I asked a hoster (large provider who wants to remain anonymous but used John as a alias) about all the changes at Microsoft and beyond. Here’s the reduced version of the transcript. I will post the video later.
Interview Q & A on everything hosting. Audits, CSP, Flexible Virtualization, More Audits 🙂
SPLA Man: Thank you, John for joining us today to talk about SPLA. Let’s start off on your background. You were a software engineer focusing on software development for a small ISV back in the early 2000’s If I understand this correctly. How in the world did you end up getting mixed up with SPLA? (Laughs)
John: (laughs) I do not know. When I graduated from Georgia Tech, I went to work for small firm in Atlanta, Georgia. We were building a financial application specifically for the banking industry. It was a massive undertaking but also took up A LOT of processing power to install it, on premise. We decided to host it from a datacenter we partnered with locally to provide it more or less like software as a service. When we did that, we didn’t really consider the licensing.
SPLA Man: In walks SPLA (chuckles)
John: Exactly. I still remember getting an email from Microsoft asking us about our product. Ironically, I was actually thinking they were going to partner with us but it turned out to be an audit inquiry.
SPLA Man: Oh no! How did they know what you were doing?
John: I asked them the same question, they found a marketing brochure we posted on our website that talked about hosting the application to customers. I guess they could see we didn’t have a SPLA Agreement.
SPLA Man: Ok. Before we go further, let’s take a step back, we will go through the audit, I am sure the audience will appreciate the feedback there. But going back to your career. You started off working for a small, I guess for no lack of a better word, ISV. How long did you work there?
John: I was there for a few years and it was eventually acquired by another software developer firm. I ended up resigning and going back to school to get my MBA. Once I graduated with my MBA, I went to work for a large datacenter, an infrastructure provider here locally as head of product development and datacenter management. I still work there today 15 years later. (Laughs)
SPLA Man: And I assume they had or have a SPLA agreement?
John: Yeah, that’s where I drew the short straw and took over managing SPLA. Reporting to our distributor and working with Microsoft and our customers.
SPLA Man: What year was this when you graduated and started managing SPLA?
John: I graduated in 2008, so right around then is when I took over the licensing along with other responsibilities.
SPLA Man I was going to ask, what portion of your day do you spend on licensing related inquiries and what was spent on your leadership responsibilities or whatever you were originally hired to do?
John: (Laughs) I actually spent more time on licensing. Back then it was so confusing, it still is I suppose. There’s very few people who knew SPLA, that’s actually how I found you. I thought SPLA Man was nuts.
SPLA Man He is. (Laughs) But going back to your career, as a developer, was licensing ever a consideration? I always used to say, figure out the licensing first and then build the solution. But now with all the options it is the opposite.
John: I think, well, to answer your question, no. I never considered licensing. I knew licensing, actually let me rephrase, I heard of licensing, but I was hired to build applications. Licensing I always thought was something we would just document in our own terms and conditions or we would be informed by Microsoft.
SPLA Man: You mentioned you worked with Microsoft. How was that relationship?
John: My first job as a developer we didn’t work with them much. Later on with my current company, it was good. We would go to Seattle for their hosting conferences, I had a Microsoft rep who worked with us at the partner level. Any licensing questions we were told had to go through our reseller. It is still like that today.
SPLA Man: You still work with Microsoft or you have to get licensing advice from your reseller?
John: I only work with Microsoft for CSP. Licensing, I turn to you. (Laughs)
SPLA Man: Very nice. Alright, let’s go back to the audit.
John: (Laughs) Do we have to?
SPLA Man: Well, we don’t but I’m curious on your experience.
John: Alright. Well we were actually audited twice. Originally back, in I guess, 2006 or so we were audited because we were not using SPLA at all. We just bought the licenses outright from the direction of our distributor.
SPLA Man: Oh man. Were you mad with the distributor?
John: Nah. It wasn’t their fault. They weren’t even authorized for SPLA to begin with. I blamed our Microsoft rep. That didn’t really help.
SPLA Man : What was your experience like?
John: The first audit wasn’t bad. It’s not like our environment was huge, we owed money but we used the delta between what we purchased and what we owed by SPLA. The good news back then was that we were audited by Microsoft directly. In our second audit with my current company we were audited by KPMG.
SPLA Man: Couldn’t you argue for self-hosted in your first audit?
John: That information would have been helpful, SPLA Man. Just kidding. Well, self-hosted I am not even sure was around back then and we didn’t have software assurance. If we knew SPLA, it actually would have benefited us. Pay as you go fits well.
SPLA Man: So you were audited with your new company. Was the experience different?
John: Big time. We’re a much larger environment, thousands of VMs. It was a mess.
