Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Licensing SEP non-persistent VDI guests

Created: 11 Jul 2013 • Updated: 12 Jul 2013 | 3 comments
This issue has been solved. See solution.

Hi,

How SEP is licensed for non-persistent VDI environments.

I know we have the capability to purge non-persistent VDI clients separately from the persistent physical and virtual clients in SEPM.

Is it as easy as taking the the active count based on the default 10 day purge for non-persistent?

Do they need to license every VM that spins up?

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

SEP on VDI clients are licensed the same way as the physical clients. It counts towards the overall license count.

Symantec Endpoint Protection 12.1 - Non-persistent Virtualization Best Practices

Article:TECH180229  |  Created: 2012-01-30  |  Updated: 2012-04-09  |  Article URL http://www.symantec.com/docs/TECH180229

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Mithun Sanghavi's picture

Hello,

It is based on the concurrent active number of VDI images.  At any given time the current number of active systems is how many they need to be licensed for.  If during peak times they exceed the number of licenses they purchased then they have breached the license agreement.

NOTE: Online non-persistent clients count toward the number of deployed licenses; offline non-persistent clients do not.

Check these Articles:

Symantec Endpoint Protection 12.1 - Non-persistent Virtualization Best Practices

http://www.symantec.com/docs/TECH180229

Setting up the base image for non-persistent guest virtual machines in virtual desktop infrastructures

http://www.symantec.com/docs/HOWTO81120

Configuring a separate purge interval for offline non-persistent VDI clients

http://www.symantec.com/docs/HOWTO81115

Also, check this Thread with similar issue:

https://www-secure.symantec.com/connect/forums/sep-and-vshield-integration

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

Acommon problem with non-persistent VDI is the case of orphaned clients. Each time a VM is created, 
the SEP client registers with SEPM. Since the client is active only for the duration of the user’s work day, this fills up the SEPM database with entries for clients that are no longer around. Additionally, while the orphaned clients are in the SEPM database, they use up a client license.
 
You can configure the Symantec Endpoint Protection client in your base image to indicate that it is a 
non-persistent virtual client. You can then configure a separate purge interval in Symantec Endpoint 
Protection for the offline guest virtual machines (GVMs) in non-persistent virtual desktop 
infrastructures. Symantec Endpoint Protection Manager removes the non-persistent GVM clients that 
have been offline longer than the specified time period. This feature makes it simpler to manage the 
non-persistent GVMs in Symantec Endpoint Protection Manager.
 
In the management console you can configure the settings:
 
SEPM --> Admin --> Domain --> Edit domain properties --> General --> Delete the non-persistent clients that have not been connected for specific period.f
 
Even though license are over deployed in Enterprise Edition system will be protected by SEP. EE uses soft enforcements. Content update downloads continue from all the sources.
 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<