Categories
SAM Strategy Thoughts

ByoL into AWS & Azure: Room for savings or new trap?

Our customers have often asked us if they could use their licenses into the Cloud, and whether it was a real manner to optimize the spend, or just a non sense.

To make a long story short, our answer is YES; keep as a quick answer that Bring your own Licenses into the Clouds is a real way to optimize your spend.

That being said, we still need to have a step by step approach to make sure we will not make errors and do the right moves with ByoL. For the longer answer, please read below.

Where do you stand ?

First thing is to know precisely your license position. Actually, it is the exact same consideration as if you were about to license a new on prem architecture, and the idea is to know whether you still have remaining buffer of unused licenses or not.

Establishing a license position for Windows Server, System Center and SQL Server should be automated as much as possible, and optimization through dynamic allocation should be repeated every time you refresh your license position.

Here is a quick example of simple chart that illustrates the use rate of your licenses after an optimized license position.

The green share indicates the licenses that you have purchased and that are fully used today to license your footprint. The red share indicates the possible missing licenses, to be reduced as much as possible of course through optim, infrastructure changes… and to be possibly remediated by a new purchase of missing licenses or True Ups if no other solution; The blue share indicates the financial part of licenses that are unused and put on shelf after optim. Tricky things in licensing is that you may have missing licenses and extra licenses at the same time… of course we necessarily have different characteristics of licenses (different editions, or versions, or metrics, or SA coverage). In a ideal world, there is no red part, but also no blue part ! Indeed, the blue share just means that you have purchased too many licenses that you do not make use of ! Unless….

Identify the eligible situations for ByoL

Amazon & Azure have documented the eligible situations for ByoL.

AWS & Azure rules can be found below:

In these links, to summarize we can highlight that:

  • Rules have changed since October 2019 because Microsoft has precised the use of ByoL into the various Cloud providers (incl Azure); these changes are reflected into the “Listed Providers” scheme here.
  • It is more difficult now to use existing Windows Server licenses into AWS; but some situation still exist, and for those, Software Assurance is not required !
  • For AWS and SQL Server, we can both use the licensing mobility rule or the standard licensing rule, but we must pay attention to the subscribed plan (Standard EC2 instances, versus Dedicated EC2 instances, versus EC2 Dedicated Hosts). Software Assurance remain necessary.
  • For Azure, rules are more numerous, and we can both benefit from existing unused Windows Server & SQL Server licenses. That can be used through the Hybrid Use Benefits, and Microsoft also allows SQL Server ByoL for managed databases (not only IaaS, but PaaS).

Calculate & Optimize

Then, it starts being possible for you to use ByoL when the two following conditions are met:

  1. Some unused licenses on shelf,
  2. One or several cloud situations eligible for ByoL.

Are these two conditions met ? If so, you should not hesitate and go for ByoL then. Why?

First, every day these unused licenses stay on shelf, it is like you leave the tap open! Value of your unused licenses depreciates day after day, and making sure to use them as often as possible is never a wrong choice.

Worried about the fact you may need such unused licenses in near future for newcoming projects? My second point is to say that ByoL is not irrevocable. You can change your mind every 90 days and put back such licenses on shelf and go for Azure or AWS subscription.

Overall, it is an immediate 20 to 40% discount depending on your situation when we consider that extra subscription costs linked to licenses part into Azure or AWS is just an extra cost because you already had and paid for your licenses ! So, why would you keep your licenses on shelf for future purposes if you can make savings now ?

To simulate such savings, it is now clear that you need to be accurate. Many licensing rules are different in the cloud versus on premise, and even between Cloud providers.

Fortunately, we have recently released into SamBox.io the management of ByoL for both AWS & Azure. Easy now to calculate your Microsoft license consumption into your premises and into your Clouds at the same time.

How to proceed now?

First, you need to follow the above-mentioned steps to measure the range of savings you can reach into that direction. It depends of multiple parameters of course, but if you have a large move-to-Cloud strategy, for sure these savings can be huge !

Then build your KPI, to demonstrate such benefits (based on number of instances licensed through ByoL, and amount of savings achieved; make sure to collect the avergae cloud spend per VM in advance to simulate the savings).

Finally, it is a matter of communication and sharing across the company. Write a short Byol Policy, review your processes, communicate them to stakeholders, and make sure that SAM brings support to them to secure the savings.

Ready ?

Categories
Announcement Market news

Microsoft licensing in the Cloud – Part 2

Of course you guessed it after after first announcement a few days ago.

There it is : SamBox.io now manages Bring you own License into Microsoft Azure.

Ever heard of Hybrid Use Benefit ? Can I use my Windows Server licenses ? my SQL Server licenses ? In IaaS only, or in PaaS mode ? with or without Software Assurance ? ….

Many many questions when it comes to know whether we have the right to use our own licenses into Azure or not… and even when it seems we can, not that easy to determine how many licenses would be consumed, given the fact counting rules into Azure are different from on premise environment. Moreover, if you use Server and Cloud Enrollment contract, you may benefit from specific rules that would enable you to have concurrent use, on premise and in Azure. Either for a migration period, or for a longer time depending on your edition !

Again, our Microsoft consultants have worked hard to specify all these new rules, and Everyting is now in the Box !

Categories
SAM Strategy Thoughts

Microsoft ESU – what’s the deal?

Following the end of support for SQL Server 2008/2008 R2 on July 9, 2019, Windows Server 2008/2008 R2 also reached the end of support on January 14, 2020. What does this mean and what are the alternatives?

