End User Computing Devices
Series Recap
This is Part 4 of a six-part series on how ITOM architecture decisions become licensing costs. Part 1 covered Servers and VMs – the category where Discovery scope and ITOM scope are most often treated as the same thing. Part 2 covered PaaS Resources – where cloud provisioning velocity erases the ratio advantage. Part 3 covered Containers – where point-in-time measurement systematically understates 90-day average consumption.
Part 4 covers End User Computing Devices. EUC is structurally different from every resource type covered so far. The ingestion path chosen at implementation does not just influence EUC SU cost – it determines whether any EUC SU cost is incurred at all.
One framework note that applies across all six parts: a resource can exist in the CMDB without consuming a Subscription Unit. Three conditions must all be true before a CI counts – it is in a table mapped to a licensable category, it is in scope for an ITOM product, and any category-specific requirements are satisfied. Unresolved Monitored Objects are the exception to this framework: a UMO is counted when ITOM Health receives an event or metric that cannot be resolved to any CI in CMDB, independent of CMDB table mappings or ITOM scope configuration. Note that certain connector types – specifically endpoint-oriented Service Graph Connectors – may affect SU consumption even for resources not yet in full ITOM management scope. Confirm connector-specific behavior with your ServiceNow account team before relying on scope exclusions as a licensing control.
The Binary EUC SU Outcome
EUC devices are where the ingestion path chosen at implementation has the most direct licensing consequence of any resource type in the ITOM model. The decision determines not just the per-unit rate but whether any EUC SU cost is incurred at all.
A device consumes an EUC SU only when all three conditions are met simultaneously. Remove any one condition and the SU does not apply.
|
#
|
Condition
|
What It Means
|
|---|---|---|
|
1
|
Physical or virtual computing device
|
Not already counted under another resource type (e.g., a VDI host counted as a server does not also count as EUC)
|
|
2
|
ITOM component installed
|
Currently ACC - must be actively installed on the device. SGC-only ingestion does not satisfy this condition.
|
|
3
|
In scope for ITOM product
|
CI represented in applicable EUC CMDB tables and in scope for an ITOM product that includes the EUC licensable category
|
The EUC SU trigger is binary: no ACC means no EUC SU. An organization can have complete, accurate endpoint inventory in the CMDB through SGC ingestion and incur zero EUC SUs. The same inventory populated via ACC-V generates EUC SUs for every device in scope. The CMDB and asset inventory coverage is equivalent. The EUC SU cost is not. ACC-V does provide deeper data for SAM use cases – that distinction is covered below.
One additional consideration: the overall ITOM SU impact of the chosen ingestion path is broader than the EUC category alone. Endpoint connectors such as Intune and Workspace ONE UEM can increase ITOM Visibility or Discovery SU consumption for managed IT resources they create or modify in CMDB. Path A eliminates EUC SUs. Confirm connector-specific Visibility and Discovery SU behavior on your instance separately.
Ingestion Paths
EUC has three ingestion paths with meaningfully different SU outcomes. The color coding reflects the default recommendation: Path A is the starting point for all endpoints; Path C is appropriate for a defined, operationally justified subset; Path B should be avoided in most environments.
Ratios in this series reflect the ServiceNow ITOM Subscription Unit Overview effective February 1, 2024. Customers contracted prior to that date may be subject to different ratios. Confirm which version governs your executed agreement before using these figures for planning or renewal modeling.
|
Ingestion Path
|
How It Works
|
Example Tools
|
SU Ratio
|
Counts?
|
|---|---|---|---|---|
|
Path A - Recommended SGC only, no ACC installed
|
SGC pulls endpoint inventory from MDM tools. No ITOM component installed on device.
|
Intune, SCCM, Jamf connectors
|
N/A
|
No EUC SU - no ITOM component installed, so the EUC trigger is not met. Endpoint connectors (Intune, Workspace ONE UEM) may increase Visibility or Discovery SU consumption separately - confirm on your instance.
|
|
Path B - Seldom Ideal Agentless Discovery against endpoints
|
Credential-based IP scans via MID Servers targeting desktops and laptops
|
MID-based Discovery
|
N/A if classified as EUC (no ACC installed) 1:1 if misclassified as Server
|
CONDITIONAL - No EUC SU if endpoints are correctly classified into EUC tables (no ITOM component installed). The risk: misclassification into server-class tables triggers Server SUs at 1:1. Hardened endpoint security policies also make this path operationally difficult.
|
|
Path C - Targeted Only ACC-V agent on endpoints
|
ACC-V agent installed on Windows, Linux, or macOS endpoints. Satisfies all three EUC SU conditions simultaneously when those endpoints are in EUC CMDB classes and in scope for an ITOM product that includes the EUC licensable category.
|
ACC-V agent on endpoints
|
1:4
|
YES - SU triggered. ACC-V provides richer local telemetry and supports SAM metering; some endpoint connectors, especially Jamf, can also provide software usage tracking for specific platforms.
|
|
iOS and iPadOS
|
ACC is supported on Windows, Linux, and macOS only. iOS and iPadOS devices cannot run the ACC agent. SGC via MDM/UEM connectors such as Intune, Jamf, or Workspace ONE UEM is the practical ingestion path for those platforms under standard ITOM configuration and produces no EUC SUs.
|
|||
Why Path B Is Not a Safe Middle Ground
Path B is technically valid but carries a classification risk that can make it more expensive than the alternative it is meant to replace. Agentless Discovery does not install an ITOM component, so correctly classified endpoints do not trigger EUC SUs. But if classification patterns place a laptop into a server-class CMDB table, that CI consumes a Server SU at 1:1 – four times the per-device cost of the EUC rate at 1:4.
Path B Risk: Path B is not a cost-reduction strategy. It requires deliberate classification controls, is operationally difficult against hardened endpoints, and a single misclassification produces Server SUs at 1:1. Do not select it on a cost basis.
SGC and ACC-V Do Not Produce Identical Data
For CMDB completeness, hardware asset inventory, and compliance use cases, SGC pulling from MDM tools is sufficient. For SAM use cases – specifically software usage metering, reclamation candidates, and license optimization – ACC-V provides richer local telemetry and supports SAM metering. Some endpoint connectors, especially Jamf, can also provide software usage tracking for specific platforms, and platforms such as SCCM may support it in some environments.
The choice between paths is a data requirements question as much as a licensing question. The recommended architecture is to default to SGC (Path A) for all endpoints. Layer ACC-V (Path C) only for a defined subset where software usage metering or discovery-depth data is operationally required – specifically for SAM reclamation, running process visibility, or endpoints that fall outside MDM scope and cannot be reached by SGC. Size that subset against the 1:4 SU impact and treat it as an intentional licensing decision with explicit approval. Do not deploy ACC-V fleet-wide as a CMDB or SAM improvement initiative without modeling the SU impact first.
Real-World Scenario: End User Computing
An organization has 5,000 Windows and macOS laptops plus 500 iOS/iPadOS devices managed through Intune. They are evaluating three approaches for getting endpoint data into the configuration database.
|
Approach
|
Ingestion Path
|
Endpoints
|
EUC SUs
|
Notes
|
|---|---|---|---|---|
|
SGC Only - Recommended
|
Path A: Intune SGC for all devices
|
5,500
|
0
|
No ITOM component on any device - EUC SU trigger not met. Full hardware inventory and asset compliance coverage. iOS/iPadOS fully supported. Software usage metering not available. Confirm connector-specific Visibility and Discovery SU behavior separately.
|
|
Hybrid - Recommended for SAM
|
Path A: 4,500 via SGC / Path C: 500 via ACC-V
|
5,500
|
125
|
ACC-V scoped to subset requiring software usage metering or SAM depth. 500 / 4 = 125 SUs. All other endpoints covered via SGC at no EUC SU cost.
|
|
ACC-V Fleet-Wide
|
Path C: ACC-V on all Windows/macOS; SGC for iOS/iPadOS
|
5,500
|
1,250
|
5,000 Windows/macOS devices / 4 = 1,250 SUs. Provides full software usage metering across the estate. Often deployed as a CMDB or SAM improvement without modeling the SU impact beforehand.
|
|
Key Takeaway
|
Both the SGC-only and hybrid approaches produce equivalent CMDB and asset inventory coverage. The difference is 1,250 EUC SUs driven entirely by the presence of the ACC-V agent - not by the completeness of the configuration database. The hybrid approach captures SAM data where it is operationally needed without applying the SU cost to the full endpoint estate.
|
|||
Common Misconceptions
“Deploying ACC-V to endpoints is a CMDB quality improvement with no licensing impact.”
ACC-V is a ServiceNow ITOM component. Installing it on endpoints satisfies all three EUC SU conditions simultaneously when those endpoints are in EUC CMDB classes and in scope for an ITOM product that includes the EUC licensable category. A broad rollout to 5,000 endpoints adds 1,250 EUC SUs at the standard 1:4 ratio. This is a licensing event and must be modeled before deployment.
“Agentless Discovery against endpoints is cheaper than ACC-V because it avoids the EUC SU trigger.”
Correctly classified endpoints do not trigger EUC SUs under Path B because no ITOM component is installed. The risk is misclassification: endpoints that land in server-class tables consume Server SUs at 1:1 – making them more expensive than ACC-V at 1:4. See the Path B section above for the full breakdown.
“SGC gives us the same data as ACC-V so there is no reason to deploy the agent.”
For CMDB completeness and asset compliance, SGC is sufficient. For SAM use cases – software usage metering and reclamation – ACC-V provides data SGC does not. Some connectors like Jamf and SCCM also offer software tracking depending on platform. Deploy ACC-V only where SAM depth is required, sized against the 1:4 SU cost.
“We can deploy ACC-V to our VDI environment to get richer endpoint data.”
VDI environments present two separate concerns that must be managed explicitly. The hypervisor hosts running the virtual desktop infrastructure are server-class resources and are scoped and counted as servers. Individual virtual desktop instances brought into CMDB can land in server-class tables if classification rules are not actively configured to place them in the virtual desktop CI class – and if those CIs are mapped as licensable under the Server category, they consume Server SUs at 1:1. Additionally, ACC is documented for VDI endpoints in DEX, including non-persistent VDI monitoring. What needs validation before any ACC deployment targeting virtual desktop infrastructure is the ITOM/EUC classification and licensing treatment of those VDI CIs in your specific environment. Confirm with your ServiceNow account team.
Closing: What to Confirm Before Any ACC Deployment
If any of the following questions produce uncertainty, that uncertainty has a dollar value attached to it.
- Is there a documented approval process for ACC-V deployments that includes SU impact modeling? An ACC-V rollout framed as a CMDB or SAM improvement initiative is still a licensing event.
- Are all endpoint CIs currently in CMDB arriving via SGC ingestion, or has ACC-V been deployed to any devices that were not explicitly scoped and approved as EUC SU consumers?
- Has the classification configuration been validated to ensure endpoint CIs land in EUC CMDB tables rather than server-class tables? Misclassification turns a 1:4 EUC SU into a 1:1 Server SU.
- For any planned ACC-V deployment – whether new or expanding – has the subset been sized against the 1:4 SU impact and confirmed as operationally justified by SAM use case requirements, not CMDB completeness goals?
EUC SU exposure is the most controllable of any resource type in the ITOM model. The EUC SU trigger is explicit and binary – no ACC means no EUC SU. Defaulting to SGC and treating every ACC-V deployment as an intentional licensing decision keeps that control intact. Confirm connector-specific Visibility and Discovery SU behavior separately, as those costs follow a different path than the EUC SU trigger.
Up Next: Part 5 – The Most Favorable Ratio Gets the Least Attention
Part 5 covers FaaS Resources – the category with the most favorable ratio in the ITOM model and the least governance attention. Serverless functions are created by individual developers in response to application needs, with no infrastructure gate that creates a natural review point before a new function enters CMDB scope. At enterprise scale, volume overtakes the ratio advantage before most organizations notice.
