Unknown aspects of Citrix software licensing
Citrix is one of leading suppliers of software used to virtualise applications, personal computers (desktops), servers, and supporting operations performed in the network and in the cloud. As far as licences are concerned, there is one shared version of the end user agreement, applicable to all software types offered, and accompanied by additional documents that provide product-specific licence terms. Vast majority of Citrix products is licensed using licence servers hosted in client’s environment that allow system administrators to perform ongoing licence use control. For licence servers newer than version 11.13, clients may obtain data regarding the historic use of the licences held, which allows analysis and optimisation of their utilisation. By default Citrix allows end users to exceed the granted licence level by ten percent (e.g. for Virtual Apps and Virtual Desktops), which is meant to facilitate licence management.
Although the arrangement seems to helps users to manage Citrix software and to act without software management expert support even during licence compliance reviews, this is just a misleading appearance. Even seemingly simple licence provisions include a series of conditions that may pose material licence-related challenges for clients, and in extremely adverse cases, result in departure from licence terms. Let us take a closer look to these potential challenges.
Exceeding the licensed use level
The first interesting clause regards the option to exceed the granted licence level by ten percent. Seemingly, this is a source of savings: you do not have to buy any additional licence in advance; you may try to limit the number of licences held and, even if you a little exceed your licence level, the licences shall be still assigned to users, and the continuity of system and business operations shall be maintained. This is basically true, but only with regard to software responsiveness. As far as licence terms are concerned, each case of exceeding the number of licences used (even by one) necessitates a prompt purchase (within 30 days of the exceeding) of a licence for a given product. In summary: the licence server will allow us to exceed the licence use level up to 110 percent of the licences held, but the Licensee is obliged to pay for each additional licence used. Misunderstanding of licence terms may, therefore, result in a departure from licence terms and the necessity to incur additional unplanned costs.
“All in Rule” Principle
“All-in-Rule” is a principle often referred to by Citrix and its commercial representatives. Under this principle, a client must have support for all licences from a given product line under a single client ID - see a footnote on page 7. If the principle is not fulfilled, the support is considered invalid. However, there is an exception to the rule, called the “Six-months rule” (as at 9 December 2019). Its source can be found at the end of the Citrix support page for commercial partners. In line with the exception, if a client has bought e.g. 300 licences for a given product, and later has purchased 200 more licences, and the period that passed between the support expiry date regarding the first 300 licences and the support expiry date regarding the 200 licences is longer than six months, the client may buy support for the 200 licences only, as opposite to all licences (in this case, 500 items) held for a given product line and client ID . Not knowing the rule may make a client unnecessarily buy all 500 licences without considering the more favourable option regarding the renewal of support for just 200 licences.
The last example does not regard software licences but refers directly to licence compliance audits. Apart from standard provisions and exemptions (such as excluding client’s liability for force majeure), a typical end user licence agreement (EULA) includes references to licence audit, usually performed by an independent third party. As a standard, certain clients, having received a letter regarding a licence compliance audit, conclude an NDA in order to provide additional confidentiality guarantees on both sides. For Citrix products, though, concluding such an agreement may be difficult. A link embedded in EULA directs users to a provision that directly disallows the conclusion of any additional agreements among the client, Citrix and an independent third party that carries out the audit:
“You agree that you will not require any additional confidentiality or non-disclosure agreements to be implemented by Citrix or its designated third-party agents in relation to the audit.”
(accessed on 09 December 2019).
The example indicates that even such a theoretically obvious matter as concluding an NDA during a compliance audit may be not so obvious in practice.
Based on the above analysis, even in seemingly simple cases, expert knowledge is required in order to allow effective licence management in IT environment. Broad knowledge and experience is required even to determine how much licence terms limit our rights during a compliance audit (as in the NDA example), or to control the licence use in order to ensure compliance (as in the ten percent principle example), to say nothing about optimisation, as these tasks are not as easy as they may appear. The knowledge must be updated on a continuous basis to keep abreast with changes in licence terms introduced by software suppliers. Also, experience resulting from “practising” thousands of licence-related scenarios is required, which is hard to gain even for SAM managers in charge of licences inside an organisation.