RSS

Tag Archives: Microsoft Audit

Maximize Your Microsoft Agreement

28 Oct

Our team is launching a new services solution to help hosting companies maximize their hosting agreements with Microsoft.  This new service includes ways to reduce licensing, be compliant, and understand your risks before or during an audit.  Specifically this workshop includes:

  • Detailed analysis of your Microsoft Agreement(s)
  • Audit Support – Understand your risks before it becomes a risk.  We will coach and educate you throughout the entire engagement (even if it is zero hour) to reduce settlement costs.
  • Understand SPLA pricing to ensure you are getting the most value from your agreement.  Microsoft recently announced a SPLA price increase in January.  We need to review optimization strategies and hidden agreement language that can help reduce reporting.
  • Microsoft cloud strategy – what are ways you can purchase and manage Office 365 and Azure or leverage other third-party providers such as AWS.

To learn more, please email info@splalicensing.com  Whether you are going through an audit, want to reduce your spend, or understand licensing, we can help.

Thanks for reading,

SPLA Man

 

Advertisement
 
Leave a comment

Posted by on October 28, 2018 in Uncategorized

 

Tags: , , ,

Top 5 Licensing questions…Answered

11 Sep
  1. If a customer has 4 x SQL Server Standard (8 cores), does that mean I will also need to have 4 x SQL-SAL?

There’s no server + CAL model in SPLA.  You license either per core or per user depending on the product.  Remember, SAL is not licensed per server, but for each user that has access to that server.  Your question indicates you might believe a SAL is licensed per server which is not true.

2.  Is MSDN available through SPLA?  Is it through Azure?

MSDN is not available in SPLA, but you can license the individual components through SPLA.   If an end-user would like to bring their MSDN license over to your datacenter, you must dedicate the solution for your customer.  Yes, Amazon must play by the same rules.  Oddly enough, Azure (which is shared) does allow MSDN to be transferred over to their datacenter.

3. I received an audit notification.  Should I respond?

Yes. But don’t work on their time, work on yours.

4.  If I signed the SCA addendum, do I need to sign the new QMTH addendum?

Unless you are planning on hosting Windows 10 you do not need to sign the new addendum.

5.  If I buy from a CSP indirect partner, do I qualify for QMTH?

No.  Your company must be CSP 1 tier authorized in order to qualify.

Thanks  for reading,

SPLA Man

 
Leave a comment

Posted by on September 11, 2017 in Top 5 Licensing Questions

 

Tags: , , , , , , , , , , , , , , ,

Slaying the dragon and saving the princess – audit style

10 Aug

We all love stories—all of us. We love to hear about good overcoming evil – the prince saving the princess, the bad guy that the good guy captures.  In short, what we love are fairy tales.  The reality is we do not live in a world of fairy tales, and sometimes, yeah, the bad guys do win. The prince, admired by many, is not such a good prince after all.  We trust without knowing they can be trusted.  So, what does this have to do with audits?

Businesses are built based on one concept – to solve a customer’s problem.  You are their hero to save whatever pain they have or problem they can’t seem to overcome.  You are (as the story goes) their knight in shining armor.  Your customer needs someone to deliver a solution; you are just the good guy to do it.

Fast forward a couple of years, your business is booming, your customers are happy, and in walks every IT nightmare…the auditor.  Eyeglasses the size of saucers, a necktie tied just a shade too short, and a laugh that is about as annoying as a nail on a chalkboard; you succumb to a software audit.

How do you defend such evil?  The biggest mistake a hosting partner (or enterprises in general) often makes is fear.  They give the auditors everything they ask.  That’s not always bad, but if you don’t understand why they ask for certain things or feel they are painting you in a corner, take a step back.  Please don’t give in without understanding what they are asking and why.  Why do they want to know who your customers are?  Why do they ask about customer-owned licenses?  Software Assurance? Historical information?  If you can’t answer “why,” maybe you need help.  In walks SPLA Man.  Nah, in walks Mrs. SPLA Man, every auditor’s worst nightmare.  She put together the following list on how to better prepare yourself for the unexpected.

