cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft User and Device CALs, Applications and Access Evidence

dbeckner
By Level 10 Champion
Level 10 Champion

I am looking to gather a better understanding of the way Microsoft CAL consumption is assessed in FNMS. I have read through the FNMS System Reference and on Page 145 and 146 it discusses the supported Microsoft Server products for CAL Management table. I have also read through a number of forum posts and the Microsoft Practice Guide. Unfortunately I still have some questions listed below --

When I look in FlexNet Manager under All Applications and add the column "Evidence Capability" for all the SQL Server products listed I only see one product with both "Installation and Access" under evidence capability. The remaining SQL Server applications only list "Installation". If we deploy the FlexNet Inventory Agent to the SQL Servers and enable the CALInventory feature will the access evidence still be assessed for consumption. (This assumes the product use rights for consumption rules is set to "Usage within a time limit" and not "Access".)

If it does not take into account the gathered UAL evidence reported by the agent do we need to submit a content submission to Flexera to have the access evidence associated to each product?

If it does take into account the gather UAL then what is the meaning where some products have "installation and access" and others only have "installation" listed under evidence capability.

(Note: I see the same evidence capability situation with other Microsoft Server software)

EDIT:

When comparing all the SQL Server products, as noted above, the SQL Server products that contain edition information do not have "Access" as evidence capability.

When looking at SQL Server (Unknown Component) those have "Installation and Access" as evidence capability. In our lab when I link the (Unknown Component) product to a license and update the consumption rules to "Usage within a time limit" I get accurate consumption automatically when CALInventory is enabled on the FlexNet Agent.

Based on this, is the accurate assumption that when creating a SQL Server CAL you need to associate the "Unknown Component" application to that license in order to effectively use the UAL evidence the agent can report?

(1) Solution

@dbeckner - A couple of notes here:

First, the evidence returned by the UAL logs for SQL Server don't have any specific edition information.  The UAL Log will simply say "This AD Account from this IP Address accessed SQL Server on this server".  That is why in the ARL the access evidence is only against SQL Server applications where the product name is "SQL Server (Unknown Component)".  This could also be the case where only a component of SQL Server is installed, for example SQL Server Reporting Services.  The UAL Log in this case will also state that SQL Server was accessed, even though only Reporting Services was installed.

Second, SQL Server CAL licensing is not version specific.  For example you purchase a SQL Server 2019 User CAL license.  This will cover access to any instance of SQL Server regardless of which component is installed and which edition is installed. 

View solution in original post

(5) Replies

@dbeckner - A couple of notes here:

First, the evidence returned by the UAL logs for SQL Server don't have any specific edition information.  The UAL Log will simply say "This AD Account from this IP Address accessed SQL Server on this server".  That is why in the ARL the access evidence is only against SQL Server applications where the product name is "SQL Server (Unknown Component)".  This could also be the case where only a component of SQL Server is installed, for example SQL Server Reporting Services.  The UAL Log in this case will also state that SQL Server was accessed, even though only Reporting Services was installed.

Second, SQL Server CAL licensing is not version specific.  For example you purchase a SQL Server 2019 User CAL license.  This will cover access to any instance of SQL Server regardless of which component is installed and which edition is installed. 

Thanks @kclausen so is my final assumption correct that you need to use the (Unknown Component) application (for SQL Server when associating an application to the SQL Server CAL since that has the evidence capability of access?

Yes, you are correct.  Consumption would only be automated if you have configured the Flexera Agent to capture UAL Logs.  Keep in mind that:
1) UAL Logging was introduced with Windows Server 2012 so would not be available from older versions of the OS
2) UAL Logging can be disabled by a Server Admin (but UAL Logging is enabled by default)

@kclausen Thank you very much for your notes and clarifications. This makes more sense to me now.

@kclausen One more question - for Exchange server the System Reference doc says a PowerShell script must be used to gather the UAL for User Access and an inventory spreadsheet must be used for Device Access. Is this PowerShell script provided by Flexera or something we develop and implement in-house. Not sure where to find it if Flexera provides it.