If you have gone through an audit or going through an audit now, I am sure you will agree with some of these mistakes listed below. If you have never gone through an audit, pay attention -this list can save you. Here are the top 5 mistakes a hosting company can make when deploying Microsoft technology as a service.
- Not understanding that you are hosting. Sounds kind of silly, but many organizations do not know they are hosting software until an audit comes knocking on your door. Why? Many organizations are still unfamiliar with SPLA. (even Microsoft and especially resellers). Not all resellers are authorized for SPLA. If you purchase licenses to provide as a service, SPLA must be part of the conversation. But what happens if you work with someone who is unfamiliar with SPLA? Unless you are a licensing expert, you could easily find yourself out of compliance based on the advice your reseller or consultant gives you. If they are not authorized, they wouldn’t understand SPLA because they do not sell it. Let’s use a company that develops an application but uses Microsoft Excel to deliver a report or pulls data to support your solution. You speak to your reseller, and they have a strong Volume Licensing background. They know there’s a Software Assurance benefit called “Self-Hosting“, so the reseller advises you to purchase the software outright through your own Enterprise Agreement. The problem with this advice is in order to qualify for Self-Hosting, all software must be eligible for this use right. Excel does not qualify. Therefore the entire solution, Windows, SQL, Excel, RDS, etc. must be licensed via SPLA. Unfortunately all the licenses you just purchased is for not. Pay attention to the use rights!
- Not understanding License Mobility. SQL is the biggest licensing risk when it comes to audits. Many organizations host an end customer’s SQL instance without knowing that the end customer requires Software Assurance (SA) to transfer their licenses in a shared cloud environment. In any audit, you must prove those licenses have active SA or else you will be held responsible for those licenses. With cloud competition on the rise, going back to your customer after the fact might be a challenge. I recommend having a web page dedicated to License Mobility. Check out Amazon’s AWS page here. AWS must follow the same rules you do.
- Server naming conventions. There are use rights available to you such as customer trials, demonstrations, administration access, and testing. Whenever you go through an audit, the auditors will look at every server in your datacenter (or at least a snapshot of your datacenter) They will generate a report to show you what was installed versus what was licensed. In many instances, they will show a SQL Server (as an example) that was installed in 2014, but never reported. Since the auditors typically go back 3 years, they will want you to pay for that SQL Server from 2014 to present day. Why? It’s part of your hosted environment, it needs a license. But you argue – “that server is for admin access!” Prove to the auditors it’s only for administration purposes! Easiest way to do that is to name it appropriately so when the auditors generate the report, they will be able to identify its admin, or testing, or passive.
- Reporting Windows VM’s not physical cores. Windows is licensed differently than SQL. Pay attention. More information can be found here
- Not reading your Microsoft Business and Services Agreement (MBSA). You signed a SPLA agreement, but did you know you also signed the MBSA agreement as well? This agreement is especially important in audits. It outlines the cost associated with compliance and how far back auditors can go. Ask your reseller for a copy if you do not have one. It is very important to have a copy of this!
Have a question? Please email firstname.lastname@example.org
Thanks for reading,