SQL End of Support – Extended Security Updates are 300% the cost of SA

In a recent interview with CIOdive.com and in InformationWeek – I highlighted a ‘compelling event’ across the Microsoft ecosystem to upgrade, re-host, or refactor legacy SQL servers to respond to SQL 2008 and 2008 R2 End of Support on July 17th 2019. With the average business running 43% of their SQL servers in extended support, it is going to drive a lot of activity.

In March of this year, Microsoft also published general availability of Extended Security Updates (ESU) to extend the life-cycle of your 2008 and 2008 R2 footprint for both SQL Server, and Windows Server 2008 and 2008 R2 (with end of support in July 2020).

Notably, the cost of Extended Security Updates coverage for 12 Months, is 300% the price of Software Assurance for SQL Server for the same period, with this price point consistent for both SQL Enterprise and SQL Standard Edition. Microsoft extrapolated the cost of extended support based on 75% of the perpetual ‘license’ cost. Arguably, the logic of this pricing model is weak, and the cost should be extrapolated based on the cost of the maintenance model – Software Assurance (SA), and not based on the current perpetual ‘License’ cost of the software. After 10 years in industry, it is hard not to see this pricing model as anything but a mechanism to drive customer behaviours towards adoption of Azure, and  undermine re-hosting of legacy software to AWS dedicated host, or GCP sole-tenant offerings. 

Here are some key takeaways you should be aware of:

  • You do need to maintain SA for Windows Server or SQL Server footprint you want to buy ESU for.
  • The EOS SKUs are Annual and can be bought at any time. Full 12 Months of coverage.
  • The price list went live on March 1st and are now available for purchase.
  • You pay for the full year, It is not pro-rated from the date you buy.
  • The ESU starts from July of 2019 to July of 2020, and then 2nd Year is purchased later.
  • If the you elect to upgrade, or move to Azure, you can reduce the ESU in future years.
  • ESU is covered when you move workloads to Azure.
  • You are billed at time of purchase.
  • There is no pro-ration and is not co-terminus with the underlying SA/LSA on a Volume Agreement Enrollment
  • The full Year of ESU may not align with your enrollment. You buy the full Year upfront that goes beyond the Enrollment date
  • You cannot buy new coverage in Year 2, If you don’t buy Year 1. So you would buy Year 1 and Year 2 in one go.
  • The underlying SA doesn’t have to be on the EA contract.

Read moreSQL End of Support – Extended Security Updates are 300% the cost of SA

Licensing Windows Server on GCP

General

Licenses that are eligible for License Mobility[1] and covered with active Software Assurance (SA), can be deployed to third party shared datacenter environments like GCP shared tenancy.

Google, as an authorized ‘License Mobility through Software Assurance’ Partner,[2] can enable License Mobility on eligible Microsoft Server products on GCP.

The list of eligible server products for License Mobility are defined in the Microsoft Product Terms, including but not limited to: Microsoft SQL Server, Microsoft Exchange, Microsoft Skype for Business, Microsoft SharePoint, Microsoft System Center, RDS CAL, BizTalk Server and eligible Dynamics products. (In this document these products will be collectively referred to as Microsoft Application Servers).

Sole-tenant nodes are physical Compute Engine servers that are dedicated for hosting VM instances for your specific project. Normally, VM instances run on physical hosts that may be shared by many customers. With sole-tenant nodes, the host is dedicated to your business.[3]

GCP sole-tenant is a dedicated server that is physically isolated for use by a single customer. All hardware resources and storage will remain fully dedicated to your use for the term of your subscription.

Each sole-tenant node is associated with one physical server, and is the only node running on that server. You can manually select the location to launch your instances to a specific dedicated host. Node affinity determine which nodes your VM instances use as a host system. You can configure additional affinity labels so that your instances run only on the node groups that you want or share nodes only with instances of the same affinity type. Affinity labels keep sensitive data together on specific node groups and separate from your other node groups and other VM instances running on Compute Engine. It provides you with visibility and control to meet regulatory and compliance requirements.

In this case, the outsourcing documentation within the Microsoft Product Terms will apply[4] and licenses that are not eligible for License Mobility or that do not have active Software Assurance, can be deployed to GCP sole-tenant nodes.

Windows Server

There are two available options to deploy Windows Server on GCP: virtual machine instances and sole-tenant nodes.

Virtual Machine instances: Windows Server per-core licenses are included in the cost of the Windows Server instances purchased on-demand. Whether you bring your existing Windows Server images to run on VM instances or use the pre-built images available in GCP, the license is included in the cost, and Windows Server CALs are not required.

Sole-tenant nodes: GCP provides the option to bring your own licensing (BYOL) for Windows Server with your own images to GCP sole-tenant and remain compliant for Microsoft licensing.

A sole-tenant from GCP is a dedicated single-tenant host that is fully dedicated for your use. GCP will not support two customers to share the same set of resources, such as hardware or storage for the term of your subscription. In this case, the outsourcing wording within the Microsoft Product Terms applies.[5]

Windows Server does not have ‘License Mobility’ rights to enable bring your own licenses to a multi-tenant environment, so we only recommend deployment on our sole-tenant offering. Windows Server licenses can only be assigned to physically dedicated sole-tenant hosts.

Read moreLicensing Windows Server on GCP

Licensing SQL Server on GCP

There are two available options to deploy SQL Server on GCP: virtual machine instances and sole-tenant nodes

Virtual Machine instances: SQL Server per-core licenses are included in the cost of the Windows Server instances purchased on-demand. Whether you bring your existing SQL Server images to run on VM instances, or use the pre-built images available in GCP.

GCP provides images with Microsoft SQL Server preinstalled on Windows Server. For these SQL Server images, GCP manages the license for both Windows Server and SQL Server, and includes the cost in your monthly bill. Create instances with SQL Server and scale to large multi-node configurations when you need them.

Sole-tenant nodes: GCP will also enable you to bring your own licensing (BYOL) for SQL Server with your own images to GCP sole tenant and remain compliant for Microsoft licensing.

A sole-tenant from GCP is a dedicated single-tenant host that is fully dedicated for your use. GCP will not support two customers to share the same set of resources, such as hardware or storage for the term of your subscription. In this case, the outsourcing wording within the Microsoft Product Terms applies.[1]

Software Assurance

Sole-tenant – Software Assurance is not required to bring your SQL Server licenses to GCP sole-tenant.

Although Software Assurance is not required to bring your own SQL Server licenses to a dedicated sole-tenant, you will be able to leverage your legacy licenses for prior software versions. The use rights for the originally licensed version will still apply.

GCP sole-tenant is ideal for leveraging licenses where active Software Assurance has not been maintained, or licenses were purchased without Software Assurance. Additionally, sole-tenant will support per-core, per processor, and server with CAL based license models to take advantage of your prior software licensing investments.

However, it may be beneficial to maintain active Software Assurance to enable access to ‘New Version Rights’ as new software versions are released[2] and to leverage Software Assurance Benefits.

Read moreLicensing SQL Server on GCP

Microsoft Licensing FAQs for GCP

Here are a selection of common licensing questions and answers. I also recommend referring to binding documentation like the Microsoft Product Terms for guidance.

General

Q. How will GCP enable me to meet my license reporting obligations to Microsoft? License Usage – Self Reporting

·    In addition to enabling control of VM placement to launch your instances on a dedicated host, GCP will keep a record of how your instances use sole-tenant resources, which will allow you to create your own usage reports.

·    Windows Server is licensed by the physical cores on each host. GCP provides visibility, including but not limited to, the number of physical processors and physical cores, and number of Windows VMs running on the host machine to allow you to keep track of how your individual Windows Server VMs use the resources of the dedicated host.

·    Additionally, for SQL Server GCP provides reporting, including but not limited to, the physical processors and physical cores, and total number of VM instances running SQL Server on the host machine, and the number of virtual cores assigned to the VMs to allow you to keep track of licensable resources of the dedicated host.

License Mobility Self Reporting

·    When using ‘License Mobility through Software Assurance,’ you must complete a license verification process with Microsoft to confirm that you have the eligible licenses with active Software Assurance.

·    GCP enables you to meet your licensing reporting obligations to Microsoft. To start the verification process and review additional details, go to the Microsoft License Mobility verification form in the GCP Console.

·    This is required for all workloads of eligible Microsoft Server products, as defined in the Microsoft Product Terms, including but not limited to: Microsoft SQL Server, Microsoft Exchange, Microsoft SharePoint, or Microsoft System Center, RDS CAL, BizTalk Server and eligible Dynamics products.

Q. I understand from the Microsoft Product Terms that a license cannot move to another region or physical server for at least 90 days. How is this managed in GCP sole-tenant?

 

·    Each sole-tenant node is associated with one physical server dedicated to hosting your VM instances. You can control VM placement to launch your instances to a dedicated host, and instance affinity will allow specific node affinities between your nodes and VM instances. This will enable you to control VM instance placement to satisfy the restriction of license re-assignment once every 90 days.[45]

·    The license re-assignment rule will apply to your licensing of Windows Server unless there is a permanent hardware failure. In this scenario when there is permanent failure of hardware[46]components, the sole-tenant node that is hosting the VM instances will use live migration47 to move the VM instances to replacement host hardware automatically. If there is complete hardware failure, the VM will crash and restart automatically and a host-error is logged.

Read moreMicrosoft Licensing FAQs for GCP

Licensing Office on GCP

Google will enable you to bring your own licensing for Office to GCP sole tenant and remain license compliant.

License Model

User Subscription Licenses – Microsoft offers a cloud supported version of Office sold as a subscription with cloud services called Office 365 ProPlus. Office 365 ProPlus is licensed on a “per user” basis, to a single named user, referred to as a “licensed user”.

Per Device Licenses – For customers that continue to have an on-premises version of Office, Microsoft offers Office Professional Plus. Microsoft Office Professional Plus is licensed on a “per device” basis, referred to as a “licensed device”, normally a personal computer.

Running Office Remotely

User Subscription Licenses – You can bring your own Office 365 ProPlus licenses and run them on GCP sole-tenant[1] in Shared Computer Activation mode and remain license compliant.

Shared Computer Activation (SCA) is an activation mode that enables deployment of Office 365 ProPlus on a dedicated server.[2] Shared Computer Activation will enable the licensed user to access Office from any device. Unlike when Office 365 ProPlus is deployed on a local device, there is no published limit on the maximum number of devices that can access Office 365 ProPlus deployed via SCA.

Any SKU that contains Office 365 ProPlus is eligible for Shared Computer Activation, including Office 365 E3, Office 365 E5, Microsoft 365 E3, and Microsoft 365 E5. All equivalent Government and Edu SKUs are also included. Project Online Desktop Client and Visio Online Plan 2 are also included.

Office 365 ProPlus will require access to the internet to connect to the ‘Office Licensing Service’ to keep track of which users who are licensed.

Read moreLicensing Office on GCP

Licensing Windows Desktop OS on GCP

Google will enable you to bring your own licensing for Windows Desktop Operating System to GCP sole-tenant[1] and remain compliant for Microsoft licensing.

Assigning a License

Before you bring your own Windows Desktop OS license to GCP, you must first assign a Windows Desktop OS license to the end-user, referred to as a “licensed user”, or “licensed device”, typically a personal computer.

To ‘assign’ a license means simply to designate that license to a user or device that can access the Windows Desktop OS in a virtual machine.

Running Windows Remotely

You can bring your own Windows 7, Windows 8.1, or Windows 10 desktop and run iton GCP sole-tenant and remain license compliant. Under the assigned volume license, you may access Windows Desktop OS remotely in a virtual machine as a benefit of Software Assurance for Windows.

GCP will ensure isolation of the hardware and other resources to make sure it remains fully dedicated to your use.[2] GCP will not support two customers to share the same set of resources, such as hardware or storage for the term of your subscription.

License Model

User Subscription Licenses – Remote use of the Windows desktop OS deployed on a GCP sole-tenant is allowed for the licensed user, who is the primary user of at least one device, which is their primary work device. There must be a qualifying Windows desktop OS installed and licensed via an OEM license, on the accessing device.

Per Device Licenses – Remote use of the Windows desktop OS deployed on a GCP sole-tenant is allowed for the licensed ‘primary’ user, of the licensed device, or for any other user, from another separately licensed device. There must be a qualifying Windows desktop OS installed and licensed via an OEM license, on the accessing device.

Microsoft defines the ‘primary’ user an individual that would use the licensed device more than 50% of the time in any 90 day period, so a per-device licensing model may not be suitable for some shift workers or workers in shared workspaces.

VDA[3] User Subscription Licenses – Under this licensing model, remote use of the Windows desktop OS deployed on a GCP sole-tenant is allowed for any assigned licensed user or device. There is no minimum ‘primary’ user requirement for the end-user accessing device, or a requirement for a ‘qualifying’ Windows OS to be installed on the accessing device.

This licensing model is more suitable for businesses that plan to use Google Chrome books, or other client devices where there is no OEM licensed Windows desktop OS on the accessing device.

Read moreLicensing Windows Desktop OS on GCP

Multi Cloud – Stay In Control

Multi-cloud is on the rise. In some organisations, individuals and departments adopt various cloud solutions and services over a period of time, resulting in a gradual drift into a multi-cloud scenario. Other organisations deliberately assign workloads to both Microsoft Azure and AWS, seeking to reduce excessive reliance on either vendor, enhance flexibility, improve resiliency and mitigate exit strategy issues. In other cases, sovereignty regulations such as GDPR lead global companies to adopt multi-cloud strategies to keep data in local regions. Either way, multi-cloud is now so prevalent that it’s being referred to by some as the “new normal.”
However, multi-cloud raises challenges as well as benefits. Costs can run out of control, and management complexity can spiral as individuals and teams spin up workload after workload across the organisation, often without involving the IT department. Keeping track of what is under way, where, and for whom can become impossible.

Data and workload fragmentation sets in – silos, much like those we’ve seen for decades in the data centre, but now scattered across the cloud. Also, it’s not uncommon for IT to be unaware of the existence of certain cloud assets, much less where they all are, the resources they’re consuming or the benefits they’re delivering.

Being Wise to Vendor Incentives

Meanwhile, both Microsoft and Amazon are focusing on retaining, as well as attracting, customers. They use contractual devices, but also reward end users for committing more data and heavier workloads to their platforms. Naturally, users take advantage of such rewards, and the greater their reliance on their cloud platform of choice, the greater their inclination tends to be to stick with it.
Unavoidably, a piecemeal approach to multi-cloud results in relentlessly escalating costs, and deteriorating visibility. To effectively leverage multi-cloud’s potential, it is important to improve visibility and bring costs under control. SoftwareONE employs three principal offerings within their PyraCloud platform to help you do exactly that, including:

Read moreMulti Cloud – Stay In Control