Author: Srinivas Ramanujaiah
It is quite common in the enterprise world to leverage Citrix’s virtual infrastructure solutions to grant end-users access to products like Microsoft Office. The use of virtual desktops or virtualized applications enabled through Citrix Products like XenDesktop and XenApp can be extremely beneficial for organizations by:
- Supporting cost-efficient growth by lowering acquisition costs, reducing the infrastructure needed to support a distributed organization and enabling centralized support
- Saving on PC refresh cycles by allowing IT to deliver up-to-date apps and operating systems on aging endpoints with a great user experience
- Reducing the risk of costly security breaches by keeping apps and data secure within the datacenter
- Reducing overhead by allowing employees to work remotely or in virtual offices and enabling BYOD to save on real estate, energy, and hardware
Your SAM strategy should not only account for the licensing the Citrix Products (i.e. XenDesktop), but also the products that are accessed through Citrix (i.e. MS Office). ServiceNow SAM supports the discovery and reconciliation in both scenarios.
Figure 1 ServiceNow SAM supports Licensing of Citrix Apps and Application accessed through Citrix
In this blog, we will showcase how ServiceNow SAM supports license compliance for products that are accessed through Citrix.
The Citrix Publisher Pack Dashboard provides a view labeled “User Access to Products in Citrix Farm”, among other valuable Citrix licensing information. This specific chart showcases all publishers (Microsoft, Adobe, et.c) that users can access through Citrix.
Figure 2 Citrix Dashboard on ServiceNow SAM publisher Analytics Dashboard
One of the major licensing requirements in virtualized environments like Citrix, is that any user or device which has potential access to an application should be licensed irrespective of actual usage. This is inadvertently missed by many enterprises unaware of these terms, and can present a significant license compliance risk if not managed.
For example, an organization can own 400 licenses for MS Office, that are accessed via Citrix virtual desktops. However, the organization could inadvertently apply Active Directory policies that do not restrict access to any users. All users in the organization have potential access to MS office and hence need to be licensed regardless of use! While unfortunate, this is a common occurrence for companies
ServiceNow SAM supports the discovery of potential access by discovering Delivery Group mappings to published applications and desktops in Citrix. These Delivery Groups are mapped to Active Directory groups which determine the users that have potential access. Delivery Groups are Citrix Components that are collections of users that can access a common group of resources. Often, it makes sense to assign users to your Delivery Groups by their Active Directory group because both Active Directory groups and Delivery Groups are ways of grouping together users with similar requirements.
Figure 3 Citrix Delivery Group and AD group Mapping
The exercise of mapping users that have access to a delivery group is managed via Citrix Studio. This is mapping is discovered by ServiceNow SAM and used to determine potential access for products accessed via Citrix.
Figure 4 Adding Users to delivery Groups on Citrix
The potential access products are reconciled in the with the publisher’s licensing rules to provide accurate license compliance figures. In addition, the discovery source for them potential access users is set to Citrix for easy identification.
In my next blog, I will discuss how ServiceNow SAM handles licensing compliance for Citrix Products using different licensing models such as User/Device or Concurrent Licensing.
