I have an interesting question that by the title might seem easy but there is more than just Windows CALS. I am trying to implement the new Windows 2008/7 feature Direct Access. We are on a Windows 2003 domain and I have just been purchasing Windows 2003 CALS WITHOUT SA until there were not allowed and then starting purchasing Windows 2008 CALS as necessary. So I have enough Windows CAL's for all users to access all Windows 2003 Servers. Once I deploy the Windows 2008 Direct Access Server I believe I will need all users REGARDLESS if they will access the server or not to have a Windows 2008 CALs.
First I beleive this statement is true, but I would like some experts to agree or disagree.
Well I am trying to implement this access with limited cost. I am only going to allow a select few users to have this DirectAccess feature. I am willing to purchase Windows 2008 CALS for these 10 users but it will not be a cost effective solution if I have to acquire 120 more Windows 2008 CALS just so those 10 users can have DirectAccess.
Second what if I were to segregate this DirectAccess server on a seperate LAN. Have a router with ACL's in place between the DirectAccess Server and the rest of the domain and just allow network connectivity between these servers. So clients in the the domain will not have IP access to that DirectAccess server. Will that bypass this licensing issue and I can just acquire the 10 Windows 2008 licenes?
I know that a Server does not need a CAL unless a user is on that console accessing other resources (which this will not be the case). So that DirectAccess server does not need a Windows Device CAL. The 10 users will have Windows 2008 User CALs to access the DirectAccess Server and those CALS should include Windows 2003 Server as well so they will be able to access resrouces inside the domain.
I believe this can be a solution. In anyone has experience this or has done something like this I would appreciate any input.