RSS

Tag Archives: audit

Details of the Qualified Multitenant Addendum

There’s been a lot of talk as of late about the new QMTH addendum.  I’ve written a couple of articles on the topic here  In this article, we will summarize what is written in the addendum so there’s no surprises.  I listed some (not all) of terms and conditions to ensure you are up to speed on the latest developments.

  • CSP Membership – You (or affiliates) must be a Direct CSP partner.  This means you cannot leverage an Indirect CSP partner for this program.  In other words, if you receive CSP licensing from Ingram Micro or SherWeb (as an example) your partnership with those distributors/partner does not qualify for QMTH.  Your organization must be CSP Direct authorized, not your partner.
  • Must meet the system requirements – System Requirements can be found here
  • Have an active SPLA agreement.
  • Reporting Requirements – You will always need to report underlying licenses in SPLA.  Those underlying licenses could be any software to deploy a VDI solution – (Windows Server and RDS).   In addition, you must report (by the last calendar day of each month) the Windows 10/O365 licenses deployed.  This is manual, meaning you will send an email to the QMTH alias for submission.  Once automated reporting is available, you must enable Microsoft’s automated reporting tool.  Microsoft will use the tool to collect your customer’s organization ID and tenant ID as well as the total number of users accessing the software.
  • As the provider, you must report to your SPLA Reseller the program administrative fee.  If you are currently in the SCA program, you will be familiar with this SKU.
  • As the provider, you must make all education materials publicly available.  You cannot just sign up for CSP, the education material should be like what’s on the QMH website.
  • For each per user subscription to Windows 10 Enterprise, the end-user can only access up to four (4) instances of Windows 10 either on Azure or you, the QMTH hoster.  This is like the SCA program in which the end user has five (5) instances of Office Pro Plus, Windows 10 works the same way.

Listed above is a summary.  I encourage you to reach out to your Microsoft rep for additional information.  I am happy to review it further, it’s a new program with pluses and minuses.  Be sure to understand the minuses first 🙂

Thanks for reading,

SPLA Man

 

Advertisements
 
Leave a comment

Posted by on August 3, 2017 in Office 365

 

Tags: , , , , , , , , , , , , ,

Yikes…how to move from one cloud to the next.

The latest buzz word in this crazy IT world in which we live is not “Cloud” it’s “Hybrid Cloud”.   Even the definition of hybrid cloud has evolved throughout its short existence. Having a mix of on premise workloads and cloud workloads has transformed into having workloads spread throughout different cloud vendors as well.  “Cloud Sprawl” is born and guessing is here to stay.

In this article, we will review how the licensing works to move a customer’s workload from one cloud to another; customer’s owned licenses back to on premise; and customers on premise licenses back to your cloud.  As the title of this article states..Yikes!

Moving away from your cloud to another cloud

So, your sales rep “accidentally” promised the world to your customer that he/she could not deliver.  Unfortunately, they now want to move to another provider.  First thing to do is fire the sales rep.  Second thing to do is read your SPLA agreement.

When you sign a SPLA agreement (or any Microsoft agreement) your license keys are your license keys.   The data is not yours, but the keys are (at least while you have an active agreement – remember, SPLA is non-perpetual license). License keys are not to be transferred, resold, etc. over to another datacenter provider.   Where does it say that?

In section 6C, page 5, of the 2017 SPLA Indirect Agreement “Copying and distribution of Products and Software documentation” states: “customer may distribute original media or software contains products only to outsourcing company and affiliates.”  Another cloud provider is not your affiliate or outsourcing company, they are your competitor.  The section continues: “Customer may distribute original media or software containing client software and/or redistribution software to its end users.”

What that statement is saying is the service provider can provide the image to their client but not to another service provider.  If they do this, Microsoft requires the license keys to be removed first.  Remember, your keys are your keys, not theirs. As mentioned, the data is not yours either.  An end customer has the right to transfer their data from your datacenter to another provider.  You can also transfer the media to your customer, but not to another service provider as the statement suggests.

