Microsoft Licensing: Part 5 (virtualisation)

I’ve written previously about Microsoft’s software licensing rules for server virtualisation but in this post, I’ll pick up on a few areas that I haven’t specifically covered before.

Just to summarise the situation with regards to Windows:

  • Windows Server 2008 standard edition and later includes the right to run one virtualised operating system environment (OSE).
  • Windows Server 2003 R2 enterprise edition and later includes the right to run four virtualised OSEs, as does Windows Vista enterprise edition.
  • Windows Server 2003 R2 datacenter edition and later, and Windows Server 2008 for Itanium-based systems include the right to run an unlimited number of virtualised OSEs, provided that all physical processors are licensed and the requisite number of client access licenses (CALs) have been purchased.
  • Each OSE can be the same, or a downlevel version of the Windows product running on the host; however a Windows Server 2003 R2 enterprise edition host is not licensed for Windows Server 2008 guests.
  • Multiple licenses may be assigned to a server (e.g. multiple enterprise edition licenses to run up to 8, 12, 16, etc. OSEs – saving on the cost of licensing the OSEs individually). Standard and enterprise edition licenses can also be re-assigned between servers (but only once every 90 days) and it quickly becomes more cost-effective to use datacenter edition, with its right to unlimited virtual OSEs.
  • If the maximum number of OSE instances are running, then the instance of WIndows running on the physical server may only be used to manage the virtual instances (i.e. it cannot support its own workload).
  • The same licensing rules apply regardless of the virtualisation product in use (so it is possible to buy Windows Server datacenter edition to licence Windows guest OSEs running on a VMware Virtual Infrastructure platform, for example).

When looking at the applications running in the virtual environment, these are licensed as they would be in a physical environment – and where per-processor licensing applies to virtualised applications, this relates to virtual CPUs.

SQL Server 2005 Enterprise Edition allows unlimited virtual SQL servers (using the per-processor licensing model) to run in a virtualised environment, providing that SQL Server has been purchased for the physical server, according to the number of physical CPUs. Similar rules apply to BizTalk Server 2006 R2 enterprise edition.

When using Windows Vista enterprise edition as the virtualisation product (e.g. with Virtual PC) and running Office 2007 enterprise edition, the virtual OSEs can also run Office (even mixed versions).

Microsoft offers two Windows Server virtualisation calculators to estimate the number and cost of Windows Server licences for a variety of virtualisation scenarios (based on US open agreement pricing).

Looking at some of the other types of virtualisation that may be considered:

  • Presentation virtualisation (Terminal Services) requires the purchase of Terminal Server client access licenses (TSCALs) in addition to the server license, the normal per-device/user CALs and any application software. There are some other complications too in that:
    • Microsoft Office is licensed on a per-device basis, so non-volume license customers will also need to purchase a copy of Microsoft Office for the terminal server if clients will use Office applications within their terminal server sessions.
    • If users can roam between devices then all devices must be licensed as roaming users can use any device, anywhere. So, if 1000 terminal server devices are provided but only 50 users need to use Office applications, 1000 copies of Office are required if the users can access any device; however, if the 50 Office users use dedicated devices to access the terminal server and never use the other 950 devices, then only 50 Office licenses are required.

Microsoft Application Virtualization (formerly SoftGrid) is only available to volume license customers.

In part 6 of this series, I’ll look at licensing for some of Microsoft’s security products.

Microsoft Licensing: Part 4 (System Center products)

Last week, I wrote about licensing Microsoft Server products but I deliberately ignored Microsoft’s family of systems management products. This post continues the series on Microsoft licensing, taking a look at the licensing considerations for the main System Center products.

System Center products that rely on SQL Server for database functionality, for example System Center Operations Manager (SCOM) 2007 and System Center Configuration Manager (SCCM) 2007 are available both with and without SQL Server 2005 standard edition included (which option to select will depend on the database arrangements in use). No SQL client access licenses (CALs) are required if the per-processor model is used, or if the inclusive SQL Server license is used; however SQL CALs are required for every managed device if SQL Server is licensed using the server and CAL model.  It’s also important to note that if the included SQL Server licensing is used, then SQL Server may only be used for System Center products – not as a standalone server or with any other application.

The main System Center products do not require CALs but a Management License (ML) is required for each managed device.For SCOM, there are some exceptions:

  • Devices that SCOM has merely discovered the presence of but for which SCOM is not being used for management.
  • Devices functioning only as network infrastructure devices (layer 3 and below).

Different MLs exist for client devices and servers with two server MLs available for SCOM – standard for monitoring basic workloads such as the operating system, networking, file and print services and management of the hardware, enterprise for other workloads (referred to by Microsoft as application and premium workloads).

In a virtualised environment, each operating system instance (OSE) is considered as a device and requires an ML. If the OSE is running a client operating system, then a client ML is required; if the OSE is running a server operating system, then a server ML is required.

SCCM follows similar rules, with a standard server ML being limited to operating system and basic workload desired configuration management, whilst an enterprise server ML is required for full application and server desired configuration management, including the proactive management of systems for configuration settings.

System Center Data Protection Manager (SCDPM) 2007 also has two types of server ML – standard for recovery and backup management of file servers and enterprise for applications including SQL Server, Exchange Server, and Office SharePoint Server. The Enterprise server ML also includes the Microsoft System Recovery Tool (SRT), DPM to DPM replication, and host-based virtual server backup functionality. In the case of host-based virtual server backup, a single enterprise ML on the host is required for performing virtual hard disk (.VHD) backups of any guest OSEs running on that host; however this does not include granular recovery of files or applications in the virtual machines and an individual ML is required if a DPM agent is installed on a guest to support granular application or file backups.

The most cost-effective way to license multiple System Center products is generally through the purchase of a System Center server management suite licence:

It’s important to note that SCVMM 2007 is only available as part of the enterprise suite and cannot be purchased as a standalone product; however there is a standalone workgroup edition that is limited to management of 5 physical host servers per management server console.

System Center Essentials 2007 replaces Operations Manager 2005 Workgroup Edition and is designed for management of mid-sized organisations, with some limitations to restrict it to a single installation per domain, managing up to 500 client OSEs and 30 servers OSEs. Licensing follows the same rules as for the full SCOM 2007 product – i.e. that System Center Essentials is available with or without SQL Server standard edition, that MLs are required for each managed OSE and that SQL Server CALs are not required if per-processor or inclusive SQL Server licensing is in force but are required if SQL is licensed on a client/server basis. Third party solutions can be managed and do not count towards the limits but do require an appropriate ML. A ML is not required for the OSE that is running System Center Essentials.

System Center Mobile Device Manager (SCMDM) 2008 is licensed with the standard server license plus CALs model, with both per-user and per-device CALs available. SCMDM is available with or without SQL Server licensing included and is subject to the same rules as the other System Center products that are sold with SQL Server.

The last member of the System Center family is System Center Capacity Planner (SCCP) 2007.  This is actually a free download, with capacity planning models currently available for Exchange Server 2007, SCOM 2007, Windows SharePoint Services (WSS) and Office SharePoint Server 2007.

In the next post in this series, I’ll explain how licensing works for Microsoft software running in a virtualised environment.

Microsoft Licensing: Part 3 (server products)

In the first two parts of this series, I’ve looked at how many products need to be licensed for both the server and the client as well as licensing without client access licenses (CALs).

Because nothing is ever straightforward with licensing, this post takes a look at some of the complexities around licensing major Microsoft server products.

Starting out with Windows Server 2008, standard or enterprise edition, with or without Hyper-V, the server can be licensed using the per-seat model (with per-user or per-device CALs) or on a per-server basis (enforcing a number of connections for which the server is licensed). Web edition does not allow per-seat licensing (per-server only), whilst Datacenter edition (with or without Hyper-V) and Windows Server 2008 for Itanium-based systems use a hybrid model with the server licensed per-processor and CALs required for end-user connectivity.

