Terminal Services Licensing and Resulting Internet Communication in Windows Server 2008
Applies To: Windows Server 2008
In This Section
Purpose of TS Licensing
Overview: Using TS Licensing in a Managed Environment
How TS Licensing Communicates with Sites on the Internet
Controlling TS Licensing to Limit the Flow of Information to and from the Internet
Additional References
This section provides overview information about Terminal Services Licensing (TS Licensing) and also provides suggestions for other sources of information about TS Licensing to help you balance your organization’s requirements for communication across the Internet with your organization’s requirements for protection of networked assets. However, it is beyond the scope of this white paper to describe all aspects of maintaining appropriate levels of security in an organization running servers that use TS Licensing.
Purpose of TS Licensing
TS Licensing manages the Terminal Services client access licenses (TS CALs) that are required for each device or user to connect to a terminal server. You use TS Licensing to install, issue, and track the availability of TS CALs on a Terminal Services license server. Although there is a licensing grace period during which no license server is required, after the grace period ends, clients must have a valid TS CAL issued by a license server before they can log on to a terminal server.
For more information about TS Licensing, see "Overview of TS Licensing" in the TS Licensing Manager Help in the Windows Server 2008 Technical Library (https://go.microsoft.com/fwlink/?LinkId=106540).
Overview: Using TS Licensing in a Managed Environment
The TS Licensing role service is not installed by default in Windows Server 2008.
If you install the TS Licensing role service on a computer, you will need to communicate with the Microsoft Clearinghouse in order to perform certain operations to configure and maintain TS Licensing. To perform these operations, you use the TS Licensing Manager tool. The TS Licensing Manager tool is automatically installed on a computer on which the TS Licensing role service is installed.
Note
TS Licensing is not available in Windows® Web Server 2008, Windows Server® 2008 for Itanium-Based Systems, or the Server Core installation option of Windows Server 2008.
The Microsoft Clearinghouse is the facility that Microsoft maintains to activate Terminal Services license servers, issue TS CALs to license servers, recover TS CALs, and deactivate or reactivate license servers. The Microsoft Clearinghouse stores information about all activated license servers and TS CALs that have been issued.
You can control the communication that occurs between TS Licensing and the Microsoft Clearinghouse by choosing the server or servers on which to install the TS Licensing role service, and by choosing among three methods of communication. The three methods of communication are as follows:
Automatic. This method requires Internet connectivity from the computer running the TS Licensing Manager tool. Internet connectivity is not required from the license server itself. This method uses TCP/IP (TCP port 443) to connect directly to the Microsoft Clearinghouse.
Web Browser. This method can be used when the computer running the TS Licensing Manager tool does not have Internet connectivity, but you have access to the Web by means of a Web browser from another computer.
Telephone. This method allows you to talk a Microsoft customer service representative to complete the desired action. The appropriate telephone number is determined by the country or region that you have specified in TS Licensing Manager.
To configure the method of communication, use the TS Licensing Manager tool. The TS Licensing Manager tool uses the term "connection method" to refer to the method of communication.
How TS Licensing Communicates with Sites on the Internet
The TS Licensing Manager tool communicates with the Microsoft Clearinghouse on the Internet only when you initiate certain actions, such as activating the license server or installing TS CALs, and only when you are using the Automatic connection method. If you use the Web Browser connection method, information will be passed between the computer on which you are using the Web browser and the Terminal Server Licensing Web site (https://activate.microsoft.com).
Note
The information in the following list applies only when you are using the Automatic connection method or Web Browser connection method. It does not apply when you use the telephone connection method.
The rest of this subsection describes various aspects of the TS Licensing data that is sent to and from the Internet and how the exchange of information takes place.
Specific information sent: Depending on which action is being performed, some or all of the following information is sent to the Microsoft Clearinghouse, using an encrypted connection:
First name
Last name
Company
Country or Region
E-mail
Organizational unit
Company address
City
State/province
Postal code
License server ID
Product ID
License program
License code
Agreement number
Product version
License type
License quantity
Reason (for reactivation)
Specific information received: Depending on which action is being performed, some or all of the following information is received from the Microsoft Clearinghouse, using an encrypted connection:
License server ID
Limited-use X.509 industry standard digital certificate, which is used to validate license server ownership and identity
License key pack ID
Default settings: TS Licensing is not installed by default.
User notification and triggers: The administrator triggers activating, deactivating, and reactivating license servers, and triggers installing TS CALs by using the TS Licensing Manager tool.
Logging: TS Licensing logs events in the system log. The events can be viewed through Event Viewer.
Encryption: TS Licensing uses the HTTP protocol over SSL (Secure Sockets Layer) to communicate on the Internet.
Access: The Microsoft Clearinghouse is the database Microsoft maintains to activate license servers and to issue client license key packs. Microsoft customer service representatives have access to the licensing information and are able to successfully re-create the information on your Terminal Services license server if technical problems occur.
Privacy: For information about privacy, see "Terminal Services License Management and Your Privacy" in the TS Licensing Manager Help in the Windows Server 2008 Technical Library at:
Transmission protocol and port: HTTPS over port 443, and remote procedure call (RPC) over port 135.
Ability to disable: The TS Licensing role service is not installed by default. Once installed, it can be uninstalled. For more information, see "Uninstall the TS Licensing Role Service" in the TS Licensing Manager Help in the Windows Server 2008 Technical Library (https://go.microsoft.com/fwlink/?LinkId=109118).
Controlling TS Licensing to Limit the Flow of Information to and from the Internet
You can control the TS Licensing-related communication that occurs with sites on the Internet in the following ways:
Install the TS Licensing role service only on selected servers. This follows the basic principle of stopping unnecessary services and keeping computers (especially servers) free of unnecessary software. For information about installing the TS Licensing role service, see "Checklist: TS Licensing Installation Prerequisites" in the TS Licensing Manager Help in the Windows Server 2008 Technical Library (https://go.microsoft.com/fwlink/?LinkId=106604).
Install or run the TS Licensing Manager tool only on selected computers. The computer running TS Licensing Manager is the computer which communicates directly with the Microsoft Clearinghouse when you perform actions using the Automatic connection method. For more information, see "Running TS Licensing Manager" in the TS Licensing Manager Help in the Windows Server 2008 Technical Library (https://go.microsoft.com/fwlink/?LinkId=106606).
Review the connection method you want to use to perform TS Licensing-related actions. For information about the three connection methods that are available, see Overview: Using TS Licensing in a Managed Environment.
Additional References
TS Licensing Manager Help in the Windows Server 2008 Technical Library (https://go.microsoft.com/fwlink/?LinkId=101639)
Windows Server 2008 TS Licensing Step-by-Step Setup Guide (https://go.microsoft.com/fwlink/?LinkId=85873)
Terminal Services page on the Windows Server 2008 TechCenter (https://go.microsoft.com/fwlink/?LinkId=106087)
Terminal Services Gateway and Resulting Internet Communication in Windows Server 2008
Terminal Services Web Access and Resulting Internet Communication in Windows Server 2008