WORD. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Wednesday, January 18, 2006 9:05 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA Licensing > > http://www.ISAserver.org > > All true, but the point was about "ISA" licensing, which is > not in any way shape or form related to CALs. > > Let us not confuse one with the other, but rather, bask in > the glow that cometh from a judicious application of synapse > activity directed toward a soluble conundrum. > > Can I get a witness?!? > > -------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > -------------------------------------------- > > -----Original Message----- > From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] > Sent: Wednesday, January 18, 2006 5:05 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA Licensing > > http://www.ISAserver.org > > Watch me reply to myself! HUH! YEAH WATCH ME! > > Since nobody commented on this, I am bringing it up again to > add up a bit to > what I said previously. This licensing scheme holds true in > Windows 2000, > which was in place when I did my MCSE course (never did get the > certification though from lack of motivation), but it > occurred to me that it > was a bit outdated. > > In Windows Server 2003, the "Per Seat" licensing mode was > changed to "Per > Device/Per User" (Per Server remains the same). This means > that you either > assign the CALs to Users or to Machines. Slightly more > granular. So suppose > I have the previous ASCII drawing, and have three users in > there, I only > need three CALs. > > This should be a bit more interesting than Per Seat if you > have VPN services > that auth against an Active Directory. > > Whenever I look at Windows licensing, I think "The price for > a Kerberos > token is high". And then nod in the same way you usually do whenever > something gloom, of a nihilistic outcome is enunciated. And > then proceed to > sip Diet Coke. > > -----Message d'origine----- > De : Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] > Envoyé : 16 janvier 2006 10:19 > À : [ISAserver.org Discussion List] > Objet : [isalist] RE: ISA Licensing > > http://www.ISAserver.org > > Well, don't take what I'm saying as cold hard cash, but... > This should be a refresher for you MCSAs MCSEs and MCPs. > > * Per Seat (which I prefer the split second you have more > than one server): > > You will need one cal for each device/client that accesses > the server (any > kind of service). Connections between servers don't count for they are > handled by your *server* license. This is the reason. > > * Per Server (which I find insanely limiting): > > In this scenario, some CALs are associated with a particular > server; you > enter them in the licensing applet in the control Panel. > Purchasing say, 150 > CALs will just allow you to connect 150 clients simultaneously. > > If you have two servers, and one of them needs to access the > other server, > that eats one CAL. > > So let's make it ASCII (I'm not as cool as Thor in this > regard though): > > [Server] ----- [Server] > / | | \ > [Client] [Client] [Client] [Client] > > In this scenario, Per set licensing would require 4 CALs, > because you have 4 > clients accessing server resources, and the CALs are bound to > the CLIENTS. > > Per Server would require...uh... 10 CALs. Because for each > server, you have > five devices (let's assume the two servers talk to each other > continuously) > accessing resources simultaneously and there are two servers, > and the CALs > are bound to the CONNECTIONS. > > I'm not sure about 2000 and 2003, but in the NT4 days, the per-server > licensing mode was in fact "per connection" regardless of the > device. In > theory, it was probably not intended to, but practically > that's what it did. > Someone printing ate one CAL, the same person accessing the > monthly tax > report through SMB (or CIFS for those who like to call it > that way) ate > another. > > We had a Citrix Winframe (not metaframe. Winframe. NT 3.5 baby) server > acting as the secondary DC that ate every single CAL by > opening random RPC > connections and never closing them... I think it was just the > whole setup > malfunctioning and that it was not intended that way. > > -----Message d'origine----- > De : Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Envoyé : 14 janvier 2006 14:15 > À : [ISAserver.org Discussion List] > Objet : [isalist] RE: ISA Licensing > > http://www.ISAserver.org > > That's a good question. I thought per server was for CIFS connections > only. ??? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Saturday, January 14, 2006 12:27 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: ISA Licensing > > > > http://www.ISAserver.org > > > > Not if it is per server licensing, right? > > > > t > > > > ----- > > "I'll see your Llama and up you a Badger." > > John T > > > > > > > > ----- Original Message ----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Saturday, January 14, 2006 8:59 AM > > Subject: [isalist] RE: ISA Licensing > > > > > > http://www.ISAserver.org > > > > Hi Joseph, > > > > Why use RADIUS? Isn't the ISA firewall a domain member? > > > > You need CALs for the users at the DC. > > > > If you're using the local SAM on the ISA firewall, then you > need user > > CALs on the ISA firewall, but that's an unusual setup. > > > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > > -----Original Message----- > > > From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx] > > > Sent: Friday, January 13, 2006 2:59 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] ISA Licensing > > > > > > http://www.ISAserver.org > > > > > > Jim: > > > > > > No - only authentication is for VPN to > ISA to > RADIUS/DC. > > > > > > Joe > > > > > > -----Original Message----- > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > Sent: Friday, January 13, 2006 3:23 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA Licensing > > > > > > http://www.ISAserver.org > > > > > > Part 2.. > > > > > > Does ISA authenticate any other traffic? > > > If so, how are those accounts resolved; via RADIUS or > direct-to-AD? > > > > > > > > > ------------------------------------------------------- > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/Jim_Harrison/ > > > http://isatools.org > > > Read the help / books / articles! > > > ------------------------------------------------------- > > > > > > > > > -----Original Message----- > > > From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx] > > > Sent: Friday, January 13, 2006 12:03 > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] ISA Licensing > > > > > > http://www.ISAserver.org > > > > > > Jim: Very interesting! > > > > > > My ISA is in Workgroup mode and using RADIUS for remote VPN > > connection > > > authentication. > > > > > > So, I assume I only need to count those accounts that > > establish remote > > > VPN connection? Correct? > > > > > > Joe > > > P.S. one beer also goes to Jim. > > > > > > -----Original Message----- > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > Sent: Friday, January 13, 2006 2:58 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA Licensing > > > > > > http://www.ISAserver.org > > > > > > Caveat - Windows still requires a CAL for each user being > > > authenticated > > > by ISA. > > > Don't confuse one with the other or think that ISA > > licensing replaces > > > Windows licensing. > > > > > > ------------------------------------------------------- > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/Jim_Harrison/ > > > http://isatools.org > > > Read the help / books / articles! > > > ------------------------------------------------------- > > > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >