RSS

How to Report SPLA Usage to be Compliant

16 Jul

The biggest benefit to SPLA is the month-month licensing rules.   The biggest downfall to SPLA (and CSP for that matter)  is its month-month licensing rules.  What’s a benefit to some is a nightmare for others.  In this article, we will review the tips and tricks to properly report Microsoft SPLA usage on a monthly basis and break it down using a fictitious scenario using my friend Joe Hosting.

Scenario  – The under licensing but also over paying SPLA reporter.

Joe’s Hosting  reports to his Reseller SharePoint Standard, Exchange Standard, Windows Standard, and SQL Standard every month.  They installed Exchange Enterprise and Windows Standard.    For simplicity, let’s say he has 8 VM’s on a host, and licenses SQL per instance on a VM, they also have 100 mailboxes he supports.

The Problem

Each month Joe had (key word) his employee Julie place their SPLA order each month to the Reseller.  One day, Joe accidentally backed his Porsche 911 into Julie’s car.  Furious, Joe yelled at Julie for parking near his precious Porsche and blamed her for the damage.  Julie got upset, and quit on the spot.

Julie was a dedicated employee.  Each month she would report to the Reseller almost the exact same thing (with minor fluctuations) – 100 Exchange Standard licenses, 16 Windows Standard processor licenses, 100 SharePoint Standard licenses, and 40 cores of SQL Standard.  Sometimes, she would change the counts based on customer’s coming and going but for the most part the report was stagnant.  The Reseller, happily placed the order without ever asking about their business.   Now that she left, what will Joe do?

Joe is a busy man.  He would never make time or the effort to learn how to submit SPLA usage or understand the licensing rules.   Once Julie left, his workload increased ten fold because not only did Julie report SPLA, but she was responsible for HR, scheduling, customer satisfaction, and making sure the annual company picnic went on without a glitch.  Joe was busy to say the least.  To make matters worse, Julie was the only person in the company to interact with their SPLA Reseller.

Several months went by and no usage was being submitted.  Sure the Reseller would send reminder emails to Julie, but there was no response.  Finally, Microsoft took notice, and started digging into Joe’s reporting.  Now Joe’s problems suddenly took a turn for the worse.

The Audit

It was a cold, rainy Monday, and Joe was really upset – not only did he have a ton of email to go through from the weekend, but his Porsche was getting wet.  He kept staring out his office window at his precious fire engine red baby; soaking wet, with streaks down the windshield.  The site made him sick,  he couldn’t bare to watch anymore.  He took to his email and noticed immediately – Microsoft Self-Audit Review in the subject line.  Joe opened it without hesitation.

The email thanked Joe for his partnership, but informed him that from time to time Microsoft will provide a self-audit compliance check to ensure accurate reporting.  From the email, Joe was to download the MAP toolkit (Check it out here) and provide the data back to Microsoft within 10 business days.  Joe surprisingly cancelled all his meetings that day and proceeded to download the tool.   Once the data was collected, he was to send the data to Microsoft and set up a call to review.  What happened next shocked even the Microsoft compliance guy.

Conference Call with Microsoft

Microsoft:  Good Morning Joe, after some analysis I have a few questions about the data you sent over.

Joe:  Absolutely Mr. Softy.  

Microsoft:  Umm…Say again?

Joe: C’mon man.  Mr. Softy…Microsoft???

Microsoft:  Whatever.  Let’s get to the data, ok?  In my analysis, I noticed you haven’t reported usage in 3 months.  Why?  Are you not providing commercial hosted services?  Your website indicates you are.  Just wondering why you haven’t reported?

Joe:  We had an employee leave the company who was responsible for reporting.  We did everything we can to retain her but she was simply out of control.  

Microsoft:  I don’t really care about why she left, but more concerned about why you didn’t report after she left. 

Joe: Sorry.  I don’t have an answer for that.  I was busy and forgot.

Microsoft:  I noticed you reported essentially the same thing every month which tells me you did not grow or shrink your business.  I did see on your website a press release that mentioned how excited you were to host email for Oil Tankers Inc, one of the largest Oil transportation services company’s in the US.  

Joe:  Yes. It was one of my finest sales calls.  

Microsoft:  I’m sure it was.  That being said, I noticed in the data you sent that over 5,000 users have access to Exchange Server but you were only reporting 100.  Why?

Joe:  I wish I knew.  That darn admin had no idea what she was doing.  I am sorry.  

