I would like to know if the product's licence for Application Control (managed by ePO) must consider the type of the operating system controlled, for example the license for host Windows 2000 Server is different to host with Windows 2000 Workstation or Windows XP ?
Thanks in advance
first of all for any questin regarding license models you should always aks your McAfee/Intel sales representative. They should be able to answer any question regarding license models.
Application Control ist licenced based on the System type and based on endnodes.
1) There is a difference if application control is installed on a Client/Server or a "fixed function device". Fis function devices are e.g. cash machines. Based on the system type you have to license Application control or integrity control. It´s the same Software and only a different license. If this is clear, go to step two. 🙂
2) Additional you need the count of your endpoints.
Finally there is no difference regarding the operating system.
Hope this helps,
Just to confirm the above... say for example I have two hosts, and I am managing via ePO (not deploying app control standalone):
- XP Pro (standard client)
- XP Pro for embedded systems (this is my fixed function device)
The technical deployment of the application is exactly the same (ie I am running app control 6.2 so I deploy app control, confirm it has installed, and then deploy an SC:enable task). All following steps I would manage exactly the same as I would with the standard client.
The only difference for the two is that for the first I would use an 'application control' license (menu > server settings > solidcore), and for the latter I would use an 'Integrity Control' license?
And no other differences whatsoever?
Just out of curiosity, if I entered an application control license into ePO, and *not* an integrity control license, would I be able (technically) to deploy application control to the fixed function device? Not talking about licensing restrictions here - just will it work (not trying to bypass here, and will not be), but just trying to get it clear in my mind that the absolute *only* difference here is a licensing aspect, and not a technical one.
Just delving into this a little further:
first column below is licenses set in: menu > server settings > solidcore
second column below is what I can see when trying to create an SC:Enable client task
<no licenses> : message received - "This feature is not available with your license."
application control license only : ability to enable Application Control only
change control license only: ability to enable Change Control only
integrity control license only: ability to enable both Application Control and Change Control
So there appears to be a further subtle difference here...
For my example client host, if I wanted application control and change control, I would need to purchase both application control and change control licenses. For my fixed function host, if I wanted application control and change control, I would need to purchase only the integrity control license.
To further confuse matters, the Integrity *monitor* product category (Policy Catalog) is *not* Integrity Control, it is a set of policies relating to the Change Control portion of the overall product - correct?
i´m not shure at the Moment if my answer is right. From my Point of Knowledge Application Control is included in a Change Control license. It really depends which type of System is protected.
The best ways is to ask your McAfee representative for the right application Control license.