Friday, June 29, 2012

Getting Your Teeth Into Microsoft Licensing

Microsoft Licensing For Omnivores

 

Introduction


On more than a few occasions people have been confused by the murky quagmire known as Microsoft Licensing and despite Microsoft's continual claims to the contrary, it is far from an easy concept to grasp considering just how many different products they have and the number of different ways each of their products can be licensed.

The people who have been confused by Microsoft Licensing are not only the end users, but also the resellers and Microsoft Partners who are trying to help their clients understand the intricacies of Microsoft's multiple myeloma Licensing method.

Is it a bird?  Is it a plane?  No - its "Wookie to the Wescue" as far as Microsoft Windows Server 2008/2008 R2 and Small Business Server 2008/2011Client Access Licenses (CALs) are concerned.  Read on if you dare...



Disclaimer

This discussion applies to Microsoft Windows Server 2008 R2 and Microsoft Windows Small Business Server 2008 R2 (oops, 2011) licensing and may or may not apply to other Microsoft products.  Quark IT is not privy to any information other than the Microsoft Licensing agreements published on the Microsoft website and the EULAs (End User Licensing Agreements) that come with all Microsoft software and hardware.  We are also not lawyers and the following discussion should therefore not be interpreted as legal nor financial advice.  Think of it more as a fairy tale...


Introduction To Client Access Licenses

A Client Access License (CAL) is really a piece of paper that gives you rights to access something.  As far as servers go, a CAL is the right to access the server - you need to have separately licensed the server oerating system and the client operating system.  In the Microsoft world, this means that you need to buy Windows Server or Windows Small Business Server (from now on known as SBS) as the server operating system (OS) and Windows 7 as the client or workstation OS.  Neither the purchase of the Server OS nor the Workstation OS gives you the right to connect to the server from any machine other than the server - basically, without CALs, the server can serve only its own simple needs.  You can buy a bundle that has the Server OS and some CALs in it, but these are separate components of the bundle.

To clarify, a CAL isn't a piece of software and no Microsoft server nor client operating system license includes Windows Server CALs per se, although you may buy a bundle with both the server OS and CALs.

How CALs Are Assigned

Microsoft basically assigns a CAL to a bag.  This bag can contain meat (in the case of User CALs) or machinery (in the case of Device CALs).  You can mix and match User CALs and Device CALs on the one network, but when you buy CALs you buy either a User CAL or a Device CAL and that particular CAL cannot change its colors.  You can use 5 Device CALs in the warehouse for your 12 warehouse staff and 15 User CALs in the office for your 15 office staff, but to do this you must have purchased 5 Device CALs and 15 User CALs.

Reader Participation Time

OK everybody, can you all stand up.  Great.  Now, here's where we split into two groups to hand out "assignment tools"- first, everyone will get a box of alcohol swabs and then those who don't mind getting their hands dirty need to get a pneumatic nail gun and those who don't like too much blood will be given a roll of gaffer tape (it sticks WAY better than masking tape or cellotape).  Everyone also needs a pad of yellow sticky notes and a pad of blue sticky notes.  Now, keep these with you at all times for the rest of the discussion as you're going to need it.  You can now sit back down with your alcohol swabs (no, DON'T suck them) and your "assignment tool" of choice.

User CALs

A User CAL, as suggested by its name, is assigned to a User.  There's no big revelation there.  People try to read all sorts of things into what Microsoft means by User, but the best definition is "a bag of meat that needs to authenticate to your Server".  User CALs are used where a particular "bag of meat" access your network from more than one device - for example, any combination of their workstation, laptop, smartphone, pda and checking their email using Outlook Web Access from home.  (If you allow anyone to access your network from public machines in an Internet Cafe, now is the time to put down your "assignment tool", walk to the boss' office and resign.)

It is really easy to assign a User CAL - look out the door and ask the closest person who requires a User CAL to come in and help you with this exercise for a second.  Grab a yellow sticky note, wipe the user's forehead with a clean alcohol swab, then place the sticky note on this person's forehead.  Now, as we all know the oils naturally present in our skin will cause this sticky note to fall off in a few seconds, so here's where our "assignment tool" comes in handy.  Once you've used your assignment tool of choice to more permanently affix the sticky note, you have assigned your first User CAL.  Time for a congratulatory coffee.  All you now need to do is to walk around the rest of the office (or offices) and assign these yellow User CALs to those people needing them.  Don't forget to keep count of the number you have used.

