Server licensing questions

[Nathan Igo]

I have a client that is moving to a new location and I finally have the freedom to consolidate the band-aid fixes done over the years by others. I want to replace the current server with a new one and rackmount it but am a little confused on the licensing they will need. Their current server and storage system is just external drives connected to the server which is extremely slow.

All the server will handle at this time is a domain server, file storage and network licenses for CAD and SketchUp. There is currently 29 employees and will be expanding to roughly 80 over time at the new location.

1. Do I need a CAL for each device for active directory and GPO.
2. Do I need a CAL for each device for the file shares.
3. They want to switch to roaming profiles so I am assuming that would warrant the CAL for AD. Pros and cons?
4. In time we will be adding VPN connections to an out of state office to the file shares.

Everything I've looked at seems to point that I need a CAL for each AD user but then others say no so just wanting to clear it up before the quote. Also if anyone has recommendations for this type of setup I am open ears.

 

[trevm999]

You do user CALs or device CALs. In most situations user CALs make the most sense. You just need 1 user CAL to cover all of those services. If you got an additional server, you would not need new user CALs.

 

[trevm999]

And SharePoint Online (Teams) + OneDrive will probably give a better experience than firesharing over a VPN.

Though you might have to evaluate how they do CAD file sharing.

 

[Sky-Knight]

To clarify, you do not need a CAL for each device or user that accesses active directory, you need a CAL for any device or user that accesses any functionality on the server at all. There are a few narrow exceptions, such as public access of IIS.

I will also recommend licensing with User CALs. They cost a bit more, but they're infinitely easier to manage. Also, in this BYOD age, a single User CAL will cover all devices that user brings to the office. The Device CAL path will require separate licenses for each device. Since devices out number humans by almost 3 to 1 at this point for most offices, Device CALs wind up costing more on top of being a nightmare when you get audited.

Stick to User CALs!

Oh, and one more thing... run away from roaming profiles as if you life depended on it. Redirect profile folders if you must, but the entire concept of a roaming profile is a problem bagged in more problems. And in the age of Office 365, it's just a dead concept. If I were in charge of this project right now I'd be signing them up for Microsoft 365 Business, using Azure Active Directory, and Intune to manage the machines. The total monthly cost will be similar to a server that can do what you describe, except they'll never have to "upgrade" it again.

 

[YeOldeStonecat]

Also agree with User CALs...
Device CALs are less often used, and generally it's in an operation such as a 24x hour business. For a business of 100 computers that has 3x 8 hour shifts of roughly 100/75/75...it makes more sense to license for 100 devices versus 250 users. But for most businesses, single shift daytime hours....User licenses rule.

Also I agree with staying far away from roaming profiles. Can end up with such a mess. Redirected Folders was a newer approach to that to fill most of that need. But since o365 came out, and especially since OneDrive client added that newish feature a year or more ago (backup...primary use folders Docs/Desktop/Pics)...I don't even do redirected folders anymore. Put that load on O365...not the server (and additional backup overhead).

As for primary file share, and how the office works...how much storage you do on O365 depends. I know for businesses that work with larger files, (like design shops and CAD)....it can be a challenge and they tend to prefer on-prem fast disk access.

 

[Nathan Igo]

To clarify, you do not need a CAL for each device or user that accesses active directory, you need a CAL for any device or user that accesses any functionality on the server at all. There are a few narrow exceptions, such as public access of IIS.

I will also recommend licensing with User CALs. They cost a bit more, but they're infinitely easier to manage. Also, in this BYOD age, a single User CAL will cover all devices that user brings to the office. The Device CAL path will require separate licenses for each device. Since devices out number humans by almost 3 to 1 at this point for most offices, Device CALs wind up costing more on top of being a nightmare when you get audited.

Stick to User CALs!

Oh, and one more thing... run away from roaming profiles as if you life depended on it. Redirect profile folders if you must, but the entire concept of a roaming profile is a problem bagged in more problems. And in the age of Office 365, it's just a dead concept. If I were in charge of this project right now I'd be signing them up for Microsoft 365 Business, using Azure Active Directory, and Intune to manage the machines. The total monthly cost will be similar to a server that can do what you describe, except they'll never have to "upgrade" it again.

Thank you for your help but just want to clarify again that if a user is only using the server for AD and network shares they do not need a CAL. That is what I was confused on in the licensing. All of my other clients are under 25 users/devices so server essentials has worked fine from what I can understand from the licensing so server licenses are not my strength.

I hate the idea of roaming profiles myself but I am in the "their old company worked like that and they liked it so they want to work here" back on Windows XP.

As far as moving everything to the cloud for management and shares, its not a possibility. They picked the one office location that is still on DSL in all of Orange County, CA. They do currently have all Office 365 Business and I will be setting up Azure sync on the server, but the file shares and roaming profiles, if we do that route or another have to be local. I have quotes coming for internet build outs but it is not something I can count on.

 

[Sky-Knight]

Incorrect, ANY ACCESS OF THE SERVER for ANY REASON AT ALL, requires a CAL.

There are only a few exceptions, AD and file share access are not in that list.

That's one of the reasons User CALs are easier, because an easy way to ensure they have enough, is to buy one for every employee. Unless the number of people they employ goes up, you're good.

 

[YeOldeStonecat]

I've always followed the "ANY service from the server requires a CAL"...be it DHCP, DNS, Active Directory (that would should be explanatory), file sharing, print sharing, database sharing, IIS/WWW, Exchange (which itself needs more)etc.

Roaming profiles...aside from "don't do it, put on your sneakers and run"...at least consider the modern approach which replaced it, redirected folders (which is now getting replaced by OneDrive).