locked
SQL Server Processor/Core Licensing and Windows CALs RRS feed

  • Question

  • I've scoured the internet for an answer to this question, so I'm assuming the scenario isn't as common as I think, or people are purposely looking the other way because they don't want to know the answer :)

    The application in question is pretty simple - An ASP.net web application using ASP.net forms auth (no end-user Windows Authentication).  Using Windows Server 2008 Web Edition, we've confirmed that no Windows CAL is required on the front-end web tier.

    So then on the back-end data tier (SQL Server) it also seems pretty straight forward.  As far as I can tell, the SQL Server licensing makes it pretty clear "...users who input data into, query, or view data through a web-based application... require a CAL".  So that makes it pretty obvious, you need a CAL or a per-processor/pre-core license of SQL Server.

    Here's where it gets tricky... What about the licensing requirements for the Windows Server that SQL Server is running on?  Do we need a WindowsCAL for each connection from the Web Tier to the SQL Server? Note that Windows CALs and SQL Server CALs are completely separate in terms if purchasing, and nothing says a SQL Server CAL is of a higher order than a Windows CAL (thereby covering both).

    It would seem ridiculous (IMHO) to allow unlimited connections to SQL, but then dump you back to the CAL model on Windows (since there is no "unlimited" option in Windows Server).  But licensing is a strange beast, and non-compliance is not something I'm interested in.

    Any insight with pointers to Microsoft documentation would be greatly appreciated!

    Thanks guys,

    Thursday, November 7, 2013 1:08 AM

Answers

  • For those of you who would like an answer on this without calling licensing support, here's the answer :)

    Windows Server 2012 does NOT have a CAL limitation for "public" web traffic.  I specifically asked about ASP.net Forms Authenticated users, and the licensing specialist said any website that uses anonymous authentication which then passes auth onto some other back-end process (e.g. ASP.net forms auth) you do not need a Windows CAL.  You DO need a Windows CAL if your application is somehow tied to services on the Windows box where the website user actually enters credentials which are authenticated against the local account store or domain controller.  So to me, that's a pretty simple answer - 

    anonymous auth = No CALs
    integrated auth = CAL required

    Ok, onto SQL Server... As quoted from my original post, SQL licensing makes it very clear that ANY connection to the database requires a CAL, even if it's multiplexed through IIS or some other middle-tier.  Bottom line? Simple answer here as well:

    public website with a SQL back-end = per-socket or core-licensing (since you can't count "CALs" on a public site)

    Finally, the most illusive question (for me anyway).  What about the copy of Windows running your SQL Server?  the answer here was  - No CALs required if it's purely a SQL Server connection.  Meaning, if all your Windows server is doing is running SQL Server and fielding query requests from your front-end IIS ASP.net app, you're do NOT need any Windows Server CALs.  You obviously do need SQL CALs or socket/core licenses, which I covered above.  You will however need Windows CALs on your SQL Server box for any Support specialists or Deployment folks who remote into the machine using TS or using UNC file shares and such to work with the server.

    Hopefully that helps someone else looking for a quick answer.  And as the moderator noted, if that doesn't make sense you should definitely call the licensing specialist.  They are very helpful and surprising quick to answer questions (without any sales pressure).

    • Marked as answer by Sofiya Li Monday, December 2, 2013 9:16 AM
    Tuesday, November 26, 2013 1:47 AM
  • Hello,

    This is a community forum for technical questions & issues.

    For question regarding pricing / licensing please contact a Microsoft sales partner or licensing expert.

    Call (1-800-426-9400), Monday through Friday, 6:00 AM to 6:00 PM PST to speak directly to Microsoft licensing specialist.

    http://www.microsoft.com/sqlserver/en/us/get-sql-server/how-to-buy.aspx

    http://www.microsoft.com/sqlserver/en/us/get-sql-server/licensing.aspx

    http://www.microsoft.com/licensing/about-licensing/sql2012.aspx


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    • Proposed as answer by Saeid Hasani Thursday, November 7, 2013 3:55 PM
    • Marked as answer by Sofiya Li Wednesday, November 13, 2013 1:42 PM
    Thursday, November 7, 2013 5:53 AM

All replies

  • Hello,

    This is a community forum for technical questions & issues.