Device CALs

A Device CAL, again as suggested by its name, is assigned to (all at once) "a Device".  People try to imagine Microsoft doing all sorts of unimaginable things to the English language here, but quite simply a Device is "a bag of machinery that needs to authenticate to your Server".  Device CALs are used where a particular "bag of machinery" is accessed by a number of "bags of meat" that don't necessarily have yellow sticky notes affixed to their foreheads - for example, a nurse station, the goods inward terminal in a warehouse or the computers located in the sales office hot-desking area.

It is a lot less fun to assign Device CALs as all you have to do is to walk around the business using your "assignment tool" to affix blue sticky notes to the "bags of machinery" (including workstations, thin terminals, smartphones, iPads and scanners that scan to email or a file system location but excluding pens, paper, LCD displays, mice, cats, keyboards, printers and the vacuum cleaner) that are accessed by non-sticky-noted "bags of meat".

When To Assign User Or Device CALs

A simple rule of thumb is to buy and assign User CALs all the time unless Device CALs will save you a tidy sum of money.  This allows your staff ("bags of meat") to access the network resources from wherever they need (as long as those places are not public access terminals such as Internet Cafes as they are unsafe, to say the least).  Device CALs are quite suited to workshops, warehouses, nurse stations and similar locations where numerous "bags of meat" will access the "bag of machinery" during the normal course of business.

Remember that if a "bag of meat" without a yellow sticky note on their forehead who is accessing a "bag of machinery" with a blue sticky note on it decides to buy (or is assigned) a smartphone or an iPad to use whilst out of the office, this mobility device will need a Device CAL assigned to it.  Again, this is why it is generally better to use User CALs where possible.

What Happens If The Nail Hit Something Important?

In the unfortunate situation where the affixing of the sticky note caused irreparable damage to the particular bag in question, then that bag's CAL can be assigned elsewhere.  If a "bag of meat" who is assigned a yellow sticky note and a  User CAL chooses to move to another employer, then that User CAL can be placed back into the pool and assigned to the "bag of meat" that replaces the original "bag of meat".  You cannot reassign User CALs on a willy nilly basis to try and avoid buying adequate CALs.  I'd also not suggest reusing the yellow sticky notes - pull a fresh one off the pad for the replacement User.  Remember, at all times, safety first!

As for Device CALs, these can only be reassigned on a temporary basis if a particular "bag of machinery" is away for repair.  They can be reassigned permanently if a particular "bag of machinery" has been retired or replaced.  Again, you cannot keep reassigning Device CALs to try and avoid buying adequate CALs.

But We Run Multiple Shifts So We Can Reuse User CALs

No, you can't.  This is called "concurrent licensing" and Microsoft does not support this any longer.  As I have said, a yellow User CAL is nailed to the forehead of a particular "bag of meat" and the likelihood that a nail long enough to connect two foreheads leaves the owner of the first forehead in a state whereby they can perform useful work is rather unlikely.  Microsoft won't support you anyway and you will be running unlicensed (that's spelled P I R A T E D) software.

OK, So I Have One User Logging In As Bob, Sales And Accounts

I hope he gets paid well!

Aside from that, if he has a yellow sticky note nailed to his forehead, he's definitely allowed to do this with the use of a single User CAL.  Alternatively, if he's using a "bag of machinery" that has a blue sticky note nailed to it and never needs to access the network from his home or iPad, then the Device CAL assigned to the "bag of machinery" he uses allows him to legally log in with as many names as he so chooses, as well as allowing someone else to use that "bag of machinery" if they need to.

So, What About Distribution Groups And Exchange Contacts

As none of these are "bags of meat" nor "bags of machinery" and as none of these actually authenticate to the Server, then none of these need a CAL.  In other words, you can have as many Distribution Lists and Exchange Contacts as you like regardless of the number of CALs you own.

But I need to buy all Premium CALs for SBS 2008/2011 Premium, don't I?

Actually, no.  SBS 2008/2011 comes in two flavors - Standard (without SQL) and Premium (with SQL).  By that description, you should start to get a feel for when you need a Premium CAL - and the feeling should be something akin to "I need an SBS Premium CAL only for a User or Device that is going to access the SQL component of SBS Premium".  Any other feelings, although maybe nice, are not necessarily correct.

So, you can quite legally run an SBS 2011 Premium server with 5 Premium User CALs, 10 Standard User CALs, 3 Premium Device CALs and 2 Standard Device CALs as long as only those bags accessing the SQL components have a sticky note affixed to either their forehead (yellow sticky note) or the device (blue sticky note) they are accessing.

