meet the byod, ‘computing anywhere’ …...meet the byod, ‘computing anywhere’...

WH

ITE

PA

PE

R

Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management for Desktop Virtualizat ion

Meet t he BYOD, ‘Comput ing Anywhere’ Challenge—Planning and License Management for Desktop Virtualizat ion

2

Meet the BYOD, ‘Computing Anywhere’ Challenge— Planning and License Management for Desktop Virtualizat ion

The adoption of new technologies such as desktop virtualizat ion (e.g. Citrix® XenDesktop®, VMware® Horizon View™) has radically changed the desktop landscape making software license compliance and license optimization even more difficult. The challenge of tracking applicat ion installat ion and usage in this environment combined with ever changing, complex or undocumented product use rights puts organizations at risk of being non-compliant. The difficulty of gett ing inventory data will be examined below. Virtual desktop licensing rules— mainly for Microsoft, will also be described in this paper.

Virtualizat ion AdoptionFor many years, desktop virtualizat ion (aka Virtual Desktop Infrastructure (VDI)) has been posit ioned as a technology that will revolut ionize the desktop market; many analysts predicted it would soon take over a significant share of the market. A significant percentage (see chart below) of medium to large organizations is current ly in the process or has implemented virtual desktops but its use is restricted to a few case scenarios due to the heavy upfront investment required and the lack of significant return on investment.

Figure 1: The Importance of People to Software License Optimizat ion Success

Virtualization Adoption

StorageVirtualizat ion

In production more than 24 months

Source: FOCUS Interop Survey Sept 2011 (Companies with >100 employees)© 2013 FOCUS - www.focusonsystems.com

0% 80%70%60%50%40%30%20%10% 90% 100%

In production 12- 24 months

In production 6-12 months

In production 6 months or less

Planning to implement in less than 6 months

Planning to implement in 6-12 months

Planning to implement later than 12 months

No plans

ApplicationVirtualizat ion

DesktopVirtualizat ion

ServerVirtualizat ion

In Production

In Production

In Production

In Production


3

As of today, desktop virtualizat ion represents only a few percent of all desktops. However, it is st ill seen as one of the leading technologies that should take a more significant port ion of the market in the coming years. One of the drivers fueling these forecasts is the rapid adoption of

mobile devices and Bring Your Own Device (BYOD) policies by organizations. For these devices, the virtual desktop offers end users the flexibility to access their business environment from anywhere, at any t ime, from almost any device, running any operat ing system.

The drivers for desktop virtualizat ion, as shown in Figure 2, also include providing the ability for IT to centralize and simplify desktop management and accelerate provisioning of new desktops. In addit ion, this technology meets

most organizations’ security, compliance and regulatory requirements as data and applicat ions are kept securely in the datacenter.

Figure 2: Drivers for Desktop Virtualizat ion [Source: TechWeb]

Drivers for Desktop Virtualization(Organizations rating benefits of desktop virtualization “quite or very important”)

Percentages based on a 4 or 5 rating on a scale of 1 to 5, where 5 is “very important.”

Base: 300 respondents who have implemented, are piloting or planning to roll out desktop virtualization in the next year.Data: TechWeb survey of 490 IT decision makers.

To centralize and simplify desktop management

74.8%

74.2%

73.0%

67.5%

65.7%

62.7%

To improve security by maintaining and backing up data centrally

To simplify and accelerate provisioning new desktops

To lower infrastructure costs in power usage and/or hardware acquisit ion

To provide end users with a convenient way to access their desktop environments remotely

To extend refresh cycles for desktop PCs

To reduce downtime caused by server/client hardware failure

86.2%


4

Types of Virtual DesktopsVirtual desktops come in two flavors: persistent and session based (or non-persistent). A persistent virtual machine is a virtual machine that is kept on a disk in the datacenter. Each t ime the user logs in, the previous session on that virtual machine is resumed. A user can create shortcuts, customize or install addit ional applicat ions on his or her virtual desktop and all of these changes will be available in future sessions. Persistent virtual machines are usually only assigned to power users or administrators as they consume a large amount of resources—such as storage, in the datacenter.

