Confused by Licensing (CALs)

I've researched Microsoft's site and am still having difficulty
understanding what type of licenses I need. Here's the situation:

I have 11 servers, each one of which is running Microsoft Windows 2003
Server Standard. I own a server license for each one of these.

I am the only human user on the network. Aside from the Administrator
account and the default user accounts that come preinstalled, my own user
account is only domain account that has been added to Active Directory.

There are thousands of users that connect to my network from the Internet,
but they do NOT make use of Windows authentication. They are authenticated
either via my web site or via a custom Windows application that I designed,
but never via Active Directory.

The servers on the network connect to each other via UNC path quite
frequently, but always under the credentials of my user account.

I have one XP machine that I use from home to connect to the network
described above. I use Microsoft's built-in VPN (PPTP) technology which
authenticates using my Active Directory user account and once inside the
network, I use Remote Desktop to access the individual machines. Logging on
via Remote Desktop also obviously requires Active Directory authentication.

So, how many CALs (if any) do I need? I'm thinking that I need one for my XP
machine which authenticates with the Microsoft VPN (ISA Server). I'll also
need one for the Remote Desktop connection which is established concurrently
with the VPN connection. But do I need CALs for the connections used when
the servers communicate with one another [file sharing via UNC]? When one
server connects to another, is the former considered a "client" that would
require a CAL?

If I'm right, I should be able to simply puchase the CAL 5-pack, correct?

Thanks...

Jules Winfield


.

Relevant Pages

  • Re: Kerberos machine authentication - apparent authentication fail
    ... > until logon), the wireless connection can kick off when it is ready. ... > was confirmed in the server event logs with IAS (i set that up as the radius ... > as an ordinary user kicks in and takes over from the machine authentication. ... > while the network sorts itself out and a double click on a network link of ...
    (microsoft.public.windows.server.security)
  • Re: Access Denied to share with anonymous access disabled
    ... > Integrated Windows authentication, then you are looking at the classic ... > server, why should the server automatically be able to use your ... > ASPNet local user account full access to the share. ... > anonymous access with integrated windows security on the web site. ...
    (microsoft.public.inetserver.iis.security)
  • RE: [fw-wiz] IPv6 comes in the game
    ... Microsoft Windows 2000/2003 server does 802.1x auth fine. ... wireless access as well as port access on certain switches in the network. ... then you're able to log the authentication at the RADIUS ...
    (Firewall-Wizards)
  • Re: ipfw plus authentication (authpf is cool but....)
    ... authentication happening in the process of dhcp. ... router first before being allowed to access any server. ... script will happily change the router's firewall ruleset to allow the ... user does not want to access any network server anymore. ...
    (freebsd-questions)
  • Re: SQLCEReplication over GPRS
    ... Internet side, just not over GPRS: ... network that was causing the issue. ... as that's the server sync DLL version that you're using. ... connecting via GPRS via vodafone the authentication part is missing. ...
    (microsoft.public.dotnet.framework.compactframework)