WebInspect - License Options - Can anyone explain the advantages / disadvantages of these?
My company are exploring the purchase of a WebInspect license. One of HP's partners has quoted us for a 'named user' license, and a 'concurrent user' license. There is a fairly significant pricing difference between these options on the initial license purchase, and a modest difference in annual maintenance costs.
My understanding is that a 'concurrent' license would need to be hosted on a license server, the advantage being that any machine that can reach the license server can use the license if it is free. This should allow other departments across the world to utilise the license. I believe that only one WI instance would be able to connect to this license at a time?
The 'named user' license, will have a 'license key', which is tied to a machine. However, the license key can be deactivated and moved to another machine if required.
Have I got this right? Is there some other fundemental differences / advantages in the more expensive (concurrent) license?
Re: WebInspect - License Options - Can anyone explain the advantages / disadvantages of these?
Yes, you have identified their primary differences.
The WebInspect Named User license (WI NU) is activated/locked onto the current Windows user on one machine, although they can self-Deactivate it in order to activate on another machine or a different user. Be aware that the macros and other artifacts store by default primarily under the user's AppData folders, so you may need to adjust those settings if you hope to share those files. If you lack an Internet connection then you cannot self-Deactivate and instead would need to contact Fortify Support each time you made this swap.
The WebInspect Concurrent User license (WI CC) does cost a bit more than the WI NU, but it optimally supports multiple part-time users and installations of WebInspect. The WebInspect license(s) is/are applied to license pools on our HPE License and Infrastructure Manager (LIM). When WebInspect is opened it dynamically leases a license from the assigned license pool, and returns it when closing. There is no fee for the LIM, but it requires MSFT IIS, and it is just a small, separate app which can be run alongside other web sites/apps on IIS. The LIM admin can even set up the license pol to permit short-term "check-out" of the license, up to 30 days. The user who exercises this can take WebInspect travelling where they cannot reach the LIM and its license pools. Their "seat" of WebInspect is reserved in the license pool, and at the end of their check-out, the seat becomes available and the user's laptop installation ceases to have an active WebInspect. During the check-out period, the laptop operates as if it were a WI NU license for that user.
Both of these licenses are a Perpetual model, meaning that the product will function "forever", but eh Maintenance/Support must be renewed. Maintenance/Support includes the use of the SmartUpdate service to fetch new releases (2x annually) as well as updates to the attack database (SecureBase, 4x annually), as well as ask Fortify Support for aid (support.fortify.com).
WebInspect also offers a Term model, with terms of 1-month or 12-month. Unlike the Perpetual model, these cease operating on their Maintenance Expiration date. Usually this model only works for consultants. Long-term customers will find that the WI NU or WI CC Perpetual model is cheaper over the long term, since the license cost occurs only in the first year and then you only pay Maintenance annually after that. Standard Maintenance is substantially less than the Term license cost.
For all of these, HPE does not charge for the Allowed IP Range, so you may generate your WebInspect license to handle all IPv4/IPv6 networks, or you might opt to pare the ranges down to what is internal and operated by your company.
For those very small shops on a budget, your Fortify Sales rep can discuss yet another model where you can scan only a handful of URLs, but can do so from multiple installations. this is like the WI NU license, permitting multiple seats, but with a very Limited IP Range.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify