa Bear. “My Login makes me toooo cold – I feel like hibernating ! ” grumbled Mama Bear.

Baby Bear looked at his parents with big blue eyes and said “My Login just sucks !!”. You gotta love kids, they always say what they feel. But then, that’s the harsh reality in thousands of organizations – Logins suck!!

“Three Bears Industries” needs AppSense.

“But isn’t AppSense only useful in those environments? Why do I need AppSense if I’m a fat client site?”.  Think about it, If AppSense provides value in VDI and TS, then why would it NOT provide value in a real physical desktop?

In two weeks time, I start a rollout at a site who saw value in AppSense at the desktop level – around 3,000 of them to be precise.  AppSense has hundreds of desktop sites around the world – managing profiles, security and performance with our software.

These guys went through our ROI process a couple of months back. We found they were losing around 80 man hours per DAY while users sat around waiting to login – thats 10 people every day they were paying for nothing. We also found the Helpdesk staff were spending around 300 hours per month fixing profile issues.

I introduced them to ENVIROMAN – looking very Borat like in his bright green Budgy Smugglers. He showed them a couple of quick demos, rollback of personalization settings, streamed application settings from desktop to desktop, and the rest is history – Thank You ENVIROMAN – your subscription to “Geek Monthly” is in the mail :-)

But seriously Guys, checkout our value on the desktop – your wallet will thank you.

Another Happy Performance Manager Tester – More Users, Less servers

August 17, 2009

Spoke to another client today who has been testing our Performance Manager software. We went through the usual questions on the first webinar:

How many users per server? Do you have slow downs or lockups? Do user complain about performance? How many servers etc.  Then, we did the standard 30 minutes setup over the phone, put the product agents on a production box, gave him our normal advice on load balancing and a few days later his results looked like this:

Before AppSense, 15-20 average users per server, some slowdowns experienced during most days.

After AppSense, 26-30 users per server, no slow downs experienced, all users having noticed improvements.  The CIO was on board and Purchase order in the works :-)

While I was on the phone, however, “PerfMan” storms into the office.

No shy and retiring petal our PerfMan, he’s always running around telling people, “You Must Test, You Must Test”. Normally he’s a nice friendly character who, unfortunately was born with a speech impediment, which means he says “WISTA” instead of “VISTA” and “HYPER WEE” instead of “HYPER V”, but on this day he was on a mission.

Seems a couple of techos tried to convince him the new Windows System Resource Manager in Windows 2008 R2 was going to take over the world and his product would be relegated to older servers only- yeah right!! I suppose they’re the same techos telling their clients to use NTBACKUP instead of buying a Third Party backup product :-)

True there is more base level functionality built into every new version of Windows and every new version of Citrix, but it’s all about what the clients need, and what the base level can deliver.

We’ve heard it all before, when Citrix introduced base level performance management into their PS3 product, some people told us our Performance Manager product would fade away, and that PerfMan would have to find a new job selling Knackwurst and beer to tourists.

Funny thing was exactly the opposite happened – because clients now had base functionality to test – so guess what – they tested it. So then they looked around at what else was on the market – AppSense Performance Manager of course – tested the product – saw amazing results – bought the product and started saving time and money.

Built-in, base level functionality for any feature will provide benefits to somebody, but usually only for small organizations who have very basic requirements. The reality is, most organizations will gain real benefits and real savings from Performance Manager – they just need to test and see the results.

So remember the chant from PerfMan, “You Must Test” “You Must Test” – test PM properly – see the results – save the money – it’s that simple.

PS – The new CPU/Memory management features don’t make it on Microsofts’ Top Ten reasons for going Win 2008R2, but the new version of NTBACKUP does :-) Better test that as well.

Citrix Session & Application Timeouts, a Great Solution

July 21, 2009

I had a great day on Tuesday. An AppSense client had an issue where their remote workers experienced their Citrix applications timing out on them.

After connecting, and using application 1, by the time they go to use application number 2, it had timed out, and when they try to restart it, Web Interface had timed out as well.

So the clients question was  “How can AppSense help me?!”.

Enter “ENVIRO-MAN” from the left of screen. All dressed in pretty green and looking surprisingly like the Environment Manager Product Manager :-)

“Your session timeouts do not scare me” he roared as he landed awkwardly on the photocopier, injuring his knee.

While “ENVIRO-MAN” proceeded to bore one of the office staff with stories about the mighty Blackpool Football Club, I decided to dig in and fix the problem.

Session Timeouts are controlled by a number of parameters – as examples, there are some per server settings based on type of connection (RDP or ICA) and some user based settings set in Active Directory.

However, if you require more granularity, that’s where AppSense Environment Manager lives…

By using a Group Policy Action (Set ADM Policy / Set ADMX Policy), I was able to load in the ADM settings from the “C:\Windows\inf” directory.  I then typed “session” into the filter, and up came the Terminal Server Session Timeout setting…  Magic :-)

By using EM Rules/Conditions I could now vary the Session timeouts based on IP address, Client Name, or even by integrating it into the results of Citrix AAC filters :-)

I demoed it to the client (they were blown away), thanked ENVIRO-MAN for his help and left to help the next client in need.

All in a good days work :-)