As part of its OEM agreement with Liquidware Labs, Quest Software has decided to make Stratusphere available for free to end customers for up to 45 days for VDI assessments. Unlike Liquidware Labs, which claimed to use an agent-less approach, Quest is completely upfront about the agent-based nature of Stratusphere. Furthermore, Quest is even more upfront about the privacy (or lack of it) that comes with the VDI assessment. Here is a screenshot of the login screen from the Quest VDI Assessment Setup Guide:
The good news is that if no one reads this screen, cares about privacy or worries about security risks created by agents on every single endpoint, then the software can be used for free to perform a VDI assessment for up to 45 days.
Update (December 21, 2010)
After this blog post went live, Quest promptly responded by saying that this "is the same verbiage you get in the Liquidware Stratusphere product on which Quest VDI Assessment is based" and promised to remove it. Hugh McEnvoy, Product Manager for Quest VDI Assessment, goes further by saying "there is nothing 'secret' in this stuff", referring to the data collected.
At Lanamark, we beg to differ. All data collected within a customer's environment, especially about users, is secret and allowing a statement such as the one above to fly under the radar raises another question: how confident is Quest about what is happening in Stratusphere "under the hood"?
Update 2 (December 21, 2010)
And now Liquidware Labs responded to Alessandro's blog post, saying "any commercial product that goes as in-depth for assessment and user experience monitoring should carry a disclaimer warning about how the data is gathered." Let's set the record straight:
1. Lanamark Suite doesn't use agents
Instead, it leverages standard OS instrumentation to collect all the necessary data. Stratusphere requires agents because it is a Linux-based virtual appliance that cannot otherwise interface with standard Windows operating system instrumentation.
2. Lanamark Suite doesn't touch the data on target systems
There is no interception, inspection, copying of data on / from target systems or packets to / from these systems. Based on the original disclaimer from Liquidware Labs, it is probably fair to assume that this is not the case with Stratusphere.
3. Lanamark doesn't disclose the data
Only the Lanamark partner delivering desktop transformation services to end customers can access the data collected by Lanamark. There is no disclosure of data to "government, and law enforcement personnel, as well as authorized officials of government agencies, both domestic or foreign." Also, the product name "Stratusphere" seems to imply that the data is going outside the "Troposphere" of client environments into the "Stratosphere" (and beyond perhaps).
Source: Commission for Environmental Cooperation of North America