Over the years, the transfer of data, transferring images, and using outsourcing companies has made it difficult to track which media/keys belong to which company.  My recommendation is to have language in your agreement that is like the one in your SPLA to protect you.  Is this a gray area?  Absolutely.  My other recommendation is that no matter which keys belong to which organization – be sure to license the environment correctly; in the end, that’s the most important part.

Customer’s owned licenses back to on premise 

The same sales rep screwed up again.  They promised the customer that by moving to your cloud environment they would never be audited again.  Guess what?   They got audited.  Now they are upset and want to move back to on premise.  How does the licensing work?

In this situation, let’s assume the customer is moving workloads that have software assurance (SA) and are using license mobility. (even if they didn’t, same rules would apply.  I just like using license mobility because it’s more common).   Whenever an end customer transfers their own licenses (not SPLA) it’s important to read the Product Terms, not just the SPUR.  The Product Terms is for volume licensing, which applies to customer owned licenses.  The SPUR, as we all know is for SPLA.  Two different programs, two different use rights.

Page 84 (good Lord this is a massive document) of the 2017 Product Terms states “Customer (your end customer) may move its licensed software from shared servers (license mobility) back to its Licensed Servers or to another party’s shared servers, but not on a short-term basis (not within 90 days of the last assignment).

When you buy a license through volume licensing (VL), you assign that license to a server.  That’s one of the reasons you cannot mix SPLA and VL on the same server (different use rights).  When you assign that server to a different server farm (another datacenter provider) that server license cannot move within 90 days of assignment.  If your end customer gets upset and demands you transfer their licenses back to their premise, you can pull out this little blurb in the Product Terms.  I would recommend having language in your agreement that states the same.

You might be wondering – “isn’t the benefit of Software Assurance the ability to move workloads freely without worrying about the 90-day rule?”  That’s true and I’m glad you brought that up.  If it’s within the same server farm, workloads can move freely.  Pay attention to page 84 of the Product Terms as well as the definition of a server farm.

One of the best lines in the Product Terms happens to be on the same page (84).  “Customer (again, customer in this example is your end customer) agrees that it will be responsible for third-parties’ actions about software deployed and managed on its behalf” I would definitely include that statement with your customers.

Moving back to your cloud

You gave your sales rep an ultimatum, win the customer back or lose your job!  Your sales rep won the customer back.  Now your customer can move back to your cloud, but make sure you follow the license mobility use rights as mentioned above.  Remember the 90 day rule.  Once a customer assigns a license back to their premise, they have to wait 90 days to move it back.  Secondly, if they do not have SA, you must dedicate the entire infrastructure for your customer.  Dedicated means the hardware used to support the solution.

The moral of this story?  Make sure you have a good sales rep!  Secondly, read the SPUR, Product Terms, SPLALicensing.com, and have language written in your agreement to protect yourself.  Lots of talk about moving to the cloud, moving away from it is just as important.

Thanks for reading,

SPLA Man

 

 

 

 

 
Leave a comment

Posted by on August 3, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,

Steps to take to limit SPLA audit exposure

It’s the fourth quarter at Microsoft, this means audits are in full swing.  One of the easiest ways to collect large upfront payments are through SPLA audits.  Knowing this, what steps can you take to limit your audit exposure?

