SMBKitchen: Licensing

With Server 2008 R2, 2012 and 2012 R2, the HyperV deployment allows you to deploy a Parent and then install two copies of the server as children/guests.

One of the ways you can deal with the sticker shock of server deployment in this era is to purchase the server operating system via volume license with payments spread out over three years.  Volume licensing also gives you downgrade rights as well as making it easier to track product key codes.

if you downgrade one of the instances of the server to Essentials and/or deploy the Essentials role in one of the servers remember that you also need RDS cals in order to use the Remote Web Access. 

In this new era of post small business server you will need the following:

Windows Server 2012 standard – set up as a HyperV server with two guests.  One will host the Domain controller, the other the Exchange Server.  If you need a third server for a line of business server or to host SharePoint, you’ll need another license.

Exchange 2013

Server cals

Exchange cals

RDS cals – for remote web access use

The sticker shock to what your client was used to paying will be great.  Prepare your client and as I said earlier, consider 3 year payment option.

I do not install antivirus on the HyperV host, nor do I on servers.  What you say?  Yes you heard me.  Threats come into the server from the locations where users have access.  So I use Exchange defender as Exchange hygiene in order to prevent spam and viruses from entering the network.  Antivirus is installed on all workstations and terminal servers (like Multipoint).  If you DO install antivirus on servers ensure you place ALL exclusions as recommended.

Also follow any line of business application recommendation for exclusions as well.  Bottom line if you deploy antivirus, make sure it’s set up correctly or don’t do it at all. Incorrectly set up antivirus does more harm than good.

4 Thoughts on “SMBKitchen: Licensing

  1. Respectfully, I disagree about AV. You’re talking about servers that have some level of Internet exposure (Email server – at least SMTP and SSL, etc.)

    OS and application vulnerabilities can allow servers to be attacked without going through a workstation or terminal server. And if a workstation has a fault in its AV… then you have a hole in your single line of defense.

    I recommend using a different AV solution on the servers than the clients, in order to provide defense in depth. And yes, ***ABSOLUTELY*** make sure you set all of the exclusions in keeping with the OS and application requirements.

    There’s almost nothing worse than having an entire Exchange system taken down because the backend database file was “cleaned”.

    So, I also recommend application-aware AV where it makes sense. On email servers? Absolutely!

  2. bradley on January 9, 2014 at 11:46 am said:

    That’s why I have Exchange defender. It scans the email before it gets into the firm. OS and application vulnerabilities first have to enter the system, and then there’s a high probability that a/v won’t stop such a vulnerability. OS vulnerabilities either have a patch (which I’ve installed already) or they are zero days and not even the a/v vendors have anything for them yet.

    Vulnerabilities have to enter the system and these days they enter with human interaction. Don’t browse on the server, don’t launch files directly on the server (of an external unknown source).

    In the case of cryptolocker, no a/v was stopping that ergo why we’re ensuring that we limit use/ensure permissions are set correctly and use software restriction policies.

    Having a threat management gateway product or web surfing filtering goes way farther in this day and age of drive by attacks to protect.

  3. squeakstar on January 10, 2014 at 3:12 am said:

    Hi Susan – if you already bought your SBS2011 with PAO a couple of years back and have the Essentials and Server 2012 options available in your volume licensing as upgrades (we cunningly did the three year payment too) when you do move off SBS2011 do you still have to get RDS CALs for remote web access use?


  4. bradley on January 13, 2014 at 3:06 pm said:

    Officially yes. Call the VLSC and supposedly they will give you RDS cals for this. I haven’t personally tried it.

Post Navigation