RE: VCL software licensing

2012-03-07 Thread Alexander Kurt Keller 
Hi Alex  VCL folks,

I suspect that some folks may prefer to share detailed information off list due 
to concerns about publically documenting their compliance approach.

We have been grappling with OS and application licenses with regard to our 
Remote Desktop Services (Terminal Services) pilot (we are not using Apache VCL 
in production). While there are some differences between RDS and VDI licensing, 
the challenges are similar.

Our experience has been that software vendors fall into a few basic camps with 
regard to virtual licensing:


· Those vendors who don’t have a virtual licensing mechanism and need 
to be educated about the use case in order to work out an 
agreement/understanding.

· Those vendors who understand the virtual use case and may have 
documented licensing stipulations.

· Those vendors who have robust licensing policies and mechanisms 
(network license managers, multiple license types, etc).

On the Microsoft OS side, it took a sit down meeting with our MS Sales Engineer 
to understand their licensing schema for VDI and RDS. In a nutshell this is 
what we walked away with:

  *   Staff or faculty member running a Windows OS on a University computer 
connecting to a VDI based Windows VM = Covered under campus agreement, no 
additional cost
  *   Staff or faculty member running a NON-Windows OS (MacOSX, Linux, Thin OS) 
on a University computer connecting to a VDI based Windows VM = Covered under 
campus agreement, no additional cost
  *   Student on a University computer (Windows, MacOSX, Linux, Thin OS) 
connecting to a VDI based Windows VM = Special agreement needed: roughly 
$5/student over FTE population or fenced population (as negotiated by campus 
and Microsoft).
  *   Staff or faculty member on a University computer (Windows, MacOSX, Linux, 
Thin OS) connecting to a RDS session = Per User or Per Computer CAL required
  *   Student on a University computer (Windows, MacOSX, Linux, Thin OS) 
connecting to a RDS session = External Connector License (per RDS server)
  *   Student on a home computer (Windows, MacOSX, Linux, Thin OS) connecting 
to a RDS session = External Connector License (per RDS server)

After looking at a number of License Management applications, we settled on 
Sassafras K2 (http://www.sassafras.com) based upon the cross platform 
capabilities (we envision it being used beyond our RDS offering) and resounding 
recommendations from a lengthy list of other universities. We are early in our 
implementation, but I can attest that it is a very capable and mature product.



Best,

alex


Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
☛Burk Hall 155 ☎ (415)338-6117 ✉alkel...@sfsu.edumailto:alkel...@sfsu.edu

From: Alexander Patterson [mailto:alexander.patter...@csueastbay.edu]
Sent: Wednesday, March 07, 2012 10:13 AM
To: vcl-user@incubator.apache.org
Subject: VCL software licensing

Hello,

I wanted to know how are people dealing with software licensing for VCL? Does 
anyone have a document or information on how they are dealing with the 
different vendors when it comes to VCL.

For example with Microsoft you are using 1 license for each virtual machine you 
spin up in a Windows environment.
Do you have one per user base? Is this for concurrent users?
Are you able to split up lab licensing for in house software to be used in the 
VCL? Do the companies know you are doing this?
Does anyone have an agreement with any vendors that goes within the current VCL 
licensing that they are using?

If someone has like an overview or general information on how you are licensing 
the VCL for educational use; that would be very helpful.

We are starting to run into licensing walls and I would love some inside 
information from someone who has gone through this.

--
Thanks,
Alex  Patterson
User Support Services
Operating System Analyst
California State University, East Bay

RE: rdp file auto login

2011-11-22 Thread Alexander Kurt Keller 
I believe years ago (RDP version 4?) the password could be defined in clear 
text within the RDP file but that is long unsupported. Here is a write-up and a 
lively comments discussion on the  MSTSC embedded password encryption function:

http://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/

it looks like they use the machine or user SID to salt the hash?

best,
alex


Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
☛Burk Hall 155 ☎ (415)338-6117 ✉alkel...@sfsu.edu


-Original Message-
From: Josh Thompson [mailto:josh_thomp...@ncsu.edu] 
Sent: Tuesday, November 22, 2011 11:12 AM
To: vcl-user@incubator.apache.org
Subject: Re: rdp file auto login

It's been several years since I tried to get this to work.  However, unless 
things have changed (which I'm guessing they haven't), you can't make it auto- 
login.  The password is provided in a clear text form in the rdp file.  
Unfortunately, the windows and mac RDC apps won't use the clear text version.  
You can save a password in an encrypted form in an rdp file; however, RDC uses 
cryptographic stuff specific to the computer that actually saves the file, 
meaning there's no way to generate the encrypted form of the password unless 
you are actually on the end user's machine.

If anyone wants to try to investigate this again, I think everyone in the 
community would love to see it work.  Or, everyone can switch to linux/unix 
platforms that can use rdesktop that will happily accept the password at the 
command line.  :)  I have a nice wrapper script for rdesktop that will take the 
rdp file and do the auto-login into the remote windows node.

Josh

On Tue November 22 2011 1:29:09 PM Gene Lui wrote:
 Dmitri,
 
 If you download the rdp file from the connection reservation and open 
 it with a editor, you see that the rdp file has both a user name and 
 password within the setting file.  For example, the last rdp file had 
 the following key entries:
 
 username:s:gkl25
 clear password:s:LDgKQM
 
 I would have thought that this would be passed to the remote desktop 
 when opening this file with mstcs.  But it is not and I don't know if 
 this is how it normally works or is it suppose to be able to passed it 
 to the Win7 remote desktop and I'm doing something wrong.
 
 - Gene
 
 On Tue, 2011-11-22 at 13:17 -0500, Dmitri Chebotarov wrote:
  Gene
  
  I'm relatively new with VCL and I may be wrong. I could not find any 
  options in preferences for RDP file to include password. Having 
  password in RDP file would make it easier and if it's possible it would be 
  great.
  
  I would like to have this option as well and will be looking into 
  the code which generates a RDP file for new reservations.
  
  Thanks
  
  On Nov 22, 2011, at 12:58 , Gene Lui wrote:
   Thanks Dmitri,
   
   Wanted to confirm if its possible by using the rdp file, users can 
   auto login with the mstsc (would be preferred over entering 
   password manually).  Thanks for such a quick reply and answer to my 
   question.
   
   Take care,
   Gene
   
   Drexel University
   
   On Tue, 2011-11-22 at 12:47 -0500, Dmitri Chebotarov wrote:
   Gene,
   
   Username/password would be on your reservation page.
   Username is Admin, password is generated for each reservation and 
   you need to type it manually when open RDP.
   
   Thanks.
   
   On Nov 22, 2011, at 12:32 , Gene Lui wrote:
   Hi there,
   
   I wonder if any of you bright individuals can help me out here 
   with this wonderful project you got here.
   
   When I use the RDP file supplied on the vcl connection page 
   (Windows
   7 client) , I assume it will automatically supply the 
   credentials to log into the remote desktop image (Windows 7 
   image). The problem is that it does not automatically logs in 
   and it prompts for my password.
   
   Do I have this wrong and a password is needed to be manually entered?
   If not, how do I enable the auto login?  I have tried changing 
   group policy settings on the remote desktop host but nothing 
   works.  I appreciate any help anyone can give.
   
   Thanks,
   Gene
   
   Drexel University
-
---
Josh Thompson
Systems Programmer
Virtual Computing Lab (VCL)
North Carolina State University

josh_thomp...@ncsu.edu
919-515-5323

my GPG/PGP key can be found at www.keyserver.net