In this post I will highlight new (and not so new) compliance gotchas as it pertains to providing infrastructure as a service.
Let’s start with a common example and go from there. You provide the infrastructure such as Windows/SQL, your customer provides the applications. Sound familiar? You license Windows Datacenter, SQL Enterprise in a shared (aka public cloud) environment under SPLA. You have no idea or really care what applications your customer’s are installing right? You just provide the support of the infrastructure. That’s not your concern. It’s their application, why should you care? Ahhh…but maybe you should.
Have you ever wondered how they’re accessing the applications? Are all applications web-based? I will answer that question for you…no. So how are they accessing the applications? Do they use Citrix? Do they remote into the application somehow? There’s that word…remote.
If you enable the Remote Desktop Services role within Windows Server – you guessed it…you need to report RDS licenses. The number of IaaS providers who just report Windows and SQL is astronomical. The number of IaaS providers now reporting RDS is also rapidly growing. Did they wake up one day and decide they should start reporting RDS? Unfortunately no. They were audited. Shoot me over an email and I will forward the guide that explains RDS and when it applies. Remember when you license RDS, you need to license each user that HAS access to RDS – not who does access.
Let me provide an example of how easily you could be underreporting RDS. Let’s say your customer has an application from another vendor (outside Microsoft) that’s hosted in your datacenter. That same vendor provides support to the application. You are not hosting the application for the vendor but for your customer, you just provide the vendor access to support the application via remote connection. SPLA allows 20 users to provide support and administration per datacenter. If you exceed that limit, you are going to have to report those additional users. Yes, even if you are not charging them.
Other IaaS Gotchas –
While we’re on the topic of customer owned applications, do you have it written in your agreement with the customer that you are not responsible for the applications they install? What would happen if they install applications that you are not aware of and they don’t have the appropriate licenses…who’s responsible you or the end customer? Kind of a trick question, it’s both. You will get audited, it’s installed in your datacenter, you are ultimately responsible. You need to ensure you have it written in your agreement that you’re not responsible so you can have a nice chat with your customer. All the big boys do it…you should too.
What about SQL? Are you virtualizing? Why aren’t you reporting SQL Enterprise? Are you utilizing all the use rights that come with SQL Enterprise – unlimited virtualization, DR, mobility within server farms, etc? What about smaller environments? Have you considered licensing by user instead of by core for SQL Standard edition?
SQL Web is tempting isn’t it? Less expensive option but no one really understands what it is. Here’s a quick synopsis – if you do not host public facing websites, SQL Web is not an option.
How are you managing your datacenter? Do you have System Center installed? You should report the Core Infrastructure Suite. Running Hyper V with few VM’s, license CPS. Both products include Windows. You need Windows to run System Center, so you kill two birds with one stone so to speak.
Ask your customers if they have Software Assurance. It’s no longer about latest version rights and annual payments. It’s about moving to the cloud. Let’s make sure it’s your cloud and not someone else’s.
I’ve been around this game of SPLA for a long time. The best advice I can give is to listen to your customers and don’t be afraid to change. Cloud is evolving, you should evolve too. Don’t report out of convenience, look into ways you can optimize what you are reporting. It’s competitive out there, let’s make sure you are getting the most value out of your agreement.
Thanks for reading,