How To Guide: Streaming Microsoft Office with Citrix XenApp 5 – Best Practice Guide & Licensing Overview

August 27, 2009

Citrix Technology Professional (CTP) Alexander Ervik Johnsen has written a very useful piece on how to Profile and Stream Microsoft Office 2007 using Citrix XenApp 5.0

This is a great guide and covers how to stream Office to a desktop, or, into a Citrix XenDesktop session.  His article and guide can be found on his website here.

Further to the actual process of profiling and streaming the Office application, I also want to ensure everyone is aware of the Microsoft Per Device Licensing Model for Server Hosted Applications.

Many Microsoft applications, including Microsoft Office™, Project™ and Visio™, are licensed on a per-device basis. This means a desktop application license is required for each and every device that is able to potentially access the application or server where the application is installed, regardless of whether a user executes and runs the application of not.  This makes licensing Microsoft applications in virtual environments a tricky, potentially very costly, and misunderstood subject. 

One misconception is that by ‘publishing’ or ’streaming’ applications to a limited “user” group, that group is compliant with the Microsoft license agreement – in other words, Microsoft licenses their applications per user.  This is in fact in breach of the Microsoft licensing model, and can lead to legal action.

I have written a blog, which also includes official Microsoft approved whitepapers on how to control and enforce application access and license compliance on a per device basis  in such virtual environments,  that blog can be found here

In addition to helping ensure compliance, effective license control and management can also reduce Microsoft License requirements and associated costs – more information on this can be found here.

If anyone has any questions or comments, as always, please do let me know.

Thanks
Gareth


Microsoft Application Device License Control in SBC, VDI and Streamed Environments

June 30, 2009

Many Microsoft applications, including Microsoft Office™, Project™ and Visio™, are licensed on a per-device basis. This means a desktop application license is required for each and every device that is able to potentially access the application or server where the application is installed, regardless of whether a user executes and runs the application of not. 

This makes licensing Microsoft applications in virtual environments a tricky, potentially very costly, and misunderstood subject.  So, let us take just two minutes to cover some of the most common misunderstandings as to Microsoft Application/Device licensing in SBC (Microsoft Terminal Server and Citrix XenApp), VDI (Citrix XenDesktop and VMware View) and Application Virtualization/Streaming (Microsoft App-V, VMware ThinApp, Citrix Streaming, InstallFree etc) estates.

One misconception is that by ‘publishing’ or ‘streaming’ applications to a limited “user” group, that group is compliant with the Microsoft license agreement – in other words, Microsoft licenses their applications per user.  This is in fact in breach of the Microsoft licensing model, and can lead to legal action.

‘Publishing’ or ‘streaming’ applications to a limited “user” group is not a valid approach to license restriction, since users within the group can potentially access the application from any device that can connect to the server hosting the application binaries, or, any device the virtualization server can see or stream to. This means desktop application licenses may need to be purchased for devices where the user of that device does not actually use the application.

Furthermore, Microsoft technologies such as Group Policies and Software Restriction Policies cannot be used as a means of enforcing licensing control, as these methods apply to “users”, or groups of “users”.

For Microsoft applications which are licensed on a per device basis application access must be controlled at the “device” level.

AppSense Application Manager (is to my knowledge) the only officially, Microsoft approved and recognized means of controlling application access on a per device basis in SBC/Terminal Server, Virtual Desktop or streamed application environment with regards to license enforcement.

AppSense Application Manager operates with a kernel level filter driver within the Windows operating system. This filter intercepts all file execution requests prior to an application actually launching, to determine if the request is to be authorized or prohibited. Any unauthorized requests are blocked and the user receives a message, configurable by the administrator, stating that execution has been denied.

A flexible and granular rule set enables the Administrator to restrict access to applications by a range of variables, but specific to device based licensing, AppSense can restrict access based on device name or IP address. This enables AppSense Application Manager to effectively control, manage and in most cases, reduce the required number of Microsoft licenses.

AppSense Application Manager also provides detailed insight into user activity and application usage through reporting and auditing functionality. By reporting on application usage at a user and device level, AppSense Application Manager helps organizations verify compliance with Microsoft desktop application license models and provide estimates of license volume typically required across the user base.

To learn more about Microsoft Licensing and how AppSense Application Manager can be used to not only ensure compliance, but also reduce the amount of device licenses required, saving operational costs and providing almost immediate return on investment, please visit http://www.appsense.com/solutions/licensemanagement.aspx 

Furthermore, a copy of the Official Microsoft approved whitepaper on use of AppSense for application access and license control in virtual environments can be found at http://www.appsense.com/Files/Documents/Microsoft%20Application%20License%20Control%20(US).pdf