Tag Archives: audit
To use a tool or not?
Ahh, SPLA reporting. We’ve heard the line, the only sure thing in life is
death and taxes. The only thing certain for a service provider is that
Microsoft will change the licensing rules (frequently) and SPLA reporting.
There’s not much we can do about Microsoft changing the licensing rules, but
alas, there is something you can do about SPLA reporting.
I’ve written this on several occasions, but it’s worth repeating. The
biggest mistake a service provider will make is believing that SPLA reporting
is a requirement by Microsoft. Yes, it is a requirement by Microsoft, but that
is not the only reason you should track licensing. Let me provide an example,
HostingRUs has one man managing their SPLA reporting. He runs a “foolproof”
script that will identify everything in their environment. He reports all the
licenses installed and looks at invoices to know the number of users to report.
He submits it to his reseller.
There is nothing wrong with that strategy except for one thing – nowhere in
the reporting process is anyone tracking licensing rules, updates,
optimization, and, more importantly, billing. So in the above example, yes,
HostingRUs is reporting licenses to Microsoft, but they should consider so many
other areas.
Here’s another example. A member of my site (Mscloudlicensing.com) wrote me,
saying, “Microsoft is really Sh*tting on me.” He has an application
that requires Office Excel; his customer already owns Office 365. He wants to
use the O365 license that his customer already purchased to be installed in his datacenter.
Obviously, that is not possible without the QMTH addendum. That’s when he got a
bit crabby and threatened an anti-trust lawsuit with Microsoft. (Good luck, my
friend, but my money is on the company with a trillion dollars in the bank).
What the service provider failed to do in this example is look at his
datacenter environment from a perspective of what he can do, not what he can’t.
He didn’t know he could offer just Excel (instead of the entire suite). He also
didn’t consider using open office. He also had very little knowledge of who
accesses the application indirectly.
If you believe Microsoft changes the rules A LOT and SPLA reporting are
cumbersome; then maybe a tool is worth it.
I recommended Octopus Cloud to the service provider in my example
above. Many service providers use Octopus to keep track of SPLA reporting, but
more are using it as a business intelligence tool to understand what is happening
inside their datacenter. Octopus helped him know what is installed versus what
is reported (a big miss for him was reporting Office Standard, but Office Pro
was installed – not only was he underreporting, but in reality, he just needed
Excel in the first place, a third of the cost of Office Standard!) Can you
imagine if he was audited? His customers just required Excel, but he was on the
hook for Office Pro just because his engineer thought it was convenient when he
installed it!
So when I asked (in the title) should you use an SPLA tool or not? I would
argue you can’t afford not to. If you report 1,000 dollars a month or 100,000
dollars a month, don’t you want to make sure you got it right?
Thanks for reading,
SPLA Man
Details of the Qualified Multitenant Addendum
There’s been a lot of talk as of late about the new QMTH addendum. I’ve written a couple of articles on the topic here In this article, we will summarize what is written in the addendum so there’s no surprises. I listed some (not all) of terms and conditions to ensure you are up to speed on the latest developments.
- CSP Membership – You (or affiliates) must be a Direct CSP partner. This means you cannot leverage an Indirect CSP partner for this program. In other words, if you receive CSP licensing from Ingram Micro or SherWeb (as an example) your partnership with those distributors/partner does not qualify for QMTH. Your organization must be CSP Direct authorized, not your partner.
- Must meet the system requirements – System Requirements can be found here
- Have an active SPLA agreement.
- Reporting Requirements – You will always need to report underlying licenses in SPLA. Those underlying licenses could be any software to deploy a VDI solution – (Windows Server and RDS). In addition, you must report (by the last calendar day of each month) the Windows 10/O365 licenses deployed. This is manual, meaning you will send an email to the QMTH alias for submission. Once automated reporting is available, you must enable Microsoft’s automated reporting tool. Microsoft will use the tool to collect your customer’s organization ID and tenant ID as well as the total number of users accessing the software.
- As the provider, you must report to your SPLA Reseller the program administrative fee. If you are currently in the SCA program, you will be familiar with this SKU.
