On Tue, May 27, 2025 at 3:08 AM Dilip Modi <dm...@zscaler.com.invalid> wrote:
> Hello, > > We are running a multi-tenant SaaS platform using Apache Guacamole with > the RDP protocol (via FreeRDP) on the backend. Our customer’s RDP license > server is configured to use the *Per Device* licensing model. Recently, > we’ve observed a significant increase in Microsoft RDP license consumption, > which we suspect is due to how client device UUIDs are being generated and > presented by FreeRDP. > Our Problem: > > It seems Microsoft treats each RDP session (even for different users from > the same tenant) as a *new device*, likely because the RDP client > (Guacamole + FreeRDP) doesn't persist a consistent UUID or machine identity > across sessions for the same tenant. > Our Questions: > > 1. > > *How does FreeRDP currently generate or persist a client UUID or > machine identity used for Per Device licensing?* > > That's a very good question. As this is not the FreeRDP mailing list, you'd need to ask on their list or forum to figure that out. Have you tried with xfreerdp to see if it behaves the same way - if the same xfreerdp session from the same computer generates multiple devices? That said, keep in mind that Microsoft's per-device RDP licensing requires that you license all of the endpoints that users are actually physically on. In the case of Guacamole, this means that you cannot simply license the server(s) running guacd as your "devices" - ALL of the potential client systems from which users are connecting to Guacamole (desktops, laptops, mobile phones, thin clients, anything that runs the browser from which you are logging in to Guacamole) ALSO count as "devices" in Microsoft's per-device licensing model. I am not a lawyer, nor a Microsoft licensing expert, but I also don't want anyone to get the mistaken impression that simply licensing a single server running guacd will somehow give you a loophole through Microsoft's EULAs that lets you get away for less than you otherwise would. Microsoft employs really good lawyers and they've already covered that one ;-). > > 1. > 2. > > *Is there a way (via ClientHostname, or another method) to inject a > stable, per-tenant UUID into FreeRDP sessions through Guacamole?* > > You should ask about this on the FreeRDP list/forum, as well. I don't think injecting a UUID into the hostname is going to help you out, but there may be some setting that will help with this. > > 1. > 2. > > *Has anyone implemented a patch or configuration in Guacamole to > support deterministic UUIDs per tenant to control RDP licensing usage?* > 3. > > *Are there any known implications of using ClientHostname or similar > fields for license tracking across RDP sessions?* > 4. > > *Would upstream FreeRDP or Guacamole be open to a feature request for > better multi-tenant support in licensing scenarios?* > > These all seem like questions much more appropriate to the FreeRDP mailing list or forum, so please go ask them, there. If you determine that changes are required in Guacamole, feel free to report back, here, and, if you're able and so inclined, submit a pull request for it. -Nick