SPLA Man: How did you do your reporting?
John: So here I do blame our distributor a little bit. We used a script to track installments. We would then report to our distributor monthly. They did not have an online platform to submit it so we did it manually via a spreadsheet. It was never processed on their end and I believe that triggered the audit initially.
SPLA Man: Maybe. I think it is more based on revenue but if you do not report no matter who is at fault, Microsoft or any publisher will know. The thing with audits especially using an audit firm, Microsoft is going to want a return on their investment. Small datacenters get ignored in audits but won’t get audited because the return isn’t there. I’m guessing thats why you were not audited by KPMG in your first audit.
John: You are probably right.
SPLA Man: So you were doing things manually, more or less. What was the audit process like?
John: I didn’t work with Microsoft that much, mostly the auditor. And I get it; they are just doing their jobs, but it wasn’t fun.
SPLA Man: Can you explain?
John:Â You didn’t think this would be fun, did you SPLA Man? I’m kidding. It was really the time and effort. As we said, we were doing things manually. We didn’t have a process. So when the auditors asked us for information, we used their tooling system and sent all the data back to them. We thought, here’s our reporting, it’s all there. Which, in hindsight, was a mistake.
SPLA Man: Oh wow. You sent them just the raw report of all installations?
John: Yes, we wanted to finish this and move on. So we thought, “Here, take everything and tell us what we owe if anything.” We had no idea we were out of compliance.
SPLA Man: So what was the outcome?
John: I won’t explain specifics, but it was seven figures. Completely shocked.
SPLA Man: So you just wrote a check and called it a day?
John: I wouldn’t make it that simple. In the end, we did owe the amount, but we broke it up and did an Azure commit for some of it.
SPLA Man: How long did the audit last?
John: Start to finish? Probably about a year.
SPLA Man: So then what? Like how did you know what to commit for Azure?
John: We didn’t, but we sure as heck were not going to write a check.
SPLA Man. Okay, so I guess what were the next steps?
John: We worked with you. We had to get a plan. You recommended Octopus to help manage the licenses. It helped keep track of the deployments and streamlined, I guess, the process for us. We still have to understand the licensing, but the overall collection of data and billing helped us.
SPLA Man: Yeah, anytime you can reduce the time spent on reporting, the better. So, now that you have gone through two audits, what do you do to prepare for the future?
John: Well, that’s where the Octopus team helps. We do SAM baseline reporting. It’s kind of like a mini risk assessment to ensure we are doing it correctly. The other thing is we try to stay on top of the licensing better, especially with all the new changes.
SPLA Man: Yeah, I was going to ask. What do you think of all the new changes? Good, bad, indifferent?
John: Yes. (laughs) I think the change is generally good. The only problem is Microsoft will always tell us SPLA is more expensive or that Azure is the best thing since sliced bread. The reality is it depends on the situation. We like SPLA. CSP requires us to more or less be a reseller. We do not like that. Of course, if our customers want Azure, we will not turn them down. We look at the new changes as another way to go to market. It’s not one program over the other. It’s what our customers want that matters.
SPLA Man: We will dive into that more in a later podcast. Thanks for volunteering for another interview (laughs). But as a hoster, do you think SPLA will go away? I know I get asked daily.
John: No, they have tried to eliminate SPLA ever since BPOS. Remember that? No, seriously, I think SPLA will always be around. I appreciate your work and the work Octopus does to help create content and make our lives a bit easier.
SPLA Man: What about the new flexible virtualization? Do you help customers make the right decisions there?
John: Yes, we host our own training for customers. I know you have helped us and the rest of the Octopus Cloud team do that as well. I think that really has helped us with positioning. You are right; everyone is now a competitor. We have to make it easier for the customer. So I think the flexible virtualization is part of it but the other thing is, in many instances, customers do not want to mess with the licensing.
SPLA Man: I agree. And thank you for mentioning training. I think that is super important. Anything else? How about this last question? What advice would you give to another hoster going through an audit?
John: I know we didn’t get into the specifics, but I would take my time and not rush through it like we tried. I would also prepare more. If you are not going through an audit now, you will eventually. Try to understand the risks now before it is too late.Â
SPLA Man: Smart words. I always say, let’s eliminate risk before it becomes a risk. If you are not licensing correctly, you are not charging your customers right either.
John: That’s exactly right.
SPLA Man:Â Well, John. I appreciate your time today. Let’s do another interview. I want to dive into the flexible virtualization more and all that fun stuff.
John: Interview for sure. I am not sure anything with Microsoft is fun. (laughs)
Thanks for reading,
SPLA Man
SPLA Licensing 