Mrs. SPLA Man’s List

Don’t be fearful – no matter what, it’s your business and YOUR customers.

Have a plan.  Know what’s in your customer agreements.  If you need to refresh your agreement language, do it.  Software licensing rules change daily; if you have not updated your contracts on license mobility or datacenter outsourcing, update it now.

Don’t bring unwanted attention to your organization.  Always report usage on time and pay on time.  80% of all delinquent reporting has nothing to do with the reseller or Microsoft.  It has everything to do with an SPLA partner’s account payable dept.

Don’t have one person manage your usage reporting.  In many cases, a person leaves a company who was the only one who worked with the reseller directly.  When that person leaves, who is responsible for reporting?

 
Leave a comment

Posted by on August 10, 2017 in Compliance

 

Tags: , , , , , , , , , ,

Deep thoughts with SPLA Man

02 Aug

As we enter the new FY at Microsoft, I thought I would put together a list of topics that’s on everyone’s mind.

  • SPLA going away?  I don’t think so.  There’s too many SPLA partners to make an entire program disappear.  I also think this is one of the benefits Microsoft has over all it’s competitors.  If a customer wants to have an application hosted in one datacenter and use Azure for disaster recovery – Microsoft wins.  If Amazon is running Windows workloads (which they are) they must pay Microsoft for that usage through SPLA.  I also think SPLA is a way to move customers to Azure.  If you are a SPLA customer who just went through an audit, the SPLA customer might ask themselves why they continue to host at all?  Let’s use Azure and my compliance problems go away.  (they don’t but that’s for another article).
  • Is CSP/QMH really a must?   I guess the jury is still out (it hasn’t even launched yet for the partner community – September 2017).  There are a lot of restrictions to this program to consider – underlying Windows Pro licenses, becoming CSP direct authorized, not using CSP Indirect, RDS licenses when deploying VDI, etc.  If you decide to go down this route, pay close attention to what you can and cannot do.
  • Will SPLA pricing increase?  Yes.  No doubt about it.  Nothing stays the same for too long.
  • How can AWS win the cloud war?   Amazon has a revenue first, profit second mentality in my opinion.  Just look at their last earnings report (2017).  They can buy their way into the SaaS market at any cost.  They are not just a cloud company, they are an everything company.  They have the leverage to really get creative with their marketing and win businesses over.
  • How can Google beat AWS and Microsoft?  Google hasn’t scratched the surface with their footprint in the enterprise space.  One slip up by the other cloud powerhouses and Google becomes a very attractive offering.  Google has the power, the money, and the brand to make headway. Like AWS, they are not just a cloud/software company, they are an everything company.  I really think Google will surprise a lot of analyst in the near future with their cloud growth.
  • How can Microsoft beat them all?  Any organization that uses Microsoft software in a hosted environment must pay Microsoft for that luxury.  They already have a large footprint and very large customer base to move to Azure.  They also have 30k + SPLA partners (estimate) that are being used to sell their solution.
  • Will SPLA Man be able to afford a nice piece of jewelry for Mrs. SPLA Man?  For all the single women who read SPLAlicensing.com, don’t make the same mistake Mrs. SPLA Man made.  Poor Mrs. SPLA Man, when I first met her at the bar, she thought SPLA was something I created for the space station. Space Program Living Association.  S.P.L.A. – kind of like a home owner’s association but for space.  (I am not sure where she got that idea).  I do have a cool blog??!

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on August 2, 2017 in In My Opinion

 

Tags: , , , , , , , , , , , , , ,

More insight into the new Qualified Multitenant Program for CSP and SPLA

26 Jul

Over the course of the past week in a half, a lot of misleading information came about as a result of Microsoft’s announcement of the new QMTH program for hosting providers.  In this article, I will try to set the record straight and answer questions you may have.  Keep in mind, this is still developing, and the addendum is not available yet.  Please use this article as a general understanding, not a replacement for the Microsoft terms and conditions.  More information to come!  You can always email at info@splalicensing.com as well.

How do you I grasp QMTH in the simplest terms possible for my sellers?

