RSS

Tag Archives: audit

Steps to take to limit SPLA audit exposure

It’s the fourth quarter at Microsoft, this means audits are in full swing.  One of the easiest ways to collect large upfront payments are through SPLA audits.  Knowing this, what steps can you take to limit your audit exposure?

  1. Inventory – Although you submit a SPLA usage report each month, licenses are missed inadvertently.  When collecting inventory of what you should and should not report, be sure to include customer owned licenses.  If ANY customers are bringing licenses into your datacenter, they must have software assurance if it’s a shared environment.  Secondly, make sure to take a hard look at SQL.  To no one’s surprise, SQL is very expensive.  If you miss license SQL, it can add up really quickly.
  2. Agreements – Which MBSA agreement did you sign?  Don’t know what a MBSA agreement is?  Please ask your reseller for a copy.  Every SPLA customer has a signed Master Agreement.  This is the umbrella that ties all your Microsoft agreements together including SPLA.  There’s specific language in the agreement that goes over audits and the timeframe in which they are able to audit historically. Look closely at your agreements with your customer.  Did you mention they are responsible for licenses they bring into your datacenter?  Did you send them a license verification form for license mobility?  Do you have language that states they are responsible for anything under their Microsoft agreement but you are only responsible for yours?  Do you make the end user license terms (part of your signed SPLA) available to all customers?  Don’t know what an end user license terms agreement is?  Ask your reseller.
  3. Check AD closely.  Do you have administrative accounts that you are reporting?  What about test accounts?  Read your Microsoft SPLA agreement around testing, developing, and administrative access.
  4. Label server names appropriately – Label if a server is “passive” and label a server if it’s “development”.  This can save you time with the auditors.
  5. Check server install dates – If a server was active June, 2013 but nothing was reported on that server until June, 2015; Microsoft is going to ask A) what that server is doing and B) Why haven’t you reported it.  If it’s doing nothing, than shut it down before the audit.
  6. Check SAL licenses –  Do all users who potentially HAVE access are being reported?
  7. Check Office licenses – Do all users need access to Office Pro Plus?  Can they get away with Standard?  Did your engineers inadvertently publish Visio to every user when it only needs to go to a handful of end users?
  8. Double check server versions – Did your engineers accidentally install SQL Enterprise when it should be Standard?
  9. Are you taking advantage of all the use rights available?  As a SPLA, are you aware you can provide demonstrations to your customers at no charge?  Are you aware of the admin rights?  Are you aware you can run 50% of what you are hosting externally – internally?  (must actually report it all under SPLA – they are not free).
  10. Virtualization rights – Are you reporting SQL Enterprise to run unlimited VM’s? Are you running Windows Datacenter?  Remember, you do not license the individual VMs for Windows Server.  (You count physical cores which allows 1 VM for Standard or unlimited for Datacenter).
  11. MSDN, VDI, and other restrictions – No, you cannot host VDI and MSDN in a shared environment.  If you are, dedicate the servers immediately.  If you are hosting from the same hardware you are running internally, this also must be separated.
  12. Hiring Experts – Are they really experts or just advertise as such?

Hope this helps.  Any questions email info@splalicensing.com

Thanks for reading,

SPLA Man

 

 
Leave a comment

Posted by on April 25, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , ,

IaaS Gotchas…

In this post I will highlight new (and not so new) compliance gotchas as it pertains to providing infrastructure as a service.

Let’s start with a common example and go from there.  You provide the infrastructure such as Windows/SQL, your customer provides the applications.  Sound familiar?  You license Windows Datacenter, SQL Enterprise in a shared (aka public cloud) environment under SPLA. You have no idea or really care what applications your customer’s are installing right?  You just provide the support of the infrastructure.  That’s not your concern.  It’s their application, why should you care?  Ahhh…but maybe you should.

Have you ever wondered how they’re accessing the applications?  Are all applications web-based?  I will answer that question for you…no.  So how are they accessing the applications?  Do they use Citrix?  Do they remote into the application somehow?  There’s that word…remote.

If you enable the Remote Desktop Services role within Windows Server – you guessed it…you need to report RDS licenses.  The number of IaaS providers who just report Windows and SQL is astronomical. The number of IaaS providers now reporting RDS is also rapidly growing.  Did they wake up one day and decide they should start reporting RDS?  Unfortunately no.  They were audited.  Shoot me over an email and I will forward the guide that explains RDS and when it applies. Remember when you license RDS, you need to license each user that HAS access to RDS – not who does access.

Let me provide an example of how easily you could be underreporting RDS.   Let’s say your customer has an application from another vendor (outside Microsoft) that’s hosted in your datacenter.  That same vendor provides support to the application.  You are not hosting the application for the vendor but for your customer, you just provide the vendor access to support the application via remote connection.  SPLA allows 20 users to provide support and administration per datacenter.  If you exceed that limit, you are going to have to report those additional users.  Yes, even if you are not charging them.

