3. Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management for Desktop Virtualization
3
As of today, desktop virtualization represents only a few
percent of all desktops. However, it is still seen as one of
the leading technologies that should take a more significant
portion of the market in the coming years. One of the
drivers fueling these forecasts is the rapid adoption of
mobile devices and Bring Your Own Device (BYOD) policies
by organizations. For these devices, the virtual desktop
offers end users the flexibility to access their business
environment from anywhere, at any time, from almost any
device, running any operating system.
The drivers for desktop virtualization, as shown in Figure
2, also include providing the ability for IT to centralize and
simplify desktop management and accelerate provisioning
of new desktops. In addition, this technology meets
most organizations’ security, compliance and regulatory
requirements as data and applications are kept securely in
the datacenter.
Figure 2: Drivers for Desktop Virtualization [Source: TechWeb]
Drivers for Desktop Virtualization
(Organizations rating benefits of desktop virtualization “quite or very important”)
Percentages based on a 4 or 5 rating on a scale of 1 to 5, where 5 is “very important.”
Base: 300 respondents who have implemented, are piloting or planning to roll out desktop virtualization in the next year.
Data: TechWeb survey of 490 IT decision makers.
To centralize and simplify
desktop management
74.8%
74.2%
73.0%
67.5%
65.7%
62.7%
To improve security by maintaining
and backing up data centrally
To simplify and accelerate
provisioning new desktops
To lower infrastructure costs in power
usage and/or hardware acquisition
To provide end users with a convenient way to
access their desktop environments remotely
To extend refresh cycles
for desktop PCs
To reduce downtime caused by
server/client hardware failure
86.2%
4. Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management for Desktop Virtualization
4
Types of Virtual Desktops
Virtual desktops come in two flavors: persistent and session
based (or non-persistent). A persistent virtual machine is
a virtual machine that is kept on a disk in the datacenter.
Each time the user logs in, the previous session on that
virtual machine is resumed. A user can create shortcuts,
customize or install additional applications on his or her
virtual desktop and all of these changes will be available
in future sessions. Persistent virtual machines are usually
only assigned to power users or administrators as they
consume a large amount of resources—such as storage, in
the datacenter.
The most common virtual desktops are session based. A
session based virtual machine is assigned from a pool
of virtual machines to the end user at log in time and
wiped out each time the user logs out. Some vendors offer
technical solutions to keep user changes across sessions and
can even add applications to the virtual desktop template
based on the user profile. In these instances, when the user
logs in, the user personalization is added to the virtual
desktop template.
Collecting Virtual Desktop Inventory
In the traditional desktop world, inventory is performed by
an agent running within the operating system. Inventory
consists of capturing software package data, for instance
in Windows environments—from Programs and Features,
file data, including contents of specific files, Windows
registry or ISO 19770-2 tags. From there, data scrubbing
and analysis is performed by an application recognition
tool to generate the list of commercial products requiring
a license. Additionally, a review of the login history on
the device provides clues about its primary user. Typical
inventory tools run on a schedule or are executed at log on
time. Scheduling is the most commonly used strategy as it
is less intrusive: it does not slow down the execution of the
operating system when the end user requests access to it.
It takes a few minutes for an inventory tool to capture
data, the most resource intensive task being to perform
a disk scan for executables, dlls, ISO 19770-2 tags or
specific files.
For persistent virtual desktops, inventory tools are able to
capture inventory and usage data the same way as for
traditional desktops. On the other hand, session based
virtual desktops are challenging for many reasons: there is
no practical way to run the inventory on a schedule as the
machine is wiped out every time the user logs out and this
may happen multiple times a day. The lifespan of a virtual
desktop can be extremely short, not leaving enough time
for a scheduled or session triggered inventory to complete
successfully. Inventory tools identify operating system
instances by using various techniques: from analyzing key
hardware or software properties (serial number, MAC
address, IP address…) or by assigning a unique identifier
to each one. A session based virtual desktop gets reused
across multiple users or is re-imaged after use. So, it’s
difficult to get a unique inventory for each session. This can
result in an ever growing, large number of devices that will
need to be reconciled. An alternative approach is to set-up
a mechanism to group sessions together on a per user basis.
