Going to go out on a limb here and suggest Xbox doesn't have to buy Cals, or any software from Microsoft. :)
But your explanation is well written and nails it pretty well I believe. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Tuesday, November 18, 2014 8:36 AM To: '[email protected]' Subject: [NTSysADM] RE: IIS and cals I view it like this: If I have to log into a DC to gain access to the site. I require a CAL. If I log in but not to a DC then I do not require a CAL. Regardless of the back end. If you use your scope then someone like Verizon or Xbox would be broke paying for all the CALs they would require for all the users needing access to their sites but not using Active Directory. I am not a Lawyer nor do I play one on TV. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Tuesday, November 18, 2014 8:28 AM To: '[email protected]' Subject: [NTSysADM] RE: IIS and cals Right, I fetched the doc as per Michael, but the part I am still confused about is your second sentence. So if an unauthenticated user via a non-Windows kiosk accesses the site for which no windows based auth is setup, but application level authentication, then they do or don't need a cal? Also, if the app brokers auth to a DC, that is IIS itself does not perform authentication but our app takes forms based credentials and validates them against a DC, does this count as windows auth and therefor *all* users under any circumstance then need a cal? Thanks for the help guys, jlc -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Tuesday, November 18, 2014 4:17 AM To: [email protected] Subject: [NTSysADM] RE: IIS and cals If you are using Windows Server 2008 (or later), then anonymous (at the HTTP layer) connections do not require a CAL (e.g. you can have a HTML forms based authentication mechanism). Only if users are accessing across your LAN do you need CALs. Authenticated users at the HTTP layer (i.e. using Windows credentials, or certs mapped to Windows users) require user/device CALs. >From the latest PUR (same terms can be found in earlier docs) - Web Workloads >are: Web Workloads (also referred to as "Internet Web Solutions") are publicly accessible and consist solely of web pages, websites, web applications, web services, and/or POP3 mail serving. For clarity, access to content, information, and applications served by the software within an Internet Web Solution is not limited to your or your affiliates' employees. Software in Internet Web Solutions is used to run: * web server software (for example, Microsoft Internet Information Services), and management or security agents (for example, the System Center Operations Manager agent). * database engine software (for example, Microsoft SQL Server) solely to support Internet Web Solutions. * the Domain Name System (DNS) service to provide resolution of Internet names to IP addresses as long as that is not the sole function of that instance of the software. These don't require CALs. Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Tuesday, 18 November 2014 7:53 AM To: [email protected] Subject: [NTSysADM] RE: IIS and cals It's complicated. They are referring to something called external connectors - and those have always been there. But it depends on a lot of things, the version and edition of windows server, the version and edition of sql server, the version and edition of sharepoint... Generally speaking, the customer is correct, you need a CAL. However, there are still many use cases where you do not need a CAL. These things are described in boring detail in the Purchase Use Rights document. Go to Microsoft.com/licensing and search for the current PUR. Have lots of caffeine sitting beside you. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Monday, November 17, 2014 3:43 PM To: [email protected] Subject: [NTSysADM] IIS and cals A customer at my day job suggests MS changed the CAL licensing for IIS from the original requirement that a connection authenticated as a windows user requires a CAL, to any connection now requires a CAL? I don't see any corroborating support for that, anyone know anything about this? Thanks! jlc This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
