Jul 01, 2019 - 01:23 AM
For our customers we use;
Discovery - to identify where the installations are (both server and client) - and user to device if included to pick up mutliple devices
AD User Reporting - to pick up any recently expired to remove etc
AD Security User Groups - to track access to Servers (as what is installed may not match the server requirement)
Server Labelling (if used) - to identify targeted boxes
Visual Studio VLSC reporting - to map the actual user names to AD and Discovery
The easiest route is dedicated clustering for Development use - however you have already ruled this out - so its mapping many spreadsheets and targeted questions. Once you have got identification started it becomes a BAU process so keeping track of monthly changes. Don't leave to big gaps as it just gets more and more complex over time.
There are a couple of tools on the market they do some form of processing around this, but this is quite limited. And there is still a bunch of processing to do after the report is run, but its a much shorter process
Jul 02, 2019 - 02:34 AM
Do they have differing subscription levels? e.g. some with Pro, some with Test Pro, and so on?
Are they building shared servers in datacenters using these rights? Or is their usage mainly local to their own development machines?
Any opportunity to control access using AD groups and group policy? Having an AD group that's tracked over time and aligned with subscription records will help in compliance conversations.
How are you doing software recognition in this environment to be able to determine which is an MSDN-licensed install, and which is production?
Perhaps one option would be to ringfence production? So rather than trying to control DTA, you have a tightly-controlled Production environment. What this unfortunately wouldn't capture would be the production usage of software on personal DTA machines.
From a compliance perspective a good starting point (which would help in the event of an MS review) would be to have a clearly defined policy on DTA usage of MSDN-licensed software. Things like who has the rights to assign a subscription, what you're doing to track subscription usage, how you prove that MSDN-licensed software has been removed from a machine when a user leaves.
I would imagine from a compliance perspective what you're going to need to do is maintain an inventory of DTA machines, join that inventory to any user records you have (users per computer, most frequent user), and join that to your MSDN subscription records. Horribly manual process for such a large environment but it would highlight any usage of DTA-licensed machines by users without an MSDN license.
Jul 02, 2019 - 08:45 AM
Use the CMBD data to identify dev/test environments. Give the list of devices to you server team and say you want a list of all users who have logged in during the last 90 days.
Exclude contractors and 3rd parties if they use their own licenses.
Now use your Sam tool to determine the highest subscription required for each server. Allocate this to your list of users.
Compare the users to the subscribers in the MSDN portal.
Please ask if you want to know more.