A lot of people have long believed that Microsoft has been screwing us. But after last week's radio show and two fantastic articles from Gabe and Jack, it became clear that Microsoft is doing four very specific and intentional things that are holding back the desktop virtualization industry:
No. 1: No SPLA for Windows VDA
As Gabe pointed out last week, In order to connect to a Windows desktop in a VDI scenario, you're required to have a Windows VDA ("Virtual Desktop Access" license). If you buy Software Assurance (SA) for a particular client device, the VDA license is included. Fine. And for clients that are not eligible for SA (because they can't run Windows, like iPads or thin clients), you can still buy a standalone VDA license so you can use that device to access a Windows-based VDI desktop. Fine again.
Now you might also know that there's a licensing program Microsoft offers called the Service Provider License Agreement (SPLA). This is the license that service providers use to charge their customers for access to Microsoft software on a monthly basis. This makes sense, because you couldn't be a service provider if you had to buy full-price licenses for products that customers might only use for three months and then abandon. Microsoft has SPLA licenses for just about every product they make—except for VDA! In other words, it's simply not possible for a Desktop-as-a-Service (DaaS) provider to "rent" Windows desktops to users. The only workaround, and the recommendation from Microsoft, is that if a service provider wants to provide a desktop as a service to a customer, the customer has to provide their own VDA licenses. So all these DaaS providers you hear so much about—Desktone, tuCloud, etc.—all their pricing is based on the customer bringing their own Windows licenses. (BYOL?)
The crazy thing is that tons of people have asked for SPLA licenses that can be applied to Windows desktops. We hear this from every major DaaS provider. (Both on the record and off.) And it's also crazy that Microsoft has SPLA licenses for Windows Server, including Remote Desktop Session Host. So you can provide an shared session-based desktop as a service, but not a VDI desktop? WTF?
There are plenty of users out there who would like to try subscribing to Windows desktops as a service, but as soon as they read the fine print, they're discouraged. I mean imagine how someone like Desktone has to say, "Okay, you can get your desktop from us for $30 per user per month. Oh, but first you have to buy this other volume license from Microsoft, and if you ever change your mind and don't like our service, you're stuck with this thing." How crazy is that?
Some people argue that each customer buying their own full licenses shouldn't be a problem, and that this is a non-issue. Well if this isn't a problem, then why does the SPLA program exist? Why do they make RDS CALs available via SPLA? Obviously Microsoft and the world-at-large recognize that having an SPLA program is a good thing. Heck, even Office has SPLA. So why does it apply to DaaS desktops with the multi-user OS but not the single user? What gives?
And how crazy are the workarounds? So service providers can buy big servers, buy copies of Windows Server Datacenter Edition, build an unlimited number of VMs, configure those VMs to look like desktops with Aero glass and everything, give each user exclusive access to a "desktop" VM, then rent RDS CALs via SPLA—and that's all Ok? But you try that same thing with a Windows 7 VM, and you're the recipient of legal action from Microsoft!
No. 2: Hosting providers aren't allowed to let two customers share the same servers or storage
As if the whole SPLA thing isn't crazy enough, Gabe also pointed out that if you're a DaaS provider and you've managed to convince your customers to buy their own VDA licenses, Microsoft forbids you from using the same physical hardware for more than one customer! Are you kidding me? So if you want to get into the desktop hosting business, it's impossible to have a customer with less than, say, 50 users, because you'd have to splurge for for a dedicated server for them.
Again, what possible logic could there be behind this rule other than to purposefully slow the adoption of DaaS and VDI? What's really crazy is that VDI is all about virtual desktops, and virtual desktops are VMs running on these virtual platforms. Yet Microsoft forces service providers to have purposefully inefficient designs? How many compostable forks are needed on their Redmond campus to make up for all the extra greenhouse gases burned to power these arbitrarily-underutilized servers? And isn't virtualization supposed to fix all this, not be the cause of it?
By the way, if you don't believe this, check out the question and answer from Microsoft's official on SPLA Program Guide:
I am a hoster who wants to provide Windows-based desktops as a hosted service. Do my customers need to pay for Windows VDA? OR Is there a Service Provider Licensing Agreement (SPLA) for Windows VDA so that hosters can provide Windows-based desktops as a service to third parties?
Currently, there is no SPLA model for Windows VDA. Hence, customers who subscribe to desktops from a third-party hoster will need to pay Microsoft for a Windows VDA license for each device accessing Windows client virtual machines in the datacenter. Additionally, hosters need to ensure that they isolate the hardware and other resources for each company (i.e. no two customers can share the same set of resources, such as hardware, storage, etc).
No. 3: Arcane rules about on-premise devices
For our third bit of craziness, Microsoft has this arcane rule about how SA and VDA licenses are allocated. Microsoft SA and VDA licenses are assigned to devices, not people. So right off the bat this is weird, because this whole VDI thing is about the ability to access your desktop from anywhere on any device. But if Microsoft is licensing VDA based on the client device, you need an expensive VDA license for every possible client device each user connects from!
To address this, Microsoft created something called "Extended Roaming Rights" (ERR). The basic concept is that as long as the user's primary device is covered by VDA, then the user can use ERR to also access a VDI desktop from a personally-owned device. So far, so good. Except here's where it gets crazy. The ERR only apply to users when they're not in the office. Check out Jack's article from a few weeks ago for more details, but the basic point is that any device that's used on-premise must be fully licensed with VDA. The ERR are only for off-premise clients. As Jack pointed out, "say for example that an employee, tired of being chained to their desk, brought in a MacBook from home. The company would now need to provide another VDA license. That MacBook was perfectly fine at Starbucks, but now it’s costing the company more money."
Again, how crazy is that? And it gets worse. The definition of whether a device needs to have its own VDA license or can leverage the ERR of an existing device is based on whether the device is "controlled" by the company. But as Eric Gunderson pointed out in the comments of Jack's article, what does that mean exactly? If the company uses an MDM or MAM solution to enforce security policies on iPads, now that means that device needs a separate VDA license if it's brought onto the company's premises? (All of these gory details are outlined in Microsoft's 147-page Product Use Rights document.)
No. 4: Microsoft won't disclose how OnLive licensing works
The final thing that pisses me off about Microsoft is that they won't disclose how OnLive is able to provide their service while maintaining compliance with Microsoft licensing. For those who haven't seen it, OnLive offers a full remote Windows 7 VDI desktop direct to end user consumers, and the users don't have to buy VDA licenses. Based on everything we know about Microsoft licensing, this should be in clear violation of Microsoft's policies. (And many of the other DaaS providers are crying foul, noting that it's hard for them to compete against a company who apparently doesn't have to license Microsoft products like the rest of the world does.)
I decided to leverage my Microsoft "MVP" credentials to find an answer. (Microsoft is always talking about how we MVPs have exclusive access to the product teams and how we can get our questions answered.) I sent the following question to my primary contact in the Remote Desktop group at Microsoft:
Can anyone shed any light on how OnLive is licensing Windows 7 licensing for their customers? Is this a special SPLA-like deal? We talked to their CEO, and he just said, "We have licensing experts, and it's legal," but he couldn't tell us how. He also never heard of VDA, so I'm not sure he's the right person to ask?
The response we received was something along the lines of "we're not in the best position to comment on how another company is doing their licensing."
Fine. So I asked the question a different way:
Thanks for this answer. I understand that you can't comment on specific customers. Let me a different question: Can you please get me in touch with a licensing expert at Microsoft who can explain how I would set up my own DaaS offering based on Win7 Enterprise? I want it to be free, or $9.99 per month. But I don't want customers to have to own their own Win7, VDA, or SA. I want to provide everything as a provider. I'd be interested in exploring this offering for both physical and virtual hosts. Please tell me which Win7 licenses I have to buy in order to do this?
Again, I got absolutely nowhere. They supposedly said that they were escalating it, but that was more than a month ago and I've heard nothing. So not even Microsoft can explain what's happening even though it definitely looks illegal from the outside and all the other cloud DaaS providers are claiming that something is going on.
So with all this shadiness and Microsoft's unwillingness to answer a question, why am I an MVP? I don't agree with so much of what this company is doing. Why would I want them using me to broadcast their propaganda?
I logged into the MVP interface to see if there was an option to quit in protest. (There was not.) But I did decide that there's no way I'm going to the MVP conference. [UPDATE March 2: I emailed my resignation to MVP Lead , and it was accepted. So I'm no longer an MVP.]
Microsoft's annual MVP Summit is going on in Redmond this week. I am not there. I'm protesting.
I've been an MVP since 2004. The program used to be awesome, but it's not anymore. I remember my loving feelings from the early days. (I even wrote a blog post with Ron Oglesby on how awesome it was.) I bragged about things like, "When we say something critical of a Microsoft product, a Terminal Server product manager at Microsoft’s response is 'Oh my gosh! You (as a community leader) are so important to us, and we can’t believe that we’re doing anything that would make you think that. Please, tell us how we can improve and what we can do better.'"
That was back in 2004. Now in 2012 I know that I left a sentence off the end of that statement which is, "Of course we can't actually do anything about it, but hey, we'll make you feel like you're making a difference." Seriously, the same basic group of MVPs has been going there for eight years, yet there's not one single Microsoft Remote Desktop person we deal with now who was also there in 2004. They claim to want to help and listen, but the program can't deliver any of that.
I know I've dedicated my whole career to Microsoft desktops and applications, and that's not changing anytime soon. And I know that Microsoft applications themselves are not going anywhere anytime soon. That's also fine. It doesn't change the fact that I don't agree with what Microsoft is doing, and I can't wait until alternative application frameworks break their monopoly.
I've told a few people privately that I want to leave the MVP program, and one of the responses I've gotten was people saying, "But if you don't go and give your feedback, then they're never going know and they won't fix anything."
But that's a load of crap too. I've been going to MVP summits for eight years and telling Microsoft the same stuff year after year, but so far it hasn't worked. And besides, none of this is news to them. They know they're screwing us.
So that's it. Microsoft is screwing this entire industry with their asshole policies. I'm embarrassed that I supported them for so long. I just don't have the respect for them that I did in 2004.
(Note: You must be logged in to post a comment.)
If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.