Microsoft user Cals

I'm drawing a blank.
I have two esxi virtuals running windows srver 2008 STD one is primary and second is secondary(load balancing). Primary is running oracle and proprietary server side software.  I have users with windows and mac that have the client side loaded of this product and make a connection back to the servers.  I know server 2008 STD(all of them) come with the default 5 user cal and can be bought in user vs device cal type.  I'm just not sure/clear if I need user cals for the clients making the connections back to the primary server?   Vendor asked, reseller MS lic persons asked and can't get clear feedback, concise yes or no. ??
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
In this case when it involves licensing it is best to contact Microsoft directly to obtain the correct answer to your question. They will be able to provide you an accurate answer and possibly other solutions.

Chris HInfrastructure ManagerCommented:
Yes, you need an end-user CAL for every user that accesses a resource on that server.
Chris HInfrastructure ManagerCommented:
Makes note here:

Q1 - If I have a printer that uses an IP address assigned by a router, but the drivers are deployed via a GPO...does that need a CAL?

A1 - Yes, any Windows Server access requires a Windows Server CAL.  In this scenario, the printers are connecting to, and receiving benefit of, Windows Server.  However, if all users who access or use that printer already have a user CAL - then you’re covered and will not need additional device CALs for the printer.

Q3 - If I have a Remote Access card installed in a server, does that need a CAL? If I run sniffer, does that need a CAL? If I use a common management tool that installs a service/daemon on each server - does that need a CAL?

A3 - Peripherals, server components and network equipment on their own do not generally require a CAL (for Windows Server or otherwise).  Server to server communication does not require a Windows Server CAL (between two licensed Windows Servers).  Device CALs are intended for the clients/endpoints accessing the Windows Server (for any reason - to get an IP address, to access a file, to authenticate to AD, to access an application of any type on the Windows Server, etc.)  User CALs are intended for the same reason - but are assigned to the users using the clients/endpoints. For example, a sniffer.  Generally, these won't require a CAL - they simply monitor network traffic.  However, let’s say that you have a software based sniffer installed on your desktop at work - and your desktop is accessing Windows Server (to get an IP, to authenticate to AD, etc.)  This scenario will require a device CAL for your desktop (or a user CAL for you), not because you are using a sniffer, but because the device/endpoint it’s installed on accesses Windows Server.  Management software.  Let’s use the same concepts above.  Let's say for example, the management software is installed on a Windows Server, and is being used to manage client devices, network equipment, and other servers.  Any device that accesses Windows Server as a result of being managed will require a Windows Server device CAL (with the exception of other Windows Server since Windows Server to Windows Server communication does not require a CAL).  If you are licensed by user in this scenario however, and all users are covered with a Windows Server CAL, the n you’re covered since all users of the managed devices are already covered with user CALs.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Chris HInfrastructure ManagerCommented:
Holy crap, apparently you need a CAL if a rando walks in on your network and gets a DHCP issuance..   That's just dumb.
dee30Author Commented:
wow, choward16980, okay good read. I'll review closely.   As for the  "Rando Walks" comment hilarious. My thought exactly, wow so everything that gets a leased IP need a cal, what the heck!  LOL

Okay, one more thing on this topic... there is a third Virt same product/propriety vendor.  They have iis running and a website published for use by internal users and apparently external, why is this not on my DMZ(another time another store), anyway... would I need cals  for those connections?  Web access cals or whatever type they're called?  Thank you.
Chris HInfrastructure ManagerCommented:
from here:

A Windows Server 2008 Client Access License (CAL) must be purchased for every user or device that accesses or uses the Windows Server 2008 or Windows Server 2008 R2 server software, except under the following circumstances:

* If the instances of the server software are accessed only through the Internet, without access being authenticated or otherwise individually identified by the server software or through any other means

^That MS link is dead though.... lol
Chris HInfrastructure ManagerCommented:

■      If Windows Server is accessed through the Internet and is not authenticated or otherwise individually identified by the server software or by any other means.
■      If users or devices are accessing Windows Web Server or Windows Server Foundation.
■      If external users (those who are not employees or on-site contractors or agents) are accessing the instances of server software on a physical server to which you have assigned a Windows Server External Connector license.
■      If up to two devices or users access your instances of the server software only to administer those instances.
■      To indirectly access a Windows Server that is used only to service and manage virtual instances of other server types. For instance, if Windows Server 2008 is being used solely as a hypervisor for Windows Server 2003, you only need Windows Server 2003 CALs, even though you are indirectly accessing Windows Server 2008.
dee30Author Commented:
Okay... I been reading and coming across a lot of what was just posted in response to the web server, but I'm confused on the authenticated part.   If the proprietary app has a login screen to their website and a user has to have their user I'd and pw to log in is that considered authentication by server sw or other means?  Would it need the lic then?
Chris HInfrastructure ManagerCommented:
To a lawyer, the word "Internet" implicitly implies external use.  Your "Employees" are on an LAN.  Again, this is mattress tag police stuff that you will probably not have to worry about.

The authentication on an IIS app occurs with one single user or however the application is programmed and then that is served to your end user.  You will not ever, ever, ever get a straight answer on this.  But, the ridiculous lawyer lingo clearly states that you MUST buy a CAL for your application.

I've dealt with the BSA, they're scumbags.  Horrendous, parasitic scumbags that literally sucker fish the murky mud of the enterprise trying to find anything to justify their pathetic existence.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dee30Author Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.