RSS

Tag Archives: Microsoft Audit

Top 5 Licensing questions…Answered

  1. If a customer has 4 x SQL Server Standard (8 cores), does that mean I will also need to have 4 x SQL-SAL?

There’s no server + CAL model in SPLA.  You license either per core or per user depending on the product.  Remember, SAL is not licensed per server, but for each user that has access to that server.  Your question indicates you might believe a SAL is licensed per server which is not true.

2.  Is MSDN available through SPLA?  Is it through Azure?

MSDN is not available in SPLA, but you can license the individual components through SPLA.   If an end-user would like to bring their MSDN license over to your datacenter, you must dedicate the solution for your customer.  Yes, Amazon must play by the same rules.  Oddly enough, Azure (which is shared) does allow MSDN to be transferred over to their datacenter.

3. I received an audit notification.  Should I respond?

Yes. But don’t work on their time, work on yours.

4.  If I signed the SCA addendum, do I need to sign the new QMTH addendum?

Unless you are planning on hosting Windows 10 you do not need to sign the new addendum.

5.  If I buy from a CSP indirect partner, do I qualify for QMTH?

No.  Your company must be CSP 1 tier authorized in order to qualify.

Thanks  for reading,

SPLA Man

Advertisements
 
Leave a comment

Posted by on September 11, 2017 in Top 5 Licensing Questions

 

Tags: , , , , , , , , , , , , , , ,

Slaying the dragon and saving the princess – audit style

We all love stories.  All of us. We love to hear about good overcoming evil – the prince saving the princess, the bad guy that's captured by the good guy.  In short, what we love are fairy tales.  The reality is we do not live in a world of fairy tales and sometimes, yeah, the bad guys do win. The prince, admired by many, is not such a good prince after all.  We trust without knowing they can be trusted.  So, what does this have to do with audits?

Businesses are built based on one concept – to solve a customer's problem.  You are their hero to save whatever pain they have or problem they can't seem to overcome.  You, are (as the story goes) their knight in shining armour.  Your customer needs someone to deliver a solution, you are just the good guy to do it.

Fast forward a couple years, your business is booming, your customers are happy, and in walks every IT nightmare…the auditor.  Eye glasses the size of saucers, a necktie tied just a shade too short, and a laugh that is about as annoying as a nail on a chalkboard; you are succumbed to a software audit.

How do you defend such evil?  The biggest mistake a hosting partner (or enterprise's in general) often makes is being fearful.  They give the auditors everything they ask.  That's not always bad, but if you don't understand why they are asking for certain things or feel they are painting you in a corner, take a step back.  Don't give in without understanding what they are asking and why.  Why do they want to know who your customers are?  Why do they ask about customer owned licenses?  Software Assurance? Historical information?  If you can't answer "why" maybe you need help.  In walks SPLA Man.  Nah, in walks Mrs. SPLA Man, every auditor's worst nightmare.  She put together the following list on how to better prepare yourself for the unexpected.

Mrs. SPLA Man's List

  1. Don't be fearful – no matter what, it's your business and YOUR customers.
  2. Have a plan.  Know what's in your customer agreements.  If you need to refresh your agreement language, do it.  Software licensing rules change daily, if you have not updated your contracts on license mobility or datacenter outsourcing, update it now.
  3. Don't bring unwanted attention to your organization.  Always report usage on time and pay on time.  80% of all delinquent reporting has nothing to do with the reseller or Microsoft.  It has everything to do with a SPLA partner's account payable dept.
  4. Don't have one person manage your usage reporting.  In a lot of cases, a person leaves a company who was the only one who worked with the reseller directly.  When that person leaves, who is responsible for reporting?
  5. Don't be pressured.  Audits can take up a lot of resources.  Don't give up customer engagements to satisfy an auditor.  Your customers are the lifeblood of your business, don't delay meetings with your clients.
  6. The publisher needs you.  You are their sales arm.  You bring the hybrid cloud to life.
  7. Find out from the publisher who manages your account.  When was the last time you spoke to them about strategy or best practices?
  8. Relax.  It's not the IRS auditing you (yet)
  9. Don't settle just to settle.  You didn't grow your business to the magnitude you've grown it without having negotiating skills (and guts).
  10. Don't be scared to ask for help.   Have a question?  Email info@splalicensing.com

Thanks for reading,

Mrs. SPLA Man

PS – Slay that dragon!