There are some changes to Windows Server 2008 licensing (compared with 2003 R2):

  • Windows Server 2008 standard edition now includes a license to run a virtual operating system environment (OSE) – previously an enterprise edition license included 4 OSEs but standard had no such provision (I’ve written previously about Microsoft’s licensing arrangements for virtualisation). The physical and virtual instances can each run the current or any prior version of Windows (as long as the edition matches the licensed version).
  • Windows Server 2008 for Itanium-based systems is a new edition, licensed on the same basis as Datacenter edition (which is now available through volume licensing as well as OEM channels) with processor plus CAL licensing and unlimited virtual instances.
  • Windows Server 2008 web edition now allows any type of database software to be installed on the server with no limit on the number of connected users (previously limited to 25 users).

With respect to downgrade rights: Windows Server 2008 standard edition can be downgraded to a previous standard edition product (back as far as Windows 2000 Server); Windows Server 2008 enterprise edition can be downgraded to a previous enterprise edition product (back to Windows 2000 Advanced Server); and Windows Server 2008 datacenter edition can be downgraded to a previous datacenter edition product (back as far as Windows 2000 Datacenter Server).

Looking at the various SharePoint technologies:

  • Windows SharePoint Server (WSS) is included within a Windows Server license.
  • Microsoft Office SharePoint Server (MOSS) 2007 and Office Forms Server (OFS) 2007 are licensed according to the required features with standard and enterprise CALs or, for Internet-facing sites, there are MOSS 2007 for Internet sites and OFS 2007 for Internet sites licenses.
    • MOSS/OFS for Internet sites licenses are only for Internet-facing (non-employee access) or extranet-facing (internal and external access for employees and non-employees) sites and cannot be used for sites that are only for internal organisational use.
  • MOSS for Search standard edition is limited to indexing 500,000 documents (there is no such limit for enterprise edition); however there are no CALs required – just the server license.

It’s also important to remember that the underlying SQL Server database also needs to be licensed.

Exchange Server 2007 is licensed as a server product (standard or enterprise edition) and with CALs (standard or enterprise) for access with Office Outlook Web Access, Office Outlook Voice Access, Office Outlook Mobile or a third-party client. Where Office Outlook is used, this must be separately licensed. This is an important change – the Exchange Server 2003 CAL included the right to use Outlook, whereas an Exchange Server 2007 CAL does not; however an Exchange Server 2003 CAL purchased with software assurance (SA) retains the right to use Outlook.

Office Communications Server (OCS) 2007 is licensed in a similar manner to Exchange – as a server product (standard or enterprise) with CALs (standard or enterprise) for access with Communicator Web Access (CWA) or Communicator Mobile. The Office Communicator client is licensed separately and Live Meeting access requires an enterprise CAL.

In the next post in this series, I’ll look at licensing System Center server products.

Microsoft Licensing: Part 2 (licensing without CALs)

In last night’s post about Microsoft software licensing, I looked at the concepts around client and server licensing components – including the various client access license (CAL) models that may be applied. In this post, I’m continuing the series by looking at products that are licensed using a per-processor model.

The first thing to note is that Microsoft’s per-processor licensing model relates to physical CPUs – it is effectively a per-socket model – and there is no consideration as to the number of logical CPUs that a multi-core CPU provides. Put simply, one processor license is required for each processor in the server and no CALs are required.

The per-processor model also covers unlimited internal and external users and the three main Microsoft products available using this model are all products that could be expected to form part of an infrastructure that requires access from outside the organisation (and so for which purchasing CALs would not be practical):

  • BizTalk Server.
  • Commerce Server.
  • Internet Security and Acceleration (ISA) Server.

SQL Server 2005 is available using either a per-processor or a server plus CALs model. Where CALs are in use, they are equally applicable to direct connections, or to multiplexed connections where some sort of device is used to pool hardware or software. The important point to note is that any transfer of data using hardware or software needs CALs (e.g. Excel reports that are automatically updated from a SQL Server) but manual reports that do not subsequently access the server (e.g. a snapshot of data forwarded by e-mail) do not require a CAL.

The licensing model for SQL Server 2008 is yet to be announced; however SQL Server 2005 supports three types of failover:

  • Database mirror.
  • Failover cluster.
  • Backup log shipping.

In all three of these models, an active/passive model is used and one server is designated as the passive server with its sole purpose being to absorb the data and information held on another server until it fails. Passive servers do not need to be licensed as long as the processor count is less than or equal to the number of processors in the physical server. The passive server can run for 30 days before it is considered active and must be licensed accordingly, although it is possible to transfer the license from the active server if that is no longer online.

One model that would require licensing is using a passive database mirror for snapshot reporting (whilst the active server answers standard database queries). In this scenario, the passive server is effectively active and would need to be licensed.

Whilst describing per-processor licensing for BizTalk, Commerce Server and ISA Server, I commented that it can be difficult to judge the number of CALs that are required where external connectivity is concerned. For this reason, an external connector is available for organisations that wish their business partners to be able to access their network. There is no requirement to count CALs as each external connector license assigned to a server permits any number of authenticated external users to access it; however the external connector is in addition to the server license and there are rules to apply in order for users to qualify as external – namely that they must not be employees, onsite contractors or agents of the company or its affiliates. Employee access will still be subject to client access licensing and there is one further exception in that the external connector cannot be used for hosted services.

External connectors are available for:

  • Windows Server.
  • Terminal Server.
  • Exchange Server.
  • Office Communications Server (OCS).
  • Office Project Portfolio Server.
  • Office Project Server.
  • Office Performance Point Server.

Another special licensing condition is for Internet-facing websites where there is an Internet Sites Edition available for Office SharePoint Server 2007 and Office Forms Server 2007 (replacing the 2003 Internet Connector license). Again, this does not cover hosting scenarios and all content, information and applications must be for non-employees (for employee use, the normal CAL model would apply).

Finally, for all those hosting environments that the licensing models above specifically exclude, Microsoft does make provision for selling software as a service using a service provider licensing agreement (SPLA). This allows for a service to be provided to customers through the Internet, a telephone network or a private network on a subscription basis within a hosted environment (e.g. hosted Exchange Server mailboxes, charged on a per-mailbox, per-month basis).

That’s a summary of the main models for licensing Microsoft software without CALs. In the next post in this series, I’ll look in some more detail at the licensing models for each of the main server products.

Microsoft Licensing: Part 1 (client and server)

A few weeks back, I found myself spending the evening in a conference room at Microsoft’s UK headquarters, listening to a presentation about software licensing. For those who say I should get a life – you’re probably right and I’m sure there are better things that I could have been doing on one of the UK’s rare sunny evenings, but I’ve missed this session before and, whilst I have a pretty good grip on the technology, it’s often handy to understand a bit about the minefield that is Microsoft’s software licensing policies.

I learnt too much that evening to repeat here in one blog post, so I’m planning on writing a series on this subject. This post is part one, in which I’ll attempt to explain the basic licensing concepts around clients and servers.

All Microsoft software products (even those offered free of charge) are subject to a license to use the software – an end user licensing agreement, or EULA. For many products, there are client and server components – and it’s important to license the operating system as well as the application.

Common mistakes are that Windows client (e.g. XP or Vista) licenses include connections to Windows servers – in fact, a client access license (CAL) is required to use Windows Server functionality. Similarly, Microsoft Outlook is included within the Microsoft Office system but not the connection to an Exchange Server system to access e-mail and other collaborative technologies.

A CAL gives a client the right to access the services of the server. It is not software and is not “installed” on a server (although it may be recorded in certain circumstances). In addition, only one CAL is needed for a given device or user to access a server, regardless of which servers it is accessing.

When considering client access licenses, for many products, there are two models:

  • Per-seat licensing – with a CAL required for each device that connects to the server.
  • Per-user licensing – whereby a user CAL is covers the total number of devices owned by a user who accesses or utilises the server service, regardless of the number of devices that they use.

Whilst user and device CALs cost the same as one another, for many organisations, a mix of per-seat and per-user licensing is appropriate – for example a sales team with a mixture of notebook PCs and mobile devices could use per-user licensing to cover all of their many devices whereas a warehouse with many users sharing a PC, or an office with shift workers would be better served with a per-seat model.

Per-seat licensing is available for Windows Server, Exchange Server, Office Communications Server (OCS), Office SharePoint Server (MOSS), Project Server, SQL Server and Small Business Server (SBS).

