Blogs

   
Michael Petrov
Co-Founder, CEO
6/8/2012
Advanced Microsoft Licensing Configuration for HARDER security.

Real enterprise class business requirements in a lot of cases are much more complex than a simple IT solution that you can purchase from a single vendor. Sometimes a simple business case would require a non-trivial IT solution approach; but something that may look simple will require considering lots of simple details, and have small impediments that are hard to overcome. Solving such cases require either deep knowledge of technology or extra money to cover for the lack of knowledge.

Consider this situation,

A client runs a Microsoft domain as its single user security and policy control mechanism. One of the executive’s requests to create a virtual desktop that would be used specifically for his needs. The security of that desktop should be outside of the domain so no domain admin can look in the information on this virtual desktop. The desktop should be highly available, and as data is critical it should have either tough backup policies, or redundancy. The client also is heavily invested in VMWare clustering so a natural solution would be to create a virtual machine on VMWare cluster and the HA problem would be solved.

The problem of having a desktop outside of the domain is that the licensing for the remote desktop is in the domain, and you would have to purchase separate licenses for the server if more than one user wants to connect. In a case we ran into, this executive notified us that he wanted other top managers to be able to lookup the data with different privileges. We certainly created appropriate ACL’s for the access control using local users but new licensing had to be purchased, as we could not reach the domain licenses.

Here is how the solution worked that allowed us to avoid new license purchasing:

“After rebooting, I added a terminal server role into the configuration. There you can select the licensing mode; which in this case was selected by user. From there you can point to a licensing server; Adding licencingserver.domainname.local. Once done, I could not validate the licensing server due to lack of authentication, since the virtual desktop was not on the domain. In the licensing diagnosis window you can select an option called ‘provide credentials’. I entered my domain admin account info and it successfully established the connection.”

 

Now, I know that $85 per RDC license x 5 users is not considered a huge savings for most companies; however… the POINT is that it is a Savings. And that small savings in this nature bundled together can alter IT budgets to be put to much better use, Don’t you think?  

 At Digital Edge, I am always enforcing this type of thinking into my Engineers and Project Managers as STEP 1, 2 reasons…

 1 to show the client our level of commitment and 2 to instill options that help conserve IT spending for more critical initiatives.

   

Replies

Leave a reply

Name (required)
Email (will not be published) (required)

Number from the image above
  
Latest blog posts
VNX Versions
11/10/2014
Subscribe to the blog by e-mail

Sign up to receive
Digital Edge blog by e-mail


Subscribe    Unsubscribe