- As the provider, you must make all education materials publicly available. You cannot just sign up for CSP, the education material should be like what’s on the QMH website.
- For each per user subscription to Windows 10 Enterprise, the end-user can only access up to four (4) instances of Windows 10 either on Azure or you, the QMTH hoster. This is like the SCA program in which the end user has five (5) instances of Office Pro Plus, Windows 10 works the same way.
Listed above is a summary. I encourage you to reach out to your Microsoft rep for additional information. I am happy to review it further, it’s a new program with pluses and minuses. Be sure to understand the minuses first 🙂
Thanks for reading,
SPLA Man
IaaS Gotchas…
In this post I will highlight new (and not so new) compliance gotchas as it pertains to providing infrastructure as a service.
Let’s start with a common example and go from there. You provide the infrastructure such as Windows/SQL, your customer provides the applications. Sound familiar? You license Windows Datacenter, SQL Enterprise in a shared (aka public cloud) environment under SPLA. You have no idea or really care what applications your customer’s are installing right? You just provide the support of the infrastructure. That’s not your concern. It’s their application, why should you care? Ahhh…but maybe you should.
Have you ever wondered how they’re accessing the applications? Are all applications web-based? I will answer that question for you…no. So how are they accessing the applications? Do they use Citrix? Do they remote into the application somehow? There’s that word…remote.
If you enable the Remote Desktop Services role within Windows Server – you guessed it…you need to report RDS licenses. The number of IaaS providers who just report Windows and SQL is astronomical. The number of IaaS providers now reporting RDS is also rapidly growing. Did they wake up one day and decide they should start reporting RDS? Unfortunately no. They were audited. Shoot me over an email and I will forward the guide that explains RDS and when it applies. Remember when you license RDS, you need to license each user that HAS access to RDS – not who does access.
Let me provide an example of how easily you could be underreporting RDS. Let’s say your customer has an application from another vendor (outside Microsoft) that’s hosted in your datacenter. That same vendor provides support to the application. You are not hosting the application for the vendor but for your customer, you just provide the vendor access to support the application via remote connection. SPLA allows 20 users to provide support and administration per datacenter. If you exceed that limit, you are going to have to report those additional users. Yes, even if you are not charging them.
Other IaaS Gotchas –
While we’re on the topic of customer owned applications, do you have it written in your agreement with the customer that you are not responsible for the applications they install? What would happen if they install applications that you are not aware of and they don’t have the appropriate licenses…who’s responsible you or the end customer? Kind of a trick question, it’s both. You will get audited, it’s installed in your datacenter, you are ultimately responsible. You need to ensure you have it written in your agreement that you’re not responsible so you can have a nice chat with your customer. All the big boys do it…you should too.
What about SQL? Are you virtualizing? Why aren’t you reporting SQL Enterprise? Are you utilizing all the use rights that come with SQL Enterprise – unlimited virtualization, DR, mobility within server farms, etc? What about smaller environments? Have you considered licensing by user instead of by core for SQL Standard edition?
SQL Web is tempting isn’t it? Less expensive option but no one really understands what it is. Here’s a quick synopsis – if you do not host public facing websites, SQL Web is not an option.
How are you managing your datacenter? Do you have System Center installed? You should report the Core Infrastructure Suite. Running Hyper V with few VM’s, license CPS. Both products include Windows. You need Windows to run System Center, so you kill two birds with one stone so to speak.
Ask your customers if they have Software Assurance. It’s no longer about latest version rights and annual payments. It’s about moving to the cloud. Let’s make sure it’s your cloud and not someone else’s.
Conclusion –
I’ve been around this game of SPLA for a long time. The best advice I can give is to listen to your customers and don’t be afraid to change. Cloud is evolving, you should evolve too. Don’t report out of convenience, look into ways you can optimize what you are reporting. It’s competitive out there, let’s make sure you are getting the most value out of your agreement.
Thanks for reading,
SPLA Man
Do you have SA? Why this question really matters.
