Guide to Licensing and Scanning Anaconda

Installations and Artifactory Users

Table of Contents
Table of Contents
Guide summary
Definition of Users
Anaconda Licensing Types
Per-user model
Instructions for Assigning/Managing User Seats
Organization-wide model
Using the Anaconda base and premium repositories
Scanning for Anaconda installations
Endpoint Scans
Network Scans
Device Scans
Using MDM Provider Reporting Functionality
Using a Custom Reporting Script
Test Script Instructions
Artifactory Scanning Process
Prerequisites
Creating an Artifactory access token
Running the Python script
Sending the output to Anaconda for Evaluation
Questions, comments, concerns?
Appendix
Example Scanning Scripts
Updated base paths that the scripts will check while scanning:

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 1
Guide summary
This document discusses Anaconda licensing types and provides a guide for investigating
Anaconda installations and Artifactory Anaconda users. Investigating is achieved by:
● Scanning the number of installations of Anaconda within your environments
● Counting the number of Artifactory users with access to Anaconda packages

Definition of Users
“Users" are defined as individuals, companies or systems that download, access, or use
Anaconda Paid Services.

A) Individuals that download, use or access our software on hardware such as laptops,
data science workstations, and computers. Your ”Authorized Users” are your employees,
agents, and independent contractors (including outsourcing service providers) who you
authorize to use the Anaconda Offering(s) on Your behalf for Your Internal Use, provided
that You are responsible for: (a) ensuring that such Authorized Users comply with these
TOS or an applicable Custom Agreement; and (b) any breach of these TOS by such
Authorized Users. Any other installations, usage, deployments, or access must have an
individual license per each additional usage.

B) Virtual Machines and/or local servers, either operating independently or in mirrored

setups. Each virtual machine or local server requires a separate license. If you create a
new virtual machine or migrate a PC to a virtual machine, you still need to have a
dedicated license for a virtual machine. We define each instance as one 'user'.

C) Containers. Each container requires a separate license.

Summary: We are trying to prevent cases where a single token is being shipped around
to embed into services and shared applications or servers in order to circumvent having
to get licenses for each user.

Please note any user that is downloading, accessing or using Anaconda Paid Services
requires a license.

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 2
Anaconda Licensing Types
Per-user model
With the per-user model, Anaconda strongly encourages you to enforce tokens and track users
for each individual developer to ensure the correct users have access to the premium
repository repo.anaconda.cloud. Not enforcing usage may result in non-licensed users
accessing the premium repository and needing to pay for that additional use. Your account
administrators assign/manage seats for each user within the User Management section in
Anaconda.

Each user has their own unique token to access the premium repository repo.anaconda.cloud.
Any overage above your licensed amount on Anaconda repositories is trued-up on a quarterly
or bi-annual cadence.

Instructions for Assigning/Managing User Seats

Refer to our documentation on Organizations for help assigning and managing user seats.

Organization-wide model
Some organizations prefer to roll out an org-wide token if there is a preference to keep both
the premium repository repo.anaconda.cloud and base repository repo.anaconda.com open.
This might be because they want to provide unlimited growth or they do not have the ability to
track users and enforce tokens on an individual level. Many organizations take this approach
when they do not have a token for each user.

Org-wide tokens allow customers to leverage mirroring software like Artifactory for creating
copies of our commercial package repository.

Learn more from our documentation on site tokens.

Using the Anaconda base and premium repositories

Anaconda provides a base repository repo.anaconda.com and a premium repository
repo.anaconda.cloud. The base repository does not require a token for access, while the
premium repository does. Some clients prefer the option of keeping the base repository open
because that is what they already have running today. This can be due to approved or
automated pipelines and workflows already being configured to use the base repository and
not wanting to go through the steps to re-approve or reconfigure for the premium repository.
Losing access to the base repository may cause some disruptions to existing workflows, but
this is something that should be verified on the customer side per the instructions mentioned
above.

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 3
Scanning for Anaconda installations
Anaconda recommends combining different types of scans to gain a full understanding of
where Anaconda is being used within your organization. Note that the number of installations
does not directly correspond to the number of Anaconda users or admins.