 

 

 

 

 
Leave a comment

Posted by on August 10, 2017 in Compliance

 

Tags: , , , , , , , , , ,

Deep thoughts with SPLA Man

As we enter the new FY at Microsoft, I thought I would put together a list of topics that’s on everyone’s mind.

  • SPLA going away?  I don’t think so.  There’s too many SPLA partners to make an entire program disappear.  I also think this is one of the benefits Microsoft has over all it’s competitors.  If a customer wants to have an application hosted in one datacenter and use Azure for disaster recovery – Microsoft wins.  If Amazon is running Windows workloads (which they are) they must pay Microsoft for that usage through SPLA.  I also think SPLA is a way to move customers to Azure.  If you are a SPLA customer who just went through an audit, the SPLA customer might ask themselves why they continue to host at all?  Let’s use Azure and my compliance problems go away.  (they don’t but that’s for another article).
  • Is CSP/QMH really a must?   I guess the jury is still out (it hasn’t even launched yet for the partner community – September 2017).  There are a lot of restrictions to this program to consider – underlying Windows Pro licenses, becoming CSP direct authorized, not using CSP Indirect, RDS licenses when deploying VDI, etc.  If you decide to go down this route, pay close attention to what you can and cannot do.
  • Will SPLA pricing increase?  Yes.  No doubt about it.  Nothing stays the same for too long.
  • How can AWS win the cloud war?   Amazon has a revenue first, profit second mentality in my opinion.  Just look at their last earnings report (2017).  They can buy their way into the SaaS market at any cost.  They are not just a cloud company, they are an everything company.  They have the leverage to really get creative with their marketing and win businesses over.
  • How can Google beat AWS and Microsoft?  Google hasn’t scratched the surface with their footprint in the enterprise space.  One slip up by the other cloud powerhouses and Google becomes a very attractive offering.  Google has the power, the money, and the brand to make headway. Like AWS, they are not just a cloud/software company, they are an everything company.  I really think Google will surprise a lot of analyst in the near future with their cloud growth.
  • How can Microsoft beat them all?  Any organization that uses Microsoft software in a hosted environment must pay Microsoft for that luxury.  They already have a large footprint and very large customer base to move to Azure.  They also have 30k + SPLA partners (estimate) that are being used to sell their solution.
  • Will SPLA Man be able to afford a nice piece of jewelry for Mrs. SPLA Man?  For all the single women who read SPLAlicensing.com, don’t make the same mistake Mrs. SPLA Man made.  Poor Mrs. SPLA Man, when I first met her at the bar, she thought SPLA was something I created for the space station. Space Program Living Association.  S.P.L.A. – kind of like a home owner’s association but for space.  (I am not sure where she got that idea).  I do have a cool blog??!

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on August 2, 2017 in In My Opinion

 

Tags: , , , , , , , , , , , , , ,

More insight into the new Qualified Multitenant Program for CSP and SPLA

Over the course of the past week in a half, a lot of misleading information came about as a result of Microsoft’s announcement of the new QMTH program for hosting providers.  In this article, I will try to set the record straight and answer questions you may have.  Keep in mind, this is still developing, and the addendum is not available yet.  Please use this article as a general understanding, not a replacement for the Microsoft terms and conditions.  More information to come!  You can always email at info@splalicensing.com as well.

How do you I grasp QMTH in the simplest terms possible for my sellers?

