You Know Where The Door is – Use It!.. But Do You Have To?

January 17, 2010

Yes. Something that has happened  several times before has happened again this week.

A Reseller/Solution Provider implements a Citrix/Terminal Services/VDI/Streamed Application solution for an end user client.  The end user  has since received a Software Asset Management review, and at the end of it, the client receives a big un-budgetted invoice from Software Vendor XYZ because their Citrix/Terminal Services/VDI/Streamed Application solution does not enforce a ‘Per Device’ based application access control and licensing model.  As a result, the end user client gets upset and in the case this week, the Reseller/Solution Provider was shown the door and lost the Client.

As mentioned, I have seen this many times before, and I must sound like a broken record to my reseller techies, but this scenario keeps happening and can be avoided!

Now, before you blame it all on one particular application vendor, just remember that MOST if not ALL of your typical Software Vendors have a DEVICE based model for licensing, not user based.  It’s pretty simple, if a device can potentially access the application (regardless of where the actual code executes, or, even if it executes or not) that device needs a licence.  Even if you try and block access to the application at the user level with GPO’s, SRP’s or white and black lists at a user level, this does not comply as the authorized users can still access the application from all devices and so all devices still require a licence.

For example, If I own 50 PC’s and install Application A on each PC I need to buy 50 licenses. I can’t just say I only have one user login, so I only need one license – the world doesn’t work like that.

And “network techniologies” (CTX/TS/VDI/STREAMED APPS) are no different. If I can run the application for any single one of my 400 thin clients, then either I need to buy 400 device licenses of the application, or I need a way of enforcing the number of devices that can execute it.

If you want to see this explained you can can see me white board this on the AppSense YouTube Channel here -> Whiteboarding a per device licence scenario

Now I understand not everyone sees things the same way, but my experience is the Reseller/Solution provider is often the scape goat in these scenarios when it all goes pear-shaped.  So, for the partner to protect their rear end, and be a bit proactive, some of our Aussie Solution Providers highlight this to the end user by sending a short email, not only to the IT Manager who may be running the project, but also to the CFO and CIO who sign the cheques.

This email points out that the Solutions provider is bound by their status with Software Vendor XYZ to inform the client that the solution they are looking to implement does not fulfill the licensing requirements of the Software Vendor they are wanting to use and they may be liable for additional licence fees and even financial penalties in the event of an audit.. if, they do not also include a per device application access control solution as part of their overall SBC or VDI solution.

I was having this discussion in the office this week when, Hey Presto – in jumps AppMan with his  favorite AppSense product Application Manager – he’s a jovial fellow, looking resplendent in his red outfit.  Sure he’s not the tallest guy in the office, he could do with a few visits to the gym (couldn’t we all?) and yes I agree some of his hair has left the building for greener pastures but everyone with a wife and kids has that issue :-)

However, his heart ‘s in the right place.  He wants everyone to be compliant with their software licensing, he doesn’t want to see companies paying out for licences they don’t need, and he only wants to see Trusted/Authorized Applications running on corporate architecture (more info on how AppMan and his solution Application Manager can help with per device software licensing can be found here).

In addition, there’s a side benefit – not only will AppSense Application Manager enforce a per Device licensing model, it’s also one of the most effective security products on the market.  Trusted ownership ensured only software that is installed by a Trusted Owner (typically the IT Team) it’s allowed to run. Any file installed by a user will instantly be blocked.

Effective and bullet proof, that’s AppSense Application Manager. And as I always say when the subject of security comes up, It’s not that the security team at your organisation has done a bad job, it just they don’t know what they don’t know, so how can they protect against something they do not know about, or some piece of code that has only just been written today by someone they dont know of?  On the other hand,  AppSense Application Manager will show you EVERY file users try to execute, so you do now know what is going on.

And maybe, just maybe, if we all work harder at helping our clients, we can all join a Gym, take some measures to stop our hair falling out, avoid any software licensing issues and costs.. and all live happily ever after :-)

For more information on cost reduction in your environment, please visit the cost reduction pages on the AppSense website.




Microsoft Windows Server 2008 TS/RDS CAL now includes App-V

September 8, 2009

 As of 1st September 2009, Microsoft is including an App-V (formerly SoftGrid)  licence within the Client Access Licence (CAL) for Windows Server 2008 and 2008 R2, meaning that a separate App-V licence is no longer required and shortly will not even be available.

http://www.microsoft.com/systemcenter/appv/howtobuy/default.mspx

 http://www.microsoft.com/windowsserver2008/en/us/rds-product-licensing.aspx

The media for the client, sequencer and server is available here:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=0890d6cd-0d3b-4c9d-b208-231c65d3e55a



How To Guide: Streaming Microsoft Office with Citrix XenApp 5 – Best Practice Guide & Licensing Overview

August 27, 2009

Citrix Technology Professional (CTP) Alexander Ervik Johnsen has written a very useful piece on how to Profile and Stream Microsoft Office 2007 using Citrix XenApp 5.0

This is a great guide and covers how to stream Office to a desktop, or, into a Citrix XenDesktop session.  His article and guide can be found on his website here.

Further to the actual process of profiling and streaming the Office application, I also want to ensure everyone is aware of the Microsoft Per Device Licensing Model for Server Hosted Applications.

Many Microsoft applications, including Microsoft Office™, Project™ and Visio™, are licensed on a per-device basis. This means a desktop application license is required for each and every device that is able to potentially access the application or server where the application is installed, regardless of whether a user executes and runs the application of not.  This makes licensing Microsoft applications in virtual environments a tricky, potentially very costly, and misunderstood subject. 

One misconception is that by ‘publishing’ or ’streaming’ applications to a limited “user” group, that group is compliant with the Microsoft license agreement – in other words, Microsoft licenses their applications per user.  This is in fact in breach of the Microsoft licensing model, and can lead to legal action.

I have written a blog, which also includes official Microsoft approved whitepapers on how to control and enforce application access and license compliance on a per device basis  in such virtual environments,  that blog can be found here

In addition to helping ensure compliance, effective license control and management can also reduce Microsoft License requirements and associated costs – more information on this can be found here.

If anyone has any questions or comments, as always, please do let me know.

Thanks
Gareth