Licensing for Hosted Application Services: Why it costs what it costs

Licensing for Hosted Application Services:

Why it costs what it costs

Application hosting services are experiencing resurgence in popularity these days, due to the prevalence of messaging about the benefits of a “cloud” technology model.  While hosted application services aren’t really cloud (according to cloud technology purists, anyway), they can look and feel and be paid for just like cloud solutions, so the name fits OK.  Hosted applications are desktop or network applications you access via the web, where the software is implemented and managed by a 3rd party application service provider (the host) rather than being installed on your local PC or LAN.  Some software products may be rental-licensed by the ASP, and when combined with the hosting service, the entire subscription service is more like SaaS (software-as-a-service) than the old “purchase and install” approach.

An important supporting program for application hosting service providers is the Microsoft Service Provider License Agreement program. Under a formal agreement with Microsoft or via an SPLA reseller, service providers and independent software vendors are able to license the latest Microsoft software to provide software services and hosted applications to customers. With the SPLA, service providers and ISVs can lawfully license Microsoft products on a monthly basis to host software services and provide application access for their customers. The SPLA supports a variety of hosting scenarios to help providers deliver highly-customized and robust solutions to a wide range of subscribing customers, and it’s the only valid means for obtaining subscription-based provider licensing for these products.

Because the software products being hosted are essentially desktop or LAN-based products, the underlying technology to “deliver” those applications is generally of a similar foundation.  In cases where the provider is offering hosting of Windows-based QuickBooks desktop editions or Microsoft Office applications, for example, the platforms and servers used by the service provider are almost certainly Windows-based.  This operating system, as well as the rights to allow remote user connections to it, is licensed to the provider from Microsoft under the SPLA.  These elements are referred to as “user” licensing elements.

An aspect of Microsoft reporting and licensing which is not well recognized (or frequently complied with) is the difference between user and application licensing.

User licensing, which includes the Windows server access license as well as the remote desktop user license, is a named user access license. This means that the provider need only report and settle for the user license if the user actually accesses the system during the reporting period (usually each month).  Not quite like a concurrent user model, where only the high count of users is reported, the named user model requires that the license for each user be paid if that user logged in at any time and remained logged in for any length of time during the reporting period.

Application licensing applies to the application software license acquired through and governed by the use-rights provided for and granted under the Microsoft SPLA. Rental application licensing is assigned to a specific, named user, and is to be reported fully on a monthly basis regardless of whether or not the user accessed the software. This is in direct contrast to the named user access licensing described above. Providers are required to report and settle on a monthly basis the total number of subscribed application licenses available to users, including Microsoft Office applications, Exchange, SQL and others, regardless of whether or not the user actually logged in and used the products.  The license is assigned to the user and is therefore required to be paid.

Being an application hosting service provider is a complicated business, and there is a lot to consider when developing subscription services for broad customer delivery.  Pricing is one of the complaints customers voice relating to these services, but the reality is that it takes quite a bit in terms of system resources and licensing to provide an acceptable hosted application experience.  This is one of the areas where SaaS and true cloud solutions benefit from a scale economy – where the application is designed for the platform, and one instance of the solution and platform can serve a large number of customers more affordably.

When working with a hosting service provider, it is wise to recognize that the platform and software licensing costs are there to support the type of applications being hosted.  If you have an SQL-based application, you will need the SQL licensing to support it, just like you have to pay for licensing of an Exchange mailbox or a hosted copy of Word.  Enabling only a portion of the total business software requirement may make it difficult to cost justify hosting just one solution.  However, if the business utilizes the host to manage all the desktop applications and data, the cost-efficiency of the approach can increase dramatically.  Regardless of whether the business elects to continue to run software on local PCs, or if it decides to outsource IT to a host and run it there, the company will have to pay the price for software licensing.

Make sense?


Small Business IT Governance: You really need it now

Small Business IT Governance:

You really need it now

it-balancing-actBig changes are going on in the world of information technology and business.  Where social computing and  mobility are no longer purely consumer concerns, enterprise IT departments face a growing requirement to embrace user devices and access in environments which were once strictly and closely controlled.  Enterprise IT may be challenged when presented with user personal devices and demands for remote access to enterprise data, yet the governance of systems is generally well-defined and strictly performed.  In small business, however, the people, policy and process issues (collectively incorporated into “governance”) tend to be more organic, and the use of personal devices and open access is more frequently considered to be a normal part of the overall business IT profile.

It is a focus on defining controls and processes, and influencing the activities and attitudes of the people involved, which has become an essential requirement in small business.  Where management of information technology resources was not of great concern to the small business owner before, increased device and information mobility (removal of physical boundaries) and erosion of logical boundaries around personal and business computing have become a really big deal for everyone in business. Small businesses just don’t often have departments of people working on the problem.

Technology use in business has always come at a price, and as various influences continue to change how users interact with devices, applications and systems, business owners and IT managers will continue to face difficult choices between balancing security of information resources and providing a productivity-enhancing user experience.   Too many security barriers result in avoidance of security protocols, slow or immobile company computers result in users working on their own machines and portables, and restricting access for mobile users results in “shadow IT” implementations of mobile sync and other data access approaches.

Yet “shadow IT” tends to be the norm with many small businesses, where there are often fewer barriers to implementing solutions which address individual user issues or problems.  Lacking the resources or understanding to develop a strong plan for managing information systems and technology within the business, small business owners often consider the computer systems and computerized data to be tools to get jobs done rather than strategically valuable assets to be strictly controlled and protected.  These business owners are not recognizing the ever-increasing need to not simply secure business information, but to establish processes and rules which will govern how users and devices access and interact with the information and systems.

Enterprise IT departments have often viewed their small business counterparts (customers, suppliers, etc.) as potential points of vulnerability, an attitude which was once considered to be centered not on real assessments of the risk but more in terms of ego, level of sophistication, and hierarchy in the food chain.  In today’s world of real risk introduced by myriad technological and human elements in every link in the supply chain, enterprise IT conclusions regarding the risk potential of doing business with anyone – including small businesses – may not be entirely unfounded.  Whether it be commentary and information distributed by individuals via social media or malware or corruption introduced inadvertently (or not) via computerized interaction, there is the possibility of risk introduced with every system, person and process involved.  Enterprise to enterprise, these issues may be more often recognized and remediated; where the SMB is involved, not always so much.

This is a brave new world of computing, and there is truth in that even the smallest of businesses can “compete with the big guys” when the right mixture of technology and process is applied – for good or bad.  Technology enables businesses to be more productive, get more done with fewer resources and perform at higher levels. IT Governance in small business is no longer an optional area of focus, addressed only during infrequent discussions with the local contract IT guy when he comes in to defrag the hard drive on a slow computer.  Establishing the proper processes and controls to wrap around IT use in the business has become an imperative; a necessarily specific and considerate approach to how information technology is used within the business, who uses it, and what IT is composed of.

Just about every business, and most individuals, are connected in some manner via some type of network, representing a dramatic and dynamic change to the traditional composition of business IT and the landscape of vulnerabilities which threaten it.  The increased connectedness, capability and complexity of systems and networks requires a greater focus on overall IT governance – exercising authority and controls – as the impact (just like the information) can easily and unintentionally reach far beyond the boundaries of the individual business.

jmbunnyfeetMake Sense?


“People are nothing more than another operating system”, says Lance Spitzner, training director for the Securing The Human Program at SANS Institute.  “Computers store, process and transfer information, and people store, process and transfer information,”  How Hackers Fool Your Employees