In the virtual desktop environment, templates of virtual
machines are created and assigned to users. When a
user accesses a session based virtual desktop, a new
Figure 3: Desktop Virtualization Architecture [Source: FOCUS LLC www.focusonsystems.com ]
VirtualDesktops(VMs)
Server Hosted
Virtual Desktop Infrastructure
User Access Devices
PC
Laptop
Thin Client
Server
Tablet/phone
Hypervisor
Guest OS
APP 1 APP 2 •••
Guest OS
APP 1 APP 2 •••
Guest OS
APP 1 APP 2 •••
5. Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management for Desktop Virtualization
5
virtual machine is created from the template assigned to
the user and the user roaming profile is attached to that
virtual machine to establish his personalized settings from
information in the Documents or My Documents folders.
This includes his desktop background, shortcuts, favorite
links, etc. The relationship between templates and end
users is based on access rights granted to end users for
specific templates.
Another difficulty is identifying additional applications that
have been added to the templates based on user profiles.
These applications are usually deployed using application
virtualization technologies (e.g. Citrix XenApp or Microsoft
App-V). For these, a quick scan at the beginning of the
session can be performed or alternatively this information
can be extracted from the application virtualization
tools themselves.
There are very few discovery and inventory tools that can
be used to inventory session based virtual desktops. One
approach is to inventory the templates that are used to
clone session based virtual desktops. FlexNet Manager
Platform, foundation of the FlexNet Manager Suite, can do
both a quick scan at the beginning of the session and/or
utilize the relationship between users and virtual desktop
templates to get an inventory of the session based virtual
desktop for a particular user.
One of the biggest challenges in session based virtual
desktop environments is measuring application usage.
There are only a few specialized tools on the market
able to perform this task. If these tools are not available,
usage data may be limited to information provided by
the application virtualization technologies. For instance,
Citrix EdgeSight will measure usage for XenApp virtualized
applications. FlexNet Manager Platform can collect usage
data from EdgeSight.
A big license management challenge in virtual desktop
environments is related to the use of device based licenses
(more on this below). The device considered for licensing
in this model is not the virtual desktop itself running in the
datacenter, but the physical endpoint devices used to access
it. For instance, if an end user uses both a laptop PC and an
iPad to access a virtual desktop environment, two licenses
may be needed depending on the product use rights
associated with the software product running in the virtual
desktop. To maintain license compliance, it is mandatory to
capture some key inventory data for these endpoint devices
during each virtual desktop session. Only a few inventory
tools available today are able to capture this data.
As can be seen, inventorying virtual desktops is not
easy. Traditional inventory tools often fall short in this
environment. Different strategies and tools are needed to
capture the inventory and usage data required to accurately
calculate a license position. The license management
tool must be able to collect, process and aggregate data
from different data sources. FlexNet Manager Platform
captures user access rights and usage data for both virtual
desktops and virtualized applications to enable an accurate
determination of the license position for applications
running in these environments.
Persistent virtual machines
Non-persistent pool /
session based
Persistent model: each user has a dedicated virtual machine
Session based model: Virtual machines are dynamically allocated
to end users from the pool
Figure 4: Persistent and Session Based Virtual Desktops
6. Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management for Desktop Virtualization
6
Licensing in Virtual Desktop Environments
In the desktop world, there are three main types of licenses:
concurrent, user and device based. Concurrent is the
easiest to handle from a license compliance perspective,
as compliance is usually self-managed by the license
model and license server—only a certain number of people
can check out a license at any one time. Organizations
are usually compliant with this license metric, although
there can still be issues, particularly when using licenses
across different geographical regions, for example. The
complications around concurrent licensing come about when
trying to determine the optimal number of licenses required
to keep denials of service in check, without over spending
on software licenses—a topic for another white paper.
In the user license model, a user will usually consume
a single license regardless of how the application was
accessed: from a local installation, using an application
virtualization or virtual desktop technology or any
combination of the above. This license model requires the
ability to accurately capture usage data and user access
rights to software products in these environments (as
described above) to accurately calculate a license position.
Capturing this data also enables license optimization by
removing access to inactive users, for instance.
Device based licenses are the most challenging for two
reasons: first, as mentioned above, the device license
applies to the device from which the application is
accessed, not to the device where the application is
running. In a remote desktop virtualization scenario, these
are two distinct physical devices: the physical server in the
datacenter where the virtual desktop is hosted and running
and the devices used to access the virtual desktop. The
devices in this last category are the ones counted toward
licensing and could be anything from the user’s company
owned or personal computer, laptop, iPad, and intelligent
mobile device, to an internet café computer. The second
reason why device based licenses are challenging for
license management is the existence of product use
rights that must be applied to these desktop virtual
environment configurations.
