Your work is vital. We are raising funds to support it.
I set up a web server for my nonprofit many years ago, and it has been working great but it doesn't support the latest encryption protocols so I have to upgrade windows server. I looked at the licensing for it and can't really understand it. Can you tell me what I need for my situation:
1. I have 2 servers. One is our public web server, which also uses MS Sql Server and Adobe Cold Fusion. I do not understand the part about CALS. I always thought a web server did not need a CAL. Most of our 1 million+ visitors a year are anonymous but we do have a few private areas on the website where you have to log in to use the web page. Does that require a CAL? My server has 2 physical cores and is hyperthreaded to give 4 virtual cores.
Our second server is just a backup and is not accessible from the internet.We use it to test web pages before uploading them to the live server and to backup the data from the web server. This server also has 2 physical cores, IF the first server dies, this will replace it.
SO - for these 2 servers, how many Indows server Core licenses do I need, and do I need CALs? How can you even figure out how many CALs. We only have 1 employee (me:). Same with SQL server? What do I need. I know you don't handle Cold Fusion. May look at Lucee instead as a free alternative. And possible SQL server express free edition. Might be all I need if sql server is too expensive
Honestly, hosting services are so cheap these days I don't think it makes sense to run your own server. For example, 1and1 charges $1/month for the first 12 months and $8/month thereafter. GoDaddy is $4 and $8, respectively. Reviews.
Also might want to see Yann's List of companies offering free Web hosting to 501(c)3 nonprofits and other charities
I don't know the answer to your core question, but I have forwarded it to someone who might.
TechSoup Community Manager
I think your Windows servers should have a CAL for each physical core. So to be legal you would need 4 CALs. Someone else will need to confirm this is true.
The "Web server" is not really a server but a program or application that runs on a server. So it should not need a CAL.
I agree with the idea that hosting these days is so inexpensive for the value you get that most organizations would be better off using a hosting company. !&! and Godaddy would be among my last choices however. The real question is what kind of hosting do you NEED? Most hosting providers use Linux but if you want to stay with a web server running on Windows you will have to locate a provider that offers that and you can expect to pay more than you would for Linux hosting.
There is a long list of reason to NOT host it your self, but there is no reason to change if you are happy with what you have now.
The website I run contains a registry of cancer patients and a patient copay assist program. It has some personal information that I would prefer to keep confidential and I feel that too many people have access to a shared host. So even if it costs a lot more, and is a lot more trouble, I would prefer to keep the data in a place where only me and a few trusted people have access. I feel I also have more control - the server won't crash because of hundreds of other websites running... performance should be better, and I am a total nut with backups - usually 4 times a day to 4 different places.
I understand your concerns and agree that you need to be careful with the personal information of your users. My only comment is that your web server may be more vulnerable to hacking since it won't be maintained in the same manner as a commercial web server. And since your server is not a larger commercial server with many site, it may actually attract more attention because of that fact.
With either solution I would encourage you to consider encrypting the personal information to make it more difficult for outsiders to do anything with it, should they get access.
I am going to guess that you need a CAL for each physical core a server has. I don't think you need a CAL for a web server. Lucee sounds interesting - I was not aware there were open source versions of ColdFusion. If that is what you know then I am sure you will want to stick with it. But if not you should consider moving to Linux / Apache / PHP/ MySQL.
I moved my person website to LUCEE and so far it looks good. It worked with no changes from using coldfusion. I also used the free edition of sql server express and it also worked. It might be all I need so I do not need to buy a sql server license.
So I think all I need it one windows server CAL for each core
Of course everything is encrypted but if anyone breaks into the server, they can get the keys. I actually worked at an ISP many years ago, and we would routinely have to look into strangers' web code to see why the servers were crashing - and had access to every piece of data for many websites.
It should attract less attention. It will only have 3 websites (all related)... if a commercial server has say 300 sites, if any of them are targeted, the computer is compromised. The data we have is not useful to most crooks, we do not have credit card data or social security numbers.
Since you are by yourself in dealing with the IT end, using physical servers and dealing with licenses and seats seems to be a big cost center. You could stay with this configuration and get the lowest number of CALs MS offers (it used to be 5, I don't know if that's still the case.) You don't need many user CALs 1-2. And I'm basing that off of the assumption your applications accessing SQL Server do not need more than 1 seat and no users directly log into the database. If you have any devices like printers then you need a device CAL for any that directly access the server. Web services do not use CAL's. You don't mention external users (partners, service providers), so you shouldn't need any External Connector CALs.
That would resolve the seat question, but you could consider other directions. TechSoup does offer AWS as part of their products. If you would like to go in this direction then you would remove any worry about CALs, physical server failure or updates and could host your website along with your database and any other programs you need. Replacing SQL Server with MySQL isn't difficult and that is open source software if you want to lower database license costs. AWS does have a free tier, and I know they offer credits for nonprofits. If this interests you you could get an estimate of the costs (retail) by estimating your storage space needs and then comparing that to AWS storage costs. I found a good AWS billing primer at this blog.
Just a suggestion that might lower costs and maintenance overall.
Close this window