Managing Compliance in a Virtualised Environment
Many organisations are looking at desktop virtualisation as an upgrade option to their entire approach to desktop management. With users now demanding greater access to their applications, desktop virtualisation offers powerful opportunities to IT departments to deliver and manage application usage more effectively.
A degree of caution is required, however, when considering your virtualisation options as the associated software licence issues can become even more challenging then simply deploying an application to a local device.
So what’s the problem?
The main problem is that desktop virtualisation can change the way software is installed and operated, which may in turn violate existing licence agreements – thus potentially exposing you to legal repercussions. Server-based desktop virtualisation solutions which allow the execution of an application on a server and present the software to a user device without installing the application, for example, are very difficult to monitor. Traditional discovery or asset management tools which have been deployed to monitor and meter software usage will not always discover the true usage – simply because there is nothing there for the tool to scan. If the virtualised application is Microsoft Office, for example, which is sold as a device licence, this could mean that your current tracking solution could understate the true usage quantity and you could end up creating a concurrent effect, which is not allowed with these types of products.
So what’s the solution?
Before starting a desktop virtualisation project, it is advised that your organisation conducts a thorough inventory of the software deployed at your site. In addition, you should also understand the terms and conditions of each associated licence, identifying any potential problems.
Remember, when deploying your desktop applications using a virtualised solution, this will not change your software licensing requirements – the technology does not change the number of software copies running at your site. For example, if you have 100 PCs running Microsoft Office today, and all 100 of the PCs are migrated to thin clients, you will still need 100 copies of Microsoft Office. Just because the software is running on a virtual machine in a data centre, rather than on individual’s PC, does not mean you can reduce your licence requirement.
In addition to completing an audit and after you have configured your virtualised environment, it is also recommend that you consider proactive action, such as deploying solutions that prevent software from be accessed on unauthorised devices. For example, if you have 4 Project Managers, who need to use Microsoft Project, it is not cost effective to allow these users to access the application from any thin client device, as this would mean you require a Microsoft Project licence for every device. If you have a mechanism to prevent certain devices from running the application, however, such AppSense Application Manager, you could control the distribution and licence requirement more effectively and rest easy that your environment is compliant.
Products such as AppSense Application Manager are endorsed by Microsoft for enforcing software licence control in server-based computing environments. Running the software in passive mode enables monitoring, auditing and reporting to detail the frequency of application access across the user and device base. By controlling which users or devices have permission to run named applications, limits can be placed on the number of application instances and which devices or users can run the application. Licence audits and access restriction, based on the number of licences, can now be enforced regardless of the method of application delivery.
One more recommendation, probably the most important one, is that you should also effectively manage your organisation’s licence obligations, ensuring that you provide absolute transparency to your compliance status. This enables you to mitigate operational risk and ensure that the most cost effective licensing options are implemented.
To do this, the following licence management tasks must be considered and introduced:
- Maintain a comprehensive list of all virtualised software, including the usage count and device association
- Track server operating system usage, virtual instances, peak capacity of server and virtualisation software usage, as well as individual software deployment
- Consider licence requirements for clustering, fail over and moving of instances
- Monitor Device or user Client Access Licence (CAL)
- Consider and monitor licence requirements associated to the use of third party virtualisation technology, such as VMware ESX
- Maintain a comprehensive list of all physical devices which are thin client enabled
- Monitor and review your organisation’s compliance status on a monthly basis
In summary, until the software manufacturers and their licensing programmes catch up with the virtualisation concept, it is heavily recommended that you take due care before jumping in to this fast evolving environment. Even more importantly, make sure that there is sufficient budget for the on-going management of your organisation’s compliance obligations. Without this, your virtual environment may become more costly to the organisation than simply deploying the software to an individual’s PC!