Response To Recent Richard Stiennon (Forbes) Article On Microsoft Licensing Within Embedded Systems Like Sandboxes

Richard Stiennon recently wrote an informative article in Forbes titled “Sandbox Vendors Ignore Microsoft License Agreements.” The focus of this article is on licensing challenges related to Microsoft’s Customer License Agreement for embedded systems and sandboxing technologies like our WildFire WF-500. Stiennon writes that “there is no provision for a vendor to ship appliances with multiple virtual instances of Windows” or the Microsoft “Office productivity suite.” This presented a real challenge for sandboxing technologies like the WildFire WF-500 that emulate environments such as Microsoft Windows in order to detect and prevent new advanced cyber threats.

Our solution was simple. Palo Alto Networks licenses every instance of Microsoft software on each WildFire WF-500. There were no shortcuts taken. In fact, long before the initial release of the WF-500, we engaged directly with Microsoft to explore how to properly license their software on the WF-500. Unfortunately at the time no simple option existed for this type of technology. To ensure our customers had full access to the Microsoft Windows operating system and Office applications within the WildFire virtual environment, we made the decision to include a full OEM Windows license and consumer Office license with the purchase of every WF-500.

Recently, Microsoft notified us of a new licensing model designed for embedded security devices that use virtual instances of Windows. From our perspective, this decision will not impact our existing customers. We are actively engaged with Microsoft to take advantage of this new licensing model that we’ll transition to as soon as agreements are set.  Until then, we will continue to license every instance of Microsoft software running on our WildFire appliances, included with every purchase of the WildFire WF-500.

1 Reader Comment

  1. This is a consistent strategy for Microsoft licensing where the end device must be licensed not actually the application. Office365 has a similar model with entitlement benefits for 5 devices, not 5 user roles.

    OEM was the cheapest option but it will get interesting if the WF-500 attempts to run different versions or editions of Windows simultaneously on the same device

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42