[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Licensing Issues (Windows Server)

From: Johnson, Rick <JohnsonR_at_gc.adventist.org>
Date: 2005-05-11 16:47:02 CEST

> -----Original Message-----
> From: Dassi, Nasser [mailto:NDassi@141xm.com]
> Sent: Wednesday, May 11, 2005 10:36 AM
> To: Johnson, Rick; Greg Thomas; users@subversion.tigris.org
> Subject: RE: Licensing Issues (Windows Server)
>
>
> Maybe this can help clear it up, with a tiny bit of repetition :o)
>
> The Windows Server (as a machine) is the gateway to the data.
> As such, anything Microsoft then requires Microsoft CALs.
> For example:
>
> If you access files directly (via file://) then you legally
> need access rights (Client Access Licenses) either for every
> user or device necessary.
>
> If you access files via IIS and Native auth (machine's own user
> directory) then the same thing applies [not in this Apache->SVN case].
>
> If you access files via Apache and Native auth (machine's own user
> directory) then the same thing applies (i.e. CALs are necessary).
>
> If you access files via Apache and LDAP/Active Directory,
> then ACTIVE-DIRECTORY licenses are required. Should the user
> already exist in AD because it's an organization thing, then
> no additional licenses are required (don't quote me, verify
> with reseller) however, if the AD is just for this, then you
> need CALs.
>
> If you access files via Apache and LDAP/non-AD (openLdap),
> then *no* Microsoft CALs are required EXCEPT whatever the
> other LDAP server requires.
>
> Lastly, if you access via SVN protocol (svn://) then it still
> depends on the user directory. If I am not mistaken, svn://
> has its own user-access list, thus no Microsoft CALs are required.
>
> HTH,
>
> - nasser
>
> Nasser Dassi
> Sr. Technical Programmer
> =========================================
> E: ndassi@141xm.com
> =========================================
>
> -----Original Message-----
> From: Johnson, Rick [mailto:JohnsonR@gc.adventist.org]
> Sent: Wednesday, May 11, 2005 9:03 AM
> To: Greg Thomas; users@subversion.tigris.org
> Subject: RE: Licensing Issues (Windows Server)
>
> > -----Original Message-----
> > From: Greg Thomas [mailto:thomasgd@omc.bt.co.uk]
> > Sent: Wednesday, May 11, 2005 8:22 AM
> > To: Johnson, Rick; users@subversion.tigris.org
> > Subject: Re: Licensing Issues (Windows Server)
> >
> > On Wed, 11 May 2005 07:45:24 -0400, "Johnson, Rick"
> > <JohnsonR@gc.adventist.org> wrote:
> >
> > >I'm going to jump in here and say that I don't think it's
> quite that
> > >simple. I just reread the Windows Server 2003 EULA and it
> > appears to me
> > >that you need a CAL anytime you do Windows authentication
> (local or
> > >domain authentication) for that server. That means the explanation
> > >above is true until you do Windows authentication through
> > Apache (such
> > >as through LDAP to Active Directory or a Windows authentication
> > >plug-in), then you're going to need a CAL for each user or
> > machine that
> > >authenticates.
> >
> > Surely it would be the server performing the
> authentication, not the
> > server requesting the authentication (in this instance, acting as a
> > client) (I've got my LDAP authentication talking to another server).
> > That said, an authentication request is pretty short, so 10 (or
> > whatever) simultaneous requests would probably handle a
> large number
> > of users.
> >
> > Greg
> > --
> > This post represents the views of the author and does not
> necessarily
> > accurately represent the views of BT.
> >
> I have my server set up like yours, I think . I have my
> Apache server performing an LDAP call to my Active Directory
> server. I asked an M$ rep about exactly this one time and he
> said that you need a CAL for each user that is authenticated
> via Active Directory whether it's through LDAP or Native
> authenticiation. In your case, if Apache is doing LDAP
> authentication to, for instance, an OpenLDAP server then you
> don't need a CAL. If it's doing LDAP authentication to an
> Active Directory server then you do.
>
> M$ take on it seems to be that Windows authentication is a
> function of the Server and you need a CAL to use any Server
> functionality. That's my definition of what the rep said, not
> his exact words. This is getting muddied because server means
> both the Windows server and Apache or Subversion servers.
>
> As to your comment about 10 or so licenses covering a bunch of users.
> This would be correct if M$ did concurrent licensing anymore
> but almost all of their current licensing is NOT concurrent.
> You can buy a User CAL or a Device CAL. A single User CAL
> allows a single SPECIFIC user to access a Windows Server of
> that type (Windows 2000 and Windows 2003 have different CALs
> so you might need both) for any computer. A Device CAL allows
> a single SPECIFIC computer (but any number of users on that
> computer) to access a Windows Server of that type.
>
> Rick
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>

That's EXACTLY what I was trying to explain only MUCH clearer (well,
plus the bit about concurrent users). Thanks.

Rick

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed May 11 18:20:15 2005

This is an archived mail posted to the Subversion Users mailing list.