Brett’s Hosting’s sales director is consistently looking on the web to see what competition is advertising. It drives him nuts to see other “hoster’s” advertise SharePoint for less than what he can get directly from his reseller. He’s upset..big time. How can this be? Then he stumbles upon the Microsoft Office 365 website. He blew a gasket. “There is no way I can compete! I am going to go out of business!”
So the sales director decided to get creative. “I will forgo SPLA and just have my customers purchase SharePoint. They bring it into my datacenter, I won’t report SPLA anymore.” So that’s what he did. He started selling SharePoint by the truckload. Their reseller kept placing orders for him as they’d joyfully ask “how many CAL’s do you need?” and they would order it; never once asking what it was for.
Brett’s Hosting did a tremendous job marketing their SharePoint offering. “No SharePoint…No Problem!” It was marvelous. The CEO of Brett’s Hosting vociferously announced at the World Partner Conference “We are hosting over 10,000 SharePoint sites!” The celebration continued. Then one foggy October morning, the office manager for Brett’s Hosting received a letter from Microsoft. She excitedly opened it thinking they were being promoted as ‘SharePoint Partner of the Year’ but was severely disappointed. It was an audit letter. The story turns.
Brett’s Hosting CEO reviewed the letter and then called in their sales director (now sales VP). The CEO threatened him with his job unless he fixed this mess. The sales director/VP was at a loss. “Where did I go wrong.”
To be continued….
Where do you think he went wrong? Have you ever been given wrong licensing advice? You don’t need to answer that, I already know.
Hosting industry has changed. Competition has changed. End users have changed. In my experience, the conversation has changed from “how do I license Windows” to “what are ways I can optimize my licensing spend?” I’ve written about license mobility; I also reviewed SAL for SA. Those two programs have a common theme – Software Assurance (SA). In the above fictitious story, the sales person should’ve asked his customer “do you have SA on these licenses” That question is important because if they do not have SA, the entire environment (hardware/VM) must be dedicated.
I can’t stress this enough. The hosting game is getting brutal. Every service provider is looking for a way to cut/reduce costs. Getting in compliance hot water is not a good way to do that. If the customer does not have SA, you can certainly use SPLA in its place. If you go this route, be sure to make it a bundled solution. Telling customers they must pay for something they already own is not an easy conversation.
The customer can also purchase SA. You just have to be ready to clearly explain their options. That’s why it’s important to work with a reseller that understand SA benefits to help educate and coach you through the process; not all products are eligible. Be prepared.
Story continued…
The sales vp went back to his customers and asked them to purchase Software Assurance. When the customer asked “why?” all the sales vp could say is “because Microsoft told me you needed it.” (he clearly couldn’t explain why…it only made the customer more upset). The customer simultaneously yelled and slammed the door – “I’m going to Joe’s Hosting! They advertise VDI too!”
The sales vp went back to his CEO and was forced to resign. The customer went to Joe’s Hosting and was very happy for over a year. When out of the blue he received a call from his sale rep from Joe’s Hosting. The sales rep frantically told him they could no longer offer VDI; it apparently is not available under SPLA. The sales rep also asked him to buy SA for his SharePoint…”Microsoft told me you needed it!” The customer loses again!
Moral of the story – read the SPUR, read the PUR, and don’t be afraid to ask “Do you want SA with that?”
Thanks for reading
SPLA Man
SPLA Audit start to finish
Your business is doing great, your sellers and customers are happy, you are making money instead of spending money, when out of the blue….BAM…you receive an audit letter. Sound familiar?
So what do you do? Your first reaction is panic. Your second reaction is to call a lawyer. Your third reaction is to blame your reseller. I think that about sums it up. If you disagree, I’m not 100% sure you are being truthful with yourself. If you do agree, I also think you are making a HUGE mistake. Sounds a little odd doesn’t it?
First thing you need to understand is it’s not your fault. It’s not as if you are purposely trying to be out of compliant. Microsoft knows this as well. SPLA is a difficult program and very hard to understand. As I pointed out in the “About” section of this blog, there is little information written about the SPLA program leaving service providers vulnerable. The SPUR? Forget about it. That’s why I created this blog in the first place.
