Hello,
I have been asked to gain some knowledge about proper licensing for sandbox and use of virtualization - I am not sure if there is a CLEAR way to understand what should I buy. I plant to do something very similar, so I must know this and that.
Given there are cloud sandboxing services such as https://any.run/ and https://hybrid-analysis.com and they use virtual machines (VM) to "analyze" files, how is that possible that it is legal in terms of licensing.
From what I have understood, if I were to create 5 VMs with Windows10 Professional, I would need to buy 5x Windows10 Professional Retail licenses. As stated in EULA, one license per one VM. But elsewhere here on this forum I have read that one should buy Windows VDA or Software Assurance or CALs per user etc.
But I think it isn't covered in the license anywhere, for sandboxing like above, there is no users connecting to those VMs. They are just turned on, malware is run and gets shut down. No user connected, no RDP/VNC/remote connection was made. All results of analysis were sent from VM to hypervisor host via API.
If noone is connecting remotely to the VM, and it is only used to execute a file and check the result, can I stick to Windows Retail license? All informations I've found so far is "you need VDA or CALs because someone is connecting remotely" but here noone is accessing the VM itself. I would like some clarifications here, as I know one of above cloud services uses "Retail" licenses and they seem to be OK.
EDIT: For some more clarifications, VMs are completely isolated from any other devices (even from other VMs). All they see is HTTP server running on hypervisor (RedHat KVM) so it's impossible to connect to them via RDP or similar remote access technology. VMs and RedHat as host sit on the same physical machine.
Regards