This has to be the top licensing misconception and often comes up in discussions I have with customers.
When an application such as Office, Visio or Project is delivered in this manner then controlling access either via Active Directory groups, or Group Policies etc is not sufficient. This is due to these applications being licensed “per device”. With this license model it means that every device that the user can potentially access (or does access) the remote session with the application in requires a license.
- Fred usually uses the Thin Client on his desktop. That’s license number 1 required.
- He pops into a branch office in the afternoon and logs into a PC and connects to his remote session through a portal. That’s license number 2 needed.
- He then disappears home early and logs in from home using his iPad. That’s license number 3.
Parking the whole logging in remotely scenario for now as that’s an even bigger amount of possible devices, Fred has the ability to use any device within the organisation to access his remote desktop. Each one of these devices would require licensing for the per device licensed application.
This isn’t just limited to Terminal Services, Remote Desktop Services and Citrix (I know the underlying tech is the same!) scenarios.
This same license model also applies to VDI, you could potentially access a VDI desktop from any device as that’s the benefit. It also applies to app streaming solutions like XenApp and application virtualisation such as App-V and AppWave.
Basically, all the technologies that really push User Centricity and targeting applications at users rather than devices (System Center 2012 Configuration Manager heavily focuses on this).
So really since applications can be delivered to any client device, a per device application license must be obtained for every device the delivery mechanism server has the ability to deliver an application to, not just the person using the desktop application.
One solution to this is AppSense Application Control. While this solution allows you to claw back some control and compliance and is recognised by Microsoft as an official way to control licensing it does have some draw backs.
AppSense Application Control allows you to define the devices that are allowed to run the per device licensed software and block it from running on non-licensed devices, giving you the flexibility of centrally managing and delivering software like MS Project from RDS/XenApp/VDI/App-V methods, but at the same time removes the flexibility that targeting the user and flexible working should bring.
One area that this is vitally important in, in my opinion, though is blocking access to applications licensed in this model when logging in from outside of the corporate network when any device could be used and “in theory” thousands/millions of licenses should be required and you only have your corporate devices covered fully by an Enterprise Agreement for example.
So what can you do? Well it all depends on the application, the vendor and the licensing model. There are some agreements and special licensing models that can be potentially useful but they all take some analysis of numbers required, benefits and costs etc.
All I can really advise is:
- Make sure every application you aim to deliver remotely has it's licensing properly checked before you take the plunge and do it to ensure you avoid any costly compliance challenges.
- If in doubt, speak to someone who knows. All application vendors/suppliers will have specialists, check with your account manager to see what they can do to help.