RSS

Tag Archives: Service Provider Use Rights

IaaS Gotchas…

31 Jan

In this post I will highlight new (and not so new) compliance gotchas as it pertains to providing infrastructure as a service.

Let’s start with a common example and go from there.  You provide the infrastructure such as Windows/SQL, your customer provides the applications.  Sound familiar?  You license Windows Datacenter, SQL Enterprise in a shared (aka public cloud) environment under SPLA. You have no idea or really care what applications your customer’s are installing right?  You just provide the support of the infrastructure.  That’s not your concern.  It’s their application, why should you care?  Ahhh…but maybe you should.

Have you ever wondered how they’re accessing the applications?  Are all applications web-based?  I will answer that question for you…no.  So how are they accessing the applications?  Do they use Citrix?  Do they remote into the application somehow?  There’s that word…remote.

If you enable the Remote Desktop Services role within Windows Server – you guessed it…you need to report RDS licenses.  The number of IaaS providers who just report Windows and SQL is astronomical. The number of IaaS providers now reporting RDS is also rapidly growing.  Did they wake up one day and decide they should start reporting RDS?  Unfortunately no.  They were audited.  Shoot me over an email and I will forward the guide that explains RDS and when it applies. Remember when you license RDS, you need to license each user that HAS access to RDS – not who does access.

Let me provide an example of how easily you could be underreporting RDS.   Let’s say your customer has an application from another vendor (outside Microsoft) that’s hosted in your datacenter.  That same vendor provides support to the application.  You are not hosting the application for the vendor but for your customer, you just provide the vendor access to support the application via remote connection.  SPLA allows 20 users to provide support and administration per datacenter.  If you exceed that limit, you are going to have to report those additional users.  Yes, even if you are not charging them.

Other IaaS Gotchas –

While we’re on the topic of customer owned applications, do you have it written in your agreement with the customer that you are not responsible for the applications they install?  What would happen if they install applications that you are not aware of and they don’t have the appropriate licenses…who’s responsible you or the end customer?  Kind of a trick question, it’s both.  You will get audited, it’s installed in your datacenter, you are ultimately responsible.  You need to ensure you have it written in your agreement that you’re not responsible so you can have a nice chat with your customer.  All the big boys do it…you should too.

What about SQL?  Are you virtualizing?  Why aren’t you reporting SQL Enterprise?  Are you utilizing all the use rights that come with SQL Enterprise – unlimited virtualization, DR, mobility within server farms, etc?  What about smaller environments?  Have you considered licensing by user instead of by core for SQL Standard edition?

SQL Web is tempting isn’t it?  Less expensive option but no one really understands what it is.   Here’s a quick synopsis – if you do not host public facing websites, SQL Web is not an option.

How are you managing your datacenter? Do you have System Center installed?  You should report the Core Infrastructure Suite.  Running Hyper V with few VM’s, license CPS. Both products include Windows.  You need Windows to run System Center, so you kill two birds with one stone so to speak.

Ask your customers if they have Software Assurance.  It’s no longer about latest version rights and annual payments.  It’s about moving to the cloud.  Let’s make sure it’s your cloud and not someone else’s.

Conclusion –

I’ve been around this game of SPLA for a long time.  The best advice I can give is to listen to your customers and don’t be afraid to change.  Cloud is evolving, you should evolve too.  Don’t report out of convenience, look into ways you can optimize what you are reporting.  It’s competitive out there, let’s make sure you are getting the most value out of your agreement.

Thanks for reading,

SPLA Man

 

 

Advertisement
 
11 Comments

Posted by on January 31, 2015 in IaaS

 

Tags: , , , , , , , , , , , , , , , , , ,

SPLA Compliance Audit- How Not to be the Chosen One!

05 Mar

If you recently went through an audit or just nervous about being notified, I outlined ten steps that service providers can take to arm themselves more efficiently and be compliant.

  1. If you are running Microsoft software, you must license Windows.  All Microsoft software runs on a Windows OS.
  2. If you are licensing SharePoint- SharePoint requires SQL and Windows.
  3. Reporting SharePoint Enterprise you must license SharePoint Standard
  4. Installing Office on a server requires Remote Desktop (RDS) licenses.  Office and RDS licenses should match (cannot have more Office licenses than RDS licenses)
  5. If you have customers bringing licenses into your hosted environment you need to host it in a physical and dedicated environment.  (nothing shared among other customers)
  6. If you are reporting user licenses (SAL- Subscriber Access License) you need a license for each user that has access.  For example, if you have 10 totals users in the month of May and only 4 actually use or access that software, you must license all 10.  SPLA user licenses are similar to your cable bill; your cable provider is going to charge you regardless if you turn your TV on or not.
  7. If you have customer owned licenses in your environment, you must keep all relevant documentation.  This includes enrollment information, start date, end date, and who they bought the licenses from.
  8. Renting out a PC make sure the PC has an OEM license preinstalled.
  9. No virtualizing/streaming Windows desktop OS from a datacenter.
  10. You can install your server on a customer premise, but do not install SPLA software on your customer’s server!

This is not bulletproof by any means.  Use this as a guide when looking at your own environment.  Look at it from the auditors eyes.  What information would they need to verify that I am compliant? The SPUR (Service Provider Use Rights) is the best reference when it comes to Microsoft SPLA.  You can download a copy here.  If you have trouble sleeping at night; this is a must read.

Thanks for reading,

SPLA Man

 
1 Comment

Posted by on March 5, 2013 in Compliance

 

Tags: , , , , , , , , , , , , , , , , , , , ,

 
%d bloggers like this: