Tech Off Thread

26 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

SQL Server cost too much to use for web applications

Back to Forum: Tech Off
  • User profile image

    We were about to release a web based application and have just discovered that MS requires either a processor license (about $5K) or a CAL for every user.  We called MS sales to confirm this.  It seems that you can deliver web content via SQL Server but if your users authenticates in any fashion, they they must be licensed for SQL Server.  A processor license will solve this but the processor licensed SQL Server will not run on 2003 Small Biz Server so you have to pay for the full up Server 2003.  The total cost is now about $7K.

    How is this competitive with MySQL which cost $300 to do the same job?
    I'm I misunderstanding something?  We have a C# application that maintains data for users of our products, do I really have to purchase $7K worth of software to deploy the application?
    Our plan is to switch to MySQL for the DB.  We might even switch to Linux running Mono for the server.  Seriously, if I had known about this, I would have used PHP to develop the application.
    I hope I'm wrong...  If not maybe I can save some others from the same shock.

  • User profile image

    Is there any reason why the users would directly authenticate against the database?

    Usually you use some custom authentication scheme and then let the web application access the database as a single user. We talked with Microsoft years ago about this and that's what everybody is doing.

    On the other hand, if you are considering mySQL, then your needs can be satisfied just fine by the free MSDE.

  • User profile image

    Our application will be talking to the SQL server.  The users may "login" to the service, much like this forum, but they will not be doing any direct SQL work.

    The service is very much like a product registration site.  Users will enter a serial number and their contact details etc.. They could log into the service at a later date to change their information and/or get data about the product.

    One of our guys contacted MS and was told that we would need the full up system.  The MS FAQ on the subject says something to the effect of it's OK if the users are anonymous.  Since our users will be identifying themselves they would not be anonymous and since they could be logging in to the system, they would be authenticated.  Seems like we are stuck either purchasing the full setup.

    I thought that MSDE was very limited.  We will check into this option.

  • User profile image

    You can't seriously compare MS SQL and MySQL purely on licensing.  MySQL is missing a LOT of the features of MS SQL.  If all you're doing is storing a couple of relational tables, it will work fine.  If you need to seriously deal with any magnitude of complex database, you need a robust database.  if you're going to go the route of open source, at least look at PostgreSQL which has a lot of features that MySQL lacks.

  • User profile image

    That's true, you can't compare simply on the license price. You know best which features of a DB you need. We switched an advertising company of 75 away from MSSQL to oracle-one because of the licensing costs but were able to only because we didn't need any of these 'features'. They charge (here in Germany) 150 Euro for a dual processor 5 user setup plus 10 euro per person. That's 10% of the cost of MS.
    Another customer who actually needed the feature was dissapointed with the way his 2x-Xeon server handled the license. Those procs use multithreading which gave him some problems with the license. But our admin solved that somehow...
    Evaluate the features you need and purchase accordingly. That's the only rational thing to do.

  • User profile image

    Void wrote:
    How is this competitive with MySQL which cost $300 to do the same job?

    Firstly I thought MySql was free (unless you need the support).

    And it's true, MySql can't compete on performance for big systems just yet, but don't give up hope it will one day Smiley I believe the Progress guys are helping with MySql now (under a different name).

    Alternatively you could try out PostgreSQL which is also free.

    If you are only using a couple of small tables and not a lot of databasey stuff you could try Sqlite which is a small file based database that supports a large subset of SQL. It even has ADO.Net drivers  that you can use.

    HTH a little

  • User profile image

    How about Sql server 2005 Express (when it's launched!!)?

  • User profile image

    Gravy wrote:
    How about Sql server 2005 Express (when it's launched!!)?

    Good idea I had a quick google and found this.


    SQL Server Express will be free to use and redistribute.  The only requirement that we have is that you register to redistribute the product.  The reason we require registration for redistribution is that we want to ensure that we can get critical security/product information to ISVs/partners if necessary.


  • User profile image

    Small business Server 2003 using SQL

    I talked to an MS License rep this morning about this issue (1-800-426-9400). 

    Our scenario:
    Customer purchases a product from us.  A few days later goes to register the product using his product code.  Goes to our website and via a form enters his name, address, and product code.  Then the code behind generates the keys/information needed for him and at the same time stores it in the database.   Two weeks later the user goes to the site because he lost his key information, retrieves the keys based on some information provided from him.

    According to MS this user would requiere a CAL.  He has been identified or authenticated as MS would call it. 

    I specifically explained this scenario to the rep and he said we could not do that legally on a SBS running SQL.

    If you purchase SBE 2003 that comes bundled with SQL a processor license will not work.

    Minimum total cost for a "Small  Business" to get something like this going with 2003 server (Not SBS) and SQL would be around 7K.

  • User profile image

    First of all you do NOT want web users passing credentials into SQL Server.  That could potentially open up a big security hole.  Most good web apps/app servers will pool multiple connections to a database server (all using the same credentials).  If you want to authenticate users, authenticate them against a table stored in sql, not against sql itself.  It makes sense right.  Lastly, just use the MSDE.  1. It's FREE  2. It's basically full blown sql server (minus the tools and there is governor) 3. Did I mention its free?

  • User profile image

    First of all, thanks for the advice...  especially the MSDE comments.
    I agree that MS SQL Server is probably a more powerful/faster/better product with more features.  That it's not apples to apples to compare it to MySQL for big daddy applications.  Our application is not big daddy and could easily be handled by MySQL, MSDE, and maybe even a simple custom text file based DB. 
    What surprised me is that MS SQL had such a restrictive license and that deploying it cost so much.  The real point in the end is that if your doing simple applications you probably should start with something other then MS SQL server.  MS has positioned this product for "Big Daddy" applications only.
    There is even more to this saga..  We checked to see if it was OK to us MSDE on SBS.  There are some confusing statements in the SBS licensing terms so we decided to ask.  You can not use SBS Standard or Enterprise for applications where the user is not anonymous, this includes our application as gomez describes.  If the user is identified, then you have to be using the full up Win 2003 server or that user must have a CAL.  The exception to this rule is SBS Web Edition.  If you use MSDE and SBS Web Edition then it's OK...
    To answer johm...  Yes it would be unwise to allow a user to access SQL directly.  We know better then this.  Our application handles the SQL server and provides a very limited service to the users.
    So...  We will try to deploy a SBS Web Edition server with MSDE as this should not require any significant changes to our application.  I hope that this information saves others an almost heart stopping shock..

  • User profile image

    Haven't done much with SMB, but sounds like they are saying you need a CAL for users with Windows Authentication. If you have your own user authentication, and your app handles the connection/login to SQL, you should be fine. MSDE works very well in this regard. There is some connection throttling, but for web apps, connections are momentary so you should not have any issues.

  • User profile image

    There's also been a recent MSDN article on how to work around many of the throttling limits in MSDE.

    I didn't understand why we were publishing this information, until I read the licensing terms for the upcoming SQL Express - they're even more liberal than for MSDE, so presumably we don't see any point hamstringing our previous customers Smiley

  • User profile image

    I can tell you from ... bitter experince ... stick with SQL Server !!!

    There is no such things as a cheap database, the cost comes in somewhere, usually in support, better start gathering the KPI stats if you really are going to follow that route so you can sum up how much your decision has cost you.

    Think TCO !

    Alternatively, get your site & database hosted by someone else, the initial start-up cost is reduced. The expense here is usually measured in how long you decided to stay with the hosting company, so keep shopping for the best deal and be prepared to move when you find one. Also check-out the notice period required and exit clause before signing, not forgetting the all important NDA.


  • User profile image

    Just a guess here, but I think that the MS Rep means a SQL Server login, not just authentication in general. It would be pretty silly for Microsoft to put that sort of restriction on usage.

    Just in case that didn't make my point clear, SQL Server has a user and role model of its own. You probably need a CAL for each user THERE. So don't use that model - in fact, that's probably not the best way to go anyways for a web-based app. You are most likely free to authenticate on your own with data in the database.

  • User profile image

    Sql has 3 levels of security, access to the sql server itself, access to a particular database, and access to a particular table

    If access are restricted by a domain account. (integrated sql security), a cal is needed.

    When the user logs on to the domain, an access token is created hence giving access to sql server.

    I believe no cal is needed if you use sql security; because the server login credentials are stored in sql server alone.

    With sql security, you need to creat a login id that is completly separated from your network login information stored in active directory.

    In this scenario, you have anonymous access at IIS, and require username and password to access the backend sql server.


  • User profile image

    All the above comments about logging into sql server thru application is what we thought as being ok.  Talking to the MS rep and explaining exactly this scenario he said we could not do that legally.  Give the above number a call (1-800-426-9400) and find out for yourself.

    All this discussion is extremely appreciated.

    We were particularly interested in using it with SBE 2003.  SBE does not support a processor license even if we were going to drop the 5K.
    NOTE: we are sure MSDE 2K will do the job we need it to.

  • User profile image

    I believe the salse rep might be wrong on this one...
    To my knowlege "un-authenticated" means not authenticated via active directory.

    "new with Windows Small Business Server 2003 is the ability for you to use the SQL Server component for an unlimited number of un-authenticated users. As long as you are un-authenticated, you also do not need a Windows Small Business Server 2003 CAL."

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.