Other IaaS Gotchas –

While we’re on the topic of customer owned applications, do you have it written in your agreement with the customer that you are not responsible for the applications they install?  What would happen if they install applications that you are not aware of and they don’t have the appropriate licenses…who’s responsible you or the end customer?  Kind of a trick question, it’s both.  You will get audited, it’s installed in your datacenter, you are ultimately responsible.  You need to ensure you have it written in your agreement that you’re not responsible so you can have a nice chat with your customer.  All the big boys do it…you should too.

What about SQL?  Are you virtualizing?  Why aren’t you reporting SQL Enterprise?  Are you utilizing all the use rights that come with SQL Enterprise – unlimited virtualization, DR, mobility within server farms, etc?  What about smaller environments?  Have you considered licensing by user instead of by core for SQL Standard edition?

SQL Web is tempting isn’t it?  Less expensive option but no one really understands what it is.   Here’s a quick synopsis – if you do not host public facing websites, SQL Web is not an option.

How are you managing your datacenter? Do you have System Center installed?  You should report the Core Infrastructure Suite.  Running Hyper V with few VM’s, license CPS. Both products include Windows.  You need Windows to run System Center, so you kill two birds with one stone so to speak.

Ask your customers if they have Software Assurance.  It’s no longer about latest version rights and annual payments.  It’s about moving to the cloud.  Let’s make sure it’s your cloud and not someone else’s.

Conclusion –

I’ve been around this game of SPLA for a long time.  The best advice I can give is to listen to your customers and don’t be afraid to change.  Cloud is evolving, you should evolve too.  Don’t report out of convenience, look into ways you can optimize what you are reporting.  It’s competitive out there, let’s make sure you are getting the most value out of your agreement.

Thanks for reading,

SPLA Man

 

 

 
11 Comments

Posted by on January 31, 2015 in IaaS

 

Tags: , , , , , , , , , , , , , , , , , ,

Do you have SA? Why this question really matters.

Brett’s Hosting’s sales director is consistently looking on the web to see what competition is advertising.  It drives him nuts to see other “hoster’s” advertise SharePoint for less than what he can get directly from his reseller.  He’s upset..big time.   How can this be?  Then he stumbles upon the Microsoft Office 365 website.  He blew a gasket.  “There is no way I can compete!  I am going to go out of business!”

So the sales director decided to get creative.  “I will forgo SPLA and just have my customers purchase SharePoint.  They bring it into my datacenter, I won’t report SPLA anymore.”  So that’s what he did.  He started selling SharePoint by the truckload.  Their reseller kept placing orders for him as they’d joyfully ask  “how many CAL’s do you need?” and they would order it; never once asking what it was for.

Brett’s Hosting did a tremendous job marketing their SharePoint offering.  “No SharePoint…No Problem!” It was marvelous.  The CEO of Brett’s Hosting vociferously announced at the World Partner Conference “We are hosting over 10,000 SharePoint sites!”  The celebration continued.  Then one foggy October morning, the office manager for Brett’s Hosting received a letter from Microsoft.  She excitedly opened it thinking they were being promoted as ‘SharePoint Partner of the Year’ but was severely disappointed.  It was an audit letter.  The story turns.

Brett’s Hosting CEO reviewed the letter and then called in their sales director (now sales VP).  The CEO threatened him with his job unless he fixed this mess.  The sales director/VP was at a loss.  “Where did I go wrong.”

To be continued….

Where do you think he went wrong?  Have you ever been given wrong licensing advice?  You don’t need to answer that, I already know.

Hosting industry has changed.  Competition has changed.  End users have changed.  In my experience, the conversation has changed from “how do I license Windows” to “what are ways I can optimize my licensing spend?”  I’ve written about license mobility; I also reviewed SAL for SA.  Those two programs have a common theme – Software Assurance (SA).  In the above fictitious story, the sales person should’ve asked his customer “do you have SA on these licenses”  That question is important because if they do not have SA, the entire environment (hardware/VM) must be dedicated.

I can’t stress this enough.  The hosting game is getting brutal.  Every service provider is looking for a way to cut/reduce costs.  Getting in compliance hot water is not a good way to do that.  If the customer does not have SA, you can certainly use SPLA in its place.  If you go this route, be sure to make it a bundled solution.  Telling customers they must pay for something they already own is not an easy conversation.

The customer can also purchase SA.  You just have to be ready to clearly explain their options. That’s why it’s important to work with a reseller that understand SA benefits to help educate and coach you through the process; not all products are eligible.  Be prepared.

Story continued…

The sales vp went back to his customers and asked them to purchase Software Assurance.  When the customer asked “why?” all the sales vp could say is “because Microsoft told me you needed it.” (he clearly couldn’t explain why…it only made the customer more upset).  The customer simultaneously yelled and slammed the door –  “I’m going to Joe’s Hosting! They advertise VDI too!”

