Volume Activation 2.0 Technical Overview for �Education Customers : Volume Activation 2.0 Technical Overview for Education Customers
Situation Today : Situation Today Software piracy is an industry problem
Over $37B of lost software license revenue in 2005*
Driven by technical/process/cultural challenges in managing software assets
Requires combination of education (guidance on how to protect software), engineering (software and anti-counterfeiting technologies) and enforcement (support from government/law officials)
VL software is a major source of pirated Microsoft software
40% of all Windows is pirated; 46% of pirated Windows is from leaked VL keys
Thousands of VL keys provided to customers have leaked
Re-keying happens and it is very cumbersome
Microsoft is building Enterprise-class solutions open to industry partners
Volume Activation 2.0 is a new solution being introduced first with Windows Vista
Volume Activation 3.0 will have improved tools and asset management *Third Annual BSA and IDC Piracy Study, May 2006
Software Protection Platform (SPP)� : Software Protection Platform (SPP)
SPP is a security solution that protects users and software IP
Ships in Windows Vista and Windows Server “Longhorn”
All MSFT software is unifying on SPP
Make activation easier and more secure in each release, while continuing to add customer benefits
Create a Security system to protect users and IP Genuine
Programs Selling Software Online Software
Asset
Mgmt Prevent
Tampering Prevent
Theft
(Activation) Prevent Reverse Engineering Enables flexible business models and easy compliance 3
Volume Activation 2.0 Goals : Volume Activation 2.0 Goals Microsoft goals
Reduce VL key leakage significantly
Reduce impact of piracy industry wide
Develop enterprise class solutions for easier, scalable, and more secure deployments
Customer focused goals
Minimal impact to VL customers – easy deployments
Multiple, flexible options to suit varying requirements
Very strong and transparent Microsoft privacy policy around activations – independently audited
Reducing the risk of running tampered software
Clear roadmap for further enhancements of VA solutions
What has changed from XP? : What has changed from XP?
Common Education Questions : Common Education Questions We are very decentralized – how many sets of product keys will I receive?
What if a faculty member leaves campus to go on Sabbatical?
How can I manage student licenses?
How many KMS hosts should I deploy?
Should I mix activation types? Can I use only one type?
How do I convert from one type to another?
Planning for deployment �using VL Media : Planning for deployment using VL Media
Multiple Activation Key (MAK)
One time activation against Microsoft
Two methods of activating using a MAK:
Individual Activation: Each desktop individually connects and activates with Microsoft
Proxy Activation: One centralized activation request on behalf of multiple desktops with one connection to Microsoft
Key Management Service (KMS)
Activate against a customer hosted service NOT with Microsoft
Systems must re-activate by connecting to corporate networks at least every 6 months
Volume Activation doesn’t require end-user action
VA 2.0 does add some time to the deployment process
MAK Independent Activation : MAK Independent Activation Distribute MAK :
a. VAMT
b. During OS installation
c. Change product key wizard or WMI script MAK client(s) connect once to Microsoft via Internet (SSL) for activation or use telephone. Significant hardware changes will require reactivation. 1 2
MAK Proxy Using VAMT : MAK Proxy Using VAMT Apply MAK and collect Installation ID (IID) using WMI optionally export to XML file Find Windows Vista machine(s) from Active Directory (LDAP) or through network discovery APIs Activate MAK Proxy client(s) by applying CID optionally import updated XML file first. Significant hardware changes will require reactivation. Connect to Microsoft over Internet (SSL) and obtain corresponding Confirmation ID (CID). Optionally update XML file with CIDs 1 2 3 4
KMS Activation : KMS Activation Setup KMS service inside corporate network, and activate KMS one time
Client systems (>25) automatically connect to KMS and request activation
KMS activates the client systems for 180 days upon each connection
Systems silently re-connect regularly (default 7 days) to renew activation One time KMS activation VPN
Reduced Functionality Mode (RFM) : Reduced Functionality Mode (RFM)
RFM entered when Windows has not been activated within 30 day grace period. This can happen when:
Grace period has expired
Significant hardware changes which require re-activation
Tampering of the OS has been detected
Activate Windows now
wizard provides several
options to restore full
functionality.
Volume Activation 2.0 �IT Pro Steps : Volume Activation 2.0 IT Pro Steps
A simple way to think about Activation Planning (Step 2) : A simple way to think about Activation Planning (Step 2) How many PCs will I activate at once? Does our policy require machines to connect to corpnet often?
Sample Network Configuration with KMS and MAK : Sample Network Configuration with KMS and MAK
Volume Activation Management Tool : Volume Activation Management Tool Simple Graphical User Interface
Can perform both MAK Proxy and MAK Independent activation
Provides activation status on machines in the enterprise
Supports Active Directory (AD), workgroup, and individual (by IP address and Machine Name) discovery of machines in the environment.
All data is stored in a well defined XML format
Supports Importing and Exporting of data between tools
VAMT User Interface : VAMT User Interface
Manageability and Reporting Tools and Roadmap : Manageability and Reporting Tools and Roadmap
In Vista and Windows Server “Longhorn”
Volume Activation Management Tool
Used for MAK Proxy activation and reporting
Can import/export management tool data
Event Logs on every machine and on the KMS Machine
Can be mined remotely by any management tool
Public API, WMI interfaces, and open license store for reporting on license & activation state
Integration with SMS and other Management Tools
MOM Pack shipping with Windows Vista
Integrated into System Center 12/06 release
Integrated into System Center 7/07 release with canned reports
Activation Count Summary : Activation Count Summary
Machine Expiration Detail : Machine Expiration Detail
Answers to Common Questions : Answers to Common Questions We are very decentralized – how many sets of product keys will I receive?
You will receive 1 KMS key and 1 MAK per license agreement. At this time we cannot assign multiple keys per license agreement.
What if a faculty member leaves campus to go on Sabbatical?
The member’s machine can be MAK activated, allowing it to roam away from the main network.
How can I manage student licenses?
KMS-activated machines ensure that the student remains on campus during the license term. If the student qualifies for a perpetual license at graduation, the student may receive a unique retail product key and permanently activate their own machine.
How many KMS hosts should I deploy?
By default, each KMS key allows deployment of 2 KMS hosts. However your account manager can acquire additional activations at your request. You can deploy as many KMS hosts as you like as long as none of them are on unsecured networks allowing unauthorized machines to activate.
Should I mix activation types? Can I use only one type?
You should use whatever mix of activation types suits your deployment best.
How do I convert from one type to another?
Conversion from KMS MAK is achieved by changing the PK in the UI or via a script. A machine can switch types as often as you like.
Volume Activation 2.0 Resources : Volume Activation 2.0 Resources Business Desktop Deployment (BDD) guide at http://www.microsoft.com/desktopdeployment
Volume Activation 2.0: Getting Started,Step-by-Step Guide, and FAQ on Connect and in BDD.
Tools from BDD or separate TechNet download
Support for Volume Activation 2.0 is available through the Microsoft Product Activation Call Center. Each subsidiary has an escalation path process beyond call center support that includes TAM and TSP support, and MCS support if required.
Appendix : Appendix
Microsoft Genuine Software Initiative (GSI)� : Microsoft Genuine Software Initiative (GSI)
The Microsoft Genuine Software Initiative focuses the many activities and investments directed at combating software counterfeiting and other forms of software piracy into a single initiative. The initiative will drive increasing investments across three strategic areas: Education, Engineering, and Enforcement.
Volume Activation 2.0 �Top Issues : Volume Activation 2.0 Top Issues