CALs: Silly or Not?
-
@scottalanmiller said in CALs: Silly or Not?:
Your comment was about using AD to determine users, but as that doesn't work... that was the point.
that part doesn't work if you aren't using AD.
Though Scott - you still have to create user accounts to have access, and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis? (granted this doesn't work as well in a multi-server non AD setup) and I guess if you're providing DB access, you wouldn't have Windows users necessarily - yeah yeah.. OK I get it.
-
@dashrender said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
Your comment was about using AD to determine users, but as that doesn't work... that was the point.
that part doesn't work if you aren't using AD.
Though Scott - you still have to create user accounts to have access...
This is incorrect. User accounts are not a requirement of using Windows servers nor of licensing. This underlying premise is what leads to the bad concept that the computer itself has some means of knowing how many people get services from it.
-
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
-
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
But I did understand the point you were trying to make.
-
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
-
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
-
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.
-
Public is public, even if you comb through your logs and can pick out your neighbor.
-
@scottalanmiller said in CALs: Silly or Not?:
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.Who the fuck does authentication on public DNS?
-
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.
If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.
-
They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".
-
It's not the authentication, it's that public users could be accessing a non-web workload server on back-end servers. THEN they will need CALs.
-
@tim_g said in CALs: Silly or Not?:
They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".
This is almost as fun as the VDI licensing that my iPad needed if it was outside the office or inside the office
Microsoft licensing based on geography or network topology is always a mess.
-
@tim_g said in CALs: Silly or Not?:
They defined publicly as "e.g. outside the firewall", and "not restricted to affiliates or employees".
Actually, they do exactly the opposite. This is their quote: "External Users means users that are not either your or your affiliatesâ employees, or your or your affiliatesâ onsite contractors or onsite agents."
They certainly never think of them as outside of your firewall. That would create insanity. You'd just opt not to have a firewall, or put extra ones places to make people inclusive. Since HTTPS is a VPN, it bypasses firewalls, and so forth.
-
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.
If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.
Certainly would, no question. Because you using non-web services.
-
Here is the full bit about external users and licensing: "3 â Do my external users need a CAL?
The general rule is all server software access requires a CAL. However, external users* may have additional licensing options depending on the product. For example, with Windows Server â external users can be licensed with CALs or External Connectors (whichever is more cost effective)."
You'll notice that external users need a CAL - with the option of getting the external connector CAL. It's still a CAL, just one that allows for you to not be able to count up the users.
-
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@tim_g said in CALs: Silly or Not?:
@scottalanmiller said in CALs: Silly or Not?:
@dashrender said in CALs: Silly or Not?:
... and assuming you're not lieing about the number of users by making people share accounts or deleting them why couldn't user count be done on a server by server basis?
Lieing is a bad term here, the only place you are asked the number of users is in the count of your CALs. Beyond that, there is no place where one could lie in this context. But moving on, if you don't have AD, where do you envision these accounts living?
Let's take this to a non-Windows, really simple set of examples... all of which could be on Windows if it was affordable...
- MangoLassi
- Google DNS
In both of these scenarios, how would we count up all of the users who are getting benefits from their services? And, of course, what makes Windows different from the operating systems used for either of these?
If Windows Server is hosting a website or public DNS, you don't need CALs for the public user access to that. Publicly accessible services hosted on a Windows Server do not require CALs for public users. Once it's not made publicly accessible, then you need CALs.
Actually it's only for public anonymous users that you don't need Named CALs. If you can identify them, even publicly, you need CALs.
I seen nothing specifying the anonymous requirement.
That doesn't make sense. What if you hear a rumor that John Smith from way back in kindergarten just happens to be a frequent visitor of your website. That doesn't mean you now suddenly need to buy a CAL for him. It's still public access. I didn't see anything specifying anonymous.
Publicly means unidentified. If you authenticate a public user, for example (and for others reading - authenticate in no way implies AD or any form or Windows or Microsoft authentication mechanism) then they need a User CAL.
Without those you need an EC, which is a public CAL.
If you were hosting Mangolassi.it on a Windows Server, you would NOT need a user CAL for me. That's not how it works.
Certainly would, no question. Because you using non-web services.
If I recall, the product for that is the "External Connector" CAL or something along those lines.
-
This post is deleted! -
@scottalanmiller said in CALs: Silly or Not?:
Here is the full bit about external users and licensing: "3 â Do my external users need a CAL?
The general rule is all server software access requires a CAL. However, external users* may have additional licensing options depending on the product. For example, with Windows Server â external users can be licensed with CALs or External Connectors (whichever is more cost effective)."
You'll notice that external users need a CAL - with the option of getting the external connector CAL. It's still a CAL, just one that allows for you to not be able to count up the users.
You also obviously did not read all the relavant parts of that article.
"External Users" do not need CALs if they are accessing solely web-workloads publicly.
-
5 â Do I need a CAL when my Windows Server is used to run a web server?
Windows Server 2012 R2 configured to run Web Workloads ** do not require CALs or External Connectors.
** Web Workloads (also referred to as âInternet Web Solutionsâ) are publicly accessible and consist solely of web pages, websites, web applications, web services, and/or POP3 mail serving. For clarity, access to content, information, and applications served by the software within an Internet Web Solution is not limited to your or your affiliatesâ employees.
Software in Internet Web Solutions is used to run:
-web server software (for example, Microsoft Internet Information Services), and management or security agents (for example, the System Center Operations Manager agent).
-database engine software (for example, Microsoft SQL Server) solely to support Internet Web Solutions.
-the Domain Name System (DNS) service to provide resolution of Internet names to IP addresses as long as that is not the sole function of that instance of the software.