Corralling SQL Server CALs

By John Grubb

This is one of my favorite topics with clients.  It never fails that most clients I speak with have multiple SQL Server license types, which usually includes SQL Server CALs.  So what exactly is a SQL Server CAL, well I can tell you it has no relationship to a large four legged animal grazing in a field, but I will say managing SQL Server CALs and herding cattle are both challenging activities.

A Quick SQL Server Licensing Primer

Before we talk about managing SQL Server CALs we need to do a little SQL Server licensing review.  With SQL Server 2014 there are two main licensing models and three editions of the product.  Figure 1 below highlights the licensing models by edition.

Figure 1 – SQL Server 2014 Licensing Models by Edition

SQL Server 2014 Edition Core-Based Licensing Server+CAL
Enterprise Yes No (Grandfathered Rights Exist for Existing Customers) Customers are able to continue active Software Assurance (SA) on Enterprise edition licenses based on the Server+CAL licensing model. They cannot purchase additional servers but can purchase additional CALs. These servers are restricted to 20 physical cores or virtual processor threads.
Business Intelligence
No Yes You do not need CALs for any user or device that accesses your instances of the server software solely through a batching process. (Introduced with SQL Server 2014 and allowed backwards for SLQ Server 2012 BI)
Standard Yes Yes Can be licensed by Core-Based or Server+CAL.

As you can see from figure 1 above there are two main licensing models, Core-Based and Server+CAL.  Core-Based licensing requires customers to license all the physical cores in the hardware and this allows for unlimited access to SQL Server from any device by any user.   For virtual SQL Servers the Core-Based rules are a little different. It is important to understand Core-Based SQL Server licensing only requires the server to be licensed.  To learn more about Core-Based SQL Server 2014 licensing please review the Microsoft Product Terms (published monthly) and the current SQL Server 2014 Licensing Guide from Microsoft.

The next model we come to is the Server+CAL model.  In this model customers must acquire a license for each server and also acquire a Client Access License (CAL) for each accessing device or user.  As you can see in figure 1 above the Business Intelligence edition only supports the Server+CAL licensing model.   Also new with SQL Server 2014 is a CAL waiver for processes that access SQL Server via batch processing. There are two CAL types customers can purchase, device based and user based CALs.  Figure 2 below illustrates the two types of CALs and how they work.  Please note that you can mix CAL types as needed, thus your shared workstations can be licensed by device CALs, and you can utilize user CALs for users with multiple devices.

Before SQL Server 2012 released, SQL Server 2008 R2 and prior versions offered Processor-Based licensing.  The switch to Core-Based was a very painful and expensive exercise for most SQL Server customers.  Also back in the SQL Server 2008 R2 days Microsoft permitted SQL Server Enterprise edition to be licensed by Server+CAL.  When SQL Server 2012 released, customer with SQL Server 2008 R2 Enterprise edition licensed by Server+CAL were allowed to maintain active Software Assurance (SA) on their servers and upgrade to SQL Server 2012 and later.

The only restriction is those grandfathered Server+CAL based SQL Server Enterprise edition are limited to 20 physical cores once they are upgraded to SQL Server 2012 and later.  To restrict Server+CAL based SQL Server 2012 Enterprise edition servers and later Microsoft created special installation packages, which installs a version of SQL Server 2012 and later that cannot address more than 20 physical cores.  When deployed to virtual servers, customers are limited to 20 total virtual processor threads across up to four (4) virtual servers per physical host.  This also requires the virtual servers running SQL Server to be reassigned to a new server together.

Figure 2 – CAL Types

CAL Type Description
Device CAL Assigned to a single device. Allows any user to access SQL Server from the licensed device. License may be reassigned to a new device every 90 days.
User CAL Assigned to a user. Allows the assigned user to access SQL Server from any device. License may be reassigned to a new user every 90 days.

SQL Server Core-Based server licenses are more expensive than a server in the Server+CAL model.   The difference being the Server+CAL model also requires customers to acquire device or user CALs.  At some point the cost of the Server+CAL model exceeds the cost of the Core-Based model.

This article does not address commercial hosting of SQL Server or using SQL Server to backend commercial software services (SaaS).  Both of these items are advanced topics unto themselves and require close attention to properly license SQL Server.

So What Makes SQL Server CALs So Challenging?

So now that we have done a little SQL Server licensing review we can now talk about why managing SQL Server CALs is so challenging.   Before we go any further I want to be clear this article is focused on SQL Server Standard and Enterprise edition licensed by Server+CAL, and excludes the Business Intelligence (BI) Edition of SQL Server since it is purchased primary for large BI projects.  In this article I am focused on the database engine side of the house versus the BI side.

First off there is no software installed with a device or user based SQL Server CAL, thus there is no easy way to discover accessing devices and users.  SQL Server 2014 Standard edition uses the same installation package for both Cored-Based and Server+CAL licensing.  Thus there is no way to differentiate Standard edition SQL Servers by their licensing model.  So this means the customer must know their environment well and have tight control over all devices and users accessing SQL Server under the Server+CAL licensing model.  There is no magical software that will do this for you.

When we look at SQL Server in the typical enterprise customer it is used and accessed in many ways.  There will be numerous third party and custom applications containing multiple tiers with a single user account accessing SQL Server from the application tier.  I am sure we will find multiple web apps that behave in the same manner.  I recall while still at Microsoft one customer who had thousands of employee badge readers in a multi-tier application, and they had purchased a single SQL Server User CAL since there was only one unique user who logged into SQL Server.

