WHITE PAPER. Meet the BYOD, Computing Anywhere Challenge Planning and License Management for Desktop Virtualization

WHITE P

Challenge—Planning and License

Meet the BYOD, ‘Computing Anywhere’ Challenge—

Planning and License Management for Desktop Virtualization

virtualization (e.g. Citrix® _XenDesktop®_{, VMware}®

Horizon View™) has radically changed the desktop landscape making software license compliance and license optimization even more difficult. The challenge of tracking application installation and usage in this environment combined with ever changing, complex or undocumented product use rights puts organizations at risk of being non-compliant. The difficulty of getting inventory data will be examined below. Virtual desktop licensing rules— mainly for Microsoft, will also be described in this paper.

Virtualization Adoption

For many years, desktop virtualization (aka Virtual Desktop Infrastructure (VDI)) has been positioned as a technology that will revolutionize the desktop market; many analysts predicted it would soon take over a significant share of the market. A significant percentage (see chart below) of medium to large organizations is currently in the process or has implemented virtual desktops but its use is restricted to a few case scenarios due to the heavy upfront investment required and the lack of significant return on investment.

Virtualization Adoption

Storage Virtualization

In production more than 24 months In production 12- 24 months In production 6-12 months In production 6 months or less Planning to implement in less than 6 months Planning to implement in Application Virtualization Desktop Virtualization

In Production

In Production

In Production

As of today, desktop virtualization represents only a few percent of all desktops. However, it is still seen as one of the leading technologies that should take a more significant portion of the market in the coming years. One of the

drivers fueling these forecasts is the rapid adoption of

mobile devices and Bring Your Own Device (BYOD) policies by organizations. For these devices, the virtual desktop

offers end users the flexibility to access their business environment from anywhere, at any time, from almost any device, running any operating system.

The drivers for desktop virtualization, as shown in Figure 2, also include providing the ability for IT to centralize and simplify desktop management and accelerate provisioning of new desktops. In addition, this technology meets

most organizations’ security, compliance and regulatory requirements as data and applications are kept securely in the datacenter.

Figure 2: Drivers for Desktop Virtualization [Source: TechWeb]

Drivers for Desktop Virtualization

(Organizations rating benefits of desktop virtualization “quite or very important”)

Percentages based on a 4 or 5 rating on a scale of 1 to 5, where 5 is “very important.”

Base: 300 respondents who have implemented, are piloting or planning to roll out desktop virtualization in the next year. Data: TechWeb survey of 490 IT decision makers.

To centralize and simplify desktop management 74.8% 74.2% 73.0% 67.5% 65.7% 62.7%

To improve security by maintaining and backing up data centrally

To simplify and accelerate provisioning new desktops To lower infrastructure costs in power

usage and/or hardware acquisition To provide end users with a convenient way to

access their desktop environments remotely To extend refresh cycles

for desktop PCs To reduce downtime caused by

server/client hardware failure

Types of Virtual Desktops

Virtual desktops come in two flavors: persistent and session based (or non-persistent). A persistent virtual machine is a virtual machine that is kept on a disk in the datacenter. Each time the user logs in, the previous session on that virtual machine is resumed. A user can create shortcuts, customize or install additional applications on his or her virtual desktop and all of these changes will be available in future sessions. Persistent virtual machines are usually only assigned to power users or administrators as they consume a large amount of resources—such as storage, in the datacenter.

The most common virtual desktops are session based. A session based virtual machine is assigned from a pool of virtual machines to the end user at log in time and wiped out each time the user logs out. Some vendors offer technical solutions to keep user changes across sessions and can even add applications to the virtual desktop template based on the user profile. In these instances, when the user logs in, the user personalization is added to the virtual desktop template.

the device provides clues about its primary user. Typical inventory tools run on a schedule or are executed at log on time. Scheduling is the most commonly used strategy as it is less intrusive: it does not slow down the execution of the operating system when the end user requests access to it. It takes a few minutes for an inventory tool to capture data, the most resource intensive task being to perform a disk scan for executables, dlls, ISO 19770-2 tags or specific files.

