CALs: Silly or Not?
-
@storageninja said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@storageninja said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
How does a computer ever know how many users there are? Name any system in the universe that can do this?
Run a simple automated report against your Users OU....
And then your information would be potentially completely wrong. That was the point, since the thing that you license has no connection to OUs.
For example, what if you didn't use AD at all. Not like you get to skip your licensing just because you don't have that one feature.
If you use User CALs you don't have to worry about devices. It's an "Or" not an AND was my understanding.
You are correct that it is User CALs OR Device CALs, that much is correct. What is totally not correct is what I was responding to - your bit about AD which had no connection to your user count. Your comment was about using AD to determine users, but as that doesn't work... that was the point.
-
@tim_g said in CALs: Silly or Not?:
@storageninja said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@storageninja said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
How does a computer ever know how many users there are? Name any system in the universe that can do this?
Run a simple automated report against your Users OU....
And then your information would be potentially completely wrong. That was the point, since the thing that you license has no connection to OUs.
For example, what if you didn't use AD at all. Not like you get to skip your licensing just because you don't have that one feature.
If you use User CALs you don't have to worry about devices. It's an "Or" not an AND was my understanding.
You completely missed his point...
You can have 500 users in a company, and no Active Directory. You still need User CALs becasue they are using devices that access the services a Windows Server provides... such as DHCP, DNS, Print Services, computers accessing file shares, network, etc... the list is huge.
In that scenario, your simple Users OU report would provide nothing useful. Going by that report would show you need zero user CALs, when in fact, you may need up to 500.
And given that MS is moving people towards Azure AD (which is not AD), albeit slowly, the chances that even die hard 100% MS shops will have an AD OU with all their appropriate users is rapidly becoming anything but likely.
-
@scottalanmiller said in CALs: Silly or Not?:
Your comment was about using AD to determine users, but as that doesn't work... that was the point.
that part doesn't work if you aren't using AD.
Though Scott - you still have to create user accounts to have access, and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis? (granted this doesn't work as well in a multi-server non AD setup) and I guess if you're providing DB access, you wouldn't have Windows users necessarily - yeah yeah.. OK I get it.
-
@dashrender said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
Your comment was about using AD to determine users, but as that doesn't work... that was the point.
that part doesn't work if you aren't using AD.
Though Scott - you still have to create user accounts to have access...
This is incorrect. User accounts are not a requirement of using Windows servers nor of licensing. This underlying premise is what leads to the bad concept that the computer itself has some means of knowing how many people get services from it.
-
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
-
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
But I did understand the point you were trying to make.
-
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
-
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
-
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.
-
Public is public, even if you comb through your logs and can pick out your neighbor.
-
@scottalanmiller said in CALs: Silly or Not?:
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.Who the fuck does authentication on public DNS?
-
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.
If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.
-
They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".
-
It's not the authentication, it's that public users could be accessing a non-web workload server on back-end servers. THEN they will need CALs.
-
@tim_g said in CALs: Silly or Not?:
They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".
This is almost as fun as the VDI licensing that my iPad needed if it was outside the office or inside the office
Microsoft licensing based on geography or network topology is always a mess.
-
@tim_g said in CALs: Silly or Not?:
They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".
Actually, they do exactly the opposite. This is their quote: "External Users means users that are not either your or your affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents."
They certainly never think of them as outside of your firewall. That would create insanity. You'd just opt not to have a firewall, or put extra ones places to make people inclusive. Since HTTPS is a VPN, it bypasses firewalls, and so forth.
-
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.
If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.
Certainly would, no question. Because you using non-web services.
-
Here is the full bit about external users and licensing: "3 – Do my external users need a CAL?
The general rule is all server software access requires a CAL. However, external users* may have additional licensing options depending on the product. For example, with Windows Server – external users can be licensed with CALs or External Connectors (whichever is more cost effective)."
You'll notice that external users need a CAL - with the option of getting the external connector CAL. It's still a CAL, just one that allows for you to not be able to count up the users.
-
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.
If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.
Certainly would, no question. Because you using non-web services.
If I recall, the product for that is the "External Connector" CAL or something along those lines.
-
This post is deleted!