Now, what's this about Exchange Enterprise CALs?

OK, even though I wasn't going to cover Exchange Server here, this bit of it is relevant for the SBS users.  Exchange Server 2007 and 2010 comes in 2 flavors - Standard and Enterprise with Enterprise being in addition to Standard (ie, "for an extra dollar").  If you want the "extra" part, then you need to make sure you have bought Exchange Server Enterprise CALs which are added to an existing Exchange Standard or SBS CAL however you only need to buy Exchange Enterprise CALs for the users/devices who will be using those features (similar to how you only need to buy SBS Premium CALs for the users/devices that will be using the SQL component).

What's offered in the Exchange Enterprise CAL?  Microsoft once stated "The Exchange Enterprise CAL provides access to Unified Messaging and advanced compliance, as well as Forefront Security for Exchange Server and Exchange Hosted Filtering for onsite and hosted antivirus and anti-spam protection", however that link has been removed.  The best Microsoft replacement I've found is this comparison of Exchange 2010 CAL types.

When you are using the Exchange Management Console, you will clearly see which features require an Enterprise CAL.  The interface won't stop you using the features, however if you don't have enough Enterprise CALs, you will be in an unlicensed (that's spelled P I R A T E D) state.

(This information was originally posted on the old Quark IT website before I broke it, so I have reposted it here to stop people like Anthony Michaud from constantly bitching at me about its absence.)

Regards,

The Outspoken Wookie

Saturday, June 23, 2012

Mobility Computing - Microsoft & Apple

As will be patently obvious to anyone who has read anything I've written on tech in the past, I'm most definitely not an Apple fanboi nor do I wear the rose-colored glasses that the Microsoft mindwashed crowd wear, either - I simply call it as I see it.

Back when the Symbian OS was considered half decent, Microsoft had their Windows Mobile SmartPhone OS and RIM had Blackberry.  Right up front I'm going to pretty much ignore RIM and Blackberry here as I operate in the SMB world and in this market, RIM has never held a market share percentage easily distinguishable from zero.  Symbian was OK, but nothing to write home about.  I tried it on a few handsets and was never really a fan.  Microsoft's Windows Mobile - though bloated and ugly by today's standards - was quite usable as a SmartPhone OS and had email that connected quite effectively to Exchange Server for business users.  Aside from the terrible Office Mobile suite, Windows Mobile basically worked.

And then through a number of version upgrades, a trend became glaringly obvious - Microsoft had pretty much abandoned any idea of making this usable.  After seeing this trend and hoping I was misreading it, I eventually wrote this article in June 2008 where I accused Microsoft of treating Windows Mobile like a redheaded stepchild.  Around 15 months later in September 2009, Steve Ballmer admitted that he screwed up with the SmartPhone market and that they were going to address this.

Windows Phone 7 was announced in February 2010 and devices running this OS were finally available for sale in October 2010 - 8 months later.  Even now, in June, 2012, Windows Phone barely makes a blip on the radar of Mobile OS usage - even the Nokia Series 40 OS out-ranks it!

Microsoft had already effectively killed off their Windows Mobile platform by simply ignoring it so when Windows Phone 7 finally launched, the fact that all Windows Mobile handsets and applications were incompatible with it wasn't a big deal to *most* people.  One big reason for this is that most of those who were previously using a Windows Mobile handset had since bought an Apple iPhone or one of the Google Android handsets.

Microsoft released the "Mango" Windows Phone 7.5 upgrade in late 2011 and a minor "Tango" update in early 2012.  On June 20, 2012, Microsoft announced Windows Phone 8 and an upcoming and final update to the Windows Phone 7 platform - Windows Phone 7.8 - that will backport some of the features of Windows Phone 8, but not application compatibility.

WTF???

That's right - Microsoft has announced that Windows Phone 8 will run on a different CPU architecture - partly because they couldn't shoe-horn a decent OS into a single core CPU (iOS and Android can, though) - which means that any new Windows Phone 8.x applications will not run on Windows Phone 7.x handsets.  What's worse, though, is that this means that all currently available Windows Phone 7.x handsets will absolutely not be upgradeable to Windows Phone 8.

So, anyone who has bought a Windows Phone 7.x handset is now SOL when it comes to worthwhile OS upgrades - they are simply not going to happen.  Sure, the few people who own Windows Phone handsets will be disappointed by Microsoft shafting them once again, but as there are < 5% of SmartPhone users running Windows Phone 7 handsets, this will not have any great affect on the OS share of Windows Phone as a whole.