For persistent virtual desktops, inventory tools are able to capture inventory and usage data the same way as for traditional desktops. On the other hand, session based virtual desktops are challenging for many reasons: there is no practical way to run the inventory on a schedule as the machine is wiped out every time the user logs out and this may happen multiple times a day. The lifespan of a virtual desktop can be extremely short, not leaving enough time for a scheduled or session triggered inventory to complete successfully. Inventory tools identify operating system instances by using various techniques: from analyzing key hardware or software properties (serial number, MAC address, IP address…) or by assigning a unique identifier

Figure 3: Desktop Virtualization Architecture [Source: FOCUS LLC www.focusonsystems.com ]

Vir

tual Desktops (VMs)

Server Hosted

Virtual Desktop Infrastructure

User Access Devices

PC

Laptop

Thin Client

Server

Tablet/phone

Hypervisor

Guest OS

Guest OS

Guest OS

virtual machine is created from the template assigned to the user and the user roaming profile is attached to that virtual machine to establish his personalized settings from information in the Documents or My Documents folders. This includes his desktop background, shortcuts, favorite links, etc. The relationship between templates and end users is based on access rights granted to end users for specific templates.

Another difficulty is identifying additional applications that have been added to the templates based on user profiles. These applications are usually deployed using application virtualization technologies (e.g. Citrix XenApp or Microsoft App-V). For these, a quick scan at the beginning of the session can be performed or alternatively this information can be extracted from the application virtualization tools themselves.

There are very few discovery and inventory tools that can be used to inventory session based virtual desktops. One approach is to inventory the templates that are used to clone session based virtual desktops. FlexNet Manager Platform, foundation of the FlexNet Manager Suite, can do both a quick scan at the beginning of the session and/or utilize the relationship between users and virtual desktop templates to get an inventory of the session based virtual desktop for a particular user.

One of the biggest challenges in session based virtual desktop environments is measuring application usage. There are only a few specialized tools on the market able to perform this task. If these tools are not available,

usage data may be limited to information provided by the application virtualization technologies. For instance, Citrix EdgeSight will measure usage for XenApp virtualized applications. FlexNet Manager Platform can collect usage data from EdgeSight.

A big license management challenge in virtual desktop environments is related to the use of device based licenses (more on this below). The device considered for licensing in this model is not the virtual desktop itself running in the datacenter, but the physical endpoint devices used to access it. For instance, if an end user uses both a laptop PC and an iPad to access a virtual desktop environment, two licenses may be needed depending on the product use rights associated with the software product running in the virtual desktop. To maintain license compliance, it is mandatory to capture some key inventory data for these endpoint devices during each virtual desktop session. Only a few inventory tools available today are able to capture this data. As can be seen, inventorying virtual desktops is not easy. Traditional inventory tools often fall short in this environment. Different strategies and tools are needed to capture the inventory and usage data required to accurately calculate a license position. The license management tool must be able to collect, process and aggregate data from different data sources. FlexNet Manager Platform captures user access rights and usage data for both virtual desktops and virtualized applications to enable an accurate determination of the license position for applications running in these environments.

Persistent virtual machines

Non-persistent pool /

session based

Persistent model:

each user has a dedicated virtual machine

Session based model:

Virtual machines are dynamically allocated

to end users from the pool

Licensing in Virtual Desktop Environments

In the desktop world, there are three main types of licenses: concurrent, user and device based. Concurrent is the easiest to handle from a license compliance perspective, as compliance is usually self-managed by the license model and license server—only a certain number of people can check out a license at any one time. Organizations are usually compliant with this license metric, although there can still be issues, particularly when using licenses across different geographical regions, for example. The complications around concurrent licensing come about when trying to determine the optimal number of licenses required to keep denials of service in check, without over spending on software licenses—a topic for another white paper. In the user license model, a user will usually consume a single license regardless of how the application was accessed: from a local installation, using an application virtualization or virtual desktop technology or any combination of the above. This license model requires the ability to accurately capture usage data and user access rights to software products in these environments (as described above) to accurately calculate a license position. Capturing this data also enables license optimization by removing access to inactive users, for instance.