The sales vp went back to his CEO and was forced to resign.  The customer went to Joe’s Hosting and was very happy for over a year. When out of the blue he received a call from his sale rep from Joe’s Hosting.  The sales rep frantically told him they could no longer offer VDI; it apparently is not available under SPLA.  The sales rep also asked him to buy SA for his SharePoint…”Microsoft told me you needed it!” The customer loses again!

Moral of the story – read the SPUR, read the PUR, and don’t be afraid to ask “Do you want SA with that?”

Thanks for reading

SPLA Man

 

 

 

Tags: , , ,

SPLA Audit start to finish

Your business is doing great, your sellers and customers are happy, you are making money instead of spending money, when out of the blue….BAM…you receive an audit letter.  Sound familiar?

So what do you do?  Your first reaction is panic.  Your second reaction is to call a lawyer.  Your third reaction is to blame your reseller.  I think that about sums it up.  If you disagree, I’m not 100% sure you are being truthful with yourself.  If you do agree, I also think you are making a HUGE mistake.  Sounds a little odd doesn’t it?

First thing you need to understand is it’s not your fault.  It’s not as if you are purposely trying to be out of compliant.  Microsoft knows this as well.  SPLA is a difficult program and very hard to understand. As I pointed out in the “About” section of this blog, there is little information written about the SPLA program leaving service providers vulnerable.  The SPUR?  Forget about it. That’s why I created this blog in the first place.

I think that is why SPLA customers call a lawyer to help guide them.  This may help you sleep at night, but is it REALLY helping?  I will let you determine that after the dust settles.

What does happen during an audit? I don’t care if this is the first step or fourth step but at some point you will have to collect data.  Data that PROVES the reason you reported the way you did.  One of the biggest mistakes a SPLA provider can make is not reporting indirect access.  Again, not your fault.  Who has any idea of what “indirect” really means?  Think of indirect as Microsoft software that is used to run your other applications that you market to your customers.  You have an application that you developed that reports back to SQL using Excel.  Users have no idea they are using SQL, all they know is the application they use.  But since SQL is part of your hosted solution…it must be reported.  Make sense?  That’s also why Windows will always need to be reported.  Try running Exchange without a Windows OS.  Not going to happen.

Data can also mean the licenses that your customers own that they bring over to your environment.  How do you know who owns what?  Are there enough CAL’s?  One of the arguments service providers make is they can go after their customers if being audited.  There’s an easy conversation right?  Remember, you want to keep customers not lose them.

Some service providers have learned that their end customers install software on VM’s without informing them.  How do you know what is actually being installed?  So take a look at your datacenter; are your customers installing software you don’t know about?  Collecting this information after the fact is a difficult process.  This leaves auditors with no choice but to make a best guess.  Best guesses can cost you significantly.

So after all this data is analyzed by the audit team, it is then delivered to Microsoft.  That’s when you present your case.  They will take things into consideration, but understand that if you are missing information, it makes your argument that much more difficult.  Don’t blame your reseller, that doesn’t work.  Don’t rely on a lawyer, that doesn’t always work either.  Educate yourself.  That’s the best advice I can provide.  Just by taking the time to read this I think you are on the right path.

Happy to walk you through the process in greater detail.  I am one of the few that actually gets it. My email is at the top righthand side of this page.

Thanks,

SPLA Man

 

 
Leave a comment

Posted by on September 18, 2014 in Compliance

 

Tags: , , , , , , , ,

200 Level SPLA Licensing Questions – Answered

Starting a new series on this blog “top licensing questions” Here’s a list of some often unanswered questions…answered!  In many instances it’s tough to go into great detail or specific customer scenarios via a blog.  Please email me at blaforge@splalicensing.com for specific scenarios.  Keep in mind, blogging is my hobby and I am relaying information from experience.  You should refer to the SPUR for specific/audit questions. (It’s a great read).  Microsoft has the final say. I am interested in feedback and/or ideas for new posts; let me have it!

1. Does a service provider need to report an extra Exchange SAL for non-authorized users, such as a conference room?

A mailbox that represents a room is defined as a resource mailbox and does not require a SAL.

2.  Can I use the same server I use internally to host software via SPLA?

No. Regardless of the licensing program, the license is always assigned to the hardware/VM.  If you choose to assign two licenses from two different programs to one hardware, some of the use rights will contradict each other.  SPLA is designed for external consumption whereas internal licensing is designed for your own employees.  Good news – SPLA allows 50% of what you are hosting externally to be used internally.  Let’s say you host 50 exchange licenses, you can use up to 25 internally.  These are not free, just reported under your SPLA. (Instead of reporting just 50 licenses, you would report 75).  Check SPUR for more details.

