Microsoft To Enforce Volume License Key Compliance For Vista, Longhorn

Starting with the release of Vista and "Longhorn" Windows server next year, customers will be required to register their volume license keys (VLK) with Microsoft within 30 days of acquisition and report their license usage on a monthly basis, executives said.

It's a very different system than what is in place today, sources said.

"In the enterprise, there is no client activation. You get a master set of bits and a number of licenses. It's always been up to you and an external auditor to verify that you didn't deploy more copies than you had licensed," said one source familiar with the plan, who asked not to be named. "This is designed to formalize the process."

Microsoft is developing key management servers and changing the licensing process for the next generation Windows client and server, executives confirmed recently.

"We are making changes to the process to Vista and a new approach to VLK licensing," Mike Sievert, corporate vice president of Windows client marketing for Microsoft told CRN during a recent interview. "We're training our enterprise customers and we'll do some key management for customers that's more automated and makes reporting easier."

At Tech Ed 2006, Ward Ralston, a senior technology product manager for Microsoft, confirmed the company is "introducing the notion of a key management server" for Windows "Longhorn" Server that will gives volume licensed customers a 30-day validation period to register their license keys. Customers must check in every 30 days to update the licenses used.

According to sources familiar with the plan, Microsoft's key management server would keep track of the active CALs and servers customers deployed and send an audit report in every 30 day.

The policy could further exacerbate concerns of ISVs that specialize in software asset management services for Microsoft software. Microsoft announced plans to acquire AssetMetrix in April.

Microsoft claims the new policy for VLKs will ease software setup and installation and improve asset management. Still, observers also pointed out the software giant wants to cut down on piracy and ensure that it is getting paid for each software license used.

Microsoft has included product activation technologies in OEM and retail copies of its software but to date volume license customers have not been required to activate their products. Enterprise customers input Volume License Product Key (VLK) to install the software to computer but Microsoft does not enforce or check for compliance, partners say.

Observers say the new policy signifies the end of the long-running honor system between Microsoft and its enterprise customers but there are pros and cons for customers.

"You could say it looks like Microsoft being invasive and they're doing the same thing on the consumer side but a lot of people will say it's good because they can stop doing it on their own," said Peter O'Kelly, a research director at Burton Group. "They're damned if they do, and damned if they don't."

O'Kelley and other observers note that large global enterprises are often not in compliance because of the ongoing nature of acquisitions, mergers and hiring of contractors, which keeps the license count in flux.

Observers said some companies may be paranoid about Microsoft keeping track of licenses but also enjoy some measure of relief that the complexities of license management will be reduced.

One partner said some customers will resent the policy as invasive while others will appreciate the convenience because it's always been a problem for organizations, large and small to manage license keys.

"You can be a little more liberal with these keys, but at some point you must account or "true up" for products running in your environment," said Phil Ernst, president and CTO of Convergence Technology Consulting, Bowie, Md. "In medium to larger environments, servers are added, removed, retired, upgraded and the folks who are making these changes are not necessarily the ones who are concerned about reconciling the licenses the organization actually owns.

"It will put some enforcement in what is generally not enforced at this moment," Ernst said. "It also forces organizational attempt to keep current on what is owned and installed and more importantly in use. It's a good thing."

Analysts say VLKs are very insecure because they can be installed multiple times and are available in plain text format to many IT professionals in a corporate setting. Microsoft's installation technology that will let an organization keep its VLKs secure so they're not visible as plain text at install time, observers said.

Microsoft did not want to comment on this story but acknowledged that the feature is under development.

"Microsoft is building new functionality into its next generation product lines to help customers reduce the ongoing risks associated with the theft, leakage, security, and illegal use of their Volume Licensing Keys," according to a statement released to CRN by Microsoft. "Microsoft is also looking for ways to help IT Pros deal with unmanaged desktops and maintain visibility into workstation counts."