*>>If you use your scope then someone like Verizon or Xbox would be broke paying for all the CALs they would require for all the users needing access to their sites but not using Active Directory.*
Not so... There are separate SKUs for the products that will be internet connected where the number of connected persons will be high or otherwise unknown. Check the licensing docs... *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...* On Tue, Nov 18, 2014 at 8:36 AM, David McSpadden <[email protected]> wrote: > I view it like this: > If I have to log into a DC to gain access to the site. I require a CAL. > If I log in but not to a DC then I do not require a CAL. > Regardless of the back end. > If you use your scope then someone like Verizon or Xbox would be broke > paying for all the CALs they would require for all the users needing access > to their sites but not using Active Directory. > I am not a Lawyer nor do I play one on TV. > > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Joseph L. Casale > Sent: Tuesday, November 18, 2014 8:28 AM > To: '[email protected]' > Subject: [NTSysADM] RE: IIS and cals > > Right, > I fetched the doc as per Michael, but the part I am still confused about > is your second sentence. > So if an unauthenticated user via a non-Windows kiosk accesses the site > for which no windows based auth is setup, but application level > authentication, then they do or don't need a cal? > > Also, if the app brokers auth to a DC, that is IIS itself does not perform > authentication but our app takes forms based credentials and validates them > against a DC, does this count as windows auth and therefor *all* users > under any circumstance then need a cal? > > Thanks for the help guys, > jlc > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Ken Schaefer > Sent: Tuesday, November 18, 2014 4:17 AM > To: [email protected] > Subject: [NTSysADM] RE: IIS and cals > > If you are using Windows Server 2008 (or later), then anonymous (at the > HTTP layer) connections do not require a CAL (e.g. you can have a HTML > forms based authentication mechanism). Only if users are accessing across > your LAN do you need CALs. > > Authenticated users at the HTTP layer (i.e. using Windows credentials, or > certs mapped to Windows users) require user/device CALs. > > From the latest PUR (same terms can be found in earlier docs) - Web > Workloads are: > > Web Workloads (also referred to as "Internet Web Solutions") are publicly > accessible and consist solely of web pages, websites, web applications, web > services, and/or POP3 mail serving. For clarity, access to content, > information, and applications served by the software within an Internet Web > Solution is not limited to your or your affiliates' employees. > Software in Internet Web Solutions is used to run: > * web server software (for example, Microsoft Internet Information > Services), and management or security agents (for example, the System > Center Operations Manager agent). > * database engine software (for example, Microsoft SQL Server) > solely to support Internet Web Solutions. > * the Domain Name System (DNS) service to provide resolution of > Internet names to IP addresses as long as that is not the sole function of > that instance of the software. > > These don't require CALs. > > Cheers > Ken > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Michael B. Smith > Sent: Tuesday, 18 November 2014 7:53 AM > To: [email protected] > Subject: [NTSysADM] RE: IIS and cals > > It's complicated. > > They are referring to something called external connectors - and those > have always been there. But it depends on a lot of things, the version and > edition of windows server, the version and edition of sql server, the > version and edition of sharepoint... > > Generally speaking, the customer is correct, you need a CAL. However, > there are still many use cases where you do not need a CAL. > > These things are described in boring detail in the Purchase Use Rights > document. Go to Microsoft.com/licensing and search for the current PUR. > Have lots of caffeine sitting beside you. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Joseph L. Casale > Sent: Monday, November 17, 2014 3:43 PM > To: [email protected] > Subject: [NTSysADM] IIS and cals > > > A customer at my day job suggests MS changed the CAL licensing for IIS > from the original requirement that a connection authenticated as a windows > user requires a CAL, to any connection now requires a CAL? > > I don't see any corroborating support for that, anyone know anything about > this? > > Thanks! > jlc > > > > > > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > Please consider the environment before printing this email. > > > >