Microsoft’s support policy states that products have a 10-year lifecycle during which they will provide support. These 10 years are actually cut into two periods – 5 years of mainstream support followed by 5 years of extended support. At the end of extended support, there is no more support available from Microsoft (except in very exceptional circumstances) which immediately introduces security risks if you are still running these versions. Specifically, these servers are no longer receiving security patches and any newly discovered flaw is an attack vector for trojans, ransomware etc. to potentially infiltrate your enterprise.

What are the options and is it already too late?

The first recommendation is to make sure your plans align with Microsoft’s support lifecycle, so you are only running software that is supported by the vendor. Microsoft strongly encourage organisations to ensure they are running at least Windows Server 2012, which is supported until 2022, but moving to Windows Server 2016 (supported until 2026) and Windows Server 2019 (supported until 2029) will give you a longer period before this situation occurs again. While it may seem that this is obvious, often we see organisations where around 25% of their server estate are legacy machines running Windows Server 2008/2008 R2. This can be for a variety of reasons but one of the most common is that a 3rd party application has a dependence on these older operating systems.

What are the (real) options?

If you are still on the impacted versions and you want to get protected ASAP, there is only one real option – Microsoft Extended Support Updates (ESUs). These extend the support deadline to 2023 but give only security updates – for Windows Server, it is those updates rated “Important” or “Critical”. There are two ways to access the ESUs:

1) Purchasing ESUs via your licensing agreement
2) Migrate your legacy servers to Azure

Purchase ESUs for on-premises servers

ESUs are available to purchase via the following licensing programs and channels:

  • Enterprise Agreement (EA)
  • Enterprise Agreement Subscription (EAS)
  • Server & Cloud Enrolment (SCE)
  • Enrolment for Education Solutions (EES)
  • Cloud Solution Provider (CSP)

And you need to have Software Assurance (SA) on the existing server licences, the Client Access Licenses (CALs) that connect to those servers, and on any external connector licenses for those servers too. That SA, however, can be on a different agreement.

On-premises customers will receive additional ESU keys via the well-loved Volume Licensing Service Centre (VLSC) website but must install certain packages before activating the keys. It is to be noted that KMS activation is not possible.

For CSP customers, the relevant Server Subscription licenses allow ESUs to be purchased.

How much does it cost?

Extended Support Updates for Windows Server (and SQL Server) cost approximately 75% of the on-premises license cost PER YEAR – taking Microsoft Extended Support Updates is by no means the cheap option! If you cover a server with ESUs for the full 3 years, you will pay 2.25 x the price of a full license – you could most likely have bought Windows Server 2019 w/SA for that price.

Migrating to Azure

If you need/want to remain on the older releases, another option is migrating the on-premises servers into Microsoft Azure, as cloud servers running Windows (or SQL) Server 2008/R2 receive ESUs at no additional cost. On the face of it, that makes the equation:

On-premises = 2.25 x cost

vs

Azure = Free

But, of course, it isn’t really that straight forward! Once you get the server into Azure, you need to pay for the virtual machine, storage, networking etc. but even before that, the journey to the cloud is costly too.

The time needed to test compatibility, convert, and then migrate the physical server into the cloud is rarely a quick process and will incur plenty of “soft” costs through internal time and resources. Equally, if this move to the cloud is quicker than your organisation originally planned, you may find higher costs in on-going maintenance and management of the Azure based servers too.

Hybrid Use Benefit

Those of you with Software Assurance (or Server Subscriptions), you can take advantage of the Azure Hybrid Use Benefit to reduce the cost of your Windows Server virtual machines running in Azure.

For every 16 core licenses you have with active SA, you can run up to 2 VMs with up to 16 cores. Interestingly, the Microsoft guidance such as licensing datasheets, Microsoft Docs etc. says that each VM can have “up to 8 cores” however this isn’t reflected in the Microsoft Product Terms which instead states “16 Virtual Cores allocated across two or fewer Azure Base Instances”.

Windows Server Standard licenses can be used on-premises OR in Azure, while Windows Server Datacenter licenses can be used on-premises AND in Azure simultaneously – on shared servers. For Windows Server Standard, there is a 180-day migration period where you can run the licenses on-premises and in the cloud at the same time, to facilitate the migration process.

Hybrid Use Rights are also available for SQL Server, although the rules are slightly different. You can use them to reduce costs on SQL in Azure in both IaaS and PaaS scenarios, but there is no concept of simultaneous use between on-premises and Azure – save for the same 180 dual-use rights to allow migration to the cloud.

Conclusion

As already stated, if you’re looking at the Microsoft Extended Support Updates now, they’re probably your only real option – at least for the first year. That said, it can be a good opportunity to review your software refresh policies for the future as similar situations will come around before you know it; it’s only 2 years until Windows Server 2012 leaves extended support.

Get an overall picture of your server estate, match it against Microsoft’s support end dates, and then sit down with the relevant stakeholders to find out why the old versions are still in use and what can be done to make a change – hopefully upgrading the on-premises infrastructure more rapidly and/or creating a smooth, easily repeatable process for moving servers into the cloud.

What about SamBox.io ?

What’s the link between ESU questions and SamBox.io ? Well, as previously explained, licensing rules are complex with Microsoft, and it might be difficult to estimate the forecasted cost of a sub-perimeter we want to apply ESU on. That’s why our SamBox.io platform enables you to estimate that cost, make simulations, possibly draw infrastructure changes to get it at the most optimized cost. SamBox.io is a self-service platform, that meet customers’ self-reliant expectations.

Further Reading

Obtaining ESU updates – https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091

This article was written by Rich Gibbons, ITAM Review, Mathieu Dufetelle, SamBox.io, and Damien JuillardSambox.io. It is also published on the ITAM Review website.