Shared Computer Activation has been out for a long time, if your sellers understand SCA, QMH works in a very similar way.

Similarities to SCA 

  • Must be under SPLA to qualify and have the addendum
  • Must be CSP Direct authorized – check out qualifications and SCA here
  • Do not have to purchase Windows 10 directly from the hoster (the CSP Direct partner) they can purchase Windows 10 E3/E5 from other CSP partners but host it from your datacenter (as long as you are QMTH authorized)
  • Install on up to 5 devices.

Is SCA replaced with QMTH?

Yes.

If I’m SCA authorized, am I automatically authorzied for QMTH?

Yes/No.  You will need to update your landing page and you will need to sign the new addendum.  You will already be CSP Direct authorized if you are SCA authorized, it makes it a lot easier to transition.

Do I have to sell Office 365 with Windows 10?

No.  You can sell Windows 10 as a standalone product.

Can I still offer Windows/RDS for SPLA?

Yes.  Windows and RDS in SPLA is still available.  I would make it clear to the customer that you are not offering full Windows desktop but Windows Server.  I always liked Windows Server + RDS.  Shared environments, unlimited virtualization, etc. etc.

How does the activation and the licensing work? 

The base license for Windows 10 Enterprise is Windows 10 Pro.  It’s per user licensing, but the underlying qualified device needs Windows Pro.  The Windows 10 Enterprise features/bits is included with the Windows 10 Pro installation.  In other words, you install Windows 10 Pro, the Enterprise features are automatically turned off.  When your end customer subscribes to Windows 10 Enterprise E3/E5, those features will turn on.  When they unsubscribe, you guessed it – they are automatically turned off and the user goes back to Windows 10 Pro.  Check out this post from the Microsoft team Windows 10 Enterprise E3 in CSP

What happens if I work in a hospital with a dummy terminal that has no underlying/qualified OS.  Are you saying I must buy a Windows Pro license even if I don’t need it?

No.  You can buy Windows 10 Enterprise with VDA.  (Virtual Desktop Access), it provides a user access to a VDI session on a device that cannot run a qualified OS.  If an end-user has a dummy terminal, that user can still access a virtual desktop through VDA.

Can I just sell the customer Windows 10 E3 without virtualization rights?  They don’t need a virtual desktop.  

Yes.  Windows 10 E3 can be purchased with or without VDI rights (with is more expensive than without).  If they have Windows E5 the virtual rights are included but that doesn’t mean they have to install it virtually.

What happens if I use Azure as my datacenter provider?  Do I still need the addendum?

You do not need to be QMTH authorized to use Azure.  QMTH just provides you the ability to host Windows 10 E3/E5 in a shared environment from your datacenter.

When is this available?

August 1, 2017 for Azure.  September 1, 2017 for third-party hosting providers.

I am sure you have more questions.  I am always looking to learn more and learn your specific scenario.  If you do have a specific question, let me know and I can update this post accordingly.  It’s also worth mentioning that this program isn’t available yet.  I am sure there will be more information and updates as we move along.

Other articles of interest

Windows BlogWindows virtualization rights coming to CSP…

ZDnet – Microsoft’ plan to move more small-business users to Windows 10…

Thanks for reading,

SPLA Man

 

 

 

 
Leave a comment

Posted by on July 26, 2017 in VDI

 

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Don’t be Jimbo

24 Jul

Jimbo had a small IT firm for which he provided backup, security, and hosting for two clients.  He also purchased Office 365 licenses for a handful of users directly from the Microsoft Office 365 website and would bill them accordingly.  Jimbo also had an application he tried to develop to help end users better communicate with one another. It was similar to SharePoint, but more seamless and had better integration with third-party applications.  He had a SPLA, and had one person who submitted their usage report to their reseller.  Unfortunately, that person got sick and passed away.  Jimbo was sad and so was the rest of the staff.

To put his mind at ease, he spent every waking hour improving his application.  He thought it was going to be the next best thing.  I experienced the application firsthand myself, and found it to be a powerful tool.  I even asked to invest in it, but without any money, (Mrs. SPLA Man spent it all at Target), I had nothing to invest with.

