I've just found something quite strange while talking with a Microsoft Licencing representative and I wanted to run this past the community to see if this is something that anyone is aware of a change.
I was asking a question around licencing SQL Server/ Windows Server which led to me being recommended an External Connector licence for a Website that does not use Windows Users.
I boiled this down to the basic scenario of:
Server 1:
Windows Server 2008 R2, running IIS 7.5, using a custom public facing Website using an home grown authentication mechanism (i.e. not Local Windows Users, or AD users) where the number of users (authenticated or not) is indeterminate.
Server 2:
Windows Server 2008 R2, running SQL Server 2008 R2.
The Website on Server 1 connects to SQL Server on Server 2 using a SQL authenticated login.
The licencing that is required is:
Windows Server Licence for Server 1
Windows Server Licence for Server 2
SQL Server "Per Processor" Licence
AND
An External Connector Licence for Server 2.
This seems preposterous as it triples the cost of the windows licence for Server 2. Also, as far as SQL Server is concerned, there are no multiple Clients connecting, only 1 "device" that then provides a massive "Value-add" on top of just the data from SQL Server.
My question, has anyone come across this before? It seems like this is wrong as the above, I would imagine, is the most common scenario for most .NET software houses that create web sites, and, having worked for a few, I've never heard of this!
I've seen this question:
https://stackoverflow.com/questions/3072044/external-connector-licensing-with-website-hosted-on-windows
However, it's not really got enough information on the scenario etc. and also doesn't quote any proper resources.
I would appreciate it if someone could actually point to a section within a reputable site about this, rather than just a link to the generic "Client licences" page.
Just a few additions to the otherwise excellent previous answer:
each individual license covers 2 cores:
This is wrong. Each core license covers one core, as you may expect. The fact is that the SKU, the product reference you may purchase, is a pack of 2 core licenses. This pack can be divided into 2 single core licenses if you need to when assigning your licenses to your servers. As a side note, I would be glad to know the name of the "brilliant" guy who created this SKU at Microsoft, as it adds a lot of confusion and generates a lot more work to my industry, the Software Asset Management (SAM).
I would go with Microsoft on this since they are the ones that would do the software audit:
This is wrong as well. Microsoft never does software audit on their own. They always delegate this to third parties. As a consequence, the inside knowledge of licensing rules is usually very poor at Microsoft and I strongly advice to ask licensing professionals instead, such as SAM consultants.
Regarding Martin's comment, the Microsoft Licensing people we deal with (an LAR) think differently:
A LAR, or LSP as it is now their new name, is usually a pure reseller and its licensing knowledge is usually very poor also. Their goal is to sell the most, not to make sure their customers are compliant, and optimized even less. I am not surprised they think differently. Again, ask SAM professionals instead.
Best regards,
Gilles
An External Connector License is in place of a Windows Server User/Device CAL:
http://www.microsoft.com/licensing/about-licensing/client-access-license.aspx
http://www.microsoft.com/licensing/about-licensing/product-licensing.aspx
An External Connector is defined as:
"An External Connector (EC) license is an alternative to CALs for each server that external users will access. External users are users who are not employees or onsite contractors. An EC license assigned to a server permits access by any number of external users, as long as that access is for the benefit of the licensee and not the external user. Each physical server that external users access requires only one EC license regardless of the number of instances running. The right to run instances of the server software is licensed separately; the EC, like the CAL, simply permits access. EC licenses, like CALs, are version and functionality specific. They must be the same version or later than the server software being accessed. The decision on whether to acquire CALs or an EC for external users is primarily a financial one."
A Server Processor/Core License allows unlimited connections - whether internal or external (as long as you cover all the cores in your machine). For the SQL Core license (separate from Server : times the number by 1 for Intel, and .75 for certain models of AMD): http://go.microsoft.com/fwlink/?LinkId=230678 (page 7-9).
Server 1: If it is a workload webserver, IIS does not require CAL's for external connectors - IIS is exempted ( http://microsoftlicensereview.com/category/external-connectors/ ). The Windows Server does require User/Device Server CALs (if it is licensed that way) for employees or onsite contractors. For offsite users who authenticate to the server, not only for website related information, if it makes more sense to purchase the external connector license rather than User/Device CALs for these users, then you would want to do that.
Server 2: In addition to similar license as above for this server, the SQL Server would require either: Per Core License (each individual license covers 2 cores, you need as many licenses as the core factor for your machine); OR 1 SQL Server license + User/Device Cals for all users who connect to the website on Site which is pulling SQL data.
This keeps you from doing multiplexing, which is described here:
http://www.microsoft.com/licensing/about-licensing/briefs/multiplexing.aspx
http://go.microsoft.com/fwlink/?LinkId=230678 (page 17).
Here is an article that explains it further (she mentions offsite contractors, which is different than onsite contractors - which would need a User/Device CAL):
http://www.networkworld.com/community/blog/microsoft-cals-and-external-connector-license
So, it would appear that since the user is connecting to the SQL server via the web application on Server 1, and not authenticating to Server 2 (if Server 1 connects to SQL directly with string rather than authentication), it would not seem like the External Connector license is not needed on Server 2 (but I would go with Microsoft on this since they are the ones that would do the software audit).
Hope that helps.
Related
I am working in a product based company and will provide SQL Server 2014 Express edition with our software.
I want your expert comment on security.
Problem: As we are installing a database on client PC then they might be able to see our database schema by attaching MDF files to another server.
(In my view, through database objects name and data, other companies can easily identify our workflow and can develop software easily)
So I want some type of encryption or file system solution to prevent user to take database files. And yes as we are using express edition, we can’t use available SQL server encryption options.
Interesting, that is what my company does currently but the user has to have a special server role in order to open up the actual schema.
That role is then linked with their login. When we create a user login we use a cryptic login like ght02%username% and not just their windows credentials. This means that if they login via windows auth, do not have access to that schema.
The only way of taking the MDF that i'm aware of is that if they have either detached the database or the service is stopped. Again this could be manageable by disabling them stopping the server and they won't be able to detach if they don't have the permission.
There are most likely better options though.
Just my two cents.
Also a duplicate of this
you can prevent client from copying files, only if client had minimal permissions on the box where you are copying the files
I would recommend SQLAZURE Database,it starts with 5$ Per month and i believe standard pricing tier is most suitable(approx:30$ per month)..with this way , you also can be sure, your schema is secure
You could try this third party software: https://www.database-encryption.com/ Database can only be restored/attached where this software is installed. Requires an encryption key to see any info from the database, it's free up to 200MB of database size (I currently use this software)
If you are willing to consider a third party product, there are at least two that can do what you want, viz protecting your SQL databases from your customers. One is ours: Encryptionizer for SQL Server. The other is DBEncrypt. They work very differently though. Encryptionizer sits between the SQL Server process and the OS, while DBEncrypt injects itself into the SQL process in memory using the old Detours SDK.
I want to take data from a SQL server ans show it in to the user. I have to update the UI as the user's requirement. what are the advantages and disadvantages of both reporting tool?. Also anyone know about the licensing cost for both?
Alias,
both reporting tools are very similar in terms of features. ActiveReports has royalty free distribution and is licensed per developer. the cost ranges from $799-$1599 per developer.
If you are asking about SSRS server, then it is included as part of the SQL server license, however read the license carefully. You cannot install SSRS on a separate server from SQL Server, it requires IIS, both of these items add pressure on your DB installation, which could be an issue in the future. You would need another SQL server license in order to deploy them separately.
I would suggest that you download and try them and see which one is easier and would fit your needs better and review the licensing based on your requirements.
disclaimer - I work for Grapecity maker of ActiveReports.
Currently, I'm developing a C#-based program for a small rental company (3 locations). Right now, they use MS Access 97 (Jet SQL based) as database and I wish to upgrade this. However, I do want to keep Access as Front-end, since I will be gone after the development, and the local personnel knows how to use Access (some changes require direct editing in the database).
I am doubting between two options:
Upgrade to Access 2013, therefore using MS ACE as DB engine
Use SQL Server Express with Access as front-end, therefore using MS SQL Server as DB engine
The system will have one shared database and one for each location. They are using a shared drive for this (they work on MS Server 2008). Their databases are pretty small (< 1 GB combined), so I won't need the extra performance e.g. MySQL provides. I know the difference between ACE and SQL Server in terms of design (File-sharing vs client/server), but I still don't know what would be better suitable for this situation.
What is the better option here when looking at performance, reliability, security and connection to the application?
Thanks in advance.
As #granadaCoder points out, the security, performance, reliability of using SQLExpress is far better than Jet and ACE and is just as easy to connect/link to your Access 97 front-end. Microsoft provides a free migration tool that is very powerful and easy to use.
Converting an MS-Access 97 application to 2013 may present some real challenges as Cwell. onverting from Access 97 to 2013 is a two step process. You must first convert it to 2002-2003 and then to 2007/2013. You will also need to purchase licenses for all users and the back-end database.
In addition, if your 97 application references external objects, they may not work with later versions of Access.
As #granadaCoder also suggests, a good medium to long term plan would be to convert the front-end to .NET.
Microsoft Jet is just a file sitting on a network drive.
So when you do queries......the Jet-Runtime (on the local PC) has to bring large chunks of data (entire tables) across the network.
Thus it is brutal.
Sql Server (Express or Other)....runs as a service on a host computer. And when a query is executed, it does processing on the Server and returns "smaller buckets of information".
(Which you mention knowing the difference between file-sharing vs client-server).
If you cannot give up your Access(the program) front end...then doing link-tables to Sql-Server would be you best bet, IMHO.
Well, I'm talking from performance.
Security, you have more options for different users and passwords. And you can slice up which logins/db-users are allowed to do what.
IIRC, a Jet database allows one password. Aka, all or nothing.
https://www.connectionstrings.com/ace-oledb-12-0/with-database-password/
That alone would make me go with SqlExpress.
..
The big early design decision was to use Microsoft-Access-Forms. You're paying the price for that early decision.
Even when people use a Jet-Database, I would only use it for basic data storage. And put a Layer .Net application on top of it. Then a swap out to a different data-store isn't as drastic.
Good luck dude.
I am completely ignorant in relation to databases and servers etc. Please bear with me.
I am trying to install a program called RealProspect 2009 which allows both local and remote sql database installation. Both types are done using the program installation .exe.
I have an azure account on which I have set up a server, and a database. During the program installation I am asked to provide the SQL server address, SQL server name, SQL username and SQL password. Using the information provided in the Azure online tools, I input all of this information into the fields and the program commences installing the database on the remote location. If I use incorrect information in these fields the installation returns an error and tells me it cannot log in, or the IP is not allowed etc., so I know it's actually attempting to connect and verifying the connection credentials.
When I use the correct server and login information the program proceeds. It spends several minutes "Creating the Tables". When it finishes doing that it attempts to begin "Installing Default Data (Categories)". At this point the program stops and I get the error in the subject line of this post "Invalid Object name 'Categories' "
I don't know enough to tell you what I don't know about this process.
I just signed up for Azure specifically because hosting the database with Azure is like $5-10 per month and I want myself and several other participants to be able to use the software with a common database. I created the server and database using the gui "tools/how to" from within the online Azure portal and I have never written a script, or accessed the server/database using anything other than the online GUI.
Thank you in advance for any help you may be able to provide. I hope i'm not too much of a speed bump to your day.
P.S. - For what it's worth you can download a free trial of the software from realinvestorsoftware.com and see if you could install it on a remote server. Maybe you can better see what I see and tell me how to do it on my own?
SQL Azure is VERY similar to SQL Server but there are a few features that SQL Azure doesn't support. That said, I'd be surprised if the app's installer is using any of the features that are unsupported by SQL Azure. My guess is that there's a bug in their installation scripts that might fail on more modern versions of SQL Server (note, their app installs on SQL Express 2005 which is no longer in mainstream support).
Just a couple of other thoughts for you: You get keys to install the app on two machines but:
"If you would like to install on more than two computers, then after you order your copy of RealProspect you can login to your customer account on this website and order additional activation keys for only $97 each."
Because you're going to be paying several hundred dollars anyway, and because (you yourself admit) you're not a database expert, it may be less cost, stress and hard-work to use their $27 per month database hosting service. That way you can concentrate on building your business while they take care of the technology.
[Update: 3/27/2013 # 23:05]
Another option Chris presented was to install the app and database locally and then migrate the database to Azure.
While this is potentially feasible, it requires some finesse to execute.
Microsoft provides a DB migration guide presenting several (pretty manual) options.
You might also want to read this thread which discusses how to migrate your DB via a DACPack.
Another option is to download and use the SQL Azure Migration Wizard which should do most of the heavy-lifting for you and make your DB migration simpler.
However, note that it is possible that the DB the app uses may use features of SQL Server that are not supported on SQL Azure. Hopefully this isn't the case, but be aware that this may be an issue.
Good luck :)
Chris,
I think SQL Database Migration Wizard v3.9.10 & v4.0.13 will solve your problem, I have used this tool several time to migrate db from local machine to sql azure, the most beauty of this tool it also highlights the error or sql which couldn't be migrated to Azure, so we can easily find alternate syntax of such sql queries
There are actually two related questions:
is it possible or advisable to use a full blown stand-alone SQL server for SharePoint Services WSS3.0 instead of the supplied windows internal database it comes with? The client I am working for is asking to utilize their existent SQL server for all WSS content databases to possibly minimize admin effort and improve performance.
As well, would you advise to install WSS on one physical server and the content database on another server? Any gain in performace? Practicality? ect. The default is WSS and all of its databases are installed on the same single server. We don't really need a farm setup of MOSS, because the WSS capabilities are enough for our needs.
Thanks,
Val
Yes, when you create the site check the installation to be a "Web Front End" It will then prompt you to select a location for the SQL database. Just point it to which server you want.
I would definitely recommend putting it on a non-Sql Express instance. The express version only scales to 4 gig, limits the maximum number of connections etc. If your client is going to do much with it at all, you will eventually hit that limit. Full blown sql server has other advantages too, like help with backups etc.
Yes and yes.
Keeping the SQL and WSS servers separate saves resources on both, and neither are light weight applications. It also allows you to easily begin clustered/distributed environment in the event your usage increases, as well as following a least privledge principle, keeping product patches separate, etc.
As an addendum, you say you don't need a MOSS farm because WSS fits your needs, but be aware that it's just as easy to setup a distributed WSS environment as is MOSS; MOSS only adds capabilities to the application. It's usually a good idea to have at least two WFE's in the farm, if for nothing else than redundancy in case of failure.
Yes you can use a 'full blown' SQL Server instead of the the free and limited SQL Server Express that is delivered with Windows SharePoint Services 3.0 (wss 3.0)
It's even better to separate the database and the actual website! More scalable (if you upgrade to MOSS), easier to manage and less security risks.