  1. Inventory – Although you submit a SPLA usage report each month, licenses are missed inadvertently.  When collecting inventory of what you should and should not report, be sure to include customer owned licenses.  If ANY customers are bringing licenses into your datacenter, they must have software assurance if it’s a shared environment.  Secondly, make sure to take a hard look at SQL.  To no one’s surprise, SQL is very expensive.  If you miss license SQL, it can add up really quickly.
  2. Agreements – Which MBSA agreement did you sign?  Don’t know what a MBSA agreement is?  Please ask your reseller for a copy.  Every SPLA customer has a signed Master Agreement.  This is the umbrella that ties all your Microsoft agreements together including SPLA.  There’s specific language in the agreement that goes over audits and the timeframe in which they are able to audit historically. Look closely at your agreements with your customer.  Did you mention they are responsible for licenses they bring into your datacenter?  Did you send them a license verification form for license mobility?  Do you have language that states they are responsible for anything under their Microsoft agreement but you are only responsible for yours?  Do you make the end user license terms (part of your signed SPLA) available to all customers?  Don’t know what an end user license terms agreement is?  Ask your reseller.
  3. Check AD closely.  Do you have administrative accounts that you are reporting?  What about test accounts?  Read your Microsoft SPLA agreement around testing, developing, and administrative access.
  4. Label server names appropriately – Label if a server is “passive” and label a server if it’s “development”.  This can save you time with the auditors.
  5. Check server install dates – If a server was active June, 2013 but nothing was reported on that server until June, 2015; Microsoft is going to ask A) what that server is doing and B) Why haven’t you reported it.  If it’s doing nothing, than shut it down before the audit.
  6. Check SAL licenses –  Do all users who potentially HAVE access are being reported?
  7. Check Office licenses – Do all users need access to Office Pro Plus?  Can they get away with Standard?  Did your engineers inadvertently publish Visio to every user when it only needs to go to a handful of end users?
  8. Double check server versions – Did your engineers accidentally install SQL Enterprise when it should be Standard?
  9. Are you taking advantage of all the use rights available?  As a SPLA, are you aware you can provide demonstrations to your customers at no charge?  Are you aware of the admin rights?  Are you aware you can run 50% of what you are hosting externally – internally?  (must actually report it all under SPLA – they are not free).
  10. Virtualization rights – Are you reporting SQL Enterprise to run unlimited VM’s? Are you running Windows Datacenter?  Remember, you do not license the individual VMs for Windows Server.  (You count physical cores which allows 1 VM for Standard or unlimited for Datacenter).
  11. MSDN, VDI, and other restrictions – No, you cannot host VDI and MSDN in a shared environment.  If you are, dedicate the servers immediately.  If you are hosting from the same hardware you are running internally, this also must be separated.
  12. Hiring Experts – Are they really experts or just advertise as such?

Hope this helps.  Any questions email info@splalicensing.com

Thanks for reading,

SPLA Man

 

 
Leave a comment

Posted by on April 25, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , ,

IaaS Gotchas…

In this post I will highlight new (and not so new) compliance gotchas as it pertains to providing infrastructure as a service.

Let’s start with a common example and go from there.  You provide the infrastructure such as Windows/SQL, your customer provides the applications.  Sound familiar?  You license Windows Datacenter, SQL Enterprise in a shared (aka public cloud) environment under SPLA. You have no idea or really care what applications your customer’s are installing right?  You just provide the support of the infrastructure.  That’s not your concern.  It’s their application, why should you care?  Ahhh…but maybe you should.

Have you ever wondered how they’re accessing the applications?  Are all applications web-based?  I will answer that question for you…no.  So how are they accessing the applications?  Do they use Citrix?  Do they remote into the application somehow?  There’s that word…remote.

If you enable the Remote Desktop Services role within Windows Server – you guessed it…you need to report RDS licenses.  The number of IaaS providers who just report Windows and SQL is astronomical. The number of IaaS providers now reporting RDS is also rapidly growing.  Did they wake up one day and decide they should start reporting RDS?  Unfortunately no.  They were audited.  Shoot me over an email and I will forward the guide that explains RDS and when it applies. Remember when you license RDS, you need to license each user that HAS access to RDS – not who does access.