Among all the software vendors, Microsoft has taken the
lead in publishing product use rights for each of its products
when used in a virtual desktop environment. On the surface
of it, all devices using virtual desktop technology to access
a Microsoft software product that is licensed per device
must be licensed for this product. However, there are a few
exceptions tied to the virtual desktop access and roaming
use rights provided by Software Assurance (SA), Virtual
Desktop Access (VDA) or Companion Subscription License
(CSL) licenses.
Software Assurance is a maintenance program providing
many benefits including access to the latest releases. It
provides both virtual desktop access and external roaming
rights. A Virtual Desktop Access license is a subscription
based license intended to cover devices that cannot
be covered by Software Assurance such as thin-clients,
contractor owned PCs, etc. It only provides virtual desktop
access rights for the Microsoft Windows Operating System.
A Companion Subscription License can be purchased on
top of Software Assurance or a VDA license to cover the
Windows OS on Bring Your Own Device (BYOD) devices
when people use them within the company premises to
access virtual desktops. A single Companion Subscription
License covers up to 4 devices.
Microsoft Windows Licensing
When using virtual desktop technologies, the first step is to
license Microsoft Windows itself for virtual desktops running
this operating system. The scenarios are as follows:
• If the user is the primary user of a company owned
computer covered by Software Assurance then no
additional license is required when this user accesses
a virtual desktop from (1) this same computer, (2) a
company owned Windows RT device from anywhere or
(3) a personal device outside of the office premises.
• If the user is the primary user of a computer covered
by a Virtual Desktop Access license then no additional
license is required when this user accesses a virtual
desktop from this same computer, or a personal device
outside of the office premises.
• For any company owned device, not assigned to a
primary user, such as thin clients, a VDA license is
required except for Windows RT devices in the case
scenario mentioned above.
• For any Bring You Own Device (BYOD) devices (used
at the office), a Virtual Desktop Access or Companion
Subscription License is needed. If a user already has
a device covered by Software Assurance or a VDA
license, a Companion Subscription License is more
economical than an additional VDA license.
• Without Software Assurance or a Virtual Desktop
Access license, a user cannot access any virtual desktop
instances. In this scenario the most economical solution
is to subscribe the end user to a VDA license for his/her
company owned and/or personally owned devices and
additionally use a CSL license for any BYOD device
that will be used at the office.
7. Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management for Desktop Virtualization
7
Microsoft Application Licensing
Microsoft Office, Project and Visio products are licensed per
device. A licensed device can access a local installation or
virtual desktop instance of these products. If the license is
covered by Software Assurance, then the primary user of
the company owned device can access these products in
a Virtual Desktop environment from non-corporate devices
outside of the office. All other devices accessing these
products through virtual desktops in any other scenarios
must be licensed. Any device accessing any other Microsoft
products licensed per device such as AutoRoute, Lync,
MapPoint, InfoPath, etc. must be licensed individually.
Some Microsoft server products such as Microsoft Exchange,
SQL Server, SharePoint, etc., require a Client Access License
(CAL) for each user or device accessing the software
product. If a User CAL is used, it will cover any use of the
product through a virtual desktop. If a Device CAL is used,
each end point device must be licensed. Developer tools
from Microsoft such as Visual Studio, SQL Server developer
or MSDN operating system are licensed per user. Licensed
users can access these software products through virtual
desktop technology.
Very few other software vendors have documented the
licensing impact of virtual desktop technologies. The current
product use rights in the EULA associated with each product
must be carefully analyzed in that context.
Conclusion
Organizations should take extra care to manage licensing
when deploying a virtual desktop solution. Most of the time,
additional licenses or subscriptions must be purchased that
add to the cost of the virtual desktop solution itself. Once
the virtual desktop solution is deployed, the organization
must manage and monitor users, end point devices and
deployed software products to maintain license compliance.
This is not an easy task and there are still some grey areas
such as controlling access from BYOD devices either on
company premises or outside of the company. Flexera
Software has taken the lead in managing and optimizing
licenses in virtual desktop environments with its FlexNet
Manager Suite for Enterprises products.
Corporate
Computer
covered by SA
Non Windows RT
Corporate Device
Windows RT
Corporate Device
Personal devices
outside the office
BYOD Device
Windows
Virtual
Desktop
No license required
VDA license required
No license required
No license required
CSL license required
Figure 5: Licensing Windows OS for devices used to access virtual desktops (“No license required” means No additional license)