Windows 2008 CALS Questions

I have an interesting question that by the title might seem easy but there is more than just Windows CALS.  I am trying to implement the new Windows 2008/7 feature Direct Access.  We are on a Windows 2003 domain and I have just been purchasing Windows 2003 CALS WITHOUT SA until there were not allowed and then starting purchasing Windows 2008 CALS as necessary.  So I have enough Windows CAL's for all users to access all Windows 2003 Servers.    Once I deploy the Windows 2008 Direct Access Server I believe I will need all users REGARDLESS if they will access the server or not to have a Windows 2008 CALs.

First I beleive this statement is true, but I would like some experts to agree or disagree.

Well I am trying to implement this access with limited cost.  I am only going to allow a select few users to have this DirectAccess feature.  I am willing to purchase Windows 2008 CALS for these 10 users but it will not be a cost effective solution if I have to acquire 120 more Windows 2008 CALS just so those 10 users can have DirectAccess.  

Second what if I were to segregate this DirectAccess server on a seperate LAN.  Have a router with ACL's in place between the DirectAccess Server and the rest of the domain and just allow network connectivity between these servers.  So clients in the the domain will not have IP access to that DirectAccess server.  Will that bypass this licensing issue and I can just acquire the 10 Windows 2008 licenes?

I know that a Server does not need a CAL unless a user is on that console accessing other resources (which this will not be the case).  So that DirectAccess server does not need a Windows Device CAL.  The 10 users will have Windows 2008 User CALs to access the DirectAccess Server and those CALS should include Windows 2003 Server as well so they will be able to access resrouces inside the domain.

I believe this can be a solution. In anyone has experience this or has done something like this I would appreciate any input.

Dennis
scopeorthoAsked:
Who is Participating?
 
Darius GhassemCommented:
Accepting the answer from Author could cause issues for other users that use EE if licensing changes per MS. I think the best solution to any licensing question should be to contact the actual vendor for the answers to licensing.

0
 
Darius GhassemCommented:
No one on EE can answer this question properly. You need to call MS to make sure you are licensed properly. We can give you a guess but our guess could be totally wrong. MS is the place to go.

You should purchase CALs for any client computer that will access a server for resources. If the computer or user will not use the server for any resources then you don't need a CAL.
0
 
scopeorthoAuthor Commented:
Understoold with contacting MS I have contacted my Vendor and they have MS specialist. I am a waiting for a response sometime soon.  I wanted to see if anyone has expereinced the same issue as I am.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Darius GhassemCommented:
No issue is really the same that is what the problem is.
0
 
hutnorCommented:
From what I have been told by my Microsoft supplier.

On your 2008 server if you only have the 10 user accessing your server you will only need 10 CALs.
You do not need 1 for every staff member. You will need one for every staff member if they are all going to connect to the server 2008.
If you have 5 more user come into the company I suggest getting 2008 CALs not 2003. The 2008 CALs also cover 2003.

However you will want to check with Microsoft or your supplier to comfirm this.
0
 
scopeorthoAuthor Commented:
Thanks for all that replied and gave input straight from Microsoft:

If he can segregate those users and only those users authenticate to the new Server 2008 R2 server DC and Direct Access server, then more than 10 CALs are not required.

So the answer folks is you need to segregate you network and make sure no connectivity is allowed to that server but only those authorized/licensed to reach that server.  

So what I will do is seperate that LAN with a router so my other clients that do not have W2K8 CALS cannot reach that server.  Now off to make this DirectAccess work!

Dennis
0
 
scopeorthoAuthor Commented:
That is the right Answer, but I strongly beleive in knowing what peers are doing either be right or wrong.  Identifying the incorrect with the correct is what we are all striving for so I was looking for what other Admins were doing and to get their input
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.