Legal issues surrounding virtualisation

It is essential that companies review the terms of their licence

The use of virtualisation techniques has grown in popularity and is fast becoming the norm. But the adoption of new technologies gives rise to new issues and risks.

What are the licensing issues?
It is likely that if an organisation entered into a software licence with a vendor before 2008, the licence will not contain explicit provisions dealing with a customer’s right to use the application in a virtual desktop infrastructure (VDI) environment. So software vendors may refuse the use of the software in a virtual environment unless a new licence is agreed. A new licence usually means additional licence fees.

So what can an organisation do if the software supplier will not allow its product to be used in the new environment? First, review the terms of the licence. If the licence is silent about virtualisation, this of itself does not mean that the licence prohibits the use of the software in a virtual environment.

VDI moves an employee’s “desktop” from the hard drive on a PC under a desk to a virtual desktop on a central server. This reduces hardware costs and exerts more control over the software as its use can be controlled centrally. If the licence has geographic limitations on the type of hardware on which the software can be run, the act of moving the application from the desktop to the server may breach the licence. The organisation would need to negotiate a deletion of these restrictions from the licence with the software supplier.

Some software suppliers have modified their licensing terms in recognition of the growing uptake of virtualisation. Microsoft, for example, changed its Windows licensing regime in early 2009 to allow organisations looking to move to a VDI environment to run up to four virtual desktops on Microsoft’s operating system.

Consequences of breaching a licence
The consequence of being in breach of a software licence will differ depending on the supplier’s remedies under the particular licence. In the worst case, the organisation could be subject to an action for copyright infringement or an action preventing the organisation continuing the use of the software in the VDI environment.

It is often possible to negotiate a variation to the licence, but usually at a cost. The problem for the user is that without any commercial leverage it may be difficult to do much other than accept the licence fee put forward by the supplier.

The terms of any re-negotiated licence should explicitly allow for the use of the application in the VDI environment and would ideally allow an unlimited number of instances of the application or virtual machine to be run in the environment.

However, it is more common for a software supplier to agree to a specific number of instances of the virtual machine to be run for a certain price, with any additional instances being licensed for an additional charge.

Legal issues beyond licensing
Server virtualisation is the consolidation of a number of under-utilised servers – located in one datacentre or across multiple datacentres – onto a single machine. Virtualisation works by implementing an additional software layer – a hypervisor – that partitions the single physical server into a number of multiple virtual servers. Each virtual server can run its own operating system and applications as if it were a separate physical server.

The confidentiality obligations in the software licence will restrict the disclosure of the proprietary software to a third party and if the scope of the licence is varied without permission, the customer may find itself in breach.

Typically, a third party will manage the datacentres where the virtualised servers are located and a customer needs to ensure the terms and conditions with the third party cover the risk and impact of any failure in that service.

So what are the key issues that need to be considered? First and foremost is whether or not the solution works and if the virtualisation ratios are sustainable. The agreement needs to provide appropriate provisions relating to the development and testing of the virtual environment, the migration of real machines to virtual machines and the ongoing monitoring of the service. If it is proposed to have a virtualisation ratio of 1:15 and this proves unworkable, the agreement will need to provide for the supplier to reduce the ratio. The supplier will need more servers and both parties need to be clear about who bears the cost of the new machines.