The most common virtual desktops are session based. A session based virtual machine is assigned from a pool of virtual machines to the end user at log in t ime and wiped out each t ime the user logs out. Some vendors offer technical solut ions to keep user changes across sessions and can even add applicat ions to the virtual desktop template based on the user profile. In these instances, when the user logs in, the user personalizat ion is added to the virtual desktop template.

Collect ing Virtual Desktop InventoryIn the tradit ional desktop world, inventory is performed by an agent running within the operat ing system. Inventory consists of capturing software package data, for instance in Windows environments—from Programs and Features, file data, including contents of specific files, Windows registry or ISO 19770-2 tags. From there, data scrubbing and analysis is performed by an applicat ion recognit ion tool to generate the list of commercial products requiring a license. Addit ionally, a review of the login history on

the device provides clues about its primary user. Typical inventory tools run on a schedule or are executed at log on t ime. Scheduling is the most commonly used strategy as it is less intrusive: it does not slow down the execut ion of the operat ing system when the end user requests access to it. It takes a few minutes for an inventory tool to capture data, the most resource intensive task being to perform a disk scan for executables, dlls, ISO 19770-2 tags or specific files.

For persistent virtual desktops, inventory tools are able to capture inventory and usage data the same way as for tradit ional desktops. On the other hand, session based virtual desktops are challenging for many reasons: there is no pract ical way to run the inventory on a schedule as the machine is wiped out every t ime the user logs out and this may happen mult iple t imes a day. The lifespan of a virtual desktop can be extremely short, not leaving enough t ime for a scheduled or session triggered inventory to complete successfully. Inventory tools ident ify operat ing system instances by using various techniques: from analyzing key hardware or software propert ies (serial number, MAC address, IP address…) or by assigning a unique ident ifier to each one. A session based virtual desktop gets reused across mult iple users or is re-imaged after use. So, it’s difficult to get a unique inventory for each session. This can result in an ever growing, large number of devices that will need to be reconciled. An alternat ive approach is to set-up a mechanism to group sessions together on a per user basis.

In the virtual desktop environment, templates of virtual machines are created and assigned to users. When a user accesses a session based virtual desktop, a new

Figure 3: Desktop Virtualizat ion Architecture [Source: FOCUS LLC www.focusonsystems.com ]

Virt

ual D

eskt

ops

(VM

s)

Server Hosted

Virtual Desktop Infrastructure

User Access Devices

PC

Laptop

Thin Client

Server Tablet/phoneHypervisor

Guest OS

APP 1 APP 2 •••

Guest OS


Guest OS



5

virtual machine is created from the template assigned to the user and the user roaming profile is attached to that virtual machine to establish his personalized sett ings from information in the Documents or My Documents folders. This includes his desktop background, shortcuts, favorite links, etc. The relat ionship between templates and end users is based on access rights granted to end users for specific templates.

Another difficulty is ident ifying addit ional applicat ions that have been added to the templates based on user profiles. These applicat ions are usually deployed using applicat ion virtualizat ion technologies (e.g. Citrix XenApp or Microsoft App-V). For these, a quick scan at the beginning of the session can be performed or alternat ively this information can be extracted from the applicat ion virtualizat ion tools themselves.

There are very few discovery and inventory tools that can be used to inventory session based virtual desktops. One approach is to inventory the templates that are used to clone session based virtual desktops. FlexNet Manager Plat form, foundation of the FlexNet Manager Suite, can do both a quick scan at the beginning of the session and/or ut ilize the relat ionship between users and virtual desktop templates to get an inventory of the session based virtual desktop for a part icular user.

One of the biggest challenges in session based virtual desktop environments is measuring applicat ion usage. There are only a few specialized tools on the market able to perform this task. If these tools are not available,

usage data may be limited to information provided by the applicat ion virtualizat ion technologies. For instance, Citrix EdgeSight will measure usage for XenApp virtualized applicat ions. FlexNet Manager Plat form can collect usage data from EdgeSight.