I think that is why SPLA customers call a lawyer to help guide them. This may help you sleep at night, but is it REALLY helping? I will let you determine that after the dust settles.
What does happen during an audit? I don’t care if this is the first step or fourth step but at some point you will have to collect data. Data that PROVES the reason you reported the way you did. One of the biggest mistakes a SPLA provider can make is not reporting indirect access. Again, not your fault. Who has any idea of what “indirect” really means? Think of indirect as Microsoft software that is used to run your other applications that you market to your customers. You have an application that you developed that reports back to SQL using Excel. Users have no idea they are using SQL, all they know is the application they use. But since SQL is part of your hosted solution…it must be reported. Make sense? That’s also why Windows will always need to be reported. Try running Exchange without a Windows OS. Not going to happen.
Data can also mean the licenses that your customers own that they bring over to your environment. How do you know who owns what? Are there enough CAL’s? One of the arguments service providers make is they can go after their customers if being audited. There’s an easy conversation right? Remember, you want to keep customers not lose them.
Some service providers have learned that their end customers install software on VM’s without informing them. How do you know what is actually being installed? So take a look at your datacenter; are your customers installing software you don’t know about? Collecting this information after the fact is a difficult process. This leaves auditors with no choice but to make a best guess. Best guesses can cost you significantly.
So after all this data is analyzed by the audit team, it is then delivered to Microsoft. That’s when you present your case. They will take things into consideration, but understand that if you are missing information, it makes your argument that much more difficult. Don’t blame your reseller, that doesn’t work. Don’t rely on a lawyer, that doesn’t always work either. Educate yourself. That’s the best advice I can provide. Just by taking the time to read this I think you are on the right path.
Happy to walk you through the process in greater detail. I am one of the few that actually gets it. My email is at the top righthand side of this page.
Thanks,
SPLA Man
200 Level SPLA Licensing Questions – Answered
Starting a new series on this blog “top licensing questions” Here’s a list of some often unanswered questions…answered! In many instances it’s tough to go into great detail or specific customer scenarios via a blog. Please email me at blaforge@splalicensing.com for specific scenarios. Keep in mind, blogging is my hobby and I am relaying information from experience. You should refer to the SPUR for specific/audit questions. (It’s a great read). Microsoft has the final say. I am interested in feedback and/or ideas for new posts; let me have it!
1. Does a service provider need to report an extra Exchange SAL for non-authorized users, such as a conference room?
A mailbox that represents a room is defined as a resource mailbox and does not require a SAL.
2. Can I use the same server I use internally to host software via SPLA?
No. Regardless of the licensing program, the license is always assigned to the hardware/VM. If you choose to assign two licenses from two different programs to one hardware, some of the use rights will contradict each other. SPLA is designed for external consumption whereas internal licensing is designed for your own employees. Good news – SPLA allows 50% of what you are hosting externally to be used internally. Let’s say you host 50 exchange licenses, you can use up to 25 internally. These are not free, just reported under your SPLA. (Instead of reporting just 50 licenses, you would report 75). Check SPUR for more details.
3. Can I install Office on a device without reporting Windows desktop?
No. This would fall under the managed PC use case. There is an addendum that would allow you to rent out a desktop to third parties; to do this via SPLA, there is a “managed PC” addendum. This would require you to license the desktop OS via an OEM license and report Windows 7/8 via SPLA (as well as Office if Office is installed). Ugh. Only other option would be to report Exchange “plus” Skus which includes Outlook. (no other Office components) or install Office on a server and report Windows, RDS, and Office. (RDS & Office by user- Windows by processor)
4. What are the rules of licensing additional users under License Mobility for Software Assurance? Can a service provider license additional users with SALs?
No. In License Mobility for SA scenario, the end customer has to maintain CALs in their perpetual licensing program to access the application servers. It is not possible to license additional users with SALs, because that would mean mixing/matching licensing for one Product. Keep in mind that under license mobility – end customer’s are in essence transferring those licenses into your data center. They can only transfer back after 90 days. To quote the mobility brief (download a copy here ) You may move your licensed software from a third party’s shared servers back to your servers or to another third party’s shared servers, but not within 90 days of the last assignment. Check mobility addendum.
