Many Microsoft products utilize the Client Access License (CAL) model, including Exchange Server and SQL Server. For a list of Microsoft products for which CALs are required, see the Microsoft CAL Guide at http://go.microsoft.com/fwlink/?LinkId=91230.
|At this time, Configuration Manager 2007 tracks CALs only for Windows Server and Exchange Server.|
To understand how Microsoft System Center Configuration Manager 2007 can help track and manage CAL usage, it is important to understand that there are several different CAL models and that CALs are product specific. A CAL for Microsoft Exchange Server does not impart the rights to use Microsoft Windows Server, and vice versa.
|Purchasing CALs for earlier versions of an application does not grant the right to use later versions of the application. However, purchasing CALs for later versions of applications grants the right to use earlier versions of that application. For example, a CAL purchased for Windows 2000 does not grant the right to use Windows Server 2003. However, a CAL purchased for Windows Server 2003 grants the right to use Windows 2000. This is true with other applications as well, such as Exchange Server and SQL Server.|
For more information about user rights associated with CALs, see the Microsoft Volume Licensing Web site at http://go.microsoft.com/fwlink/?LinkId=91231.
Client Access Licenses Models
Three primary CAL models are used for Microsoft Server products: Per User, Per Device, and Per Server. Not all types of CALs are available for all products, and specific products can offer additional types of CALs. For more information about specific CAL licenses, see the Microsoft CAL Guide at http://go.microsoft.com/fwlink/?LinkId=91230.
Per User CAL
With the Per User CAL model, a separate CAL is required for each unique user who accesses a server. If a user uses multiple computers, the user can access the server from each computer using only a single CAL. However, if a different user logs on to one of the computers, that user will need a separate Per User CAL to access the server.
A typical example of the Per User CAL might be for a company that has two Exchange Servers used by 200 employees on 220 computers. This would require two server licenses (to install the product on the servers) and 200 Per User CALs. Because a CAL is assigned to each user, the number of computers accessing the servers is unimportant.
Per Device CAL
With the Per Device CAL model, a separate CAL is required for each unique device that accesses a server. If more than one person uses a specific computer, one CAL will allow all of them to access the server from that computer. However, if one of these users also uses another computer to access the server, the additional computer will need a Per Device CAL as well.
A typical example of the Per Device CAL might be for a company that has two Exchange Servers used by 200 employees on 150 computers. This would require two server licenses (to install the product on the servers) and 150 Per Device CALs. Because a CAL is assigned to each device, the number of users accessing the servers is unimportant.
Per Server CAL
With the Per Server CAL model, a separate CAL is required for each unique device that accesses a server simultaneously. During setup, the server administrator enters the quantity of CALs purchased for the specific server. If this quantity were set to 30, only 30 computers would be allowed to connect to that server simultaneously. However, if that server served a pool of 100 computers, all the computers would have server access as long as no more than 30 were connected at the same time. After a computer disconnected from the server, a CAL would be freed so that another computer could connect to the server. If multiple servers are used to load balance, separate CALs are required for each server. For example, if you were using two exchange servers and purchased 200 Per Server CALs, you would likely assign 100 CALs to each server.
How CAL Counts Are Calculated for Asset Intelligence Reports
When hardware inventory is enabled for client computers, the Configuration Manager 2007 hardware inventory client agent analyzes Security Audit logs on computers running a Windows Server operating system. The list of users and IP addresses that have contacted the server is then included in the hardware inventory report sent by the client. When an Asset Intelligence CAL report is run, the information gathered from clients is consolidated based on the CAL models previously described. Reports accumulate CAL usage separately for each version of Windows. Additionally, the number of users and computers that have connected to Windows servers running Exchange Server are compiled and reported as Exchange CALs.
The following specific assumptions have been made about user and device Exchange CALs, as well as Windows Server device CALs:
- Exchange CAL calculation assumes that
Exchange Server is installed on a single workload computer. If
other server products run on the same computer, users or devices
connecting only to those other products will be reported as
- Device CAL reports identify computers by IP
address. Because of this, the following might be observed when
inventorying Device CAL usage:
- If some clients are behind a router with
Network Address Translation, all computers connecting through the
single IP address will be counted as one.
- If a computer uses more than one IP address
due to multiple Network Interface Cards, each IP address will be
counted as a separate device CAL.
Note User CALs are not based on IP address and are not affected by these IP-related limitations.
- If some clients are behind a router with Network Address Translation, all computers connecting through the single IP address will be counted as one.
Due to the previously listed limitations, CAL reports in general, and especially Device CAL reports, should be used as a baseline for CAL usage analysis rather than an authoritative summary of CAL usage. Additionally, the number of servers from which CAL usage is reported might differ from the number of servers in a collection if the security event logs for all servers are not configured to log success logon events. For more information about prerequisites for collecting CAL information, see Prerequisites for Asset Intelligence.