A big license management challenge in virtual desktop environments is related to the use of device based licenses (more on this below). The device considered for licensing in this model is not the virtual desktop itself running in the datacenter, but the physical endpoint devices used to access it. For instance, if an end user uses both a laptop PC and an iPad to access a virtual desktop environment, two licenses may be needed depending on the product use rights associated with the software product running in the virtual desktop. To maintain license compliance, it is mandatory to capture some key inventory data for these endpoint devices during each virtual desktop session. Only a few inventory tools available today are able to capture this data.

As can be seen, inventorying virtual desktops is not easy. Tradit ional inventory tools often fall short in this environment. Different strategies and tools are needed to capture the inventory and usage data required to accurately calculate a license posit ion. The license management tool must be able to collect, process and aggregate data from different data sources. FlexNet Manager Plat form captures user access rights and usage data for both virtual desktops and virtualized applicat ions to enable an accurate determination of the license posit ion for applicat ions running in these environments.

Persistent virtual machines

Non-persistent pool / session based

Persistent model: each user has a dedicated virtual machine

Session based model: Virtual machines are dynamically allocated to end users from the pool

Figure 4: Persistent and Session Based Virtual Desktops

http://www.flexerasoftware.com/products/core-software-asset-management.htm

http://www.flexerasoftware.com/products/core-software-asset-management.htm


6

Licensing in Virtual Desktop EnvironmentsIn the desktop world, there are three main types of licenses: concurrent, user and device based. Concurrent is the easiest to handle from a license compliance perspect ive, as compliance is usually self-managed by the license model and license server—only a certain number of people can check out a license at any one t ime. Organizations are usually compliant with this license metric, although there can st ill be issues, part icularly when using licenses across different geographical regions, for example. The complicat ions around concurrent licensing come about when trying to determine the optimal number of licenses required to keep denials of service in check, without over spending on software licenses—a topic for another white paper.

In the user license model, a user will usually consume a single license regardless of how the applicat ion was accessed: from a local installat ion, using an applicat ion virtualizat ion or virtual desktop technology or any combination of the above. This license model requires the ability to accurately capture usage data and user access rights to software products in these environments (as described above) to accurately calculate a license posit ion. Capturing this data also enables license optimization by removing access to inact ive users, for instance.

Device based licenses are the most challenging for two reasons: first, as mentioned above, the device license applies to the device from which the applicat ion is accessed, not to the device where the applicat ion is running. In a remote desktop virtualizat ion scenario, these are two dist inct physical devices: the physical server in the datacenter where the virtual desktop is hosted and running and the devices used to access the virtual desktop. The devices in this last category are the ones counted toward licensing and could be anything from the user’s company owned or personal computer, laptop, iPad, and intelligent mobile device, to an internet café computer. The second reason why device based licenses are challenging for license management is the existence of product use rights that must be applied to these desktop virtual environment configurat ions.

Among all the software vendors, Microsoft has taken the lead in publishing product use rights for each of its products when used in a virtual desktop environment. On the surface of it, all devices using virtual desktop technology to access a Microsoft software product that is licensed per device must be licensed for this product. However, there are a few exceptions t ied to the virtual desktop access and roaming use rights provided by Software Assurance (SA), Virtual Desktop Access (VDA) or Companion Subscript ion License (CSL) licenses.

Software Assurance is a maintenance program providing many benefits including access to the latest releases. It provides both virtual desktop access and external roaming rights. A Virtual Desktop Access license is a subscript ion based license intended to cover devices that cannot be covered by Software Assurance such as thin-clients, contractor owned PCs, etc. It only provides virtual desktop access rights for the Microsoft Windows Operat ing System. A Companion Subscript ion License can be purchased on top of Software Assurance or a VDA license to cover the Windows OS on Bring Your Own Device (BYOD) devices when people use them within the company premises to access virtual desktops. A single Companion Subscript ion License covers up to 4 devices.

Microsoft Windows LicensingWhen using virtual desktop technologies, the first step is to license Microsoft Windows itself for virtual desktops running this operat ing system. The scenarios are as follows:

• If the user is the primary user of a company owned computer covered by Software Assurance then no addit ional license is required when this user accesses a virtual desktop from (1) this same computer, (2) a company owned Windows RT device from anywhere or (3) a personal device outside of the office premises.

• If the user is the primary user of a computer covered by a Virtual Desktop Access license then no addit ional license is required when this user accesses a virtual desktop from this same computer, or a personal device outside of the office premises.

• For any company owned device, not assigned to a primary user, such as thin clients, a VDA license is required except for Windows RT devices in the case scenario mentioned above.

• For any Bring You Own Device (BYOD) devices (used at the office), a Virtual Desktop Access or Companion Subscript ion License is needed. If a user already has a device covered by Software Assurance or a VDA license, a Companion Subscript ion License is more economical than an addit ional VDA license.

• Without Software Assurance or a Virtual Desktop Access license, a user cannot access any virtual desktop instances. In this scenario the most economical solut ion is to subscribe the end user to a VDA license for his/her company owned and/or personally owned devices and addit ionally use a CSL license for any BYOD device that will be used at the office.


7

Microsoft Applicat ion LicensingMicrosoft Office, Project and Visio products are licensed per device. A licensed device can access a local installat ion or virtual desktop instance of these products. If the license is covered by Software Assurance, then the primary user of the company owned device can access these products in a Virtual Desktop environment from non-corporate devices outside of the office. All other devices accessing these products through virtual desktops in any other scenarios must be licensed. Any device accessing any other Microsoft products licensed per device such as AutoRoute, Lync, MapPoint, InfoPath, etc. must be licensed individually.

Some Microsoft server products such as Microsoft Exchange, SQL Server, SharePoint, etc., require a Client Access License (CAL) for each user or device accessing the software product. If a User CAL is used, it will cover any use of the product through a virtual desktop. If a Device CAL is used, each end point device must be licensed. Developer tools from Microsoft such as Visual Studio, SQL Server developer or MSDN operat ing system are licensed per user. Licensed users can access these software products through virtual desktop technology.

Very few other software vendors have documented the licensing impact of virtual desktop technologies. The current product use rights in the EULA associated with each product must be carefully analyzed in that context.

Conclusion Organizations should take extra care to manage licensing when deploying a virtual desktop solut ion. Most of the t ime, addit ional licenses or subscript ions must be purchased that add to the cost of the virtual desktop solut ion itself. Once the virtual desktop solut ion is deployed, the organization must manage and monitor users, end point devices and deployed software products to maintain license compliance. This is not an easy task and there are st ill some grey areas such as controlling access from BYOD devices either on company premises or outside of the company. Flexera Software has taken the lead in managing and optimizing licenses in virtual desktop environments with its FlexNet Manager Suite for Enterprises products.

Corporate Computer

covered by SA

Non Windows RTCorporate Device

Windows RTCorporate Device

Personal devices outside the office

BYOD Device

Windows Virtual

Desktop

No license required

VDA license required

No license required

No license required

CSL license required

Figure 5: Licensing Windows OS for devices used to access virtual desktops (“No license required” means No addit ional license)

http://www.flexerasoftware.com/products/flexnet-manager-suite-enterprises.htm

http://www.flexerasoftware.com/products/flexnet-manager-suite-enterprises.htm

WH

ITE

PA

PE

R

Flexera Software LLC1000 East Woodfield Road, Suite 400Schaumburg, IL 60173 USA

Schaumburg (Global Headquarters):+1 800-809-5659

United Kingdom (Europe, Middle East Headquarters):+44 870-871-1111+44 870-873-6300

Australia (Asia, Pacific Headquarters):+61 3-9895-2000

For more office locat ions visit:www.flexerasoftware.com

Copyright © 2013 Flexera Software LLC. All other brand and product names ment ioned herein may be the trademarks and registered trademarks of their respect ive owners. FNM_WP_BYOD_May13

http://www.flexerasoftware.com