Microsoft:  Apology accepted.  Now, back to Exchange.  You have 5,000 active users but you only report 100.  There is a license gap of 4,900 licenses.  It looks like they were active six months ago.  That total comes to roughly $50,000 in underreporting.

Joe:  Chuckles.  Yes, but I just sold them the licenses last month.  So really, I only have 1 month of underreporting.  Besides, Exchange is licensed per mailbox. 

Microsoft:  Try again. I just said they were active six months ago.  In addition, I find it hard to believe you just sold the licenses last month when your very own press release matches this date as well.  Last, Exchange is licensed per user, not per mailbox.  Even if it was, the mailbox number and actual users are almost the same.  

Joe:  Ok.  Well sorry.  I will correct it moving forward.

Microsoft:  (Ignores Joes’ comment).  Let’s move on to Windows Server.  You have an ESX host with two processors each.  You are running 8 VM’s on that host.  You are actually over reporting here sir.  Why are you not reporting Datacenter?

Joe:  Because Standard is installed. 

Microsoft:  Actually, you can report the higher edition.  What you cannot do is install Datacenter and report Standard.  Datacenter allows unlimited virtualization.  You could of saved money here.

Joe:  Wow. I had no idea.  I can run Standard but report Datacenter?

Microsoft:  Sighs.  That is exactly what I just said.  Let’s move on to SQL.  You are reporting 40 cores but only have one VM of SQL Server running.  Why so many cores?

Joe:  Because we have over 10 instances running on that VM.  We report 4 cores per instance running on that VM.  

Microsoft:  Yes, but you can run unlimited instances on a VM.  You should really be reporting 4 cores, not 40.

Joe: What!  I am looking at a BIG pay day from Microsoft.

Microsoft:  (Again, ignores the comment).  Let’s move on to SharePoint.  SharePoint, it looks like you have Enterprise installed.  From the data you sent over, it also looks like you provide only Standard features to your clients.  Is that accurate?

Joe:  Yep. Only Standard.

Microsoft:  I can’t believe it.  You are actually reporting SharePoint correct.  Did you know SharePoint and Exchange is licensed by the features accessed not what is actually installed?  

Joe:  No I did not.  The darn admin should’ve told me that.  When can I expect my check from Microsoft for the over reporting of SQL and Windows?

Microsoft:  Well.  Let me think about that.  Never.  

Joe:  Fine!

Conclusion

Throughout my twelve years of managing SPLA, I have had similar conversations and heard scenarios similar to the fictitious story mentioned.  In a lot of compliance situations, a SPLA customer has one person who reports usage.  If that person leaves the company without telling anybody how to report usage or what data is used to collect it, the organization can quickly get of compliance.

In reading the above, you might think that ole Joe came out ahead.  Yes, he did not report accurately or in the most cost effective manner, but he did come out of the audit unscathed.  I would argue that he wasted more money, should have invested in the right resources, and ultimately could have saved his customers money by licensing in the right  manner.  I highlighted below some of the ways Joe could’ve licensed to reduce his exposure and reduce his monthly spend.

  1. Report Windows Datacenter.  If you have more than 7 VM’s on a host, it is more economical to license Datacenter than Standard.
  2. Report the Productivity Suite which bundles Exchange Standard and SharePoint Standard.
  3. SQL Instances – you can run unlimited instances on a VM as long as the VM is properly licensed.
  4. Report USERS not mailboxes when it comes to Exchange
  5. Remember with Exchange and SharePoint, you report the features they have access to not what is technically installed.  Most hosters install Exchange Enterprise (Standard only supports a small number of mailboxes) but report Standard because users only have access to the Standard features.
  6. Reporting usage and stopping will get flagged for compliance.
  7. Stagnant reporting will get you flagged for compliance.
  8. Not reporting what you are advertising.  “I don’t host anymore” when your website says your are is difficult fact to overcome.
  9. Self-audits are exactly what it means “Self”  and “Audit”  The vendor is dependent on the data you provide them.
  10. If you report usage, build a team to make sure it gets reported correctly.  Most compliance gaps happen when an employee leaves the company.  Don’t be dependent on one employee.  If you are dependent on one employee, treat them right!  Poor Julie!
  11. Report on time.  The SPLA agreement says you must report by the 10th for the previous months usage.

Have a question?  Contact info@splalicensing.com

Thanks for reading,

SPLA Man

 

 

 

 

 

 

 

 

Advertisements
 
Leave a comment

Posted by on July 16, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: