RE: ISA Licensing

• From: Alexandre Gauthier <gauthiera@xxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 18 Jan 2006 12:22:20 -0500

OPENOFFICE.ORG

... okay. I know. Sssh.


Oh and by the way I made this pretty expose just to answer Herr Doktor
Shinder's question :P

But this makes me wonder actually, how does the Windows licensing applies to
VPN connections? More specifically in the per seat context?

-----Message d'origine-----
De : Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
Envoyé : 18 janvier 2006 11:43
À : [ISAserver.org Discussion List]
Objet : [isalist] RE: ISA Licensing

http://www.ISAserver.org

EXCEL

-----
"I'll see your Llama and up you a Badger."
John T



----- Original Message ----- 
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 18, 2006 7:33 AM
Subject: [isalist] RE: ISA Licensing


http://www.ISAserver.org

WORD.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**



> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Wednesday, January 18, 2006 9:05 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA Licensing
>
> http://www.ISAserver.org
>
> All true, but the point was about "ISA" licensing, which is
> not in any way shape or form related to CALs.
>
> Let us not confuse one with the other, but rather, bask in
> the glow that cometh from a judicious application of synapse
> activity directed toward a soluble conundrum.
>
> Can I get a witness?!?
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
>
> -----Original Message-----
> From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx]
> Sent: Wednesday, January 18, 2006 5:05 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA Licensing
>
> http://www.ISAserver.org
>
> Watch me reply to myself! HUH! YEAH WATCH ME!
>
> Since nobody commented on this, I am bringing it up again to
> add up a bit to
> what I said previously. This licensing scheme holds true in
> Windows 2000,
> which was in place when I did my MCSE course (never did get the
> certification though from lack of motivation), but it
> occurred to me that it
> was a bit outdated.
>
> In Windows Server 2003, the "Per Seat" licensing mode was
> changed to "Per
> Device/Per User" (Per Server remains the same). This means
> that you either
> assign the CALs to Users or to Machines. Slightly more
> granular. So suppose
> I have the previous ASCII drawing, and have three users in
> there, I only
> need three CALs.
>
> This should be a bit more interesting than Per Seat if you
> have VPN services
> that auth against an Active Directory.
>
> Whenever I look at Windows licensing, I think "The price for
> a Kerberos
> token is high". And then nod in the same way you usually do whenever
> something gloom, of a nihilistic outcome is enunciated. And
> then proceed to
> sip Diet Coke.
>
> -----Message d'origine-----
> De : Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx]
> Envoyé : 16 janvier 2006 10:19
> À : [ISAserver.org Discussion List]
> Objet : [isalist] RE: ISA Licensing
>
> http://www.ISAserver.org
>
> Well, don't take what I'm saying as cold hard cash, but...
> This should be a refresher for you MCSAs MCSEs and MCPs.
>
> * Per Seat (which I prefer the split second you have more
> than one server):
>
> You will need one cal for each device/client that accesses
> the server (any
> kind of service). Connections between servers don't count for they are
> handled by your *server* license. This is the reason.
>
> * Per Server (which I find insanely limiting):
>
> In this scenario, some CALs are associated with a particular
> server; you
> enter them in the licensing applet in the control Panel.
> Purchasing say, 150
> CALs will just allow you to connect 150 clients simultaneously.
>
> If you have two servers, and one of them needs to access the
> other server,
> that eats one CAL.
>
> So let's make it ASCII (I'm not as cool as Thor in this
> regard though):
>
>          [Server] ----- [Server]
>         /    |           |     \
> [Client]  [Client]   [Client] [Client]
>
> In this scenario, Per set licensing would require 4 CALs,
> because you have 4
> clients accessing server resources, and the CALs are bound to
> the CLIENTS.
>
> Per Server would require...uh... 10 CALs. Because for each
> server, you have
> five devices (let's assume the two servers talk to each other
> continuously)
> accessing resources simultaneously and there are two servers,
> and the CALs
> are bound to the CONNECTIONS.
>
> I'm not sure about 2000 and 2003, but in the NT4 days, the per-server
> licensing mode was in fact "per connection" regardless of the
> device. In
> theory, it was probably not intended to, but practically
> that's what it did.
> Someone printing ate one CAL, the same person accessing the
> monthly tax
> report through SMB (or CIFS for those who like to call it
> that way) ate
> another.
>
> We had a Citrix Winframe (not metaframe. Winframe. NT 3.5 baby) server
> acting as the secondary DC that ate every single CAL by
> opening random RPC
> connections and never closing them... I think it was just the
> whole setup
> malfunctioning and that it was not intended that way.
>
> -----Message d'origine-----
> De : Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Envoyé : 14 janvier 2006 14:15
> À : [ISAserver.org Discussion List]
> Objet : [isalist] RE: ISA Licensing
>
> http://www.ISAserver.org
>
> That's a good question. I thought per server was for CIFS connections
> only. ???
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Saturday, January 14, 2006 12:27 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA Licensing
> >
> > http://www.ISAserver.org
> >
> > Not if it is per server licensing, right?
> >
> > t
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> > ----- Original Message ----- 
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Saturday, January 14, 2006 8:59 AM
> > Subject: [isalist] RE: ISA Licensing
> >
> >
> > http://www.ISAserver.org
> >
> > Hi Joseph,
> >
> > Why use RADIUS? Isn't the ISA firewall a domain member?
> >
> > You need CALs for the users at the DC.
> >
> > If you're using the local SAM on the ISA firewall, then you
> need user
> > CALs on the ISA firewall, but that's an unusual setup.
> >
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
> > > Sent: Friday, January 13, 2006 2:59 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] ISA Licensing
> > >
> > > http://www.ISAserver.org
> > >
> > > Jim:
> > >
> > > No - only authentication is for VPN to > ISA to > RADIUS/DC.
> > >
> > > Joe
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Friday, January 13, 2006 3:23 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA Licensing
> > >
> > > http://www.ISAserver.org
> > >
> > > Part 2..
> > >
> > > Does ISA authenticate any other traffic?
> > > If so, how are those accounts resolved; via RADIUS or
> direct-to-AD?
> > >
> > >
> > > -------------------------------------------------------
> > >    Jim Harrison
> > >    MCP(NT4, W2K), A+, Network+, PCG
> > >    http://isaserver.org/Jim_Harrison/
> > >    http://isatools.org
> > >    Read the help / books / articles!
> > > -------------------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
> > > Sent: Friday, January 13, 2006 12:03
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] ISA Licensing
> > >
> > > http://www.ISAserver.org
> > >
> > > Jim: Very interesting!
> > >
> > > My ISA is in Workgroup mode and using RADIUS for remote VPN
> > connection
> > > authentication.
> > >
> > > So, I assume I only need to count those accounts that
> > establish remote
> > > VPN connection? Correct?
> > >
> > > Joe
> > > P.S. one beer also goes to Jim.
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Friday, January 13, 2006 2:58 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA Licensing
> > >
> > > http://www.ISAserver.org
> > >
> > > Caveat - Windows still requires a CAL for each user being
> > > authenticated
> > > by ISA.
> > > Don't confuse one with the other or think that ISA
> > licensing replaces
> > > Windows licensing.
> > >
> > > -------------------------------------------------------
> > >    Jim Harrison
> > >    MCP(NT4, W2K), A+, Network+, PCG
> > >    http://isaserver.org/Jim_Harrison/
> > >    http://isatools.org
> > >    Read the help / books / articles!
> > > -------------------------------------------------------
> > >
> > >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » ISA Licensing
• » Re: ISA Licensing
• » RE: ISA Licensing
• » ISA Licensing
• » RE: ISA Licensing
• » ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing
• » RE: ISA Licensing

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---