Named-User license enforcement recently been a discussion topic in the engineering team working on the next version of CAE. In this article, I give a little background, discuss the requirements for Named-User licensing and what are plans are in the next version of Access Essentials.
Licensing is a thorny issue – fundamentally it an anti-feature – a that implemented for the benefit of vendor (in this case Citrix), rather than the customer (unless you subscribe to the view that enforcement takes the worry out of remaining compliant with the license). This means that whilst it must achieve our goal (protecting our product from unlicensed use), it also needs to have the least burden on customers we can achieve. We know the implementation in CAE 1.0 and 1.5 creating some confusion, and we want to address this.
Let start with the basics. Access Essentials is licensed for a number (maximum 75) of Named-Users, in increments of 5 users. By Named-User we mean, literally, a named individual, a person. You purchase 15 licenses, 15 named individuals are allowed to use the product. Sounds simple, nothing to hard about that, you just have a list of 15 accounts and only allow people on that list to use the product, right?
Sure but what if you want to license 75 users? Do you really want to list all 75 names when you install your licenses? I can imagine this is just about bearable for 75 users, but we like to aim for consistency, and with our Enterprise products this model of listing users goes out the door. Fancy listing, individually, all 10,000 named users for an Enterprise-level product? Didn think so. OK, so we have to be a bit smarter about this, and have some way for the product to automatically manage the list. So we have two requirements #1 – the implementation should be to Named-User enforcement in other Citrix products, and #2 the list of licensed users has to be (mostly) self-managing.
We like to think that the vast majority of our customers don actually need our license enforcement to stop them deliberately breaking the terms of the EULA, for the honest majority it about the product preventing them accidentally exceeding their license count. So, requirement #3 – enforcement needs to be strong enough to prevent accidental over-use of the product.
As new employees join, it can be tricky keeping track of how many licenses of which products you bought, and making sure you purchase additional licenses when appropriate. For this, you don just want the product to you exceed your license limit – really need visibility on who has a license allocated, and how many you have spare. So, requirement #4 – provide visibility on who has a license allocated, and how many you have available.
Right, next problem – bit of a shocker, but people actually change jobs. Chances are at some point, one of your Named-Users is going to no longer need a license, and you want to re-assign the license to someone else. So requirement #5 – allow customers to re-assign licenses.
We now have our basic requirements:
- #1 – The implementation should be similar to Named-User enforcement in other Citrix products
- #2 – The list of licensed users has to be (mostly) self-managing
- #3 – Enforcement needs to be strong enough to prevent accidental over-use of the product
- #4 – Provide visibility on who has a license allocated, and how many you have available
- #5 – Allow customers to re-assign licenses
I haven discussed preventing deliberate mis-use of the product. This is a potentially sensitive area for discussing in a public forum, so I hope you forgive me for treating that as implicit for the purposes of this discussion.
So, lets take a look at how CAE 1.0 and 1.5 stack up against our requirements list. In CAE 1.0 and 1.5, our model is to assign users a license when they start a connection to the server. They can create as many connections as they like, from as many devices as they like, and only consume one license. A very short time after they close all of their sessions, we release their license. So the score sheet:
- #1 – Erm, no – CAE enforcement model is unique within Citrix. Password Manager, which also supports Named-User licensing uses a different model.
- #2 – Yep, there no managed list of users – Erm, no – it too easy to accidentally exceed your purchased license count
- #4 – Erm, no – we don provide a way to view the list of licensed users
- #5 – Yep – because there is no managed list of users, and how long we lease the license for, this is OK
So, 2 out of – not a great score. How are we looking to do better in the next release?
Our current plan is to move to a model where we automatically release a user instead the only way to de-allocate a user license will be to use Quick Start. solves #3. We also show the current list of licensed users in the Quick Start tool, which covers #4. Our thinking here is that although requirement #5 states we must allow licenses to be re-assigned, we don think this is going to be such a common operation that using Quick Start in order to re-assign a license is a huge burden.
The score sheet now looks like:
- #1 – Still not perfect, we closer to other products but still aren a perfect match.
- #2 – Slightly worse than before – a license is still automatic, so no setup cost, but a license is no longer automatic
- #3 – A lot better here, re-using a license for a new user requires an explicit action by an administrator
- #4 – A lot better here, the Quick Start tool will now show who is allocated a license, and how many are free
- #5 – Slightly worse than before, because re-assigning licenses is something that requires use of the Quick Start tool.
Overall, this is a better score – but some things that used to be possible without using Quick Start, now require use of the Quick Start.
Do have strong views on enforcement, in Access Essentials or wider within Citrix? Do the changes we making, sense to you? Do you think the changes have some undesirable, unintended consequences?