RSS

Category Archives: Compliance

SPLA Audit start to finish

Your business is doing great, your sellers and customers are happy, you are making money instead of spending money, when out of the blue….BAM…you receive an audit letter.  Sound familiar?

So what do you do?  Your first reaction is panic.  Your second reaction is to call a lawyer.  Your third reaction is to blame your reseller.  I think that about sums it up.  If you disagree, I’m not 100% sure you are being truthful with yourself.  If you do agree, I also think you are making a HUGE mistake.  Sounds a little odd doesn’t it?

First thing you need to understand is it’s not your fault.  It’s not as if you are purposely trying to be out of compliant.  Microsoft knows this as well.  SPLA is a difficult program and very hard to understand. As I pointed out in the “About” section of this blog, there is little information written about the SPLA program leaving service providers vulnerable.  The SPUR?  Forget about it. That’s why I created this blog in the first place.

I think that is why SPLA customers call a lawyer to help guide them.  This may help you sleep at night, but is it REALLY helping?  I will let you determine that after the dust settles.

What does happen during an audit? I don’t care if this is the first step or fourth step but at some point you will have to collect data.  Data that PROVES the reason you reported the way you did.  One of the biggest mistakes a SPLA provider can make is not reporting indirect access.  Again, not your fault.  Who has any idea of what “indirect” really means?  Think of indirect as Microsoft software that is used to run your other applications that you market to your customers.  You have an application that you developed that reports back to SQL using Excel.  Users have no idea they are using SQL, all they know is the application they use.  But since SQL is part of your hosted solution…it must be reported.  Make sense?  That’s also why Windows will always need to be reported.  Try running Exchange without a Windows OS.  Not going to happen.

Data can also mean the licenses that your customers own that they bring over to your environment.  How do you know who owns what?  Are there enough CAL’s?  One of the arguments service providers make is they can go after their customers if being audited.  There’s an easy conversation right?  Remember, you want to keep customers not lose them.

Some service providers have learned that their end customers install software on VM’s without informing them.  How do you know what is actually being installed?  So take a look at your datacenter; are your customers installing software you don’t know about?  Collecting this information after the fact is a difficult process.  This leaves auditors with no choice but to make a best guess.  Best guesses can cost you significantly.

So after all this data is analyzed by the audit team, it is then delivered to Microsoft.  That’s when you present your case.  They will take things into consideration, but understand that if you are missing information, it makes your argument that much more difficult.  Don’t blame your reseller, that doesn’t work.  Don’t rely on a lawyer, that doesn’t always work either.  Educate yourself.  That’s the best advice I can provide.  Just by taking the time to read this I think you are on the right path.

Happy to walk you through the process in greater detail.  I am one of the few that actually gets it. My email is at the top righthand side of this page.

Thanks,

SPLA Man

 

 
Leave a comment

Posted by on September 18, 2014 in Compliance

 

Tags: , , , , , , , ,

Hybrid, Dedicated, and Shared Scenarios…

There are three deployment options for service providers – Hybrid (mix of on premise and cloud) Dedicated, and Shared.  In this article, we will break each one down to explain how they work and the options available.

Dedicated Scenario – (3 options available)

Option 1
Your customer decides to bring their own software (such as Exchange) and infrastructure (Windows) via their own volume licensing agreement. They do not have software assurance on the software. Can they do this?

Yes. Why? Everything is dedicated. Server, virtual machine all dedicated to one single organization. Software Assurance is NOT required.

Option 2
Your customer decides to bring the software but the hoster will provide the infrastructure in a dedicated environment. Again, customer does not need Software Assurance if it’s a dedicated environment. In this scenario, the hoster (you) will provide the Windows license via SPLA and not report the other applications the customer brings over since it is already covered via their own volume licensing agreement. This is applicable, it’s dedicated (VM and physical servers)

Option 3
Your customer is a healthcare company that needs a dedicated environment due to regulatory compliance. They do not own any software; they would need the hoster to supply the software licenses. Can they (the hoster) do this? Yes, the hoster would report everything under SPLA. The hoster (you) CANNOT use your own volume licensing agreement to provide the solution but you can certainly provide SPLA. Please be aware that if you own a volume licensing agreement, you cannot use the same hardware your volume licensing agreement resides as your hosted solution.

Also keep in mind that SPLA is non perpetual, when the customer leaves, they can no longer use the software they were accessing.