Let me provide an example of how easily you could be underreporting RDS.   Let’s say your customer has an application from another vendor (outside Microsoft) that’s hosted in your datacenter.  That same vendor provides support to the application.  You are not hosting the application for the vendor but for your customer, you just provide the vendor access to support the application via remote connection.  SPLA allows 20 users to provide support and administration per datacenter.  If you exceed that limit, you are going to have to report those additional users.  Yes, even if you are not charging them.

Other IaaS Gotchas –

While we’re on the topic of customer owned applications, do you have it written in your agreement with the customer that you are not responsible for the applications they install?  What would happen if they install applications that you are not aware of and they don’t have the appropriate licenses…who’s responsible you or the end customer?  Kind of a trick question, it’s both.  You will get audited, it’s installed in your datacenter, you are ultimately responsible.  You need to ensure you have it written in your agreement that you’re not responsible so you can have a nice chat with your customer.  All the big boys do it…you should too.

What about SQL?  Are you virtualizing?  Why aren’t you reporting SQL Enterprise?  Are you utilizing all the use rights that come with SQL Enterprise – unlimited virtualization, DR, mobility within server farms, etc?  What about smaller environments?  Have you considered licensing by user instead of by core for SQL Standard edition?

SQL Web is tempting isn’t it?  Less expensive option but no one really understands what it is.   Here’s a quick synopsis – if you do not host public facing websites, SQL Web is not an option.

How are you managing your datacenter? Do you have System Center installed?  You should report the Core Infrastructure Suite.  Running Hyper V with few VM’s, license CPS. Both products include Windows.  You need Windows to run System Center, so you kill two birds with one stone so to speak.

Ask your customers if they have Software Assurance.  It’s no longer about latest version rights and annual payments.  It’s about moving to the cloud.  Let’s make sure it’s your cloud and not someone else’s.

Conclusion –

I’ve been around this game of SPLA for a long time.  The best advice I can give is to listen to your customers and don’t be afraid to change.  Cloud is evolving, you should evolve too.  Don’t report out of convenience, look into ways you can optimize what you are reporting.  It’s competitive out there, let’s make sure you are getting the most value out of your agreement.

Thanks for reading,

SPLA Man

 

 

 
11 Comments

Posted by on January 31, 2015 in IaaS

 

Tags: , , , , , , , , , , , , , , , , , ,

Do you have SA? Why this question really matters.

Brett’s Hosting’s sales director is consistently looking on the web to see what competition is advertising.  It drives him nuts to see other “hoster’s” advertise SharePoint for less than what he can get directly from his reseller.  He’s upset..big time.   How can this be?  Then he stumbles upon the Microsoft Office 365 website.  He blew a gasket.  “There is no way I can compete!  I am going to go out of business!”

So the sales director decided to get creative.  “I will forgo SPLA and just have my customers purchase SharePoint.  They bring it into my datacenter, I won’t report SPLA anymore.”  So that’s what he did.  He started selling SharePoint by the truckload.  Their reseller kept placing orders for him as they’d joyfully ask  “how many CAL’s do you need?” and they would order it; never once asking what it was for.

Brett’s Hosting did a tremendous job marketing their SharePoint offering.  “No SharePoint…No Problem!” It was marvelous.  The CEO of Brett’s Hosting vociferously announced at the World Partner Conference “We are hosting over 10,000 SharePoint sites!”  The celebration continued.  Then one foggy October morning, the office manager for Brett’s Hosting received a letter from Microsoft.  She excitedly opened it thinking they were being promoted as ‘SharePoint Partner of the Year’ but was severely disappointed.  It was an audit letter.  The story turns.

Brett’s Hosting CEO reviewed the letter and then called in their sales director (now sales VP).  The CEO threatened him with his job unless he fixed this mess.  The sales director/VP was at a loss.  “Where did I go wrong.”

To be continued….

Where do you think he went wrong?  Have you ever been given wrong licensing advice?  You don’t need to answer that, I already know.

