In this post I will highlight new (and not so new) compliance gotchas as it pertains to providing infrastructure as a service.
Let’s start with a common example and go from there. You provide the infrastructure such as Windows/SQL, your customer provides the applications. Sound familiar? You license Windows Datacenter, SQL Enterprise in a shared (aka public cloud) environment under SPLA. You have no idea or really care what applications your customer’s are installing right? You just provide the support of the infrastructure. That’s not your concern. It’s their application, why should you care? Ahhh…but maybe you should.
Have you ever wondered how they’re accessing the applications? Are all applications web-based? I will answer that question for you…no. So how are they accessing the applications? Do they use Citrix? Do they remote into the application somehow? There’s that word…remote.
If you enable the Remote Desktop Services role within Windows Server – you guessed it…you need to report RDS licenses. The number of IaaS providers who just report Windows and SQL is astronomical. The number of IaaS providers now reporting RDS is also rapidly growing. Did they wake up one day and decide they should start reporting RDS? Unfortunately no. They were audited. Shoot me over an email and I will forward the guide that explains RDS and when it applies. Remember when you license RDS, you need to license each user that HAS access to RDS – not who does access.
Let me provide an example of how easily you could be underreporting RDS. Let’s say your customer has an application from another vendor (outside Microsoft) that’s hosted in your datacenter. That same vendor provides support to the application. You are not hosting the application for the vendor but for your customer, you just provide the vendor access to support the application via remote connection. SPLA allows 20 users to provide support and administration per datacenter. If you exceed that limit, you are going to have to report those additional users. Yes, even if you are not charging them.
Other IaaS Gotchas –
While we’re on the topic of customer owned applications, do you have it written in your agreement with the customer that you are not responsible for the applications they install? What would happen if they install applications that you are not aware of and they don’t have the appropriate licenses…who’s responsible you or the end customer? Kind of a trick question, it’s both. You will get audited, it’s installed in your datacenter, you are ultimately responsible. You need to ensure you have it written in your agreement that you’re not responsible so you can have a nice chat with your customer. All the big boys do it…you should too.
What about SQL? Are you virtualizing? Why aren’t you reporting SQL Enterprise? Are you utilizing all the use rights that come with SQL Enterprise – unlimited virtualization, DR, mobility within server farms, etc? What about smaller environments? Have you considered licensing by user instead of by core for SQL Standard edition?
SQL Web is tempting isn’t it? Less expensive option but no one really understands what it is. Here’s a quick synopsis – if you do not host public facing websites, SQL Web is not an option.
How are you managing your datacenter? Do you have System Center installed? You should report the Core Infrastructure Suite. Running Hyper V with few VM’s, license CPS. Both products include Windows. You need Windows to run System Center, so you kill two birds with one stone so to speak.
Ask your customers if they have Software Assurance. It’s no longer about latest version rights and annual payments. It’s about moving to the cloud. Let’s make sure it’s your cloud and not someone else’s.
Conclusion –
I’ve been around this game of SPLA for a long time. The best advice I can give is to listen to your customers and don’t be afraid to change. Cloud is evolving, you should evolve too. Don’t report out of convenience, look into ways you can optimize what you are reporting. It’s competitive out there, let’s make sure you are getting the most value out of your agreement.
Thanks for reading,
SPLA Man
SPLA Licensing 
influsenced
February 1, 2015 at 5:48 am
Reblogged this on Cloud en Cost Management.
Christopher Vanderlinden
February 2, 2015 at 7:25 pm
I dont like your example 🙂
Typically if a vendor needs access to a customer environment, as a service provider, we would create an account in the customers environment (a service / admin account) and as long as it is for administrative purposes only, it doesn’t count towards your needed RDS CALs.
See Question #7 here: http://blogs.technet.com/b/volume-licensing/archive/2014/03/10/licensing-how-to-when-do-i-need-a-client-access-license-cal.aspx
Simply put, its a customer environment, anything past the initial setup / deployment / roll out may require additional purchases. If they hire 3 more employees, they would be expected to pay for an additional 3 RDS CALs or licenses or however you “charge” them.
Christopher Vanderlinden
February 2, 2015 at 7:30 pm
Sorry, I don’t typically post straight negative comments, and hopefully that didn’t come off that way. I did actually enjoy the article, as I know tons of places that would count towards the whole jump in RDS licensing because of Audits.
I guess the most important thing honestly is that if you are building a cloud environment for multi-tenant / customer purposes, you better do your research first and build it from the ground up the CORRECT way, so that you can scale up and out quickly, as well as, and probably more importantly, efficiently!
Thanks!
splaman
February 4, 2015 at 6:46 pm
I agree 100%. I didn’t think you were being negative. It helps to walk through different options. Email me – would love to learn more about your offerings.
splaman
February 4, 2015 at 6:44 pm
Hi Christopher – thx for reading. Ahhh…but riddle me this. What happens if you have more than 20 users (per datacenter) that need access to provide administrative services? SPLA program only allows 20 users per datacenter for administration purposes. If you exceed that number, it has to be reported regardless if they are admin or full users.
Christopher Vanderlinden
February 19, 2015 at 5:47 pm
Which agreement is that in? Is that SPUR or SPLA?
Also, I’ve been reading more into this (for my own benefit in the near future..), and this gets me:http://download.microsoft.com/download/8/9/A/89A3F8B9-94DE-4956-A56E-F6D2B215D0E6/Services_Provider_License_Agreement_Program_Guide.pdf (On page 4):
“Install at customer facilities. Install Microsoft Products on servers that are located on an end customer’s premises under your management and control.”
I always thought that was 100% not allowed under any circumstances!
Back to your question – I’m not sure! I still typically would just charge the user an additional X per month for the “service” account. RDS SALs aren’t THAT expensive, or I would eat it myself if it was some sort of deal breaker.
Still in the planning stages honestly!
(hence the earlier comment of building it the correct way from the beginning)
splaman
February 19, 2015 at 8:44 pm
Hi Chris…that’s in the SPLA agreement itself. Happy to send you a copy to reference. Under the new agreement, you CAN install on customer owned hardware – you have to manage it and control it – which means they (your customer) can only access to use the software itself. Let’s say you install an Exchange server on your customer premise, the end user can only use the software to get email. There are so many different ways you can license SPLA.
Ben Zachary
March 24, 2015 at 12:52 pm
What is the code/item for reporting RDS ? I setup our first RDS server in a centralized domain we were looking to offer RDS/Cloud services for smaller companies under a single AD domain structure all using SPLA. I know how to report Windows Server(s) and Exchange currently since thats what we do right now, but when I go to activate the RDS Licensing I dont have any code or maybe I missed something? How do I report the proper licensing? Dont I need an activation code? Under the SPLA item sheet we receive nothing mentions RDS but I do see the productivity suite and core infrastructure suite do i report with those?
splaman
March 24, 2015 at 1:25 pm
Hello Ben..you will need to enter your SPLA enrollment number not a license key. Hope this helps!
Ben Zachary
March 24, 2015 at 1:42 pm
Ahh, okay so when I goto activate the TS Licensing I can use my SPLA agreement number? Hmm I didnt see that anywhere. Then when I report what is the item to use? thanks for the response. Right now I have some long excel sheet to get the product numbers / reporting that we submit through our SPLA portal, maybe there is an RDS option there that I havent seen since the billing dept does that piece.
splaman
March 24, 2015 at 1:44 pm
No problem. Yes, it’s on there. Talk to your reseller. They should have it for sure.