The important thing to remember is that CALs are associated with a particular product version and that it’s the server that defines the CAL version that is required – i.e. when a Windows Server 2003 machine is upgraded to Windows Server 2008, the CALs must be upgraded too; however, in a mixed environment, CALs can be used to connect to servers running downlevel operating systems.

For volume license customers (only), a core CAL suite is available covering Windows Server, Exchange Server, Office SharePoint Server and System Center Configuration Manager. Always sold with software assurance, the core CAL is less expensive than buying all of the individual CALs (approximately 2-3 times the price of an individual CAL).

Microsoft confused many customers with many of the 2007 products (e.g. Exchange Server 2007) by introducing a new CAL model with a standard CAL for basic functionality and an enterprise CAL for more advanced functionality (e.g. Exchange Server 2007 Managed Folders). The important points to remember are that:

  • The standard and enterprise CALs (a poor choice of nomenclature, in my opinion) have nothing to do with whether the server application is a standard or enterprise edition product – i.e. an enterprise edition product is not required in order to use an enterprise CAL and enterprise or standard CALs can be used for either enterprise or standard edition products (if this is confusing, it may help to think of standard and enterprise CALs as “basic” and “advanced” respectively).
  • Enterprise CALs are additive – i.e. a standard CAL is required as well as the enterprise CAL (an enterprise CAL “adds to” the functionality associated with a standard CAL).

It’s also worth noting that if a user connects to a server product there is no enforcement of standard or enterprise features. As with all licensing, the responsibility is with the customer to correctly license their software although, from a technical perspective, some advanced features need to be enabled manually and this would present an opportunity to record the use of enterprise functionality.

Select and Enterprise customers can buy an Enterprise CAL (ECAL) suite for twice the price of the core CAL. This includes:

  • Core CAL (with each component counting as a standard CAL).
  • Forefront Security Suite.
  • System Center Operations Management license (a CAL to allow a client to be managed using System Center Operations Manager).
  • Windows Rights Management Services CAL.
  • Office Communications Server standard and enterprise CALs.
  • Office SharePoint Server enterprise CAL.
  • Exchange Server enterprise CAL.

The ECAL suite is always sold with software assurance and customers without a Select or Enterprise agreement can buy enterprise CALs for MOSS and Exchange Server to top-up their Core CALs.

In the next part of this series, I’ll look at products that are licensed without CALs (e.g. per-processor licensing and special cases external connectivity and hosted environments).

Windows Server 2008 product activation for volume license customers

When Windows Vista was launched, I wrote a post about the volume activation (VA) 2.0 activation process. With Vista SP1, reduced functionality mode has been removed although there is still the same legal obligation to run properly-licensed copies of Windows. (Microsoft has published a Q and A sheet on the changes made to their anti-piracy programme).

A number of people have asked where they can get a 180-day evaluation copy of Windows Server 2008 and, as far as I’m aware, there isn’t one. Instead, it is possible to install the product and it will attempt online activation (there is no longer an option in setup to deselect this). If activation fails, then a 60-day grace period will commence, during which the product will have full functionality and can be activated at any time, using a key management server (KMS) if one is available, or alternatively by entering the multiple activation key (MAK) in the system properties. Re-arming is also available, allowing 3 re-arms (so up to 240 days total use before activation). That should be more than enough time for evaluation and further details are available in Microsoft knowledge base article 948472).

A clear virtualisation licensing and support statement from Microsoft

I’ve commented before about the licensing implications for Windows Server in a virtual infrastructure but yesterday, I was at a Microsoft partner event during which Microsoft UK’s Clive Watson gave an extremely clear explanation of Microsoft’s position and I thought that it was worth repeating here:

