sounds like external connector license for IIS, depending of course http://blogs.technet.com/b/volume-licensing/archive/2014/03/10/licensing-how-to-when-do-i-need-a-client-access-license-cal.aspx
If you have Windows Servers configured to run a “web workload” these users will not require CALs or External Connectors. However, let’s say you are using Windows Server to setup an online store where customers can buy widgets. You have front end Windows Servers setup to support your website, and backend servers (e.g. commerce servers) setup so customers can check out and buy your widgets. The front end servers used to host your website would generally be considered as running “web workloads” and CALs or External Connectors will not be required to access these servers. Once the customer adds a widget to their shopping cart, creates an account and enters their credit card and shipping information to complete the sale – they are now authenticated via your back end commerce servers/application (non-web workload). Since users are accessing the backend commerce servers which web workloads are not running – CALs or External Connectors will be required for users to access these back end servers. Jean-Paul Natola From: [email protected] Date: Tue, 18 Nov 2014 10:40:54 -0500 Subject: Re: [NTSysADM] RE: IIS and cals To: [email protected] >>If you use your scope then someone like Verizon or Xbox would be broke paying >>for all the CALs they would require for all the users needing access to their >>sites but not using Active Directory. Not so... There are separate SKUs for the products that will be internet connected where the number of connected persons will be high or otherwise unknown. Check the licensing docs... ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… On Tue, Nov 18, 2014 at 8:36 AM, David McSpadden <[email protected]> wrote: I view it like this: If I have to log into a DC to gain access to the site. I require a CAL. If I log in but not to a DC then I do not require a CAL. Regardless of the back end. If you use your scope then someone like Verizon or Xbox would be broke paying for all the CALs they would require for all the users needing access to their sites but not using Active Directory. I am not a Lawyer nor do I play one on TV. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Tuesday, November 18, 2014 8:28 AM To: '[email protected]' Subject: [NTSysADM] RE: IIS and cals Right, I fetched the doc as per Michael, but the part I am still confused about is your second sentence. So if an unauthenticated user via a non-Windows kiosk accesses the site for which no windows based auth is setup, but application level authentication, then they do or don't need a cal? Also, if the app brokers auth to a DC, that is IIS itself does not perform authentication but our app takes forms based credentials and validates them against a DC, does this count as windows auth and therefor *all* users under any circumstance then need a cal? Thanks for the help guys, jlc -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Tuesday, November 18, 2014 4:17 AM To: [email protected] Subject: [NTSysADM] RE: IIS and cals If you are using Windows Server 2008 (or later), then anonymous (at the HTTP layer) connections do not require a CAL (e.g. you can have a HTML forms based authentication mechanism). Only if users are accessing across your LAN do you need CALs. Authenticated users at the HTTP layer (i.e. using Windows credentials, or certs mapped to Windows users) require user/device CALs. >From the latest PUR (same terms can be found in earlier docs) - Web Workloads >are: Web Workloads (also referred to as "Internet Web Solutions") are publicly accessible and consist solely of web pages, websites, web applications, web services, and/or POP3 mail serving. For clarity, access to content, information, and applications served by the software within an Internet Web Solution is not limited to your or your affiliates' employees. Software in Internet Web Solutions is used to run: * web server software (for example, Microsoft Internet Information Services), and management or security agents (for example, the System Center Operations Manager agent). * database engine software (for example, Microsoft SQL Server) solely to support Internet Web Solutions. * the Domain Name System (DNS) service to provide resolution of Internet names to IP addresses as long as that is not the sole function of that instance of the software. These don't require CALs. Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Tuesday, 18 November 2014 7:53 AM To: [email protected] Subject: [NTSysADM] RE: IIS and cals It's complicated. They are referring to something called external connectors - and those have always been there. But it depends on a lot of things, the version and edition of windows server, the version and edition of sql server, the version and edition of sharepoint... Generally speaking, the customer is correct, you need a CAL. However, there are still many use cases where you do not need a CAL. These things are described in boring detail in the Purchase Use Rights document. Go to Microsoft.com/licensing and search for the current PUR. Have lots of caffeine sitting beside you. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Monday, November 17, 2014 3:43 PM To: [email protected] Subject: [NTSysADM] IIS and cals A customer at my day job suggests MS changed the CAL licensing for IIS from the original requirement that a connection authenticated as a windows user requires a CAL, to any connection now requires a CAL? I don't see any corroborating support for that, anyone know anything about this? Thanks! jlc This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