Fast forward a year later.  Jimbo is still working on improving the application, and he's still hosting.  One day, Jimbo received an email from Microsoft.  It was titled “Self-Audit”, Jimbo was getting audited.  One thing left unmentioned, Jimbo is the nicest guy on the planet. He replied to Microsoft and in the end, provided them with everything.  All his server information, customer name, and reporting history.  It was an auditor’s dream.

Several weeks later, Microsoft provided Jimbo with the findings.  He owed $450,000 in unreported licensing fees.  Why so high?  No usage was being reported since the lady who reported SPLA passed away.  When she was reporting, she reported the wrong thing.  Instead of licensing Windows Datacenter, she reported Standard.  Instead of reporting physical processors and/or cores, she reported per VM.  Everything was a mess.  Jimbo, who neglected his hosting practice for months to focus on his application, was left feeling very uncertain about his future.  He did not have the funds to pay for licenses.

It’s unfortunate, but Jimbo had to shut down his hosting business.  The application he built?  Stopped.  He tried to sell it, and last I heard very few were interested.

Why such a depressing story and was it true?  Yes, the story is true (although slightly embellished).  Why share it?  I am telling you the story because there are too many organizations doing the same thing.  They have one person who manages the licenses, one person who was in contact with the reseller, and one person who knew what they were reporting.  What happens if that person leaves?  Too many organizations are also buying Office 365, but not getting the best discount.

Licensing is challenging, and in the case of Jimbo, his love wasn’t reporting usage, it was developing an application.  He should have had allocated resources to help manage his SPLA, so he could focus on what he knows best, the technology.

I am always asked why I created splalicensing.com and what's so different about SPLA Man than other blogs.  I think the main difference is honesty.  I am your licensing Siri or Alexa.  I am SPLAlexa. (that was bad).  Don’t be Jimbo.

Thanks for reading,

SPLA Man/SPLAlexa

 

 

 

 

 

 

 

 
Leave a comment

Posted by on July 24, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , , , , , ,

Epic Community Connect and SPLA

12 Oct

The healthcare community has increased concerns with the way they have deployed (and licensed) their electronic medical record (EMR) software such as Epic Community Connect and others.  As a reader of this blog, you know that when you deploy software for the benefit of a third party (non employee) SPLA must be part of the conversation.  The only exception to this rule is if you actually own the code to the software you are hosting.  In other words, if you developed the software, you can use your own volume licenses to host your software.  If you host a third party software (such as Epic) you must license this in SPLA.   In most cases, many healthcare companies do not own the application, but lease it from the EMR vendor.

Rewind a few years and let’s pretend you are a large hospital who partnered with Epic to provide best in class patient record management for your clients, doctors, and other clinics. Your Epic deployment resides on a Windows Server, SQL Server, and RDS.  As the IT director, you purchased several server licenses and hundreds of Client Access Licenses (CAL) to cover all the external users.  You think you are covered; no one mentions you need to license this via SPLA.  Your reseller didn’t tell you, Microsoft didn’t tell you, and for that matter the vendor didn’t tell you.  You think all is well based off the information you received.  Fast forward 3 years and your volume licensing agreement is up for renewal.  Someone on the licensing side informs you that you shouldn’t true-up licenses or renew your agreement under volume licensing, you need to license SPLA.  You think that’s fine, if you must license under a different program who are you to argue. But what about all those license you already purchased and own?  Unfortunately, you cannot return them, you must allocate those internally.  You think to yourself that’s fine, except for one minor detail…. you purchased hundreds of CALs and you do not have hundreds of employees; those license you own are essentially worthless.  On top of everything else, you just received an audit notification.

Why would they receive an audit notification?  Once a vendor recognizes you have been under-licensed, the vendor might want to dig in deeper to see how long you have been out of compliant and if you purchased enough licenses to cover all the users.  In 90% of all audits, the customer is under-licensed.  Now you own licenses you don’t need, but should’ve purchased more because you don’t own enough licenses to cover all external users initially.  The vendor will want you to pay the delta of what you should’ve paid under SPLA and what you purchased under volume licensing (plus an audit fee).

If you are a healthcare provider and have been notified by Microsoft or any other vendor, please contact us.  We have found that in many cases the licenses report is not always 100% accurate.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on October 12, 2016 in Compliance, EMR Software, Self Hosted

 

Tags: , , , , , , , , , , , , , , , ,

IaaS Gotchas…

31 Jan

In this post I will highlight new (and not so new) compliance gotchas as it pertains to providing infrastructure as a service.

Let’s start with a common example and go from there.  You provide the infrastructure such as Windows/SQL, your customer provides the applications.  Sound familiar?  You license Windows Datacenter, SQL Enterprise in a shared (aka public cloud) environment under SPLA. You have no idea or really care what applications your customer’s are installing right?  You just provide the support of the infrastructure.  That’s not your concern.  It’s their application, why should you care?  Ahhh…but maybe you should.

Have you ever wondered how they’re accessing the applications?  Are all applications web-based?  I will answer that question for you…no.  So how are they accessing the applications?  Do they use Citrix?  Do they remote into the application somehow?  There’s that word…remote.

If you enable the Remote Desktop Services role within Windows Server – you guessed it…you need to report RDS licenses.  The number of IaaS providers who just report Windows and SQL is astronomical. The number of IaaS providers now reporting RDS is also rapidly growing.  Did they wake up one day and decide they should start reporting RDS?  Unfortunately no.  They were audited.  Shoot me over an email and I will forward the guide that explains RDS and when it applies. Remember when you license RDS, you need to license each user that HAS access to RDS – not who does access.

Let me provide an example of how easily you could be underreporting RDS.   Let’s say your customer has an application from another vendor (outside Microsoft) that’s hosted in your datacenter.  That same vendor provides support to the application.  You are not hosting the application for the vendor but for your customer, you just provide the vendor access to support the application via remote connection.  SPLA allows 20 users to provide support and administration per datacenter.  If you exceed that limit, you are going to have to report those additional users.  Yes, even if you are not charging them.

Other IaaS Gotchas –

While we’re on the topic of customer owned applications, do you have it written in your agreement with the customer that you are not responsible for the applications they install?  What would happen if they install applications that you are not aware of and they don’t have the appropriate licenses…who’s responsible you or the end customer?  Kind of a trick question, it’s both.  You will get audited, it’s installed in your datacenter, you are ultimately responsible.  You need to ensure you have it written in your agreement that you’re not responsible so you can have a nice chat with your customer.  All the big boys do it…you should too.

What about SQL?  Are you virtualizing?  Why aren’t you reporting SQL Enterprise?  Are you utilizing all the use rights that come with SQL Enterprise – unlimited virtualization, DR, mobility within server farms, etc?  What about smaller environments?  Have you considered licensing by user instead of by core for SQL Standard edition?

SQL Web is tempting isn’t it?  Less expensive option but no one really understands what it is.   Here’s a quick synopsis – if you do not host public facing websites, SQL Web is not an option.

How are you managing your datacenter? Do you have System Center installed?  You should report the Core Infrastructure Suite.  Running Hyper V with few VM’s, license CPS. Both products include Windows.  You need Windows to run System Center, so you kill two birds with one stone so to speak.

Ask your customers if they have Software Assurance.  It’s no longer about latest version rights and annual payments.  It’s about moving to the cloud.  Let’s make sure it’s your cloud and not someone else’s.

Conclusion –

I’ve been around this game of SPLA for a long time.  The best advice I can give is to listen to your customers and don’t be afraid to change.  Cloud is evolving, you should evolve too.  Don’t report out of convenience, look into ways you can optimize what you are reporting.  It’s competitive out there, let’s make sure you are getting the most value out of your agreement.

Thanks for reading,

SPLA Man

 

 

 
11 Comments

Posted by on January 31, 2015 in IaaS

 

Tags: , , , , , , , , , , , , , , , , , ,

 
%d bloggers like this: