Sassafras Software Licensing

Like all software, Sassafras Software products are licensed according to a particular metric that takes into account various measures of usage. For most licensing, Sassafras Software requires a license, or “seat”, for any client computer with recent activity related to Sassafras Software functionality such as program management, computer login tracking, and software audits. The measure of “recent” depends on the type of service the computer has accessed, and various details of that service. The number of active client computers cannot exceed the number of seats supported by your KeyServer license.

Any computer that has the KeyAccess client software installed, and has at some point connected to KeyServer, is listed in the Computers table. Each computer is placed in one of four Login categories according to that computer's usage pattern and the specific configuration of your Sassafras Server. Administrators can move computers between categories as necessary in order to manage the allocation of licensed seats.

Note: If you use our KeySight tier of product much of this information does not apply. With KeySight a seat is only consumed while a Policy is being accessed by the Computer. Note also if you allowed multiple users from a single computer they could each consume a seat, as seen in the Connected Clients window.

Dedicated

Dedicated computers have access to all services. This is the default state for new computers that connect to the server, unless the Discovered Rule is modified from defaults. A Dedicated computer will not have its seat automatically reassigned, even if the computer has not actively used Sassafras's services. A computer will be moved into the Dedicated category if a Node Policy is assigned to it, and can not be moved from dedicated while this assignment is in place.

If an administrator moves a Dedicated computer to another Login type, and Node Policies assigned to that computer will be revoked. Usage of any such Policies will remain in the Usage Log, and Reports will reflect that usage. Furthermore, unless the computer is changed to Excluded, usage of the products associated with a Node Policy might again assign the policy, moving the computer back to the Dedicated category.

Leased

Leased computers have an associated expiration time, after which they will be moved to the Dormant category. This expiration time is set each time the computer accesses one of Sassafras's services. The length of the lease depends on the type of activity, and is encoded in the Sassafras Software license. Normal lease timers are as follows:

• A computer gets a 4 hour lease when it connects to the server (logon session is created).
• A computer gets a 1 week lease when it launches software under an Observed Policy. This does not apply to Thin client records.
• A computer gets a 2 week lease when it launches software under a Manage Policy. Assignment of a Node Policy moves the computer out of the Leased category, into Dedicated, effectively extending the lease indefinitely. This is typically avoided for Thin client records.
• A computer gets a 4 week lease when it submits an Audit. Typically this is the desired behavior — computers that are in active service will have up-to-date audit information, and will retain a seat on the server. However, active service machines should typically be Dedicated. Virtual and Thin clients are usually set to not audit so they use a lease that expires in hours or weeks.

Any of these events will reset the timer according to these criteria if the current lease is shorter than the event would grant, or renew the longer timer it was under. For example, if the computer had a 1 week timer and gets a session 2 days later, it will renew the 1 week timer not simply get 4 hours added to the remaining time. Note that usage of ignored software does not affect the expiration of a Leased computer.

Imported

Computers in this status are created by our Admin Scripts that import items from Jamf or Intune for example. Devices can not be moved into or out of this category manually. In the event an active client connection occurs from one of these computers, it will then move into Leased or Dedicated per your Rules as normal. Computers in this category appear in Audit reports but to not consume a license seat, making them a middle ground between Leased and Dormant.

Dormant

Once a Leased computer has been inactive for a period of time, it is changed to Dormant. These computers do not count against the KeyServer client limit, as they are not currently making use of any KeyServer services. Dormant computers will not appear in Audit reports but historical software usage information will still be available in usage reports. If a Dormant computer makes a connection to KeyServer in order to report usage activity, to upload audit info, or to use managed software, it will automatically change back to Leased or Dedicated (if a Rule would change it to Dedicated).

A typical use case is to have computers default to Dedicated. When they are removed from service they are moved to Dormant. Any system showing up in Leased signals something that came back into service unexpectedly. A typical use case for virtual systems is use a rule to default them to Leased and do not Audit so they expire after 4 hours to Dormant. Audits are normally not significant for virtual systems as they are thin sessions on the same server or clones in a VDI pool.

Excluded

Computers that are Excluded do not count against the KeyServer client limit. These computers cannot receive any services and no new information will be recorded by KeyServer. Like Dormant computers, Excluded computers will not appear in Audit reports but they may appear in usage reports if there is relevant historical usage data. Computer name and profile information remains available for reference from various other reports. Software usage will not be Managed or Observed on these computers, even if the same software is managed on other computers. Note: Keyed programs (legacy) are dependent on an interaction with KeyServer, so these simply will not run on excluded clients just as they will not run on computers that do not have the KeyAccess client software installed.