You've probably noticed a constant shift in the licensing landscape as software publishers strive to accommodate evolving customer requirements (thought I'd put it nicely). For example, bundling is a popular tactic, where products are grouped together and additional discounts or advantageous use-rights applied when you acquire the bundle. In many cases, a bundle represents an attractive option; however, at times they also include unintended pitfalls. Lately, I've seen one specific issue surface quite a bit. What's more, it has serious compliance ramifications so I'd like to spend some time getting you up to speed. If you currently have a Microsoft Enrollment for Application Platform (EAP), or the newest incarnation called the Server/Cloud Enrollment (SCE), you should know that from a logistical standpoint there could be a dark cloud looming over your organization, so please read on.
The EAP and SCE licensing programs can be excellent choices provided you are comfortable committing your entire production environment to Software Assurance (SA is required for participation in the program on SQL and the Core Infrastructure Suite). Everything has SA, everything has license mobility, everything is licensed for whatever versions you are running. Sounds great, but it might be time to worry.
Pull a Licensing Statement and you might see rogue purchases of SQL server or Windows Server without Software Assurance. Although seemingly subtle, you are perfectly entitled to question the situation and wonder how this could occur - especially because you are now out of compliance with the program. Why be concerned? First, this happens frequently; second most people don't realize it happens frequently, and third, it represents a costly compliance risk.
In most cases, organizations fall out of compliance because of this scenario:
- You are doing a services engagement with a 3rd party.
- The provider uses the Open License program to acquire Windows or SQL servers on your behalf as part of the project. (The Open License program makes it easy to buy the licenses on your behalf and embed that in the total cost of the service.)
- The license purchase was not itemized on the services invoice.
- The licenses are acquired, work is finished, and you never knew that licenses were bought on your behalf.
So What's the Big Deal?
Windows and SQL servers licenses are rarely bought with Software Assurance. As a result, those purchases fail to meet the “all production environments must have SA" requirements of the EAP or SCE. And there is a clear compliance problem that is arguably no one's fault because everyone was just trying to complete the work on time. Sadly as the saying goes, “no good deed goes unpunished." The good news (if we dare use the phrase “good news" in the context of a compliance problem) is that the quantities are usually very small. Nevertheless, SQL issues are not cheap and the fix can quickly become an unplanned expense and a very unpleasant experience.
Best Advice: Avoid Completely
Let's be honest: the situation explained here is rarely full of malicious intent. It can be viewed as some careless documentation and detail oversight. However, the consequences are very real, with very real cost implications. Here are some tips to guard against it ever happening in the first place:
- Make sure your people know that if you're doing any services work to ask the provider to itemize any software purchase requirements. Remember that their business is services and getting things done right and on time. Licensing is not their forte, so they may not be aware how important it is to itemize a software purchase on an invoice (aka they don't do it). In their world: Job gets done, job costs X, invoice = X.
- You should ask about specific purchases and then double-check the invoice and ask again. This will help ensure that purchases go through the proper channels.
- Have your reseller pull a Microsoft License Statement at least once a year and review it together for accuracy. Simply send your reseller a one-line email stating “I give reseller X permission to pull my Microsoft license history," and that's all it takes to get the report.
My Professional Advice?
These types of rogue purchases are very difficult to spot in all the data, but trained eyes can identify them quickly and bring them to your attention. In some cases, if you catch them early enough you can return the licenses and put replacement purchases through the proper channels. Think of it as early detection, and you'll likely avoid a lot of headaches and hassles.
Not sure what your Microsoft history is like? You can always ask your Account Manager to pull it up. It's as easy as sending an email to give your permission.