VDI licensing overview

Software licensing compliance can be challenging in a VDI environment. It’s likely that you've moved at least some end users in your organization to virtual desktops. These users may have their own device, or share a device, and remotely connect to a Terminal Server, Citrix Server, or some other VDI server to run their applications.

With traditional installation-based licensing, each installation on a device requires a license. In a VDI environment, just one or a few servers have an installation, with each user requiring their own license. Licenses are counted more than once if users have access to a VDI server while also using a device with an installation.

Most VDI environments grant access based on Active Directory group membership, adding the number of users in the group to the number of installations Management Suite has discovered. While this gives you license coverage, it also causes duplication, potentially causing you to over purchase. Data Analytics solves this problem with a series of rules that collect this information and remove any duplicate licenses.

Finding duplicate licenses

To find duplicate licenses using Data Analytics, you're required to use Active Directory groups to determine which users need a particular software license. Once these groups are configured, you’ll need to import group membership into the inventory database.

The process

You must first configure a rule that pulls Active Directory group membership into inventory. Do this by opening the LDAP Import > All Rules folder and copying and editing the rule named LDAP groups the logged in user is a member of. Enter a user with access to Active Directory to read the group membership for all users. For immediate feedback, import the information by running this edited rule.

The rule will search for every user in the Active Directory tree and then match each user to a device in the inventory database. By default, the rule will do the matching based on the Computer.LoginName and the Active Directory samAccountName, ignoring disabled users. If the rule finds that a user in Active Directory does not have a device with that login name, it will create a new object in the database of type "user." This action will inflate the object count in your database for any users that do not have a device in the database.

Next, you need to schedule a task using the script file named Data Analytics – Import and delete users to import information regularly so that it remains up-to-date. This script performs three actions:

  • Executes the LDAP import.
  • Determines if any users that were previously imported now have a device, preventing over-counting.
  • Runs a rule to delete the user objects that now have a device.

You can schedule this task as often as needed for the data to remain accurate. In a large Active Directory environment, the task may take a long time to run, so you may want to run it only once a week.

Once the import is complete, map the Active Directory groups to your licensed software products so that proper licensing can occur. To do so, right-click the Licensed Software folder and select Assign LDAP Groups.

A dialog opens with Licensed Software Products on the left and all LDAP Groups that exist in the database on the right. Find the product on the left and highlight it. Then highlight all groups on the right that will grant access to it, and move the groups to the left. You may have many groups that grant access to one product, or one group that will grant access to many products; both ways are possible.

Once you've mapped the groups and software, click the Save button to store the information in the inventory database.

The results

By default, the Data Analytics software-manager service runs nightly to perform software detection and license calculation. To see the results immediately, open the Licensed Software folder, right-click All Vendors, and select Run Now. Note that on a large database, this process may take a long time. To test against just a few devices, you can drag and drop them onto the All Vendors group.

You can see the results of the detection and calculation process in two places:

  • To see the software that was assigned via the Active Directory group to a single device or user object, open the inventory for that object and look under Software – Licensed Software.
  • To see a software reconciliation report, go to the Executive Report Pack console and open the ERP > Software Compliance folder. Run the SLM Report with Expandable Detail report to see all products (and user objects) and their license compliance, as well as all devices the software was detected on.