Endpoint Scans
Endpoint scans help you determine which endpoints in your environment have Anaconda
installed. Anaconda provides example scanning scripts to check for Anaconda across
Windows, MacOS, and Linux end user devices as well as cloud instances such as EC2 Servers.
These scripts:
● Scan for the following Anaconda files across all platforms and cloud instances:
○ conda
○ conda.exe
○ .condarc
● Look for conda in a Linux user’s shell history files:
○ .bash_history
○ .history
○ .sh_history
○ .zsh_history
● Look for conda in a Windows user’s ConsoleHost_history.txt file

Network Scans
Review your network traffic for communication with the following Anaconda domains:
● repo.anaconda.com
● repo.anaconda.cloud
● anaconda.org/anaconda
● anaconda.org/main
● anaconda.org/r

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 4
Device Scans

Using MDM Provider Reporting Functionality

To check for the presence of Anaconda on devices in your fleet, Anaconda recommends
utilizing a Mobile Device Management (MDM) tool such as JAMF or Prism for MacOS and MDT
or Intune for Windows. Your MDM provider may offer ready-made functionality that allows
you to report on device applications. For example, Prism includes an Apps category that allows
you to filter applications by path. Setting the filter to include the following paths immediately
generates a report for you to review your Anaconda footprint, easily export to CSV, and share
the results.

Using a Custom Reporting Script

If your MDM provider doesn’t allow you to report on device applications, you can deploy a
script to achieve the same result. Anaconda provides the following sample scripts:
● For Linux and MacOS: swinv_conda.sh
● For Windows: swinv_conda.ps1

By default, the example scripts retrieve the device’s:

● serial number
● hostname
● hostid
● conda installation paths
● conda packages

The results for each device are output to anaconda_scan.csv, which by default is located in
the directory where the script is run. To test the sample script on a single device before
deploying via MDM, follow the instructions below.

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 5
NOTE: These scripts only scan the most common installation paths, and may not necessarily
cover all potential installation paths. See the Appendix for additional details about which
paths are scanned by default.

Test Script Instructions

Create the Script:
1. Open a text editor.
2. Copy and paste the sample script into the text editor.
3. Save the file.

Execute the Script:

1. Open a terminal window:
On UNIX / Linux / MacOS: This will be a bash shell or iTerm window.
On Windows: This will be a PowerShell window opened as admin.
2. Navigate to the directory where you saved the script:
On UNIX / Linux / MacOS:
cd /path/to/directory/containing/swinv_conda.sh
On Windows:
chdir C:\path\to\directory\containing\swinv_conda.ps1
3. Run the script
On Linux / MacOS:
bash swinv_conda.sh
On Windows:
Set-ExecutionPolicy RemoteSigned
& ".\swinv_conda.ps1"

Interpret the Script Results:

1. Below is an example of what you will see if Anaconda and Miniconda are not installed:
-------------------------
Anaconda Scanner
-------------------------
UName: Windows
Time: 2024-06-17T17:16:15
Hostname: hostname1234
Host ID: 00-1A-2B-3C-4D-55
Inventory log: anaconda_scan.csv (creating)

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 6
 -------------------------
Locating environments
-------------------------
Examining packages (anaconda/miniconda/total)
-------------------------
Anaconda environments: 0
Anaconda packages: 0
Miniconda packages: 0
-------------------------
Inventory created: anaconda_scan.csv
-------------------------

2. Below is an example of what you will see if Anaconda or Miniconda are installed:
-------------------------
Anaconda Scanner
-------------------------
UName: Windows
Time: 2024-06-17T17:21:52
Hostname: hostname1234
Host ID: 00-1A-2B-3C-4D-55
Inventory log: anaconda_scan.csv (creating)
-------------------------
Locating environments
| C:\Users\username\anaconda3: base + 0 children
-------------------------
Examining packages (anaconda/miniconda/total)
| C:\Users\username\anaconda3\conda-meta: 403/88/491
-------------------------
Anaconda environments: 1
Anaconda packages: 403
Miniconda packages: 153
-------------------------
Inventory created: anaconda_scan.csv
-------------------------

Artifactory Scanning Process

This section provides guidance for counting the number of Anaconda users within your
Artifactory repository. This allows Anaconda to verify that you are abiding by our Terms of

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 7
Service and are within the use limits of your license. The process uses a Python script to count
all enabled Artifactory users who have read permissions to repositories within Artifactory that
mirror Anaconda’s repository. The script outputs information on Artifactory users and their
access levels, which must be delivered to your Anaconda Technical Account Manager (TAM)
for analysis and, if necessary, license adjustment.