Once I had finished explaining the term multiplexing to them, they were not very happy with me.   Microsoft defines multiplexing as using some form of hardware or software to pool connections in order to reduce the number of direct devices or users connecting directly to a system, and this does not reduce the number of required licenses.

So as you can see keeping track of which devices or users are accessing SQL Server is no small feat.   And it is not uncommon to have multiple databases on a single SQL Server or multiple instances of SQL Server installed which means more applications and thus more devices and users to track.

Partial Coverage a Big Red Flag

When I see customers with fewer SQL Server CALs than devices or users that is an automatic red flag to me.  It is not uncommon to find a customer with both Core-Based and Server+CAL based SQL Server licenses, with fewer CALs than devices or users, and when I find them I strongly encourage them to move to 100% Core-Based licensing for SQL Server, unless they can demonstrate they have control over a mixed licensing environment.

Mixing Licenses With and Without Active Software Assurance is Dicey

The next item on my risk meter is finding customers with Server+CAL based licenses where some licenses no longer have active Software Assurance and other licenses are still covered with active SA.  This is a nightmare to manage, and I have yet to meet a customer who had 100% control over this environment.

This is often the byproduct of having been a long time Microsoft customer. If we go back to the days of the BackOffice Server CAL, it came with a SQL Server CAL.  Many customers still have SQL Server CALs on their agreements that have been carried forward from many years back.

Watch Those Server Installations

If you are one of those customers with grandfathered rights to SQL Server 2012 Enterprise edition and later via Server+CAL licensing, make sure your team does not accidently install the Core-Based installation package.  This would be a compliance problem because this version of SQL Server is not limited to 20 physical cores.  If this happens you will need to remove the Core-Based SQL Server and install the Server+CAL based SQL Server.

Note that grandfathered customers still running SQL Server 2008 R2 or 2008 can still run the processor based servers without the 20 core limit.  The 20 core limit is only for these customers who wish to install SQL Server 2012 or later.

Where I Have Seen SQL Server CALs Work

Customers who properly cover their entire SQL Server estate with SQL Server CALs.  This may be covering the shared factory workstations with device CALs and the knowledge workers (with multiple devices) with user CALs.  These customers are smart and only user Server+CAL licenses for internal applications.  For all external applications were CALs would be cost prohibitive they user Core-Based licenses.

The one challenge this presents is where they have grandfathered SQL Server Enterprise edition limited to 20 physical cores, and the day will come when they will run into this physical limit.  When this happens moving to Core-Based licensing will be your only option unless you can architect.

 One Possible Use for Server+CAL Based Licenses

If you have been carrying active SA on Server+CAL based SQL Servers and CALs and are considering dropping SA coverage, you may consider using them to license non-production workloads, especially if you do not have proper MSDN licensing across your non-production environment.  This would work well if you license your non-production Windows Servers with production licenses.  You could then use the SQL Server licensed by Server+CAL to cover the non-production SQL Servers.  Be careful if you have grandfathered Enterprise edition and install SQL Server 2012 or later, you must use the right installation package with the limit of 20 physical cores.

The Simple Secret to Managing SQL Server CALs?

Proper IT Asset Management (ITAM), with a keen focus on Software Asset Management (SAM) is the secret sauce.  An effective SAM program is comprised of people, process, and technology.  And I strongly discourage starting your SAM program by purchasing a SAM tool first.  There is no SAM tool on the market that can automate the process of managing SQL Server CALs with the push of a button.  Think about it, a CAL cannot be discovered, and access to SQL Server is often through some form of connection pooling, thus making the true accessing devices and users invisible.  Proper SAM is the key to staying out of trouble with SQL Server CALs.  It requires policies and procedures that require all parties work together.  Thus a new device or user accessing an application through a connection pool cannot be added before the proper software licenses are determined and acquired.  As users and devices no longer need access to an application, their licenses need to be reclaimed and reused to avoid over purchasing.  Watch out for the 90 day minimum reassignment rule.

Effective SAM is much harder than it seems, and without executive leadership’s support you will quickly find you have no traction and are losing control.  Understanding how to license SQL Server is very important, but proper SAM is much more important, and is the foundation upon managing all of your software.

Closing Thoughts…

I am often asked can I convert my CALs to cores, and I explain there is not a programmatic way to do so.  Back in the 2012 time frame I know Microsoft worked with customers on a one off basis to help them through this challenge.  I would still encourage customers with large investments in SQL Server CALs to talk with their Microsoft account teams, but I caution to not expect too much at this point in time.

The March 2016 Microsoft Product Terms permits customers to move between device and user based CALs at renewal of Software Assurance, and please note user CALs come with a higher price than device CALs.

So to close this topic out, for many smaller customers the Server+CAL licensing model works well for their SQL Server needs, but for large and complex organizations managing SQL Server CALs is a very difficult and time consuming activity.  And of course without effective SAM, managing any type of software is more difficult.  In the beginning of the article I had a little fun with comparing herding cattle and managing SQL Server CALs, I would say effective SAM is like a team of well-trained cattle dogs…

When the Microsoft auditors come a knocking, and they will, how will you respond when they ask you to show them how you manage access to your Server+CAL based SQL Servers?

By: John G. Grubb

About the Author

John Grubb