Hosting industry has changed.  Competition has changed.  End users have changed.  In my experience, the conversation has changed from “how do I license Windows” to “what are ways I can optimize my licensing spend?”  I’ve written about license mobility; I also reviewed SAL for SA.  Those two programs have a common theme – Software Assurance (SA).  In the above fictitious story, the sales person should’ve asked his customer “do you have SA on these licenses”  That question is important because if they do not have SA, the entire environment (hardware/VM) must be dedicated.

I can’t stress this enough.  The hosting game is getting brutal.  Every service provider is looking for a way to cut/reduce costs.  Getting in compliance hot water is not a good way to do that.  If the customer does not have SA, you can certainly use SPLA in its place.  If you go this route, be sure to make it a bundled solution.  Telling customers they must pay for something they already own is not an easy conversation.

The customer can also purchase SA.  You just have to be ready to clearly explain their options. That’s why it’s important to work with a reseller that understand SA benefits to help educate and coach you through the process; not all products are eligible.  Be prepared.

Story continued…

The sales vp went back to his customers and asked them to purchase Software Assurance.  When the customer asked “why?” all the sales vp could say is “because Microsoft told me you needed it.” (he clearly couldn’t explain why…it only made the customer more upset).  The customer simultaneously yelled and slammed the door –  “I’m going to Joe’s Hosting! They advertise VDI too!”

The sales vp went back to his CEO and was forced to resign.  The customer went to Joe’s Hosting and was very happy for over a year. When out of the blue he received a call from his sale rep from Joe’s Hosting.  The sales rep frantically told him they could no longer offer VDI; it apparently is not available under SPLA.  The sales rep also asked him to buy SA for his SharePoint…”Microsoft told me you needed it!” The customer loses again!

Moral of the story – read the SPUR, read the PUR, and don’t be afraid to ask “Do you want SA with that?”

Thanks for reading

SPLA Man

 

 

 

Tags: , , ,

SPLA Audit start to finish

Your business is doing great, your sellers and customers are happy, you are making money instead of spending money, when out of the blue….BAM…you receive an audit letter.  Sound familiar?

So what do you do?  Your first reaction is panic.  Your second reaction is to call a lawyer.  Your third reaction is to blame your reseller.  I think that about sums it up.  If you disagree, I’m not 100% sure you are being truthful with yourself.  If you do agree, I also think you are making a HUGE mistake.  Sounds a little odd doesn’t it?

First thing you need to understand is it’s not your fault.  It’s not as if you are purposely trying to be out of compliant.  Microsoft knows this as well.  SPLA is a difficult program and very hard to understand. As I pointed out in the “About” section of this blog, there is little information written about the SPLA program leaving service providers vulnerable.  The SPUR?  Forget about it. That’s why I created this blog in the first place.

I think that is why SPLA customers call a lawyer to help guide them.  This may help you sleep at night, but is it REALLY helping?  I will let you determine that after the dust settles.

What does happen during an audit? I don’t care if this is the first step or fourth step but at some point you will have to collect data.  Data that PROVES the reason you reported the way you did.  One of the biggest mistakes a SPLA provider can make is not reporting indirect access.  Again, not your fault.  Who has any idea of what “indirect” really means?  Think of indirect as Microsoft software that is used to run your other applications that you market to your customers.  You have an application that you developed that reports back to SQL using Excel.  Users have no idea they are using SQL, all they know is the application they use.  But since SQL is part of your hosted solution…it must be reported.  Make sense?  That’s also why Windows will always need to be reported.  Try running Exchange without a Windows OS.  Not going to happen.

Data can also mean the licenses that your customers own that they bring over to your environment.  How do you know who owns what?  Are there enough CAL’s?  One of the arguments service providers make is they can go after their customers if being audited.  There’s an easy conversation right?  Remember, you want to keep customers not lose them.

Some service providers have learned that their end customers install software on VM’s without informing them.  How do you know what is actually being installed?  So take a look at your datacenter; are your customers installing software you don’t know about?  Collecting this information after the fact is a difficult process.  This leaves auditors with no choice but to make a best guess.  Best guesses can cost you significantly.