Device based licenses are the most challenging for two reasons: first, as mentioned above, the device license applies to the device from which the application is accessed, not to the device where the application is running. In a remote desktop virtualization scenario, these are two distinct physical devices: the physical server in the datacenter where the virtual desktop is hosted and running and the devices used to access the virtual desktop. The devices in this last category are the ones counted toward licensing and could be anything from the user’s company owned or personal computer, laptop, iPad, and intelligent mobile device, to an internet café computer. The second reason why device based licenses are challenging for license management is the existence of product use rights that must be applied to these desktop virtual environment configurations.

Among all the software vendors, Microsoft has taken the lead in publishing product use rights for each of its products when used in a virtual desktop environment. On the surface of it, all devices using virtual desktop technology to access a Microsoft software product that is licensed per device must be licensed for this product. However, there are a few exceptions tied to the virtual desktop access and roaming

Software Assurance is a maintenance program providing many benefits including access to the latest releases. It provides both virtual desktop access and external roaming rights. A Virtual Desktop Access license is a subscription based license intended to cover devices that cannot be covered by Software Assurance such as thin-clients, contractor owned PCs, etc. It only provides virtual desktop access rights for the Microsoft Windows Operating System. A Companion Subscription License can be purchased on top of Software Assurance or a VDA license to cover the Windows OS on Bring Your Own Device (BYOD) devices when people use them within the company premises to access virtual desktops. A single Companion Subscription License covers up to 4 devices.

Microsoft Windows Licensing

When using virtual desktop technologies, the first step is to license Microsoft Windows itself for virtual desktops running this operating system. The scenarios are as follows:

• If the user is the primary user of a company owned computer covered by Software Assurance then no additional license is required when this user accesses a virtual desktop from (1) this same computer, (2) a company owned Windows RT device from anywhere or (3) a personal device outside of the office premises. • If the user is the primary user of a computer covered

by a Virtual Desktop Access license then no additional license is required when this user accesses a virtual desktop from this same computer, or a personal device outside of the office premises.

• For any company owned device, not assigned to a primary user, such as thin clients, a VDA license is required except for Windows RT devices in the case scenario mentioned above.

• For any Bring You Own Device (BYOD) devices (used at the office), a Virtual Desktop Access or Companion Subscription License is needed. If a user already has a device covered by Software Assurance or a VDA license, a Companion Subscription License is more economical than an additional VDA license. • Without Software Assurance or a Virtual Desktop

Access license, a user cannot access any virtual desktop instances. In this scenario the most economical solution is to subscribe the end user to a VDA license for his/her company owned and/or personally owned devices and additionally use a CSL license for any BYOD device that will be used at the office.

Microsoft Application Licensing

Microsoft Office, Project and Visio products are licensed per device. A licensed device can access a local installation or virtual desktop instance of these products. If the license is covered by Software Assurance, then the primary user of the company owned device can access these products in a Virtual Desktop environment from non-corporate devices outside of the office. All other devices accessing these products through virtual desktops in any other scenarios must be licensed. Any device accessing any other Microsoft products licensed per device such as AutoRoute, Lync, MapPoint, InfoPath, etc. must be licensed individually. Some Microsoft server products such as Microsoft Exchange, SQL Server, SharePoint, etc., require a Client Access License (CAL) for each user or device accessing the software product. If a User CAL is used, it will cover any use of the product through a virtual desktop. If a Device CAL is used, each end point device must be licensed. Developer tools from Microsoft such as Visual Studio, SQL Server developer or MSDN operating system are licensed per user. Licensed users can access these software products through virtual desktop technology.

Very few other software vendors have documented the licensing impact of virtual desktop technologies. The current product use rights in the EULA associated with each product must be carefully analyzed in that context.

Conclusion

Organizations should take extra care to manage licensing when deploying a virtual desktop solution. Most of the time, additional licenses or subscriptions must be purchased that add to the cost of the virtual desktop solution itself. Once the virtual desktop solution is deployed, the organization must manage and monitor users, end point devices and deployed software products to maintain license compliance. This is not an easy task and there are still some grey areas such as controlling access from BYOD devices either on company premises or outside of the company. Flexera Software has taken the lead in managing and optimizing licenses in virtual desktop environments with its FlexNet Manager Suite for Enterprises products.

Corporate Computer covered by SA Non Windows RT Corporate Device Windows RT Corporate Device Personal devices outside the office

BYOD Device

Windows

Virtual

Desktop

VDA license required

No license required No license required

CSL license required