Prerequisites
● Artifactory Pro or Enterprise version 7.61.3 or greater for the artifactory-user-
counts.py script and version 7.49.3 or greater for the artifactory-user-
counts-legacy.py script (not OSS)
● Administrator level permissions in Artifactory
● Anaconda Distribution installed on your machine
● The artifactory-user-counts.py script or the artifactory-user-counts-legacy.py script

Creating an Artifactory access token

1. Log in to Artifactory as an administrator.
2. Select the Administration tab in the top navigation.
3. Select User Management from the left-hand navigation, then select Access Tokens.
4. Click + Generate Token.

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 8
5. Complete the Generate Token form as follows:

a. Select Scoped Token.

b. Enter a brief description for your token’s use.
c. Open the Token scope dropdown and select Admin.
d. Enter your admin account username.
e. Open the Service dropdown and select Artifactory.
NOTE: Clear the All checkbox to set the Service.
f. Set an Expiration time for your token.
CAUTION: The artifactory-user-counts script you are running
must complete before the token expires. Generally, the script
will complete in an hour or less. Make sure you provide
yourself with enough time for the script to complete!
g. Select the Create Reference Token checkbox.
6. Click Generate.
7. Copy the generated Reference Token that appears and store it somewhere safe for later
use with the artifactory-user-counts.py or artifactory-user-counts-
legacy.py script.
WARNING: Once you close this window, the Token and Reference Token

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL 9
 values are no longer available!

8. Click Close.
9. Verify that your access token appears on the Access Tokens page.

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL
10
Running the Python script
1. Open a terminal and create a conda environment with the necessary packages to run the
artifactory-user-counts.py or artifactory-user-counts-legacy.py script
by running the following command:
# Replace <ENV_NAME> with a name for your environment
conda create -n <ENV_NAME> python requests
2. Activate the conda environment by running the following command:
# Replace <ENV_NAME> with the environment you just created
conda activate <ENV_NAME>
3. Execute the python script from its stored location by running the following command:
python path/to/artifactory-user-counts.py
OR
python path/to/artifactory-user-counts-legacy.py
4. When prompted by the script, enter:
a. Your Artifactory Fully Qualified Domain Name: Artifactory’s Base URL
Example: ARTIFACTORY_SERVER_HOSTNAME:8082
Example: artifactory.jfrog.io
b. Artifactory Access Token: The Reference Token you generated earlier.
c. Artifactory Protocol (http or https): The protocol used by Artifactory, which will be
http or https.
5. Allow the script time to complete.

Sending the output to Anaconda for Evaluation

1. Copy the output that appears between the following lines:
OUTPUT BEGIN >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> OUTPUT END
2. Email the output to your Anaconda TAM.

Questions, comments, concerns?

We are determined to address any questions, comments, or concerns your team may have
regarding user licensing.

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL
11
Please reach out to your Anaconda sales representative directly for any topics related to User
Licensing.

For any support-related topics concerning your usage as a Customer, please visit our Support
Center.

For any other general questions related to Anaconda, please refer to the FAQ’s page on our
website.

Appendix

Example Scanning Scripts

● MacOS/*NIX shell script
● Windows Powershell

Updated base paths that the scripts will check while scanning:
● Windows (Powershell) script base paths:
○ "C:\*", "C:\*\*", "C:\*\*\*", "C:\*\*\*\*"
● Shell script (MacOS/UNIX/Linux) base paths:
○ MacOS: "/Users/*/*", "/opt/*"

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL
12
 ○ Linux/UNIX: "/home/*/*", "/opt/*"

Confidentiality Notice: Anaconda’s Confidential Information includes the terms and conditions of this Guide, the
Products, any technical or performance information about the Products, any non-public Documentation provided by
Anaconda, and any new product information regarding the Products. Please do not share this document externally.

108 Lavaca Street Suite 110-645, Austin, TX 7870 | 512-222-5440 | anaconda.com CONFIDENTIAL
13