So after all this data is analyzed by the audit team, it is then delivered to Microsoft.  That’s when you present your case.  They will take things into consideration, but understand that if you are missing information, it makes your argument that much more difficult.  Don’t blame your reseller, that doesn’t work.  Don’t rely on a lawyer, that doesn’t always work either.  Educate yourself.  That’s the best advice I can provide.  Just by taking the time to read this I think you are on the right path.

Happy to walk you through the process in greater detail.  I am one of the few that actually gets it. My email is at the top righthand side of this page.

Thanks,

SPLA Man

 

 
Leave a comment

Posted by on September 18, 2014 in Compliance

 

Tags: , , , , , , , ,

200 Level SPLA Licensing Questions – Answered

Starting a new series on this blog “top licensing questions” Here’s a list of some often unanswered questions…answered!  In many instances it’s tough to go into great detail or specific customer scenarios via a blog.  Please email me at blaforge@splalicensing.com for specific scenarios.  Keep in mind, blogging is my hobby and I am relaying information from experience.  You should refer to the SPUR for specific/audit questions. (It’s a great read).  Microsoft has the final say. I am interested in feedback and/or ideas for new posts; let me have it!

1. Does a service provider need to report an extra Exchange SAL for non-authorized users, such as a conference room?

A mailbox that represents a room is defined as a resource mailbox and does not require a SAL.

2.  Can I use the same server I use internally to host software via SPLA?

No. Regardless of the licensing program, the license is always assigned to the hardware/VM.  If you choose to assign two licenses from two different programs to one hardware, some of the use rights will contradict each other.  SPLA is designed for external consumption whereas internal licensing is designed for your own employees.  Good news – SPLA allows 50% of what you are hosting externally to be used internally.  Let’s say you host 50 exchange licenses, you can use up to 25 internally.  These are not free, just reported under your SPLA. (Instead of reporting just 50 licenses, you would report 75).  Check SPUR for more details.

3.  Can I install Office on a device without reporting Windows desktop?

No.  This would fall under the managed PC use case.  There is an addendum that would allow you to rent out a desktop to third parties; to do this via SPLA, there is a “managed PC” addendum.  This would require you to license the desktop OS via an OEM license and report Windows 7/8 via SPLA (as well as Office if Office is installed).  Ugh.  Only other option would be to report Exchange “plus” Skus which includes Outlook.  (no other Office components) or install Office on a server and report Windows, RDS, and Office. (RDS & Office by user- Windows by processor)

4.  What are the rules of licensing additional users under License Mobility for Software Assurance? Can a service provider license additional users with SALs?

No. In License Mobility for SA scenario, the end customer has to maintain CALs in their perpetual licensing program to access the application servers. It is not possible to license additional users with SALs, because that would mean mixing/matching licensing for one Product.  Keep in mind that under license mobility – end customer’s are in essence transferring those licenses into your data center.  They can only transfer back after 90 days. To quote the mobility brief (download a copy here ) You may move your licensed software from a third party’s shared servers back to your servers or to another third party’s shared servers, but not within 90 days of the last assignment. Check mobility addendum.

6. What happens if my customer claims to have SA on these licenses but in actuality…they don’t.  Am I on the hook?

Yes. You are responsible for your own hosted offering.  I would ensure you have documentation of all customer owned licenses AND make sure this is part of your agreement with your customer.  You may get audited, but that does not stop you from auditing your customer.

7. Where do I report my SPLA licenses?

Contact the SoftwareONE SPLA team 1-800-444-9890 or SPLA.US@softwareone.com

Stay tuned for more questions but more importantly – answers to these questions!

Thanks for reading,

SPLA Man

 
5 Comments

Posted by on May 14, 2014 in Uncategorized

 

Tags: , , , , , ,

 
%d bloggers like this: