Concurrent License and Compliance on Centralizing those

Question

Srivathsan

Concurrent License and Compliance on Centralizing those

could anyone clarify the below scenario. I have centralized my licenses for a software from many scattered servers across org into a Centralized License Server. Now the scenario is i've 20 Concurrent or Floating licenses of a software. I've properly allocated those to the project teams in the org from my License Server. Suppose if a computer or a Node is removed or temporarily de-allocated from the Options file(in license server) will i take the installation in the machine which conflicts (if suppose am in the Audit time) the Purchased Vs Deployed as a NON Compliance???

Do i need to ask my IT Support team to remove the software installed on that machine as they don't have access to licenses from the server since the user or machine ID is removed?. If it is not a Non Compliance how to mitigate the risk of using a pirated license key or any such in that machine or any such unforeseen? If it is a Compliance issue and i compelled to uninstall even though they are temporarily de-allocated or have a chance once the project got a work on that Software to go ahead?

Status: Open Feb 08, 2016 - 05:50 PM

Concurrent, Licensing

Do you have the same question? Follow this Question

Answer this question Report it

8answers

Voted Best Answer

Gemma Walker

Feb 10, 2016 - 03:45 AM

I think you need to be more specific on the manufacturer and product. Each have different rules so the "read the EULA" comment is currently the only information that can be provided. Some products cannot be transferred between people/devices, some can within an allocated timeframe and others have free reign for complete currency. There are also specific scenarios regarding specific products which enable "rule bending" to a degreee. Plus with different manufacturers having different approaches to how they enforce the rules (brutal to fair) it will be a different answer depending on exact circumstances.

4

0

Report it

Answers

Deepika

Feb 08, 2016 - 10:00 PM

I think it depends on the user based/ Device based license.Generic scenario,If it is a user CAL license, you can install it on 'n' no. of devices but only 20 user can use it at a time and it will not be non-compliance if in case any machine with licensed software is removed. However, if it is device CAL and can be installed only on 20 devices, installing on 21st device without removing the license on 20th is non-compliant.
I would just add, please check your software contract terms/ EULA and PURs which would more clearly explain the specific software scenario.
)

1

0

Report it

Srivathsan

Feb 09, 2016 - 01:25 AM

thanks for that Deepika. But nothing was mentioned there in the EULA or VPA or even the license certificate we have purchased with the publisher like that. My worry is on the Compliance part and Audit part where there should not be a point of non-compliance. As you said it is ok for Machine based CAL but for user based CAL how much probability of risk you can expect aforesaid or to avoid the question from the audit desk on deployment report?

1

0

Report it

Deepika

Feb 10, 2016 - 09:03 PM

I agree with Gemma here, please be specific on the Software Vendor/Publisher as this is all vendor dependant. In case you don't have anything given in EULA, you can call the vendor helpdesk, to clarify the scenario. For any new contract/ renewal, it is a good practice to check if everything is clearly mentioned in EULA/PURs or Licensing terms,etc.

2

0

Report it

Srivathsan

Feb 10, 2016 - 09:33 PM

Hi Gemma

it's not the specific product am looking for. please take it as generic. I got from KPMG that they need to be uninstalled to carefully avoid the non-compliance or any unforeseen instance of non-compliance if gone out of control. I accept controls and process should be in place and we do have the same here. But as everyone knows there are 'n' ways to get a pirated key and to breach the standards or policies or process and we couldn't able to get it aware until it comes for periodic reconcilation or any alert notification that we set. Take a case of Autodesk or UG where borrow option is possible. If one machine with user got it borrowed from the server and without knowledge of admin or help of support desk a way of shoulder sharing will happen where the removed userid from the option file will get the borrowed license. When we declare with the report on allocation with installed devices my question is Will it be a non-compliance during audit.

We have the way to use Exclude option anyone can suggest. I just gave an example. Finally got to know the answer from anoter group that if nothing is specified in the EULA or in the MLA of the publisher we can defend with that it was not mentioned specifically. Thanks Gemma and Deepa. Your answers helped me to go for alternative thinking to stay compliant.

2

0

Report it

maurogario

Feb 29, 2016 - 09:19 AM

Hi there.

I agree with previous answers but not so much with your point of view. At least I don't understand it.

If your license is being distributed by a license server (e.g. Flexnet) only users having such license can use the installed SW. Any other one will be refused.
So here there isn't any compliance issue, you can have 100 installations and only 20 concurrent licenses.

If the issue is that the user can redirect license request to a cracked or, let say, uncontrolled license key, then of course it is a fraud, but at that point such user will not appear in your server log and only a network scanning with an agent will find this installation, or?
Your problem here is to avoid such cases maintaining both a "closed" environment where users can't install their SW or change configurations, and a scanning system to have up-to-date reports on installations. (plus removal processes and punishment I must say...)

The above is pointing to your Autodesk example, but of course any SW has it EULA or SLA chapter in the purchasing contract and the incompliance is only based on that clauses.
If nothing is said, the vendor has to explain how they determine incompliance based on contractual terms (not just a script output).

Of course all will depend on who has more negotiation power because both parties can argue on legal tricks, but from a technical/process point of view it is not really otehrwise manageable.

So, when others were asking you for more details wasn’t to know your business but because any vendor has its own way to define compliance and two similar cases can have completely different output.

I wish you will succeed in your audit!

1

0

Report it

Srivathsan

Feb 29, 2016 - 05:38 PM

ya mauro. thanks for your answer. yes it is the audit defence atlast that speaks. But since it was adviced by KPMG i was in an impression it needs to be uninstalled even if it is user CAL or Machine CAL. yes i distributed or allocated through Flexnet only. I understood now from different SME's your above said answer is true.

// If your license is being distributed by a license server (e.g. Flexnet) only users having such license can use the installed SW. Any other one will be refused.So here there isn't any compliance issue, you can have 100 installations and only 20 concurrent licenses. //

Can i specify MACID in option file to distribute it to the clients from Licenseserver instead of user ids in OPT file.Will it get properly allocated? user id may be dynamic but MACID helps us to track or count or limit in one or another way. Is it possible?

0

Report it

maurogario

Mar 01, 2016 - 09:21 AM

You are welcome Srivathsan.

I can't answer the technical details you are looking for as I'm not a technical expert of tools, but surely you can ask Flexera's support about that.

0

Report it

Answer this question