RSS

Tag Archives: audits

Interview with John and SPLA Man

18 Sep
Interview with John and SPLA Man

I asked a hoster (large provider who wants to remain anonymous but used John as a alias) about all the changes at Microsoft and beyond. Here’s the reduced version of the transcript. I will post the video later.

Interview Q & A on everything hosting. Audits, CSP, Flexible Virtualization, More Audits 🙂

SPLA Man: Thank you, John for joining us today to talk about SPLA. Let’s start off on your background. You were a software engineer focusing on software development for a small ISV back in the early 2000’s If I understand this correctly. How in the world did you end up getting mixed up with SPLA? (Laughs)

John: (laughs) I do not know. When I graduated from Georgia Tech, I went to work for small firm in Atlanta, Georgia. We were building a financial application specifically for the banking industry. It was a massive undertaking but also took up A LOT of processing power to install it, on premise. We decided to host it from a datacenter we partnered with locally to provide it more or less like software as a service. When we did that, we didn’t really consider the licensing.

SPLA Man: In walks SPLA (chuckles)

John: Exactly. I still remember getting an email from Microsoft asking us about our product. Ironically, I was actually thinking they were going to partner with us but it turned out to be an audit inquiry.

SPLA Man: Oh no! How did they know what you were doing?

John: I asked them the same question, they found a marketing brochure we posted on our website that talked about hosting the application to customers. I guess they could see we didn’t have a SPLA Agreement.

SPLA Man: Ok. Before we go further, let’s take a step back, we will go through the audit, I am sure the audience will appreciate the feedback there. But going back to your career. You started off working for a small, I guess for no lack of a better word, ISV. How long did you work there?

John: I was there for a few years and it was eventually acquired by another software developer firm. I ended up resigning and going back to school to get my MBA. Once I graduated with my MBA, I went to work for a large datacenter, an infrastructure provider here locally as head of product development and datacenter management. I still work there today 15 years later. (Laughs)

SPLA Man: And I assume they had or have a SPLA agreement?

John: Yeah, that’s where I drew the short straw and took over managing SPLA. Reporting to our distributor and working with Microsoft and our customers.

SPLA Man: What year was this when you graduated and started managing SPLA?

John: I graduated in 2008, so right around then is when I took over the licensing along with other responsibilities.

SPLA Man I was going to ask, what portion of your day do you spend on licensing related inquiries and what was spent on your leadership responsibilities or whatever you were originally hired to do?

John: (Laughs) I actually spent more time on licensing. Back then it was so confusing, it still is I suppose. There’s very few people who knew SPLA, that’s actually how I found you. I thought SPLA Man was nuts.

SPLA Man He is. (Laughs) But going back to your career, as a developer, was licensing ever a consideration? I always used to say, figure out the licensing first and then build the solution. But now with all the options it is the opposite.

John: I think, well, to answer your question, no. I never considered licensing. I knew licensing, actually let me rephrase, I heard of licensing, but I was hired to build applications. Licensing I always thought was something we would just document in our own terms and conditions or we would be informed by Microsoft.

SPLA Man: You mentioned you worked with Microsoft. How was that relationship?

John: My first job as a developer we didn’t work with them much. Later on with my current company, it was good. We would go to Seattle for their hosting conferences, I had a Microsoft rep who worked with us at the partner level. Any licensing questions we were told had to go through our reseller. It is still like that today.

SPLA Man: You still work with Microsoft or you have to get licensing advice from your reseller?

John: I only work with Microsoft for CSP. Licensing, I turn to you. (Laughs)

SPLA Man: Very nice. Alright, let’s go back to the audit.

John: (Laughs) Do we have to?

SPLA Man: Well, we don’t but I’m curious on your experience.

John: Alright. Well we were actually audited twice. Originally back, in I guess, 2006 or so we were audited because we were not using SPLA at all. We just bought the licenses outright from the direction of our distributor.

SPLA Man: Oh man. Were you mad with the distributor?

John: Nah. It wasn’t their fault. They weren’t even authorized for SPLA to begin with. I blamed our Microsoft rep. That didn’t really help.

SPLA Man : What was your experience like?

John: The first audit wasn’t bad. It’s not like our environment was huge, we owed money but we used the delta between what we purchased and what we owed by SPLA. The good news back then was that we were audited by Microsoft directly. In our second audit with my current company we were audited by KPMG.

SPLA Man: Couldn’t you argue for self-hosted in your first audit?

John: That information would have been helpful, SPLA Man. Just kidding. Well, self-hosted I am not even sure was around back then and we didn’t have software assurance. If we knew SPLA, it actually would have benefited us. Pay as you go fits well.

SPLA Man: So you were audited with your new company. Was the experience different?

John: Big time. We’re a much larger environment, thousands of VMs. It was a mess.

SPLA Man: How did you do your reporting?

John: So here I do blame our distributor a little bit. We used a script to track installments. We would then report to our distributor monthly. They did not have an online platform to submit it so we did it manually via a spreadsheet. It was never processed on their end and I believe that triggered the audit initially.

SPLA Man: Maybe. I think it is more based on revenue but if you do not report no matter who is at fault, Microsoft or any publisher will know. The thing with audits especially using an audit firm, Microsoft is going to want a return on their investment. Small datacenters get ignored in audits but won’t get audited because the return isn’t there. I’m guessing thats why you were not audited by KPMG in your first audit.

John:  You are probably right. 

SPLA Man:  So you were doing things manually, more or less. What was the audit process like?

John:  I didn’t work with Microsoft that much, mostly the auditor. And I get it; they are just doing their jobs, but it wasn’t fun. 

SPLA Man:  Can you explain? 

John:  You didn’t think this would be fun, did you SPLA Man? I’m kidding. It was really the time and effort. As we said, we were doing things manually. We didn’t have a process. So when the auditors asked us for information, we used their tooling system and sent all the data back to them. We thought, here’s our reporting, it’s all there. Which, in hindsight, was a mistake.

SPLA Man:  Oh wow. You sent them just the raw report of all installations?

John:  Yes, we wanted to finish this and move on. So we thought, “Here, take everything and tell us what we owe if anything.” We had no idea we were out of compliance.

SPLA Man:  So what was the outcome?

John:  I won’t explain specifics, but it was seven figures. Completely shocked.

SPLA Man:  So you just wrote a check and called it a day?

John: I wouldn’t make it that simple. In the end, we did owe the amount, but we broke it up and did an Azure commit for some of it.

SPLA Man:  How long did the audit last?

John:  Start to finish? Probably about a year.

SPLA Man:  So then what? Like how did you know what to commit for Azure?

John:  We didn’t, but we sure as heck were not going to write a check.

SPLA Man. Okay, so I guess what were the next steps?

John:  We worked with you. We had to get a plan. You recommended Octopus to help manage the licenses. It helped keep track of the deployments and streamlined, I guess, the process for us. We still have to understand the licensing, but the overall collection of data and billing helped us.

SPLA Man:  Yeah, anytime you can reduce the time spent on reporting, the better. So, now that you have gone through two audits, what do you do to prepare for the future?

John:  Well, that’s where the Octopus team helps. We do SAM baseline reporting. It’s kind of like a mini risk assessment to ensure we are doing it correctly. The other thing is we try to stay on top of the licensing better, especially with all the new changes.

SPLA Man:  Yeah, I was going to ask. What do you think of all the new changes? Good, bad, indifferent?

John:  Yes. (laughs) I think the change is generally good. The only problem is Microsoft will always tell us SPLA is more expensive or that Azure is the best thing since sliced bread. The reality is it depends on the situation. We like SPLA. CSP requires us to more or less be a reseller. We do not like that. Of course, if our customers want Azure, we will not turn them down. We look at the new changes as another way to go to market. It’s not one program over the other. It’s what our customers want that matters.

SPLA Man:  We will dive into that more in a later podcast. Thanks for volunteering for another interview (laughs). But as a hoster, do you think SPLA will go away? I know I get asked daily.

John: No, they have tried to eliminate SPLA ever since BPOS. Remember that? No, seriously, I think SPLA will always be around. I appreciate your work and the work Octopus does to help create content and make our lives a bit easier. 

SPLA Man:  What about the new flexible virtualization? Do you help customers make the right decisions there?

John: Yes, we host our own training for customers. I know you have helped us and the rest of the Octopus Cloud team do that as well. I think that really has helped us with positioning. You are right; everyone is now a competitor. We have to make it easier for the customer. So I think the flexible virtualization is part of it but the other thing is, in many instances, customers do not want to mess with the licensing.

SPLA Man:  I agree. And thank you for mentioning training. I think that is super important. Anything else? How about this last question? What advice would you give to another hoster going through an audit?

John: I know we didn’t get into the specifics, but I would take my time and not rush through it like we tried. I would also prepare more. If you are not going through an audit now, you will eventually. Try to understand the risks now before it is too late. 

SPLA Man: Smart words. I always say, let’s eliminate risk before it becomes a risk. If you are not licensing correctly, you are not charging your customers right either. 

John: That’s exactly right.

SPLA Man:  Well, John. I appreciate your time today. Let’s do another interview. I want to dive into the flexible virtualization more and all that fun stuff.

John:  Interview for sure. I am not sure anything with Microsoft is fun. (laughs)

Thanks for reading,

SPLA Man

 
1 Comment

Posted by on September 18, 2023 in Uncategorized

 

Tags: , , , , , , , , , , , ,

Don’t be Jimbo

24 Jul

Jimbo had a small IT firm for which he provided backup, security, and hosting for two clients.  He also purchased Office 365 licenses for a handful of users directly from the Microsoft Office 365 website and would bill them accordingly.  Jimbo also had an application he tried to develop to help end users better communicate with one another. It was similar to SharePoint, but more seamless and had better integration with third-party applications.  He had a SPLA, and had one person who submitted their usage report to their reseller.  Unfortunately, that person got sick and passed away.  Jimbo was sad and so was the rest of the staff.

To put his mind at ease, he spent every waking hour improving his application.  He thought it was going to be the next best thing.  I experienced the application firsthand myself, and found it to be a powerful tool.  I even asked to invest in it, but without any money, (Mrs. SPLA Man spent it all at Target), I had nothing to invest with.

Fast forward a year later.  Jimbo is still working on improving the application, and he's still hosting.  One day, Jimbo received an email from Microsoft.  It was titled “Self-Audit”, Jimbo was getting audited.  One thing left unmentioned, Jimbo is the nicest guy on the planet. He replied to Microsoft and in the end, provided them with everything.  All his server information, customer name, and reporting history.  It was an auditor’s dream.

Several weeks later, Microsoft provided Jimbo with the findings.  He owed $450,000 in unreported licensing fees.  Why so high?  No usage was being reported since the lady who reported SPLA passed away.  When she was reporting, she reported the wrong thing.  Instead of licensing Windows Datacenter, she reported Standard.  Instead of reporting physical processors and/or cores, she reported per VM.  Everything was a mess.  Jimbo, who neglected his hosting practice for months to focus on his application, was left feeling very uncertain about his future.  He did not have the funds to pay for licenses.

It’s unfortunate, but Jimbo had to shut down his hosting business.  The application he built?  Stopped.  He tried to sell it, and last I heard very few were interested.

Why such a depressing story and was it true?  Yes, the story is true (although slightly embellished).  Why share it?  I am telling you the story because there are too many organizations doing the same thing.  They have one person who manages the licenses, one person who was in contact with the reseller, and one person who knew what they were reporting.  What happens if that person leaves?  Too many organizations are also buying Office 365, but not getting the best discount.

Licensing is challenging, and in the case of Jimbo, his love wasn’t reporting usage, it was developing an application.  He should have had allocated resources to help manage his SPLA, so he could focus on what he knows best, the technology.

I am always asked why I created splalicensing.com and what's so different about SPLA Man than other blogs.  I think the main difference is honesty.  I am your licensing Siri or Alexa.  I am SPLAlexa. (that was bad).  Don’t be Jimbo.

Thanks for reading,

SPLA Man/SPLAlexa

 

 

 

 

 

 

 

 
Leave a comment

Posted by on July 24, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , , , , , ,

Top 5 Questions…Answered

24 Apr

Where can I get my license keys for CRM?  My Microsoft contact can’t seem to find the answer and my reseller doesn’t know either.  Any ideas?

For CRM and D365 you can download them directly from the VLSC website.  All other Dynamics products need to go through the License Key Creator Tool.

If I am a CSP Tier 1/direct provider, can I sell CSP to another CSP Tier 1 provider? 

Yes. There are no limitations as to who you can sell to.  Good luck!

Is CSP replacing SPLA?

Not entirely.  I am not Microsoft but I can see the similarities.  In the end, they are both Microsoft programs, how they consume it doesn’t really matter.  The only drawback to SPLA (In Microsoft’s eyes) is the service provider has the option of offering other software outside of Microsoft.  Exchange as an example, could technically be replaced with Zimbra.  If they use Office 365, the customer is using Office 365.

I offer desktop as a service.  When can we expect VDI to be available in SPLA?

Never.

Will I get audited?

Yes.  Make sure to read the MBSA agreement that you signed.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on April 24, 2017 in Top 5 Licensing Questions

 

Tags: , , , , , , , , , , , ,