6. What happens if my customer claims to have SA on these licenses but in actuality…they don’t. Am I on the hook?
Yes. You are responsible for your own hosted offering. I would ensure you have documentation of all customer owned licenses AND make sure this is part of your agreement with your customer. You may get audited, but that does not stop you from auditing your customer.
7. Where do I report my SPLA licenses?
Contact the SoftwareONE SPLA team 1-800-444-9890 or SPLA.US@softwareone.com
Stay tuned for more questions but more importantly – answers to these questions!
Thanks for reading,
SPLA Man
RDS Licensing Explained
This article has been moved to our new platform:
RDS and other licensing related white papers: https://mscloudlicensing.com/document-library/
RDS licensing questions from the community
https://mscloudlicensing.com/forum/
RDS Blog Article
https://mscloudlicensing.com/blog-articles/
What’s Your Licensing Strategy?
I love the question “What’s your cloud strategy?” It’s the new ice breaker for salespeople around the globe. My thoughts? Why bother asking customers about their cloud strategy if it does not include licensing? The BIGGEST mistake service providers (SPLA’s) make is selling a solution first and worrying about the licensing impact later. They build data centers, talk about virtualizing, even talk about the savings of cap ex vs. op ex, but never talk about the licensing until someone brings it up or they get audited. Just because the technology enables something, does not mean you can license that way.
VDI is a prime example of this. “You can host virtual desktops as a service right? Install the desktop OS on a server and stream it? Why not? The concept has been around for years. I ‘Googled’ VDI as a service and several companies are doing this…it must be right…right?” Wrong! Yes, technically speaking you can host virtual desktops using Windows 7/8. Licensing gurus and the product user rights and the audit team will disagree with you. Unfortunately there’s no way to do this under SPLA. Next question that comes up is “why?” Wish I knew the answer, perhaps Microsoft is looking out after the OEM manufactures, but then again they launched Surface.
Microsoft is auditing everyone. There are few guarantees in life, but one guarantee is not everyone under the SPLA program is licensing correctly. Just a word of advice, know the licensing before implementing a solution.
Thanks for reading,
SPLA Man
SPLA Compliance Audit- How Not to be the Chosen One!
If you recently went through an audit or just nervous about being notified, I outlined ten steps that service providers can take to arm themselves more efficiently and be compliant.
- If you are running Microsoft software, you must license Windows. All Microsoft software runs on a Windows OS.
- If you are licensing SharePoint- SharePoint requires SQL and Windows.
- Reporting SharePoint Enterprise you must license SharePoint Standard
- Installing Office on a server requires Remote Desktop (RDS) licenses. Office and RDS licenses should match (cannot have more Office licenses than RDS licenses)
- If you have customers bringing licenses into your hosted environment you need to host it in a physical and dedicated environment. (nothing shared among other customers)
- If you are reporting user licenses (SAL- Subscriber Access License) you need a license for each user that has access. For example, if you have 10 totals users in the month of May and only 4 actually use or access that software, you must license all 10. SPLA user licenses are similar to your cable bill; your cable provider is going to charge you regardless if you turn your TV on or not.
- If you have customer owned licenses in your environment, you must keep all relevant documentation. This includes enrollment information, start date, end date, and who they bought the licenses from.
- Renting out a PC make sure the PC has an OEM license preinstalled.
- No virtualizing/streaming Windows desktop OS from a datacenter.
- You can install your server on a customer premise, but do not install SPLA software on your customer’s server!
This is not bulletproof by any means. Use this as a guide when looking at your own environment. Look at it from the auditors eyes. What information would they need to verify that I am compliant? The SPUR (Service Provider Use Rights) is the best reference when it comes to Microsoft SPLA. You can download a copy here. If you have trouble sleeping at night; this is a must read.
Thanks for reading,
SPLA Man
SPLA Licensing 