Now, will running the Windows 8 kernel on a SmartPhone under Windows Phone 8 be viable?  Well, it will be optimized to run on a quad core CPU (which not only means that it NEEDS serious grunt, therefore battery drain, it is also reasonable as mobility CPUs are migrating past dual core to quad core now anyway) and it may mean that Metro apps that will run on Windows 8 and Windows RT could also run on Windows Phone - that would be nice.  We'll have to wait and see...

Apple, on the other hand, has just announced that iOS 6 will be released soon and it supports all of their currently selling devices.  Not all features will be made available, however, and whilst some of these are for performance reasons, a number are purely corporate decisions, which is causing a bit of a stir with many commentators claiming that not properly supporting current devices where possible is not acceptable.  Just wait until they see what Microsoft's done to all of their currently available Windows Phone handsets!  :)

Android - well, there's a conundrum.  The vast majority of Android users are on rather old versions of the operating system and very few are running the current release - Ice Cream Sandwich (4.0.x) - because the many and varied devices running Android require their manufacturers to customize ICS for their devices before having it released.  Manufacturers like Toshiba who are glacially slow to release ICS for their Thrive (AT100) tablets are causing their customers to look at other manufacturers for future devices.  Why would you buy another device from the manufacturer who has just shafted you on the device they are currently selling?

And now Android Jelly Bean (4.1.x) has been "announced" on the Samsung Galaxy Nexus smartphone.  Google really needs to try and get their shit together here and ensure developers are releasing updates for their devices in a timely fashion - there are still quite a number of Froyo and Gingerbread devices being sold without any ability to upgrade, not to mention the Honeycomb devices still being sold.

So, will the new Windows Phone 8 work?  Microsoft's currently making a last ditch attempt at re-entering the mobility market.  They once owned and then ignored away their SmartPhone market share to Apple/Android and they have previously pretty much owned the tablet market with Windows XP Tablet Edition and the tablet features in F^HVista and Windows 7 even though they have completely disregarded touch functionality up until Metro.  This will be an interesting time for Microsoft in the mobility market - with the newly announced Microsoft Surface Windows RT/Windows 8 tablets and Windows Phone 8 they have one last chance to show the world that they have something decent to offer.  If the Windows Surface tablets omit integrated 3G/4G functionality, though, it shows how little Microsoft actually understands about mobility today.

... and now for some rather telling graphs: http://en.wikipedia.org/wiki/Mobile_operating_system showing the mobility space as it currently stands today.  Notice that there's no "Microsoft" anywhere on those graphs...

Regards,

The Outspoken Wookie

Thursday, June 21, 2012

A Win For Human Decency

In an all-too-rare win for human decency, the Change.org petition started by Melinda Liszewski in support of Jeannie Blackburn's request to have the Bravery Award that the Royal Humane Society awarded to Paul McCluskey revoked due to the violent behavior of McCluskey against Jeannie Blackburn that left her blinded in one eye and resulted in the loss of her unborn child has resulted in this award being revoked.

When actually honoured with the certificate for bravery for his efforts in the 2009 Black Saturday bushfires, McCluskey was serving a minimum 3 year jail sentence after pleading guilty in the Victorian County Court to criminal damage, intentionally causing injury, recklessly causing injury and recklessly causing serious injury to Ms Blackburn between 2006 and 2007.

Now, along with another 18,000 people I signed this petition which was presented on Tuesday 19th June, 2012 to the Melbourne Mayor who is also the Vice President of the Royal Humane Society. Jeannie did a series of interviews about the petition on the nightly news for television channels 2, 7, 9 and 10, radio station 3AW and it was also covered in the Herald Sun, the Daily Telegraph, the Australian and various other media locations.

It really is a shame that this sort of media and political pressure was required to force the hand of the Royal Humane Society - who convened a crisis meeting after all of this media coverage and voted unanimously to strip McCluskey of the award.  If only the Royal Humane Society took a look at the central word in their title and the central tenet of their charter maybe Jeannie's initial request for the revocation of a bravery award to a violent criminal would have been heeded without the need of all this additional pressure and poor media they have caused themselves to be subjected to.

I just hope Jeannie can get some comfort in the knowledge that she has the support of a large number of people and that this violent person has been stripped of this certificate and recognition that he absolutely did not deserve to be awarded.

Regards,

The Outspoken Wookie

Wednesday, June 20, 2012

Ron Williams def National School Chaplaincy Program

In what has to be the best news of the year so far, and likely also the best news of the century so far, Ron Williams, who took the NCSP to the High Court of Australia, has won his case.  :)

The High Court decided that the funding agreement between the Commonwealth Government and Scripture Union Queensland was invalid as it was beyond the executive power of the Commonwealth.

Next time I see Ron, I'll buy him a beer/coffee/dinner.  I've already donated money to his legal expenses via a few routes, and this will be a more personal "thanks" for his defence of sanity in the face of the religious infiltration of our education, political and health systems.

Have a read of http://www.brisbanetimes.com.au/opinion/political-news/school-chaplaincy-program-is-constitutionally-invalid-high-court-20120620-20n2d.html for some more information on this decision.

Regards,

The Outspoken Wookie

Saturday, June 09, 2012

Brisbane Southside on Measels Alert

Thanks likely to the antivax nutters spreading their woo and dangerous beliefs around the place, Queensland Health is urging residents on Brisbane's southside to be to be alert for symptoms of the highly infectious measles virus after a second case is confirmed in the area.

Have a read of this link for some more information.

Regards,

The Outspoken Wookie

Friday, June 08, 2012

Collusion: Tracking the Trackers

We all know that we're being tracked on the Internet - almost every site we go to records at least a small amount of information about our visit and a number of sites actively record much more information about our visit and share it amongst themselves. Do we know, however, exactly how many sites are actively tracking us as we trawl through the Internet doing what we normally do at home or at work?

There's an interesting Add-On available for Firefox called Collusion that lets you visualize who's tracking you in real time.  It is quite interesting to leave this open in one window as you go about your normal Internet-based activities and see exactly who's keeping an eye on you throughout the day.  Interesting in quite a creepy and disquieting way, that is.

I first came across Collusion after watching the TED presentation given by Gary Kovacs, CEO Mozilla Corporation.  One of the points Gary made during this presentation was that he was “not even two bites into breakfast, and there are already nearly 25 sites that are tracking me. I have navigated to a total of four.”  I'd recommend you all watch Gary's presentation. :)

We're giving away private and personally identifying information on the Internet all the time that we'd think twice about giving to a random stranger in the street.  What is it that makes it so easy for us to give personal information to a faceless website yet not want to give this to a random stranger we actually meet in person?

Especially where children are involved, the level to which our Internet activities are being tracked is quite concerning.  Aside from this regular user/personal information tracking for the purposes of advertising, our children simply don't comprehend the types of filth that are out there trolling for information on them so it is our job as responsible adults to ensure we protect them from those elements of society that are out to harm them.  When your child types in their birthday, school, sex, sports interests or uploads photos, there are some people out there taking this information so that they can prey on your children - we need to make sure we monitor the information our children are likely to give out *before* they do so and regret it later.

So, please, have a look at this TED presentation and have a look at Collusion to see how many sites are tracking your Internet activity - it will give you some idea how vigilant we need to be to protect our children from any forms of privacy and personal abuse they can receive directly and indirectly through the Internet.

Lifehacker has some more information on Collusion and some things you can do to make the Internet a little more Opt-In than Opt-Out.

Regards,

The Outspoken Wookie

Bravery Award For Wife Beater

In a disgusting example of the Royal Humane Society's support of a wife beater, they have awarded Paul Francis McCuskey with a bravery award for his rescue of an elderly woman as well as her pets during Victoria's Black Saturday bushfires - and given him this award whilst he's serving a 3 year jail term for numerous assaults on his former partner.

This is a disgraceful turn of events that the Royal Humane Society has effectively chosen to ignore.  How can a violent wife beater - he kicked her in the stomach while she was pregnant and later kicked her so hard in the head he severed her optic nerve, making her permanently blind in one eye - be awarded with a bravery award - especially as he's serving a violence-related jail term.

Quentin Bryce, the Australian Governor-General has put her weight behind the appeal to compassion for Jeannie Blackburn, McCuskey's former partner, for the retraction of the bravery award to McCluskey and to keep the Royal Humane Society in some form of moral acceptability to Australian society.

I signed the petition for this award to be retracted on 1st June - there's currently over 14,200 signatures to this petition.  I encourage anyone who finds violence unacceptable and who cannot accept the awarding of a bravery award to a person serving jail time for a violent crime to head over to Change.org and sign the petition.


Regards,

The Outspoken Wookie