Internet Related/Filtering/Firewall Thread, Smooth-Guardian Licensing issue in Technical; I have 10 user licenses for Smoothwall Guardian on CF2008, I know that its based per IP address, what I ...
1st April 2009, 09:46 PM #1
- Rep Power
Smooth-Guardian Licensing issue
I have 10 user licenses for Smoothwall Guardian on CF2008, I know that its based per IP address, what I didn't know is that Guardian or PROXY has some kind of cache that stores the IP for anywhere from 24hr to 7 days [still can't get clear answer from smoothwall], so even though nobody is accessing internet, my 11th pc.....etc. is blocked because of this stupid cache setting.
Is there a way to reduce this cache setting to something more realistic - 7 days seems like a over-kill.
How about manually editing and incresing the guardian licensing count - would that break something.
IDG Tech News
1st April 2009, 11:11 PM #2
We recognise that in some cases, the "IPs filtered (NOT proxied) in 7 days" rule is a little inflexible - however it is usually DHCP issues. If you *do* only have 10 PCs we are happy to do something to help.
In addition, we do not hide how it works - if you could not get a clear answer I would be interested to know why.
Please do not try and manually edit the count - it will be rewritten by other processes, and will only result in your licence being revoked if it happens too often. We are happy to help if you believe you are being unfairly treated. Please call me if you think this is the case!
Hope that helps and clarifies the situation,
1st April 2009, 11:22 PM #3
Yeah I have an issue with this too, we have boarders who access the system on a evening when others aren't using the system. I don't fancy paying for another 40 licenses and reckon I would remove it and change my filtering if I was told I had to pay.
They quoted me silly money for adding them 6 months ago so will see how it goes when I renew.
2nd April 2009, 08:40 AM #4
Sim: Explain your position to your account manager, they're usually pretty accommodating people.
2nd April 2009, 09:38 AM #5
Oh no... I was loving School Guardian up until I heard this. I really hate per computer licencing it just makes things complicated. It's site or nothing here. Even Apple and M$ manage that.
So, if we want to allow children or parents/maids/drivers* to connect their laptops to our network and use the internet we have to have a licence for them?
*We're an International school. Different world!
2nd April 2009, 10:00 AM #6
It's licensed per ip filtered through the system over a period of 7 days so you only buy what you need rather than paying a higher amount for a site licence.
Thanks to plexer from:
tom_newton (2nd April 2009)
2nd April 2009, 10:04 AM #7
eean: we have to licence somehow I am afraid - if you have any suggestions, we are open to change (in fact, we will be changing the way it works technically in the next release).
We have to balance between easy to understand, and not "flat licencing" which tends to penalise users unfairly IME.
Meanwhile, as I said, the answer is to call your account manager, and explain the situation. If necessary, ask them to come and speak to me. We have *never* had a situation we haven't been able to resolve to the satisfaction of both parties (least not one I have heard of)
2nd April 2009, 10:26 AM #8
I assume you're not authenticating them by passing the details onto a windows server then
Originally Posted by eean
2nd April 2009, 11:07 AM #9
I understand that you need to license somehow. It's only fair that little village schools pay less than massive collages - otherwise small schools would never be able to afford your products.
How about a model based on the number of pupils?
Base it on the number of pupils on roll on school census day (where all the government figures for funding calculations are taken from). That figure is valid for a year and you could have fairly wide bands. Just take the figure at time of purchase, don't be fussy about small fluctuations. Schools get their funding based on the number of pupils - you are effectively taking a small percentage of that.
Or, sort out this 7 day rule and make it so it's concurrent user licencing. However, that's less flexible for those one off days when you're doing some crazy event and everyone needs the internet.
One of the reasons why I hate per-computer licencing is when you replace/update computers someone invariably says: oh, we could stick that old computer in a corridor and use it - it'll be fine for... Thinking it's costing the school nothing. Well actually it's costing the price of Smoothwall + the price of the AntiVirus + the price of all the other software from companies who only ever deal with business and is arrogant enough to charge per computer licences.
AND THEN the art department scrapes enough cash together to buy some more comptuers but I've suddenly got to pay Microsoft and everybody and another 3quid per unit.
I also hate annual licensing too. Especially the current trend of suppliers selling you the same stuff you had before but now on the web for only “5 pounds per pupil”. Well, all these 5 pounds add up! And over 5 years in a big school, that’s a lot of software we could of bought!
Jeepers, there's a lot of hate inside me! I really need a holiday!
Sorry about the rant. I do appreciate the fact you use Edugeek to listen to your customers.
Final crazy idea: You could offer multiple licencing options: per user/per computer/perpetual/outright. People could choose the right one for their organisation!
Thanks to eean from:
tom_newton (2nd April 2009)
2nd April 2009, 12:56 PM #10
Thanks for all the suggestions. In the UK, we could certainly do something based on school census figs, as these are a matter of (easily available) public record... just be a bit tough in our other markets, eg. the US, and UK corporates (We also do web filtering for some big household names and a lot of not-so-large companies as well!).
In the past, we have avoided per-user licences because not everyone authenticates users, and they're then hard to manage. We also eschew "choice of licencing scheme" because a large chunk of our sales is through our partner team, and they need an "easy to work" pricelist.
Sorry to dump my thought process in a rather negative way but we are looking at altering this totally as I said for the next major revision, and we will be thinking about your points when we decide how to proceed!
What we can do, however, is, as I've previously said, is provide some sort of workaround for those with "extenuating circumstance"
2nd April 2009, 01:36 PM #11
Darn it... I had a beautifully crafted idea and ruddy firefox crashed and took it with it...
Ok to paraphrase...
1. 7 days is a bit heavy in terms of a logging period for IP's... I don't have DHCP set to renew after more than 24 hours and granted it's likely it'll renew if the main DHCP goes down then the backup takes over and gives out different IP addresses?
2. What happens if we get someone in who needs access to the net, plugs in and then takes us past our limit.. Imagine if you will Ofsted arrive, spill tea everywhere, unplug a wireless AP and plug in their laptop so they can update their twitter. They then visit classroom where the teacher discovers that they have a new message saying "you're blocked.. not enough licenses". My life and yours would be forfeit.
3. Would definitely be worth including a reporting tool that provided debug info on how many computers School Guardian THINKS are on the network, what they are, when and how it arrived at the conclusion. That would be useful in ID'ing any problems with rogue DHCP servers (ie: badly configured wireless router) and also potential issues. Highlighting this right at the beginning during a trial run would be an absolute MUST!
4. Following on from 3.... some way to identify and select the machines you, as a tech, WANT to be able to access the net through the smoothwall box. Perhaps ID a subnet that's valid, machine names that should be used... and perhaps as importantly, identifiers that should NOT be allowed on. That would reduce some of the headache. It's work but you are setting the rules here and I don't want to pay for a license when it's ofsted visiting... They can use their mobiles *grrr*
5. Allow a panic button "release" which stops the limits or at least loosens them so that a tech has the ability to deal with a problem (eg: rogue router DHCP) without having the entire school breathing down their neck and stopping them from actually solving the problem because they want to shout at someone.
6. A script or option to reset the cache so that the system can start over when a tech has found a problem, fixed it and needs to clear it so the log is getting the right IP's or whatever again.
Hopefully that little lot will be food for thought
Thanks to contink from:
tom_newton (2nd April 2009)
2nd April 2009, 02:00 PM #12
1. Yes, it probably is
2. Hopefully you haven't bought the *exact* number of licences (the minimum unit is 10) - we do advise that people make sure they have a bit of headroom - perhaps we should build in a few percent
3. System/licences will give you a start on this - imperfect but at least gives you the figure
4. We'll get there
5. Hm... might be useful
6. Restarting guardian will clear the cache afaik. This does bin existing connections and take a minute or so, but it is a semi-decent panic button
2nd April 2009, 02:05 PM #13
a percentage of headroom built in would be handy just incase someone goes over they can still function without being penalised but can then enquire as to a licence upgrade.
Just out of curiosity how many licences have people here got? and how many are in use?
We have 280 and currently have 35 in use.
Is there a way to check for maximum ever used Tom?
2nd April 2009, 02:29 PM #14
Originally Posted by plexer
I have a sneaky feeling it will all be done out of reporting in v'10
2nd April 2009, 04:35 PM #15
- Rep Power
Sorry for shattering your love for Guardian.
I actually thing that licensing per computer/IP is still better then per user because you can have many users accessing internet from the same pc - this should be desirable for a school or offices with users on 2nd shift or kids using the same computer in the class.
I think there is a fairly simple solution - just change the 7-days to something like 30 min.
Wireless LAN is one of the best examples - laptop users will switch between wired and wireless LAN during the day, hence 2 IP's per the same device and basically the laptop will STEAL one license from the available pool.
Another good example is if you have 11 pc's in the office but only 10 Guardian users [that's my situation in many remote sites]. Normally you don't have 10 people browsing at the same time so I though I will be ok with 10 licenses until I found out about your 7-day cache. This means that even if the other 10 users don't access internet for a week, my 11th pc will be blocked because of the 7-day cache - very silly in my opinion.
So what's my option ?, will Smoothwall sell me 1 guardian license, from what I know most likely not because your smallest purchase requires 10 licenses. So I have to pay for another 10 users just so I can get 1 additional user be able to use internet.
I really think that a reasonable cache setting [30min to 120min], would able Smoothwall to control licensing and make end users very happy.
I'm talking to your Sales guys to resolve this matter because when I purchased Guardian this cache limit was not explained and even the reseller was not aware of this 7-day cache. Will let you know how it goes.
By tea_and_toast in forum EduGeek Joomla 1.0 Package
Last Post: 18th July 2008, 04:01 PM
By bensewell in forum Web Development
Last Post: 26th March 2008, 01:28 PM
By master in forum EduGeek Joomla 1.0 Package
Last Post: 15th November 2007, 10:03 PM
By dezt in forum Wireless Networks
Last Post: 30th January 2007, 11:23 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)