Most common causes of compliance issues

Understanding how licensing works is key to controlling the financial and legal risk that comes with software non-compliance. Misunderstanding Microsoft’s licensing rules or poor internal communications between the departments that are responsible for purchasing and deploying software are some of the common causes of compliance issues.

The most common compliance problems are related to applying the incorrect set of Product Use Rights (PUR), edition mismatch, and version mismatch. In this section, we will take these three examples and elaborate on them in order to get a better understanding of the situation.

Applying the incorrect set of Product Use Rights

A proper administration of which PUR’s are in effect is essential to control an organization’s license compliance risk, as well as to get the most value from the owned licenses. Customers who benefit from downgrade rights will continue to be subject to the same PUR’s of the version and/or edition of the license purchased rather than the PUR’s of the version and edition they downgrade to.

A good example are virtualized environments, where the license reassignment frequency and the number of running instances allowed per license for products like Microsoft SQL Server and Microsoft Windows Server have changed substantially over time.

For SQL Server Enterprise edition, license reassignment rules were changed a couple of times over the years. Reassignment rules stipulate how frequently and under what conditions customers can move licenses between devices within their organization in the case of device based license metrics, or between users in the case of user based license metrics.

In order to illustrate this, we can show how license reassignment rights have changed over time for SQL Server Enterprise 2005, SQL Server 2008, SQL Server 2008 R2 and SQL Server 2012 Enterprise edition.

SQL Server Enterprise 2005 permits a reassignment frequency of once every 90 days

SQL Server 2008 Enterprise and SQL Server 2008 R2 Enterprise permit an unlimited reassignment frequency

SQL Server 2012 Enterprise again has a reassignment frequency of once every 90 days for customers that don’t own Software Assurance

In the same fashion Exchange 2007 and 2010 server licenses permit reassignment as often as necessary within a “server farm”, which is defined by Microsoft as up to two data centers that are in time zones no more than four hours apart. (The four-hour rule prevents “follow-the-sun” licensing, in which licenses are transferred to follow the workday.) However, in order to have equivalent reassignment rights for Exchange 2013, an organization must buy the server licenses with SA and maintain coverage, which costs 25% of the underlying license price per year. (SA is an add-on to perpetual licenses that offers version-upgrade rights and other benefits.) In the absence of SA coverage, an Exchange Server 2013 license allows reassignment between physical servers at most once every 90 days.

Another interesting scenario is related to the number of instances that can run within VMs on a device for products like Windows Server 2008 R2 Standard and Windows Server 2012 Standard edition.

Windows Server 2008 R2 Standard permitted one instance per license

Windows Server 2012 Standard permitted two instances per license

Once these Product Use Rights nuances are identified correctly, they can potentially lead to a cost saving opportunity.

Edition mismatch

Deploying a different edition than the one covered by the license agreement is another common issue that leads to customers being non-compliant. Running a higher level edition when owning a lower level edition (e.g. running Enterprise edition when owning Standard edition), is the most common edition mismatch mistake that companies make.

When such cases occur, the company is left with three options:

  1. Buy new licenses;
  2. Acquire Step-up licenses via Software Assurance;
  3. Sometimes (on rare occasions), Microsoft makes an exception and allows the customer to reinstall the product to the license edition owned.

The second case of edition mismatch is the opposite of the first example, namely to run a lower level edition when owning a higher level edition (ex. running Standard edition when owning Enterprise edition). This is legally permitted only under edition downgrade rights.

According to the PUR, the following examples illustrate lower edition, or as Microsoft calls it ‘Down Edition’ use rights.

SQL Server 2008 R2 Enterprise (Server/CAL, Processor License) and Windows Server 2008 R2 Enterprise:

You may run on the licensed server an instance of Standard in place of Enterprise in any of these operating system environments.

You may run on the licensed server an instance of Standard in place of Enterprise in any of these operating system environments.

You may run on the licensed server instances of Enterprise or Standard in place of Datacenter in any of the operating system environments.

Version mismatch

Although version mismatch errors occur less often than edition mismatches, these still count as one of the most common mistakes that lead to compliance issues. Most licenses purchased through Volume Licensing programs include version downgrade rights, meaning that using a version older than the licensed one is generally not an issue. However, there are still some products that do not include this benefit, which tend to get overlooked by end users.

Another reason is the fact that most end users understand that they are non-compliant if they run a more recent version than the licensed one or the one they are allowed to use under Software Assurance in production environments,. However, version mismatch errors related to Client Access Licenses occasionally catch customers off guard.

CALs allow a client to access all instances of the server product running within the organization, and the version of the CAL must be the same or higher than the version of the server software the client accesses. Most server products require either a User CAL or Device CAL for each client user or device that accesses the server product.

For example, an organization with Windows Server 2012 CALs is covered if their server infrastructure is composed of Windows Server 2012 and Windows Server 2008 servers. Whereas Windows Server 2008 CALs don’t cover the usage of Windows Server 2012. It is a very common mistake for organizations to try out new server versions without realizing this requires new CAL licenses.

Prepare your company for the next Microsoft audit with B-lay. We recommended creating a recurrent SAM process with designated roles and responsibilities that will keep everything in check for you. Experts, either in-house or third party consultants with license specific knowledge will be invaluable to most organizations. They can play a decisive role in determining your licensing requirements and negotiating the best terms and conditions before non-compliance situations actually occur. They can also help enterprises get Software Asset Management on the right track, automate the process as much as possible and monitor compliance with Self-Audits to ensure a comfort point is maintained.

Make sure you have the right expertise

You can of course invest in staff and building knowledge completely on your own. But you might also want to consider enrolling in a fully operational license management program. This can be done in less than three months and will be tailored to the specific demands of your company. Please contact B-lay, and get your audit defense in place.

More information can also be found in our white paper “Be prepared for a Microsoft Audit ”. Our new white paper format is mobile friendly, so you can easily read it on your tablet or mobile phone.

This article was published on 27-09-2016