3.  Can I install Office on a device without reporting Windows desktop?

No.  This would fall under the managed PC use case.  There is an addendum that would allow you to rent out a desktop to third parties; to do this via SPLA, there is a “managed PC” addendum.  This would require you to license the desktop OS via an OEM license and report Windows 7/8 via SPLA (as well as Office if Office is installed).  Ugh.  Only other option would be to report Exchange “plus” Skus which includes Outlook.  (no other Office components) or install Office on a server and report Windows, RDS, and Office. (RDS & Office by user- Windows by processor)

4.  What are the rules of licensing additional users under License Mobility for Software Assurance? Can a service provider license additional users with SALs?

No. In License Mobility for SA scenario, the end customer has to maintain CALs in their perpetual licensing program to access the application servers. It is not possible to license additional users with SALs, because that would mean mixing/matching licensing for one Product.  Keep in mind that under license mobility – end customer’s are in essence transferring those licenses into your data center.  They can only transfer back after 90 days. To quote the mobility brief (download a copy here ) You may move your licensed software from a third party’s shared servers back to your servers or to another third party’s shared servers, but not within 90 days of the last assignment. Check mobility addendum.

6. What happens if my customer claims to have SA on these licenses but in actuality…they don’t.  Am I on the hook?

Yes. You are responsible for your own hosted offering.  I would ensure you have documentation of all customer owned licenses AND make sure this is part of your agreement with your customer.  You may get audited, but that does not stop you from auditing your customer.

7. Where do I report my SPLA licenses?

Contact the SoftwareONE SPLA team 1-800-444-9890 or SPLA.US@softwareone.com

Stay tuned for more questions but more importantly – answers to these questions!

Thanks for reading,

SPLA Man

 
5 Comments

Posted by on May 14, 2014 in Uncategorized

 

Tags: , , , , , ,

RDS Licensing Explained

Remote Desktop Services (RDS) is the number one underreported SKU found in a compliance audit. It’s not deliberate, just misunderstood or simply bad licensing advice.

RDS is licensed by user (SAL) for SPLA customers. This means every user that HAS access would need a license. Let me provide an example. In the month of July you have a total of 150 users but only 100 of them actually logged in/used the software, so you report 100 users the first week of August. Makes sense, SPLA is pay as you go, month-month licensing. The problem is the other 50 users not reported. Since technically they have access (even though they didn’t use it) they would need to be reported. In the above example, you would be required to report 150 users.  Imagine for a moment you went several years of reporting those that use the software instead of those that have access. Microsoft would more than likely require you to true up all underreported licenses! In a competitive market such as cloud computing, this could be detrimental to your business.

Make sure all applications that are installed using RDS is the same quantity reported.  Office is a good example.  One way they (Microsoft) checks compliance is verifying if service providers that report Office have the same amount of RDS licenses.  In other words, if you report 10 Office licenses, you should report 10 RDS licenses.  (don’t forget Windows server as well).  Only exception would be if you install Office on a PC that you own, report Windows OS, and Office.  Office in this example would be installed locally.

If you are new to the SPLA program and looking at RDS, remember to license all users that have access. Secondly, to install RDS, insert your SPLA agreement number in the licensing wizard, not a license key. To find your enrollment number, check out the acceptance notification email you would have received when you signed up. Your reseller also has this information.

Hope this helps, just my opinion

SPLA Man

 
8 Comments

Posted by on July 7, 2013 in RDS

 

Tags: , , , , ,

What’s Your Licensing Strategy?

I love the question “What’s your cloud strategy?” It’s the new ice breaker for salespeople around the globe. My thoughts? Why bother asking customers about their cloud strategy if it does not include licensing?  The BIGGEST mistake service providers (SPLA’s) make is selling a solution first and worrying about the licensing impact later. They build data centers, talk about virtualizing, even talk about the savings of cap ex vs. op ex, but never talk about the licensing until someone brings it up or they get audited. Just because the technology enables something, does not mean you can license that way.

VDI is a prime example of this. “You can host virtual desktops as a service right? Install the desktop OS on a server and stream it? Why not? The concept has been around for years. I ‘Googled’ VDI as a service and several companies are doing this…it must be right…right?” Wrong! Yes, technically speaking you can host virtual desktops using Windows 7/8. Licensing gurus and the product user rights and the audit team will disagree with you. Unfortunately there’s no way to do this under SPLA. Next question that comes up is “why?” Wish I knew the answer, perhaps Microsoft is looking out after the OEM manufactures, but then again they launched Surface.

Microsoft is auditing everyone. There are few guarantees in life, but one guarantee is not everyone under the SPLA program is licensing correctly. Just a word of advice, know the licensing before implementing a solution.

Thanks for reading,

SPLA Man

 
 

Tags: , , , , ,

 
%d bloggers like this: