Monday, March 08, 2010

Windows Licensing in a Unix, Linux, Apple Mac, Java and Web World

Caution: I only play a Microsoft licensing expert on TV. However, I do have 6 years of experience in this area both working on Windows licensing and answering licensing questions while I worked at Microsoft.

Last week, during the RSA Conference, I had the opportunity to meet many customers and partners – always one of the most favorite parts of my job. One pleasant dinner at the Town Hall restaurant in San Francisco was memorable in what our customer had been told his Microsoft licensing requirements would be if he integrated his Unix and Linux systems with Windows and Active Directory. So, rather than pull all the relevant information together in an email I figured I write a blog post explaining the licensing, with references, and send him a link to this blog article. Perhaps someone else will benefit from this, too. Now, on to the questions:
Q: Do you need to purchase Windows client access licenses (CALs) for the Unix, Linux or Mac systems you are integrating with Windows and Active Directory?

A: Generally, no. I say generally because when you set up your Windows servers during installation you get asked if you want to set up your server for device-based CALs or user-based CALs. Nearly every customer I have worked with sets up their servers for user-based CALs. If you use user-based CALs then you do not need to purchase any additional CALs for the Unix, Linux or Mac systems that you integrate with Active Directory. The text directly below is cut-and-paste from this page on Windows Server 2008 R2 Client Licensing. Clearly, “Windows CAL for every named user accessing your servers from any device” is the way to go. (Licensing for previous versions of Windows Server are identical.)
Device-based or User-based Windows Client Access Licenses
There are two types of Windows Client Access Licenses from which to choose: device-based or user-based, also known as Windows Device CALs or Windows User CALs. This means you can choose to acquire a Windows CAL for every device (used by any user) accessing your servers, or you can choose to acquire a Windows CAL for every named user accessing your servers (from any device).

The option to choose between the two types of Windows CALs offers you the flexibility to use the licensing that best suits the needs of your organization. For example:
  • Windows Device CALs might make most economic and administrative sense for an organization with multiple users for one device, such as shift workers.
  • Whereas, Windows User CALs might make most sense for an organization with many employees who need access to the corporate network from unknown devices (for example, when traveling) and/or an organization with employees who access the network from multiple devices.
Q: My customers and suppliers are authenticating to Active Directory via a web service (Java, .Net, SAML, ADFS, etc.). I have insertyournumberhere of customers and suppliers who will be using this web service. Do I need a Windows CAL for each person who uses this web service or web application?

A: No. You must have a Windows CAL for anyone who could be reasonably classified as an employee, temporary worker or a contractor. However, for customers, suppliers or others who are “at arms-length” you do not need a Windows CAL. Again, the text below is pulled from the same page on Windows Server 2008 R2 Client Licensing. The relevant text is contained in the 3rd bullet below which discusses “external users” and the Windows Server 2008 External Connector license. The External Connector license costs $1,999 per server but this is far cheaper than purchasing Windows CALs for a large number of external users.
Client Access Licensing Requirements
Every user or device that accesses or uses the Windows Server 2008 or Windows Server 2008 R2 server software requires the purchase of a Windows Server 2008 Client Access License (Windows Server CAL) except under the following circumstances:
  • If access to the instances of server software is only through the Internet without being authenticated or otherwise individually identified by the server software or through any other means
  • If access is to Windows Web Server 2008 or Windows Web Server 2008 R2
  • If external users are accessing the instances of server software and you have acquired a Windows Server 2008 External Connector license for each server being accessed
  • For up to two devices or users to access your instances of the server software only to administer those instances
  • If you are using Windows Server 2008 R2 solely as a virtualization host (you will still require CALs for your appropriate WS edition running in the virtual machine(s) )
It pays to be educated about these lesser known Windows licensing details – you could save yourself a ton of money and aggravation.

No comments: