CALs: Silly or Not?

scottalanmiller

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@dashrender said in CALs: Silly or Not?:

... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?

Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?

Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...

1. MangoLassi
2. Google DNS

In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?

If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.

Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.

I seen nothing specifying the anonymous requirement.

That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.

Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.

Without those you need an EC, which is a public CAL.

Obsolesce

Public is public, even if you comb through your logs and can pick out your neighbor.

StorageNinja

@scottalanmiller said in CALs: Silly or Not?:

Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.

Who the fuck does authentication on public DNS?

Obsolesce

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@dashrender said in CALs: Silly or Not?:

... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?

Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?

Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...

1. MangoLassi
2. Google DNS

In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?

If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.

Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.

I seen nothing specifying the anonymous requirement.

That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.

Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.

Without those you need an EC, which is a public CAL.

If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.

Obsolesce

They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".

Obsolesce

It's not the authentication, it's that public users could be accessing a non-web workload server on back-end servers. THEN they will need CALs.

StorageNinja

@tim_g said in CALs: Silly or Not?:

They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".

This is almost as fun as the VDI licensing that my iPad needed if it was outside the office or inside the office

Microsoft licensing based on geography or network topology is always a mess.

scottalanmiller

@tim_g said in CALs: Silly or Not?:

They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".

Actually, they do exactly the opposite. This is their quote: "External Users means users that are not either your or your affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents."

They certainly never think of them as outside of your firewall. That would create insanity. You'd just opt not to have a firewall, or put extra ones places to make people inclusive. Since HTTPS is a VPN, it bypasses firewalls, and so forth.

scottalanmiller

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@dashrender said in CALs: Silly or Not?:

... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?

Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?

Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...

1. MangoLassi
2. Google DNS

In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?

If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.

Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.

I seen nothing specifying the anonymous requirement.

That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.

Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.

Without those you need an EC, which is a public CAL.

If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.

Certainly would, no question. Because you using non-web services.

scottalanmiller

Here is the full bit about external users and licensing: "3 – Do my external users need a CAL?

The general rule is all server software access requires a CAL. However, external users* may have additional licensing options depending on the product. For example, with Windows Server – external users can be licensed with CALs or External Connectors (whichever is more cost effective)."

You'll notice that external users need a CAL - with the option of getting the external connector CAL. It's still a CAL, just one that allows for you to not be able to count up the users.

EddieJennings

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@dashrender said in CALs: Silly or Not?:

... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?

Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?

Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...

1. MangoLassi
2. Google DNS

In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?

If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.

Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.

I seen nothing specifying the anonymous requirement.

That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.

Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.

Without those you need an EC, which is a public CAL.

If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.

Certainly would, no question. Because you using non-web services.

If I recall, the product for that is the "External Connector" CAL or something along those lines.

black3dynamite

This post is deleted!

Obsolesce

@scottalanmiller said in CALs: Silly or Not?:

Here is the full bit about external users and licensing: "3 – Do my external users need a CAL?

The general rule is all server software access requires a CAL. However, external users* may have additional licensing options depending on the product. For example, with Windows Server – external users can be licensed with CALs or External Connectors (whichever is more cost effective)."

You'll notice that external users need a CAL - with the option of getting the external connector CAL. It's still a CAL, just one that allows for you to not be able to count up the users.

You also obviously did not read all the relavant parts of that article.

"External Users" do not need CALs if they are accessing solely web-workloads publicly.

Obsolesce

5 – Do I need a CAL when my Windows Server is used to run a web server?

Windows Server 2012 R2 configured to run Web Workloads ** do not require CALs or External Connectors.

** Web Workloads (also referred to as “Internet Web Solutions”) are publicly accessible and consist solely of web pages, websites, web applications, web services, and/or POP3 mail serving. For clarity, access to content, information, and applications served by the software within an Internet Web Solution is not limited to your or your affiliates’ employees.

Software in Internet Web Solutions is used to run:

-web server software (for example, Microsoft Internet Information Services), and management or security agents (for example, the System Center Operations Manager agent).

-database engine software (for example, Microsoft SQL Server) solely to support Internet Web Solutions.

-the Domain Name System (DNS) service to provide resolution of Internet names to IP addresses as long as that is not the sole function of that instance of the software.

Obsolesce

So can you point out, exactly, how Mangolassi website does not fall under their "web workload" definition?

You've got the platform, then you have the database. Both are exclusively used as described under their web workload definition.

Obsolesce

@scottalanmiller said in CALs: Silly or Not?:

Actually, they do exactly the opposite. This is their quote: "External Users means users that are not either your or your affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents."

What?? I said they define "publicly"......

You just defined "external users".

Two different things here.

Also, I took that "publicly" definition directly from their definition.

External users do not need a CAL when accessing web-workloads publicly.

Obsolesce

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@dashrender said in CALs: Silly or Not?:

... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?

Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?

Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...

1. MangoLassi
2. Google DNS

In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?

If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.

Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.

I seen nothing specifying the anonymous requirement.

That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.

Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.

Without those you need an EC, which is a public CAL.

If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.

Certainly would, no question. Because you using non-web services.

What on Mangolassi's web server am I accessing that doesn't fall under their web-workload definition?

Obsolesce

@eddiejennings said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@dashrender said in CALs: Silly or Not?:

... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?

Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?

Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...

1. MangoLassi
2. Google DNS

In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?

If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.

Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.

I seen nothing specifying the anonymous requirement.

That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.

Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.

Without those you need an EC, which is a public CAL.

If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.

Certainly would, no question. Because you using non-web services.

If I recall, the product for that is the "External Connector" CAL or something along those lines.

Correct. You would need CALs for external users if they are not accessing web-workloads publicly.

scottalanmiller

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

@dashrender said in CALs: Silly or Not?:

... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?

Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?

Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...

1. MangoLassi
2. Google DNS

In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?

If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.

Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.

I seen nothing specifying the anonymous requirement.

That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.

Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.

Without those you need an EC, which is a public CAL.

If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.

Certainly would, no question. Because you using non-web services.

What on Mangolassi's web server am I accessing that doesn't fall under their web-workload definition?

So from looking at what you quoted.... databases used solely for web workloads (say... MariaDB used only for WordPress public sites) is now included in their web workload definition? That's definitely new (new meaning since I last investigated, not necessarily recent) because that's definitely not what it used to be.

scottalanmiller

@tim_g said in CALs: Silly or Not?:

@scottalanmiller said in CALs: Silly or Not?:

Actually, they do exactly the opposite. This is their quote: "External Users means users that are not either your or your affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents."

What?? I said they define "publicly"......

You just defined "external users".

Two different things here.

Also, I took that "publicly" definition directly from their definition.

External users do not need a CAL when accessing web-workloads publicly.

Where do they have a public definition for their CALs?