  • The current version of Windows Server (Windows Server 2003 R2) is licensed by association (not installation). This means is that, regardless of whether the operating system is actually installed or not, a purchased operating system license can be associated with a device. In practice I can run any operating system I like on a server and, if I associate a legally purchased copy of Windows Server 2003 R2 with it, then I’m licensed to run Windows Server 2003 R2 on it.
  • Each Windows Server 2003 R2 Enterprise Edition license also allows up to four virtual copies of Windows Server 2003 R2 – so if I associate a Windows Server 2003 R2 Enterprise Edition license with a server, I can run any virtualisation product on the server and I am licensed for 4 virtual machines (VMs) running Windows Server 2003 R2.
  • Multiple licenses can be associated with a device, so if I associate two Windows Server 2003 R2 Enterprise Edition licenses with a server then I can run 8 Windows Server 2003 R2 virtual machines, 3 licenses allows 12 VMs, etc.
  • There is a point after which it becomes more cost-effective to use Windows Server 2003 R2 Datacenter Edition, which is licensed per physical CPU. This allows unlimited virtual instances of Windows Server 2003 R2 to be run. Datacenter Edition used to be available exclusively from OEMs but that is no longer the case.
  • There are also grandfathering rights, so the Windows Server 2003 R2 licenses can be used for previous versions of Windows Server, as long as they are still supported (i.e. back to Windows 2000, which is currently in its extended support phase). For client operating systems (i.e. Windows 2000 Professional, XP and Vista) and operating system versions that are out of support (e.g. Windows NT), a separate non-OEM license must be owned in order for a virtual machine to be legally licensed. For volume license customers, there are arrangements to allow upgrade from an OEM copy of Windows and there is also the Vista Enterprise Centralised Desktop (VECD) programme for customers who are looking at running a virtual desktop infrastructure.
  • Only active VMs need to be licensed – so an unlimited number of virtual machines can be held in a library for activation on a host server (subject to the limits on the number of running VMs at any one time.

The long and short of it is that I can run VMware ESX Server, Citrix XenSource or any other virtualisation product and by associating one or more Windows Server 2003 R2 Enterprise/Datacenter Edition licenses with the physical server(s), I am licensed for a number of active (and unlimited inactive) Windows Server 2003 R2/Server 2003/2000 Server virtual machines. A licensing calculator is also available.

With regards to support, the situation is less clear. Microsoft’s common engineering criteria ensures that all products since 2005 have shipped with support for Microsoft Virtual Server 2005 and this has now been updated to include Hyper-V. There are a few exceptions to this (products that are in the process of being retired and products with hardware requirements that cannot be met through virtualisation). Microsoft knowledge base article 897615 discusses the support policy for Microsoft software running in non-Microsoft hardware virtualisation environment and, crucially says that:

Microsoft does not test or support Microsoft software running in conjunction with non-Microsoft hardware virtualization software

Effectively, Microsoft will use commercially reasonable endeavours where a customer has a Microsoft support agreement but may require an issue to be replicated on physical hardware (or using Microsoft virtualisation).

One more point that’s worth mentioning – Microsoft doesn’t just support its own operating systems in a virtual environment – Microsoft knowledge base article 867572 lists the supported guest and host OSs including Red Hat Enterprise Linux and Novell SUSE Linux Enterprise Server – and Microsoft are keen to stress that support is end-to-end (i.e. Microsoft applications, any supported operating system and the Microsoft virtualisation product) with agreements in place to back off Linux operating system support to XenSource/Novell where required with Microsoft remaining the primary point of contact.

Running Red Hat Enterprise Linux without a subscription

I’ve written previously about why open source software is not really free (as in monetary value), just free (as in freedom). Companies such as Red Hat and Novell (SUSE) make their money from support and during Red Hat Enterprise Linux (RHEL) setup, it is “strongly recommended” that the system is set up for software updates via Red Hat Network (RHN), citing the benefits of an RHEL subscription as:

  • “Security and updates: receive the latest software updates, including security updates, keeping [a] Red Hat Enterprise Linux system updated and secure.
  • Downloads and upgrades: download installation images for Red Hat Enterprise Linux releases, including new releases.
  • Support: Access to the technical support experts at Red Hat or Red Hat’s partners for help with any issues you might encounter with [a] system.
  • Compliance: Stay in compliance with your subscription agreement and manage subscriptions for systems connected to [an] account at http://rhn.redhat.com/

You will not be able to take advantage of these subscriptions privileges without connecting [a] system to Red Hat Network.”

Red Hat Enterprise Linux 5 installer

Take a look at Red Hat Enterprise Linux (RHEL) and you’ll see that it’s actually quite expensive – a standard subscription for a machine with up to 2 processor sockets including 1 year’s 12×5 telephone support, 1 year of web access and unlimited incidents is €773.19 [source: Red Hat Online Shop, Europe]. That is not something that I can afford and even though Red Hat gave me a copy of RHEL 5 as part of my recent training, it only includes a 30-day subscription. Now they have launched Red Hat Exchange – a new service whereby third party open source software solutions are purchased, delivered and supported via a single, standardized Red Hat subscription agreement with consolidated billing covering the complete application stack. It’s a great idea, but the pricing for some of the packages makes using proprietary alternatives seem quite competitive.

In fairness to Red Hat, they sponsor the Fedora Project for users like me, who could probably make do with a community-supported release (Fedora is free for anyone to use modify and distribute) but there is another option – CentOS (the community enterprise operating system), which claims to be:

“An Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendor[‘]s redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) CentOS is free.”

Hmm… so which North American Enterprise Linux vendor might that be then ;-)

So what about RHEL systems for which the subscription has expired? I’m not sure what the legal standpoint is but there is a way to receive updated software using an unregistered copy of RHEL. Firstly, configuring additional repositories like Dag Wieer’s RPMForgethere are even RPMs available to set up the correct repository! Then, there are the various RPM search sites on the ‘net, including:

I’ve found that using these, even if there is not an appropriate RHEL or generic RPM available, there is often a CentOS RPM (which often still carries the el5 identifier in the filename). These should be safe to install on an RHEL system and in those rare cases when a bleeding edge package is required, there may well be a Fedora version that can be used. So it seems that I can continue to run a Linux distribution that is recognised by most software vendors, even when my RHN subscription expires.

Two methods of avoiding Windows Vista product activation

A few months back, I wrote about how Windows Vista product activation works for volume license customers.  Last night I was searching to find out what the grace period is before activation is required and I stumbled across some interesting articles. You see, it turns out that there are three main problems with product activation:

  • Corporate IT departments want to produce customised Windows builds.  These builds must be valid when deployed to client PCs (i.e. the product activation period must not have expired!) and, as the product activation timer is ticking away during the customisation process, there needs to be a method to “rearm” product activation.
  • OEMs want to ship pre-activated versions of the operating system (an arrangement with which I’m sure Microsoft are happy to comply as they need OEMs to preload their operating system and not an alternative, like, let’s say… Ubuntu Linux!), so Microsoft provides these so-called Royalty OEMs with special product keys which require no further activation, under as scheme known as system-locked pre-installation (SLP) or OEM activation (OA) 2.0.
  • Anti-piracy measures like product activation is that they are to hackers like a red rag is to a bull.

The net result, it seems, is two methods to avoid product activation.  The first method, can be used to simply delay product activation, as described by Brian Livingston at Windows Secrets. It uses an operating system command (slmgr.vbs -rearm), to reset the grace period for product activation back to a full 30 days.  The Windows Secrets article also describes a registry key (HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL\SkipRearm) and claims that it can be set to 00000001 before rearming, allowing the rearm to take place multiple times (this registry key is reset by the rearm command, which is also available by running rundll32 slc.dll,SLReArmWindows); however, Microsoft claims that the SkipRearm key is ineffective for the purpose of extending the grace period as it actually just stops sysprep /generate (another command used during the imaging process) from rearming activation (something which can only be done three times) and does not actually reset the grace period (this is confirmed in the Windows Vista Technical Library documentation).  Regardless of that fact, the rearm process can still be run three times, giving up to 120 days of unactivated use (30 days, plus three more rearms, each one providing an additional 30 days). That sounds very useful for both product evaluation and for corporate deployments – thank you very much Microsoft.  According to Gregg Keizer at Computer World/PC World Magazine, a Microsoft spokesperson has even confirmed that it’s not even a violation of the EULA.  That is good.

So that’s the legal method; however some enterprising hackers have a second method, which avoids activation full stop.  Basically it tricks the operating system into thinking that its running on a certain OEM’s machine, before installing the relevant certificate and product key to activate that copy of Windows.  The early (paradox) version involved making hex edits to the BIOS (hmm… buy a copy of Windows or turn my PC into a doorstop, I know which I’ll choose) but the latest (vstaldr) version even has an installer for various OEMs, and if that doesn’t work then there is a list of product keys which can be installed and activated using two operating system commands:

slmgr.vbs -ipk productkey
slmgr.vbs -ato

I couldn’t possibly confirm or deny whether or not that method works… but Microsoft’s reaction to the OEM BIOS hacks would suggest that this is not a hoax.  Microsoft’s Senior Product Manager for Windows Genuine Advantage (WGA), Alex Kochis, describes the paradox method as:

“It is a pretty labor-intensive [sic] process and quite risky.”

(as I indicated above).  Commenting on the vstaldr method, he said:

“While this method is easier to implement for the end user, it’s also easier to detect and respond to than a method that involves directly modifying the BIOS of the motherboard”

Before continuing to hint at how Microsoft may respond:

“We focus on hacks that pose threats to our customers, partners and products.  It’s worth noting we also prioritize our responses, because not every attempt deserves the same level of response. Our goal isn’t to stop every ‘mad scientist’ that’s on a mission to hack Windows.  Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims.   This means focusing on responding to hacks that are scalable and can easily be commercialized, thereby making victims out of well-intentioned customers.”

Which I will paraphrase as “it may work today, but don’t count on it always being that way”.

Ask for genuine Microsoft softwareNote that I’m not encouraging anybody to run an improperly licensed copy of Windows.  That would be very, very naughty. I’m merely pointing out that measures like product activation (as for any form of DRM) are more of an inconvenience to genuine users than they are a countermeasure against software piracy.

Disclaimer

This post is for informational purposes only. Please support genuine software.

Licensing implications for virtualisation

Ever since Microsoft announced its new licensing policy for virtualisation, I’ve been trying to get an answer on whether the “4 free guests with every copy of Windows Server 2003 R2 Enterprise Edition (or unlimited guests with DataCenter Edition)” applies when non-Microsoft virtualisation products are in use.

Various Microsoft representatives have indicated to me that to restrict it to Microsoft virtualisation products would not be possible but no-one seemed 100% certain on the answer and I didn’t want to place myself in the situation where I advised a client that they had sufficient Windows licenses when in fact they were under-licensed. Earlier today I found the VMware pricing and licensing FAQ: Microsoft licensing for virtualised environments which answers my question, although it is also heavily caveated:

“This document is provided solely as a convenience for VMware employees, partners, customers and prospects and does not constitute legal advice. Your review of this FAQ should not substitute for review of applicable Microsoft licensing agreements and documentation”

Basically, it looks as if the Microsoft licensing arrangements apply regardless of the virtualisation product in use – in fact you don’t even need to have Windows installed on the host server – as long as an appropriate Windows license is owned (so ESX Server users can run 4 Windows instances free of charge, provided that they also own a “spare” copy of Windows Server 2003 R2 Enterprise Edition).

Another licensing issue that’s been concerning me is VMware’s model of licensing server products such as Virtual Infrastructure 3 by pairs of physical processors (2 sockets). For example, a 4-way HP ProLiant DL585G2 with 4 dual-core AMD Opteron CPUs would need 2 licenses (2 x 2 sockets) even though there would be 8 logical CPUs. With the imminent arrival of quad-core CPUs and predictions of many more cores on future processors, I had to wonder how long this model could be sustained and VMware has provided a clue to the answer in the VMware multi-core pricing and licensing policy. Basically, it seems that 4 cores is the breakpoint:

“[VMware’s] policy defines a processor for licensing purposes as up to four cores per processor.”

So, any future 8-core CPU could be expected to use up 2-processor’s worth of VMware licenses. Confused? Well, even VMware are reserving judgement:

“This policy applies only to dual- and quad-core processors. VMware will revisit its licensing policies as x86 processors with a greater number of cores become available.”

There’s more information about multicore processors on the Intel and AMD websites.