Summary of Dedicated –
Dedicated is applicable for both SPLA and end customer owned volume licensing. Dedicated also means dedicated hardware and dedicated VM’s. In dedicated environments, the end customer DOES NOT need software assurance. From a compliance perspective, it is defined as the following:

“Any hardware running an instance of Microsoft software (OS or application) must be dedicated to a single customer. For example, a SAN device that is not running any Microsoft software may be shared by more than one customer; since, a server or SAN device that runs Microsoft software may only be used by one customer.” (source: Microsoft VDA FAQ)

Hybrid Scenarios – 3 options available

Option 1
You decide to offer your customer a shared infrastructure but they want the same applications to run on premise. A good option would be to have the customer purchase the server applications (think Exchange, SharePoint, Lync) with software assurance (SA) and run them on premise. You (the service provider) would run the same applications in your shared environment BUT report the SAL for SA SKU. Much cheaper option than standard SPLA prices. I wrote about this here This also works well for Disaster Recovery options.

Option 2 (not really a hybrid but just go with it)
You can use license mobility. Microsoft likes to define this as a “hybrid option” but to me, hybrid insinuates the ability to run on premise and in your cloud. License mobility is a SA benefit for certain applications (SQL, CRM, SharePoint, Exchange, Lync) that allows customers to leverage their investment in SA and transfer those licenses into a hosters shared infrastructure. Reason why I don’t think this is truly a hybrid is the customer is TRANSFERRING licenses into your datacenter. This means that if a customer wants to move back to their own datacenter, they have to wait 90 days. (transfer license rule). With SAL for SA, nothing is being transferred. Windows does not have mobility rights, this will need to be reported under your own SPLA. I wrote about license mobility many times – here’s an article for your review – here You can also check out the Microsoft site for more of a definitive definition http://www.microsoft.com/licensing/software-assurance/license-mobility.aspx

Option 3
Good Ole’ SPLA. Customer can run their own servers on premise, you just report SPLA licensing in your shared environment. The new SPLA agreement even allows you to run SPLA software on customer owned hardware as long as you still manage it.

Shared Scenarios – 2 options

Option 1
License Mobility – see above

Option 2
SPLA. We all know what that is.

Summary

I hope this brings a bit more clarity. Sorry if some things are redundant but at the same time, some things are simply worth repeating. Here’s the takeaway – customer’s can always bring licenses into your datacenter. There is no law of the land that prohibits this. What is prohibited is the way you deploy the technology. There is only one option to install customer owned licenses in a shared environment and that is license mobility. Again, (here I go being repetitive) if Microsoft allowed customer owned licenses to be installed in shared environments than why would they create license mobility?

If you still have trouble comprehending all this, shoot me an email located at the top right of this page. One general rule of thumb – if it’s shared – 90% of the time SPLA is required.

Thanks for reading

SPLA Man

 
15 Comments

Posted by on August 27, 2014 in Compliance, License Mobility

 

Tags: , , , , , , , ,

Help me SAM!

I was on a call the other day and the customer was pleasantly surprised to learn about the SPLA program. Although I do not manage the program in its entirety like the old days, I will say this was a refreshing surprise. When you mention SPLA to a customer, account manager, or even Microsoft, more times than not you here a groan. ABS – Anything But SPLA! I am sure if there are resellers reading this, they would probably agree. Why no love for a program that is growing exponentially year/year? What are better alternatives…buy the licenses outright?

I don’t think the issue is with the program itself; after all, the ability to get started with zero upfront costs from a licensing perspective is pretty cool! I don’t even think the licensing is all that difficult once you get started. The pain point is understanding all the “gotcha’s” and the “in’s” as well as all the “outs” to make sure what you are doing is both compliant and cost-effective.  SPLA is an honor based system, but if you are found dishonest, it will cost you.

One of the biggest hurdles is tracking licenses. With the release of Azure, license mobility, and regular SPLA licenses, the ability to track licenses is becoming more complex.  End customers do not want to double pay for licenses already purchased and service providers don’t want to report SPLA if they don’t have to.  So what do you do?

That’s where my old friend named Sammy comes in. On premise customers have used SAM (Software Asset Management) for years as a mechanism to track licenses purchased and/or deployed.  This is not a one time snapshot, (although I guess it could be if you want it to be) but an ongoing strategy to make sure licenses are being consumed properly.  If they are not, at least they catch the problem before they get audited.

