On Fri, May 16, 2008 at 12:22 PM, Joe Heaton <[EMAIL PROTECTED]> wrote: > 1) If we're going to go with putting an AD in the DMZ, and go for Windows > authentication, we need CALs for every user that will authenticate.
Correct. > 2) If we go application authentication, and I'm not sure what exactly that > is, then we don't need the CALs? Incorrect. Basically, if you identify individual people in any way, shape, or form, you need a client license for them. It doesn't matter if you use Windows Integrated Authentication, or something third-party, or write your own. If you're tracking people individually, you need a client license for each user. If it's just anonymous web browsing, then you don't need a client license. The client license can be a CAL (Client Access License, assigned to a specific device or a specific person), or an External Connector License, which covers all external users. An "external user" is defined as someone who is not an employee or on-site worker of your organization. If these are employees connecting from home, you need CALs for them -- the ECL isn't appropriate. But presumably, you already have CALs for them. > 3) If we use Web edition, then we don't need the CALs? Correct. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
