I have a web server (we'll call it MyServer) that is hosting a Web Service application. Another server (we'll call it TheirServer) has it's own web service application that will access my Web Service running on MyServer and pull down the information. Clients of TheirServer will then access this information.

Will the clients of TheirServer require CALs on MyServer?

In addition to the answer, I need a few links or resources that will support this answer. (Not that I don't trust you guys, its just that I need justification one way or another.)

I don't have many points left, but I'll try and make it worth while.

For reference:


http://www.microsoft.com/windowsserv...g/default.mspx


External Connector License

If you would like to allow your business partners or customers to access your network, you have two licensing options:

Acquire Windows CALs for each of your external users.
Acquire External Connector licenses for each copy of the Windows Server 2003 software that will be accessed by your external users.

An external user is a person who is not an employee, or similar personnel of the company or its affiliates, and is not someone to whom you provide hosted services using the server software.




Per User or Per Device Mode
Per User/Per Device mode is defined as follows:

A separate Windows CAL (of either type) is required for each user or device that accesses or uses the server software on any of your servers.
The number of Windows CALs required equals the number of users or devices accessing the server software.
If you choose this licensing mode, your choice is permanent. You can, however, reassign a Windows CAL from one device to another device or from one user to another user, provided the reassignment is made either (a) permanently away from the one device or user or (b) temporarily to accommodate the use of the Windows CAL either by a loaner device, while a permanent device is out of service, or by a temporary worker, while a regular employee is absent.
Per User/Per Device mode tends to be the most economical designation for Windows CALs in distributed computing environments where multiple servers within an organization provide services across most devices or users.



And from Microsoft Knowledge base article Q264908:

To better understand CALs and SSL connection counting, review the following scenarios:
- An anonymous user browses a public Web site. No CALs are consumed. Anonymous users do not consume CALs.

- An anonymous user attempts to access a page that requires a logon. The user is authenticated and granted access to the page. One CAL is consumed. Each uniquely authenticated user consumes one CAL.

- An anonymous user attempts to access a page that requires a logon. The user is authenticated and granted access to the page. The same user opens a second Web browser and browses to the same page. He or she authenticates with the same username. One CAL is consumed. Each uniquely authenticated user consumes one CAL regardless of the number of connections to the same server.

- An anonymous user browses to a commerce Web site and shops, adding items to a shopping cart. When this user goes to pay (transition into an SSL session), one SSL connection is consumed for that username. No CALs are consumed. SSL connections do not consume CALs, but the total number of SSL connections is limited to the number of CALs installed on the Web server.

- A Web server has 20 CALs installed. It can support up to 20 authenticated users in addition to 20 SSL (anonymous and/or authenticated) connections concurrently. If a user is authenticated and using SSL, then a CAL is consumed and the SSL connection counter is decremented by one. Only the act of authenticating requires a CAL. Internet Information Server maintains a separate counter for SSL connections.

- An anonymous user browses to an intranet Web site. The same user is also authenticated to the same Web server by an external authentication mechanism such as a UNC network share (\\Computername\Share). One CAL is consumed. The anonymous account does not consume CALs, but authenticated users do.

- An anonymous user attempts to access a page requiring a logon. The user is authenticated and is granted access to the page. The user is also authenticated to the same Web server by an external authentication mechanism such as a universal naming convention (UNC) network share (\\Computername\Share) to the same server. One CAL is consumed. Each uniquely authenticated user consumes one CAL when connecting to the same Web server regardless of multiple connections.


Based on these two sources, I would have to conclude the following:

An External connector license does not appear to be useable in this situation as a Web Service would seem to me to fall into the "hosted service" category. So since each authenticated user will require a CAL, then one would want to license the device if the number of User CALs required would make it economically feasible.

It would seem that Microsoft has positioned their licensing scheme to make a lot of money at the expense of the companies that embrace the Web Service technology.