We are planning to build a new platform for our web application which will look like this: 2 backend servers, these will mirror eachother and run SQL server, file storage, and possibly AD. 3 frontend servers, these will have IIS installed, use the file storage from the backend server as mounted volumes, serve the webpages and authenticate FTP users (using AD or SQL server) to the correct folder on the mounted volume. These will also run several services to automate tasks for importing data from third party content providers. Our initial thought was to get the standard edition licenses for the backend servers and the web edition version for the frontend machines, however after some research I'm not quite sure if this will be possible. Will the web edition allow us to install the services? Another big issue is if we would need CALs for authenticating the users logging in via FTP and does it make a difference if the authenticating is done using Active Directory or SQL Server? Thanks in advance.
March 4th, 2008 3:26pm
A quick summary of the editions: http://www.microsoft.com/windowsserver2008/en/us/editions-overview.aspx Here is the really nice "blue circles" type doc: http://www.microsoft.com/windowsserver2008/en/us/external-connectors.aspx Windows 2008 Web edition runs IIS 7.0 - this should allow you to run web pages and FTP services. So, your front end should work. But, I would verify this with your "third party content providers" to make sure that their "services to automate tasks for importing data" will work. On the back-end, standard edition will run SQL, file storage and AD, so you are good there. However, standard edition will not support clustering - so you might lose some there. For your authentication question - you have a couple of choices if you use AD as your authentication source. You can use a CAL for each user, or you can get an external connector: http://www.microsoft.com/windowsserver2008/en/us/external-connectors.aspx SQL has a processor, server plus device CAL, or server plus user CAL models: http://www.microsoft.com/sql/howtobuy/licensing.mspx I would do a lot of math and figure out how many users you are going to have at the start and then how many you plan to have. Chances are very good that one of those models will prove itself more cost effective than the others. I would also look into installing ADAM (2003) or AD Lightweight Directory Services (2008). This is also a decent way of providing authentication services for external users... http://18.104.22.168/windowsserver2008/en/library/b7fb96ec-3f3f-4860-a1ab-eb43e54bbefc1033.mspx Luck,
March 4th, 2008 5:31pm
Hi Aaron, thanks for your quick reply. I'm a bit surprised we would indeed need a CAL or EC for each FTP user, this could quickly become quite expensive. In the specs for "Windows Web Server 2008" it says this version doesn't require any CALs, so does that mean there is no FTP User Isolation mode in this version? And if there is, how are those users authenticated? Not with AD because there isn't any in the web edition. The more I'm looking at all the different versions and licensing models the more puzzled I become. This is Windows, there should be a Wizzard for this ;-)
March 4th, 2008 7:36pm
The web services do not require CALs - you can use annonymous authentication. But, if you are going to authenticate people, you have to store the security principals somewhere - AD is a logical choice along with SQL or ADAM...This can be done using the front end - back end model that you are looking at. The user store is where you are going to incur your licensing difficulty. The more I work with this, the more I realize that people that are "Licensing Specialists" earn every dime that they get paid
March 4th, 2008 7:46pm
Onefeature of IIS7 which we haven't discussed sofar (I just found out about it a few minutes ago) is the "Non-Windows Authentication" mode. This allows users to be created inside IIS instead of using the AD as provider. An example can be found here: http://learn.iis.net/page.aspx/321/configure-iis-manager-authentication/ Am I right in my assumption that you won't need any CALs or ECL if you use this feature?
March 5th, 2008 2:26am
The real question is probably going to focus on if you can technically get by with that solution. AD and SQL have all sorts of nifty ways to manage large number of users and they have fault tolerance. The way I am interperating what you are looking to do, you are going to spend a lot of time making sure that users rights are the same across all three of your web servers. That could get very messy! You are going to want to see how you can do things like transfer the user stores from one hardware to the next - imagine if a motherboard burns out and System state can't be used because you have new registryHAL incompatabilities. Also, you are going to want to see how you can programatically create. modify and deleteusers on all three servers at the same time. As to the licensing end of your question, from this page: http://www.microsoft.com/windowsserver2008/en/us/licensing-web-server.aspx I would guess that you would be OK without CALs - however be careful how liberally you work that angle... SharePoint and RMS are listed specifically, but there is that nastily vaguelanguage about: "Exceptions to this rule may occur when Windows Web Server 2008, is used as the scale-out front end for applications..." But, for FTP and web pages, you should be good. Hope that helps,
March 5th, 2008 5:27am
Hello, For licensing questions, please call 1-800-426-9400 (select option 4), Monday through Friday, 6:00 A.M. to 5:30 P.M. (PST) to speak directly to a Microsoft licensing specialist. Worldwide customers can use the Guide to Worldwide Microsoft Licensing Sites http://www.microsoft.com/licensing/index/worldwide.asp to find contact information in their locations. By the way, the following information is for your reference: 264908 Error Message: HTTP 403.15 - Forbidden: Client Access Licenses exceeded http://support.microsoft.com/default.aspx?scid=kb;EN-US;264908 Regards, Neo Zhu -MSFT
March 6th, 2008 9:53am
OK so maybe someone could explain to me the license situation with small business server. IfI want to use it just as a file server, peer-peer network (no domain or lgging in stuff, how many cals or licenses woul i need? What exactly, in PLAIN ENGLISH, does the licenses and CALs do or provide?
June 20th, 2008 4:27pm