Windows 2008 CALS Questions

I have an interesting question that by the title might seem easy but there is more than just Windows CALS.  I am trying to implement the new Windows 2008/7 feature Direct Access.  We are on a Windows 2003 domain and I have just been purchasing Windows 2003 CALS WITHOUT SA until there were not allowed and then starting purchasing Windows 2008 CALS as necessary.  So I have enough Windows CAL's for all users to access all Windows 2003 Servers.    Once I deploy the Windows 2008 Direct Access Server I believe I will need all users REGARDLESS if they will access the server or not to have a Windows 2008 CALs.

First I beleive this statement is true, but I would like some experts to agree or disagree.

Well I am trying to implement this access with limited cost.  I am only going to allow a select few users to have this DirectAccess feature.  I am willing to purchase Windows 2008 CALS for these 10 users but it will not be a cost effective solution if I have to acquire 120 more Windows 2008 CALS just so those 10 users can have DirectAccess.  

Second what if I were to segregate this DirectAccess server on a seperate LAN.  Have a router with ACL's in place between the DirectAccess Server and the rest of the domain and just allow network connectivity between these servers.  So clients in the the domain will not have IP access to that DirectAccess server.  Will that bypass this licensing issue and I can just acquire the 10 Windows 2008 licenes?

I know that a Server does not need a CAL unless a user is on that console accessing other resources (which this will not be the case).  So that DirectAccess server does not need a Windows Device CAL.  The 10 users will have Windows 2008 User CALs to access the DirectAccess Server and those CALS should include Windows 2003 Server as well so they will be able to access resrouces inside the domain.

I believe this can be a solution. In anyone has experience this or has done something like this I would appreciate any input.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Darius GhassemCommented:
No one on EE can answer this question properly. You need to call MS to make sure you are licensed properly. We can give you a guess but our guess could be totally wrong. MS is the place to go.

You should purchase CALs for any client computer that will access a server for resources. If the computer or user will not use the server for any resources then you don't need a CAL.
scopeorthoAuthor Commented:
Understoold with contacting MS I have contacted my Vendor and they have MS specialist. I am a waiting for a response sometime soon.  I wanted to see if anyone has expereinced the same issue as I am.
Darius GhassemCommented:
No issue is really the same that is what the problem is.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

From what I have been told by my Microsoft supplier.

On your 2008 server if you only have the 10 user accessing your server you will only need 10 CALs.
You do not need 1 for every staff member. You will need one for every staff member if they are all going to connect to the server 2008.
If you have 5 more user come into the company I suggest getting 2008 CALs not 2003. The 2008 CALs also cover 2003.

However you will want to check with Microsoft or your supplier to comfirm this.
scopeorthoAuthor Commented:
Thanks for all that replied and gave input straight from Microsoft:

If he can segregate those users and only those users authenticate to the new Server 2008 R2 server DC and Direct Access server, then more than 10 CALs are not required.

So the answer folks is you need to segregate you network and make sure no connectivity is allowed to that server but only those authorized/licensed to reach that server.  

So what I will do is seperate that LAN with a router so my other clients that do not have W2K8 CALS cannot reach that server.  Now off to make this DirectAccess work!

Darius GhassemCommented:
Accepting the answer from Author could cause issues for other users that use EE if licensing changes per MS. I think the best solution to any licensing question should be to contact the actual vendor for the answers to licensing.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
scopeorthoAuthor Commented:
That is the right Answer, but I strongly beleive in knowing what peers are doing either be right or wrong.  Identifying the incorrect with the correct is what we are all striving for so I was looking for what other Admins were doing and to get their input
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.