    For question regarding pricing / licensing please contact a Microsoft sales partner or licensing expert.

    Call (1-800-426-9400), Monday through Friday, 6:00 AM to 6:00 PM PST to speak directly to Microsoft licensing specialist.

    http://www.microsoft.com/sqlserver/en/us/get-sql-server/how-to-buy.aspx

    http://www.microsoft.com/sqlserver/en/us/get-sql-server/licensing.aspx

    http://www.microsoft.com/licensing/about-licensing/sql2012.aspx


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    • Proposed as answer by Saeid Hasani Thursday, November 7, 2013 3:55 PM
    • Marked as answer by Sofiya Li Wednesday, November 13, 2013 1:42 PM
    Thursday, November 7, 2013 5:53 AM
  • For those of you who would like an answer on this without calling licensing support, here's the answer :)

    Windows Server 2012 does NOT have a CAL limitation for "public" web traffic.  I specifically asked about ASP.net Forms Authenticated users, and the licensing specialist said any website that uses anonymous authentication which then passes auth onto some other back-end process (e.g. ASP.net forms auth) you do not need a Windows CAL.  You DO need a Windows CAL if your application is somehow tied to services on the Windows box where the website user actually enters credentials which are authenticated against the local account store or domain controller.  So to me, that's a pretty simple answer - 

    anonymous auth = No CALs
    integrated auth = CAL required

    Ok, onto SQL Server... As quoted from my original post, SQL licensing makes it very clear that ANY connection to the database requires a CAL, even if it's multiplexed through IIS or some other middle-tier.  Bottom line? Simple answer here as well:

    public website with a SQL back-end = per-socket or core-licensing (since you can't count "CALs" on a public site)

    Finally, the most illusive question (for me anyway).  What about the copy of Windows running your SQL Server?  the answer here was  - No CALs required if it's purely a SQL Server connection.  Meaning, if all your Windows server is doing is running SQL Server and fielding query requests from your front-end IIS ASP.net app, you're do NOT need any Windows Server CALs.  You obviously do need SQL CALs or socket/core licenses, which I covered above.  You will however need Windows CALs on your SQL Server box for any Support specialists or Deployment folks who remote into the machine using TS or using UNC file shares and such to work with the server.

    Hopefully that helps someone else looking for a quick answer.  And as the moderator noted, if that doesn't make sense you should definitely call the licensing specialist.  They are very helpful and surprising quick to answer questions (without any sales pressure).

    • Marked as answer by Sofiya Li Monday, December 2, 2013 9:16 AM
    Tuesday, November 26, 2013 1:47 AM
  • For those of you who would like an answer on this without calling licensing support, here's the answer :)

    Windows Server 2012 does NOT have a CAL limitation for "public" web traffic.  I specifically asked about ASP.net Forms Authenticated users, and the licensing specialist said any website that uses anonymous authentication which then passes auth onto some other back-end process (e.g. ASP.net forms auth) you do not need a Windows CAL.  You DO need a Windows CAL if your application is somehow tied to services on the Windows box where the website user actually enters credentials which are authenticated against the local account store or domain controller.  So to me, that's a pretty simple answer - 

    anonymous auth = No CALs
    integrated auth = CAL required

    Ok, onto SQL Server... As quoted from my original post, SQL licensing makes it very clear that ANY connection to the database requires a CAL, even if it's multiplexed through IIS or some other middle-tier.  Bottom line? Simple answer here as well:

    public website with a SQL back-end = per-socket or core-licensing (since you can't count "CALs" on a public site)

    Finally, the most illusive question (for me anyway).  What about the copy of Windows running your SQL Server?  the answer here was  - No CALs required if it's purely a SQL Server connection.  Meaning, if all your Windows server is doing is running SQL Server and fielding query requests from your front-end IIS ASP.net app, you're do NOT need any Windows Server CALs.  You obviously do need SQL CALs or socket/core licenses, which I covered above.  You will however need Windows CALs on your SQL Server box for any Support specialists or Deployment folks who remote into the machine using TS or using UNC file shares and such to work with the server.

    Hopefully that helps someone else looking for a quick answer.  And as the moderator noted, if that doesn't make sense you should definitely call the licensing specialist.  They are very helpful and surprising quick to answer questions (without any sales pressure).

    Thanks for posting this, I am in the same boat. I will have a public facing web server and a backend SQL server. The web site requires all users to login so they can see the content. We use forms authentication as well (no Windows or Active Directory authentication). The application does all the authentication itself using the backend database (credentials are stored in a database table).

    I just called the licensing pre-sales number and spoke to a rep who said the web server would require CALs (or an External Connector in this case), because I am requiring people to login to view the content. He said it did not matter what the authentication method was. I clearly explained the web application handles all the authentication, but he still said we would need CALs in this case because users must authenticate to access the content. He likened it to a museum. If you need to buy a ticket to get in to see the content (in this case login to the web site), you need CALs he said.

    He also said I would need Windows Server CALs/EC for the Windows server that hosts the database. I will be using SQL Core licensing, so no additional SQL CALs will be needed.

    Just thought I would share what I learned.

    Tuesday, February 25, 2014 5:00 PM
  • For those of you who would like an answer on this without calling licensing support, here's the answer :)

    Windows Server 2012 does NOT have a CAL limitation for "public" web traffic.  I specifically asked about ASP.net Forms Authenticated users, and the licensing specialist said any website that uses anonymous authentication which then passes auth onto some other back-end process (e.g. ASP.net forms auth) you do not need a Windows CAL.  You DO need a Windows CAL if your application is somehow tied to services on the Windows box where the website user actually enters credentials which are authenticated against the local account store or domain controller.  So to me, that's a pretty simple answer - 

    anonymous auth = No CALs
    integrated auth = CAL required

    Ok, onto SQL Server... As quoted from my original post, SQL licensing makes it very clear that ANY connection to the database requires a CAL, even if it's multiplexed through IIS or some other middle-tier.  Bottom line? Simple answer here as well:

    public website with a SQL back-end = per-socket or core-licensing (since you can't count "CALs" on a public site)

    Finally, the most illusive question (for me anyway).  What about the copy of Windows running your SQL Server?  the answer here was  - No CALs required if it's purely a SQL Server connection.  Meaning, if all your Windows server is doing is running SQL Server and fielding query requests from your front-end IIS ASP.net app, you're do NOT need any Windows Server CALs.  You obviously do need SQL CALs or socket/core licenses, which I covered above.  You will however need Windows CALs on your SQL Server box for any Support specialists or Deployment folks who remote into the machine using TS or using UNC file shares and such to work with the server.

    Hopefully that helps someone else looking for a quick answer.  And as the moderator noted, if that doesn't make sense you should definitely call the licensing specialist.  They are very helpful and surprising quick to answer questions (without any sales pressure).

    Thanks for posting this, I am in the same boat. I will have a public facing web server and a backend SQL server. The web site requires all users to login so they can see the content. We use forms authentication as well (no Windows or Active Directory authentication). The application does all the authentication itself using the backend database (credentials are stored in a database table).

    I just called the licensing pre-sales number and spoke to a rep who said the web server would require CALs (or an External Connector in this case), because I am requiring people to login to view the content. He said it did not matter what the authentication method was. I clearly explained the web application handles all the authentication, but he still said we would need CALs in this case because users must authenticate to access the content. He likened it to a museum. If you need to buy a ticket to get in to see the content (in this case login to the web site), you need CALs he said.

    He also said I would need Windows Server CALs/EC for the Windows server that hosts the database. I will be using SQL Core licensing, so no additional SQL CALs will be needed.

    Just thought I would share what I learned.

    Sorry to dredge up an old thread, but I have been doing a lot of reading on CALs lately in anticipation of launching a public website.  Reading the license agreement, I don't think you need CALs on the front end Windows Server 2012 just because people are authenticating.  The Windows Server 2012 license agreement makes no mention of this that I can find.  It only says you need CALs for employees or your affiliates' employees.  A non-employee visitor does not fall under the definition an affiliate.

    The SQL Server licensing is tricky, and not written for public website access.  Is every user with an account to your online store need a CAL?  The only other option is SQL Server Enterprise licensed by CPU cores.





    • Edited by Michael1000 Sunday, February 1, 2015 7:52 PM
    Sunday, February 1, 2015 7:19 PM