Our thoughts, industry views and technology trends

Contributor:

May 8th, 2012

Software Licensing for Virtual Desktop Infrastructures and Terminal Servers

Many organizations waste thousands every year on unused software licences. This occurs for a number of reasons, but not least due to the complexity of Microsoft licensing programmes and the need to track license usage across an ever changing IT infrastructure. With the growing popularization of virtual desktop infrastructures (VDIs), monitoring license usage has become more challenging as virtual machines (VMs) can be dynamically created for one-off applications, and software installed on-demand from app stores.

Microsoft has recently changed its licensing to help organizations adopt virtualization technologies. The new Windows Virtual Desktop Access (VDA) licenses are a Software Assurance benefit, or can be purchased for $100 per desktop a year. VDAs provide users of Windows PCs the right to install Windows XP, Vista or 7 in up to 4 VMs. If you’re the primary user of a device covered by VDA, Extended Roaming Rights (ERR) allow you to access a VM from devices not licensed under Software Assurance or VDA, providing that they’re located offsite and don’t belong to the company.

To further help the take-up rate for virtualization, Microsoft has 2 licensing suites that package licences for accessing remote desktop servers, the Microsoft Desktop Optimization Pack (MDOP), System Center Configuration Manager (SCCM), Operation Manager (SCOM) and Virtual Machine Manager.

With the flexibility that VDIs provide, licenses for your line-of-business applications need to be monitored more carefully. While Microsoft’s AppLocker application whitelisting technology for Windows 7 is a security feature, preventing users launching untrusted applications and executables, Privilege Guard’s application control not only provides a unified administration interface for Windows 7, Vista and XP, but is also more flexible than AppLocker. Moving beyond security, Privilege Guard application control can also whitelist or blacklist applications by device, using a hostname or IP address.

Privilege Guard allows organizations to add a whitelist of device names to application control policies to prevent users launching programs installed on VMs or physical PCs, which is especially pertinent for VDIs where devices may greatly outnumber users, and organizations can quickly fall out of compliance with a shortfall of licences.

As licensing can be one of the biggest costs for Windows shops, ensuring that you procure only the number necessary is crucial to keep costs low. Virtualization technologies promise to reduce costs by allowing organizations to dynamically provision desktops to users without the high total cost of ownership traditionally associated with desktop PCs. But your efforts to reduce costs could be in vain if software licensing is not kept in check, and this is where Privilege Guard’s superior application control technology can help.

More from the Blog

Related technology and security insights

  • 10
    Sep
  • Story related

    SANS Critical Controls: Simple steps to securing the enterprise

    In an ever-changing threat landscape, knowing how to mitigate attacks, or even where to start, can be a challenge. To help ease that burden, a number of organizations and government bodies have provided recommendations on defending common real-world attacks. One ...