Service providers are different; very few have a SAM strategy.  Most service providers are taking part in license mobility and customer owned licenses more regularly. If you don’t believe me check out all the license mobility partners on Microsoft’s website.  If you thought SPLA is complex, try combining on premise licensing and SPLA and see what you have!

What does SAM really do? It’s a strategy. It will give you tools and a team of experts to help guide you through the ever-changing license use rights (SPUR or PUR for those playing at home).  In most cases, it provides you with the necessary resources to help protect you from vendor audits.  There are different levels of SAM to cater towards different types of environments.  Just like service providers, no two environments are the same.

Here’s my advice (if you are wondering) – if you are a service provider, get a SAM strategy in place.  There’s a saying I read somewhere ( I believe LinkedIn) that said if you think audit prevention is expensive, try being audited.  (paraphrased here but you get my point).

If you don’t have a SAM resource, email me, (blaforge@splalicensing.com) I can be your SPLA/SAM resource.  I guarantee I know the program better than most.  You can also check out our SAM services at SoftwareONE here

As always,  hope you find this helpful and gives you some ideas.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on August 11, 2014 in Compliance

 

Tags: , , , , , ,

Self Hosted Rights and Office

The other day I was on a call with a customer who developed a financial application that takes a customer’s information and then reports it back from Excel.  The goal would be to have it deployed via a web browser, possibly using SharePoint.  Immediately I thought of Office Web App.  Browser based, users could not only read it but edit it as well, sounds like a perfect fit  What about the licensing?  Since this is their own Intellectual Property (IP) I thought of the self hosted rights for volume licensing.  SPLA might be too expensive since users could not be tracked. This is where we got stuck. 

Self hosted is a software assurance benefit. It allows volume licensing customers to host their application that runs on Microsoft technology to third parties. I included the terms and conditions directly from the Product Use Rights (PUR) at the bottom of this post (in case you are really bored) but in my opinion this will allow developers to continue to build their applications and utilize volume licensing that offers the greater discount.

As a SAM manager, I was engaged by the customer to review both past and current licensing.  Since this was a new offering, nothing was licensed or even deployed yet.   Whew…Rule #1 – before building a datacenter make sure the solution fits the licensing. Secondly, this is being provided as a service, not simply allowing external users to access.

What did we advise? In order for a solution to qualify as “self-hosted” all applications must be self hosted eligible. Unfortunately, Office does not qualify. Ugh. There goes that option. Now we must look at SPLA for everything (one unified solution as defined in the PUR). The problem with SPLA is you must license Office STD or PRO to enable Office Web Apps. To add more complexity, Office in a server environment is licensed by user (SPLA) Since user count is expected to be very high, this does not seem to be an economical solution. What I proposed was to get rid of Office. That’s right, I recommended they remove it from the solution and use Open Office. The solution worked and met the compliance guidelines set forth by Microsoft.

In conclusion, I hated my recommendation but went with it in order to be compliant. Microsoft Office is a superior product to “Open Office” If only Microsoft would allow Office to be self hosted eligible, I think it would benefit the service provider, Microsoft, and more importantly the end customer.

Bottom line- make sure if you have your OWN application (not license someone else’s) and you decide to use volume licensing to host, make sure all software is eligible or risk BIG compliance risk.

Thanks for reading.

SPLA Man

From the PUR
You must have the required Microsoft licenses and maintain Software Assurance coverage for:
• the Self-Hosted Applications run as part of the Unified Solution; and
• all access licenses used to make the Unified Solution available to external users (See Universal License Terms, Definitions).
All Microsoft software used to create and deliver the Unified Solution must:
• be licensed through a Volume Licensing program that is subject to these license terms (e.g., Enterprise Agreement, Select Plus Agreement, Open License Agreement) and not any other (e.g., Services Provider License Agreement, Independent Software Vendor Royalty License and Distribution Agreement); and
• be marked as ‘Yes’ for ‘Self Hosting of Applications Allowed’ in these license terms
Your software must:
• add significant and primary functionality to the Self-Hosted Applications that are part of the Unified Solution (dashboards, HTML editors, utilities, and similar technologies are not a primary service and/or application of a Unified Solution);
• be the principal service and/or application, and sole point of access, to the Unified Solution;
• be delivered over the Internet or a private network from your datacenter to end users. The Self-Hosted Applications component may not be loaded onto the end user’s device; and
• be owned, not licensed, by you, except that your software may include non-substantive third party software that is embedded in, and operates in support of, your software.

 
Leave a comment

Posted by on February 4, 2014 in Compliance, Self Hosted

 

Tags: , , , , , ,

Links to vendor websites and other blogs

Here’s a list of resources I think are worth checking out. Not all pertain to SPLA specifically, but in the world of IT – all licensing programs find a way to relate to one another. Check it out.

Microsoft SPLA Program
http://www.microsoft.com/hosting

Microsoft Marketing Campaigns
http://www.readytogomicrosoft.com

Great Microsoft Volume Licensing Blog
http://www.microsoftlicensereview.com/

TechNet
http://blogs.technet.com/b/volume-licensing/

SPLA Reseller (I work for them with SAM) There is a free compliance check where the team will review your order and ensure you are licensing correctly and the most cost effective way. http://www.softwareone.com/en-us/Licensing/Microsoft-SPLA/Pages/default.aspx

SPLA Reseller Email – SPLA.us@softwareone.com

VMware Service Provider Program
http://www.vmware.com/partners/service-provider.html

Citrix CSP Program
http://www.citrix.com/partner-programs/service-provider.html

Citrix Marketing Tools
http://www.citrix.com/csptoolkit.com

Citrix/Microsoft DaaS Whitepapers, etc.
http://www.Citrix.com/Microsoft

Hope this helps

SPLA Man

 
1 Comment

Posted by on January 17, 2014 in Compliance, In My Opinion

 

Tags: , , , , , , , , ,

Audit!!!

If you haven’t received an audit inventation, consider yourself lucky.  Publishers are auditing everyone, from volume licensing to SPLA, audits are happening and it’s best you be prepared.

I am often asked “What steps are entailed in an audit and how much is this going to cost me?”  Both questions have undetermined variables tied to them.  I said this before, but you must look at your datacenter from an auditors perspective.  What would they want to see if I am audited?   Here’s my advice, (& take it for what it’s worth), but if I knew audits were happening, I would want to keep track of all users that have access to the software and ensure those that do not have access truly do not have access! As an example, I’m hosting SharePoint to 10 users and only 5 of those users have access to Enterprise features – therefore I only need to report 5 right?  Maybe- but what happens in some weird way they could possibly access the Enterprise features?  You would true up all licensing not reported and probably have an additional fee on top of it!Secondly, if I was using SQL, I would double check and see if VMs can migrate to different hosts.  Third, I would get a record of end user agreements and ensure software assurance is active for whatever products they are using under “license mobility.”  Last, and probably the most important – be careful of using a third party for audit support.  It may look like they helped – but in the end …did they? Email me a blaforge@splalicensing.com and I can explain.

Thanks,

SPLA Man

 
4 Comments

Posted by on January 10, 2014 in Compliance

 

Answers to your Top 5 SPLA Hosting Questions!

1. Is there an auditing tool available for SPLA in the marketplace?  Not at the moment, but reach out to me via twitter or LinkedIn and we can discuss further.  I have a few ideas up my sleeve 🙂

2. How do I lower my monthly reporting costs?  No easy answer with this one.  You need to really take an inventory/snapshot of your environment.  How many VMs are really running?  Can I eliminate server sprawl by virtualizing more heavily?  Am I reporting users when I should really be reporting processor or cores?  A lot of service providers report the same thing every month out of convenience.  Don’t do that!  Furthermore, if you are outside the United States, I have a few ideas for you as well.  Reach out to me via LinkedIn or Twitter @SPLA_Man

3. With volume licensing there is a 1-2 ratio, meaning 1 license covers two processors with Windows 2012.  Does the same hold true for SPLA?  No.  You must license all the processors on the machine.  Check out my blog post https://splalicensing.com/category/windows-virtualization/

4. How do I compete with Office 365?  You need to provide a service outside of the product itself.  Check out my blog https://splalicensing.com/category/office-365/

5. My application that we developed outputs data out of an Excel file.  Why on Earth would I need to license Excel?  Simple…because it uses Excel.

There’s a reason why Bill Gates is one of the richest men in the world.  You install it…you have to license it!

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on September 25, 2013 in Compliance, Office 365

 
 
%d bloggers like this: