Licensing Questions Thread, Licensing issue for AD Authentication in Technical; Hi,
Running Alfresco with AD authentication. Our machines have device CALS as we have more users than machines. Whenever a ...
14th April 2011, 10:27 AM #1
- Rep Power
Licensing issue for AD Authentication
Running Alfresco with AD authentication. Our machines have device CALS as we have more users than machines. Whenever a user logs into the system from outside as they are logging on using a device that is not covered by our CALS then i've been inofmred by our licensing people the they will need a device CAL. We can't really justifiy converting our licenses into user CALS. Just thought i'd put the question out there for opinions.
Simply puy users login to a website (Alfresco) and login which is authenticated against AD and from there on all there deadlings are with Alfresco and its own internal MySQL database. For this each user who accesses this not using out equipment it needs a license.
Now my other option would be to put something like Open LDAP infront of AD as a kind of chaining mechanism so when a user logs in the request goes to Open LDAP to cache the request and the response so after the first login the users will use the Open LDAP data rather than AD data and the licensing issue would be between our Centos Linux server and AD talking to each other meaning one license required? Got a really good project but the cost of licensing could put the dampeners on things.
IDG Tech News
14th April 2011, 02:47 PM #2
You either need appropriate CALs or a Windows Server External Connector license. Putting an extra LDAP server in between the two systems gives you the same problems.
14th April 2011, 02:53 PM #3
The external connector license is the easiest way - but I disagree that syncronising an LDAP server would need CALS. it would be like MS requiring cals for a samba share that is syncronised off a windows share - in both cases it shouldn't need extra CALS.
14th April 2011, 04:24 PM #4
I'm with powdarrmonkey on this one - I'd understood that in this kind of scenario you'd need an external connector license. I think that was somewhere under £3,000 as was pretty much a one-off charge that covered the whole school, so probably not too bad really. For the method you describe above, what happens if the user changes their password via AD - shurely the "cached" password kept by OpenLDAP needs to be kept up-to-date?
Originally Posted by bensewell
21st April 2011, 03:39 PM #5
- Rep Power
I had the official reply from MS about this so thought i'd share with you.
If a linux server talks to AD for authentication then it requires a device cal.
For users who are covered by a device cal in the organisation but access the webserver from a non-organisation device they need a Remote Desktop Services license.
Users who access the system internally are covered by their device licenses.
So a bit clearer but licensing still a bit of a bombsite and looking expenive unless i can get group caching for the Alfresco users.
9th May 2011, 12:47 PM #6
Incidentally, could you somehow get ISA to perform the authentication/export/lookup? ISA (and and option for SQL) has per processor model therefore would negate the need for CAL monitoring.
Most schools qualify and get the "free grant" in that respect anyway (http://www.microsoft.com/uk/educatio...r-schools.aspx)
Last edited by KK20; 9th May 2011 at 12:59 PM.
By parasol in forum Internet Related/Filtering/Firewall
Last Post: 7th September 2011, 01:54 PM
By jmair in forum Internet Related/Filtering/Firewall
Last Post: 5th January 2011, 07:52 PM
By fox1977 in forum Windows Server 2000/2003
Last Post: 27th October 2010, 09:40 AM
By dwhyte85 in forum Windows
Last Post: 15th April 2009, 09:33 PM
By dezt in forum Wireless Networks
Last Post: 30th January 2007, 10:23 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)