Jul 01, 2019 - 01:23 AM
For our customers we use;
Discovery - to identify where the installations are (both server and client) - and user to device if included to pick up mutliple devices
AD User Reporting - to pick up any recently expired to remove etc
AD Security User Groups - to track access to Servers (as what is installed may not match the server requirement)
Server Labelling (if used) - to identify targeted boxes
Visual Studio VLSC reporting - to map the actual user names to AD and Discovery
The easiest route is dedicated clustering for Development use - however you have already ruled this out - so its mapping many spreadsheets and targeted questions. Once you have got identification started it becomes a BAU process so keeping track of monthly changes. Don't leave to big gaps as it just gets more and more complex over time.
There are a couple of tools on the market they do some form of processing around this, but this is quite limited. And there is still a bunch of processing to do after the report is run, but its a much shorter process
Jul 02, 2019 - 02:34 AM
Do they have differing subscription levels? e.g. some with Pro, some with Test Pro, and so on?
Are they building shared servers in datacenters using these rights? Or is their usage mainly local to their own development machines?
Any opportunity to control access using AD groups and group policy? Having an AD group that's tracked over time and aligned with subscription records will help in compliance conversations.
How are you doing software recognition in this environment to be able to determine which is an MSDN-licensed install, and which is production?
Perhaps one option would be to ringfence production? So rather than trying to control DTA, you have a tightly-controlled Production environment. What this unfortunately wouldn't capture would be the production usage of software on personal DTA machines.
From a compliance perspective a good starting point (which would help in the event of an MS review) would be to have a clearly defined policy on DTA usage of MSDN-licensed software. Things like who has the rights to assign a subscription, what you're doing to track subscription usage, how you prove that MSDN-licensed software has been removed from a machine when a user leaves.
I would imagine from a compliance perspective what you're going to need to do is maintain an inventory of DTA machines, join that inventory to any user records you have (users per computer, most frequent user), and join that to your MSDN subscription records. Horribly manual process for such a large environment but it would highlight any usage of DTA-licensed machines by users without an MSDN license.
Jul 02, 2019 - 08:45 AM
Use the CMBD data to identify dev/test environments. Give the list of devices to you server team and say you want a list of all users who have logged in during the last 90 days.
Exclude contractors and 3rd parties if they use their own licenses.
Now use your Sam tool to determine the highest subscription required for each server. Allocate this to your list of users.
Compare the users to the subscribers in the MSDN portal.
Please ask if you want to know more.
Sep 13, 2019 - 07:41 AM
Be careful, this is not accurate and a common mistake. MSDN (now Visual Studio subscribers) can only freely use applications that match their benefit level, Enterprise VS users have access to more applications that can be used in DTA that Pro users. Please check the benefit level matrix for more info:
For example, Pro users don't have access to Office, Exchange Server, Sharepoint Server, Biztalk, Dynamics, Project or Visio and many others. They would need to upgrage their VS subscription level or to have separate licenses to access these applications.
Our approach to helping customers manage their development environment is by providing a central web portal to view all their devices from multiple inventory sets, with the ability to tag devices as dev/test. Once tagged the MS software on the device is exempted from license calculations based on their VS subscription level. We also use AD records and VLSC portal output to map users to devices. Tagging is a manual process via the web interface, but can be done in bulk. Once its done, its permanent. You can then run license reports on the fly without the hassle of manually identifying dev/test devices and removing them from the license counts. We can also run reports to show which applications are being used that don't match the users benefit level, and which devices are running development tools but not taking advantage of VS subscriptions.
Msg me if you'd like to have a free look at our tools.