Shared Computer Activation has been out for a long time, if your sellers understand SCA, QMH works in a very similar way.

Similarities to SCA 

  • Must be under SPLA to qualify and have the addendum
  • Must be CSP Direct authorized – check out qualifications and SCA here
  • Do not have to purchase Windows 10 directly from the hoster (the CSP Direct partner) they can purchase Windows 10 E3/E5 from other CSP partners but host it from your datacenter (as long as you are QMTH authorized)
  • Install on up to 5 devices.

Is SCA replaced with QMTH?

Yes.

If I’m SCA authorized, am I automatically authorzied for QMTH?

Yes/No.  You will need to update your landing page and you will need to sign the new addendum.  You will already be CSP Direct authorized if you are SCA authorized, it makes it a lot easier to transition.

Do I have to sell Office 365 with Windows 10?

No.  You can sell Windows 10 as a standalone product.

Can I still offer Windows/RDS for SPLA?

Yes.  Windows and RDS in SPLA is still available.  I would make it clear to the customer that you are not offering full Windows desktop but Windows Server.  I always liked Windows Server + RDS.  Shared environments, unlimited virtualization, etc. etc.

How does the activation and the licensing work? 

The base license for Windows 10 Enterprise is Windows 10 Pro.  It’s per user licensing, but the underlying qualified device needs Windows Pro.  The Windows 10 Enterprise features/bits is included with the Windows 10 Pro installation.  In other words, you install Windows 10 Pro, the Enterprise features are automatically turned off.  When your end customer subscribes to Windows 10 Enterprise E3/E5, those features will turn on.  When they unsubscribe, you guessed it – they are automatically turned off and the user goes back to Windows 10 Pro.  Check out this post from the Microsoft team Windows 10 Enterprise E3 in CSP

What happens if I work in a hospital with a dummy terminal that has no underlying/qualified OS.  Are you saying I must buy a Windows Pro license even if I don’t need it?

No.  You can buy Windows 10 Enterprise with VDA.  (Virtual Desktop Access), it provides a user access to a VDI session on a device that cannot run a qualified OS.  If an end-user has a dummy terminal, that user can still access a virtual desktop through VDA.

Can I just sell the customer Windows 10 E3 without virtualization rights?  They don’t need a virtual desktop.  

Yes.  Windows 10 E3 can be purchased with or without VDI rights (with is more expensive than without).  If they have Windows E5 the virtual rights are included but that doesn’t mean they have to install it virtually.

What happens if I use Azure as my datacenter provider?  Do I still need the addendum?

You do not need to be QMTH authorized to use Azure.  QMTH just provides you the ability to host Windows 10 E3/E5 in a shared environment from your datacenter.

When is this available?

August 1, 2017 for Azure.  September 1, 2017 for third-party hosting providers.

I am sure you have more questions.  I am always looking to learn more and learn your specific scenario.  If you do have a specific question, let me know and I can update this post accordingly.  It’s also worth mentioning that this program isn’t available yet.  I am sure there will be more information and updates as we move along.

Other articles of interest

Windows BlogWindows virtualization rights coming to CSP…

ZDnet – Microsoft’ plan to move more small-business users to Windows 10…

Thanks for reading,

SPLA Man

 

 

 

 
Leave a comment

Posted by on July 26, 2017 in VDI

 

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Don’t be Jimbo

Jimbo had a small IT firm for which he provided backup, security, and hosting for two clients.  He also purchased Office 365 licenses for a handful of users directly from the Microsoft Office 365 website and would bill them accordingly.  Jimbo also had an application he tried to develop to help end users better communicate with one another. It was similar to SharePoint, but more seamless and had better integration with third-party applications.  He had a SPLA, and had one person who submitted their usage report to their reseller.  Unfortunately, that person got sick and passed away.  Jimbo was sad and so was the rest of the staff.

To put his mind at ease, he spent every waking hour improving his application.  He thought it was going to be the next best thing.  I experienced the application firsthand myself, and found it to be a powerful tool.  I even asked to invest in it, but without any money, (Mrs. SPLA Man spent it all at Target), I had nothing to invest with.

Fast forward a year later.  Jimbo is still working on improving the application, and he's still hosting.  One day, Jimbo received an email from Microsoft.  It was titled “Self-Audit”, Jimbo was getting audited.  One thing left unmentioned, Jimbo is the nicest guy on the planet. He replied to Microsoft and in the end, provided them with everything.  All his server information, customer name, and reporting history.  It was an auditor’s dream.

Several weeks later, Microsoft provided Jimbo with the findings.  He owed $450,000 in unreported licensing fees.  Why so high?  No usage was being reported since the lady who reported SPLA passed away.  When she was reporting, she reported the wrong thing.  Instead of licensing Windows Datacenter, she reported Standard.  Instead of reporting physical processors and/or cores, she reported per VM.  Everything was a mess.  Jimbo, who neglected his hosting practice for months to focus on his application, was left feeling very uncertain about his future.  He did not have the funds to pay for licenses.

It’s unfortunate, but Jimbo had to shut down his hosting business.  The application he built?  Stopped.  He tried to sell it, and last I heard very few were interested.

Why such a depressing story and was it true?  Yes, the story is true (although slightly embellished).  Why share it?  I am telling you the story because there are too many organizations doing the same thing.  They have one person who manages the licenses, one person who was in contact with the reseller, and one person who knew what they were reporting.  What happens if that person leaves?  Too many organizations are also buying Office 365, but not getting the best discount.

Licensing is challenging, and in the case of Jimbo, his love wasn’t reporting usage, it was developing an application.  He should have had allocated resources to help manage his SPLA, so he could focus on what he knows best, the technology.

I am always asked why I created splalicensing.com and what's so different about SPLA Man than other blogs.  I think the main difference is honesty.  I am your licensing Siri or Alexa.  I am SPLAlexa. (that was bad).  Don’t be Jimbo.

Thanks for reading,

SPLA Man/SPLAlexa

 

 

 

 

 

 

 

 
Leave a comment

Posted by on July 24, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , , , , , ,

Steps to take to limit SPLA audit exposure

It’s the fourth quarter at Microsoft, this means audits are in full swing.  One of the easiest ways to collect large upfront payments are through SPLA audits.  Knowing this, what steps can you take to limit your audit exposure?

  1. Inventory – Although you submit a SPLA usage report each month, licenses are missed inadvertently.  When collecting inventory of what you should and should not report, be sure to include customer owned licenses.  If ANY customers are bringing licenses into your datacenter, they must have software assurance if it’s a shared environment.  Secondly, make sure to take a hard look at SQL.  To no one’s surprise, SQL is very expensive.  If you miss license SQL, it can add up really quickly.
  2. Agreements – Which MBSA agreement did you sign?  Don’t know what a MBSA agreement is?  Please ask your reseller for a copy.  Every SPLA customer has a signed Master Agreement.  This is the umbrella that ties all your Microsoft agreements together including SPLA.  There’s specific language in the agreement that goes over audits and the timeframe in which they are able to audit historically. Look closely at your agreements with your customer.  Did you mention they are responsible for licenses they bring into your datacenter?  Did you send them a license verification form for license mobility?  Do you have language that states they are responsible for anything under their Microsoft agreement but you are only responsible for yours?  Do you make the end user license terms (part of your signed SPLA) available to all customers?  Don’t know what an end user license terms agreement is?  Ask your reseller.
  3. Check AD closely.  Do you have administrative accounts that you are reporting?  What about test accounts?  Read your Microsoft SPLA agreement around testing, developing, and administrative access.
  4. Label server names appropriately – Label if a server is “passive” and label a server if it’s “development”.  This can save you time with the auditors.
  5. Check server install dates – If a server was active June, 2013 but nothing was reported on that server until June, 2015; Microsoft is going to ask A) what that server is doing and B) Why haven’t you reported it.  If it’s doing nothing, than shut it down before the audit.
  6. Check SAL licenses –  Do all users who potentially HAVE access are being reported?
  7. Check Office licenses – Do all users need access to Office Pro Plus?  Can they get away with Standard?  Did your engineers inadvertently publish Visio to every user when it only needs to go to a handful of end users?
  8. Double check server versions – Did your engineers accidentally install SQL Enterprise when it should be Standard?
  9. Are you taking advantage of all the use rights available?  As a SPLA, are you aware you can provide demonstrations to your customers at no charge?  Are you aware of the admin rights?  Are you aware you can run 50% of what you are hosting externally – internally?  (must actually report it all under SPLA – they are not free).
  10. Virtualization rights – Are you reporting SQL Enterprise to run unlimited VM’s? Are you running Windows Datacenter?  Remember, you do not license the individual VMs for Windows Server.  (You count physical cores which allows 1 VM for Standard or unlimited for Datacenter).
  11. MSDN, VDI, and other restrictions – No, you cannot host VDI and MSDN in a shared environment.  If you are, dedicate the servers immediately.  If you are hosting from the same hardware you are running internally, this also must be separated.
  12. Hiring Experts – Are they really experts or just advertise as such?

Hope this helps.  Any questions email info@splalicensing.com

Thanks for reading,

SPLA Man

 

 
Leave a comment

Posted by on April 25, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , ,

Epic Community Connect and SPLA

The healthcare community has increased concerns with the way they have deployed (and licensed) their electronic medical record (EMR) software such as Epic Community Connect and others.  As a reader of this blog, you know that when you deploy software for the benefit of a third party (non employee) SPLA must be part of the conversation.  The only exception to this rule is if you actually own the code to the software you are hosting.  In other words, if you developed the software, you can use your own volume licenses to host your software.  If you host a third party software (such as Epic) you must license this in SPLA.   In most cases, many healthcare companies do not own the application, but lease it from the EMR vendor.

Rewind a few years and let’s pretend you are a large hospital who partnered with Epic to provide best in class patient record management for your clients, doctors, and other clinics. Your Epic deployment resides on a Windows Server, SQL Server, and RDS.  As the IT director, you purchased several server licenses and hundreds of Client Access Licenses (CAL) to cover all the external users.  You think you are covered; no one mentions you need to license this via SPLA.  Your reseller didn’t tell you, Microsoft didn’t tell you, and for that matter the vendor didn’t tell you.  You think all is well based off the information you received.  Fast forward 3 years and your volume licensing agreement is up for renewal.  Someone on the licensing side informs you that you shouldn’t true-up licenses or renew your agreement under volume licensing, you need to license SPLA.  You think that’s fine, if you must license under a different program who are you to argue. But what about all those license you already purchased and own?  Unfortunately, you cannot return them, you must allocate those internally.  You think to yourself that’s fine, except for one minor detail…. you purchased hundreds of CALs and you do not have hundreds of employees; those license you own are essentially worthless.  On top of everything else, you just received an audit notification.

Why would they receive an audit notification?  Once a vendor recognizes you have been under-licensed, the vendor might want to dig in deeper to see how long you have been out of compliant and if you purchased enough licenses to cover all the users.  In 90% of all audits, the customer is under-licensed.  Now you own licenses you don’t need, but should’ve purchased more because you don’t own enough licenses to cover all external users initially.  The vendor will want you to pay the delta of what you should’ve paid under SPLA and what you purchased under volume licensing (plus an audit fee).

If you are a healthcare provider and have been notified by Microsoft or any other vendor, please contact us.  We have found that in many cases the licenses report is not always 100% accurate.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on October 12, 2016 in Compliance, EMR Software, Self Hosted

 

Tags: , , , , , , , , , , , , , , , ,

 
%d bloggers like this: