We run a moderately sized Hosting Company, all of our machines (around 100 or so) run Windows Server 2008 R2. About 30 of these are our shared hosting machines which we run and host client applications (game/voice servers) on, the rest are Dedicated Machines rented by customers.
For our shared hosting machines, we handle things such as Administrator password changes, scheduled tasks, etc. by connecting via RDP and making the necessary changes. This has become quite tedious as we expand, and I believe AD may help ease this pain.
Scenario:
We only have one account per machine we actually use, which is the Administrator account. Each client's service runs under a limited user account for security purposes, which is logged in when they start their services via our Control Panel.
We have a Master machine which acts as the main File Server for our Management Software, runs the Management Software's Web Panel, etc.
Questions:
Would Active Directory be beneficial to us in our current setup?
If we used our "Master" server machine as the primary Active Directory Controller, would we need CALs for each machine, or would/could the Administrator account on each machine actually just count as a single user CAL?
Server 2008 Standard comes with 5 CALs I believe. If we do need one for each machine, do these all have to be on the Controller or would the CALs from the client systems count towards this?
Yes, AD may be very good for you - including all the other systems MS offers (SCOM, SCCM, SCVMM).
I suggest you contact your MS reseller and read the SPUR of your SPLA agreement. I assume you have SPLA in place because it is ILLEGAL TO SELL HOSTING ON NORMAL WINDOWS LICENSES ;) That said, SPLA is monthly and a LOT cheaper than what you pay normally. Unless you are now in big trouble you already have all you need already legally in place. If you sold / rented windows machines without SPLA better talk to MS - they will be very understanding, but if some of your customer puts you up you basically were running unlicensed software, even if you purchased it. THAT gets nasty.
It also has totally differentparameters available - so all this boils down with reading through the SPUR and find a combinaation that is cost efficient for you.
Active Directory would definitely help with centralized password management. In my experience it does not help with centralizing scheduled tasks across servers (but you can do some distribution via group policy).
You need Windows Server CALs for anything that touches your Windows Servers, regardless of Active Directory. For example, you need a CAL for a Linux box that gets a DHCP lease from a Microsoft DHCP server running on a Windows server (or you need a CAL for that Linux box's user).
I found the PDF guide Your Ultimate Quick Reference Resource for Licensing and Pricing helpful to understand the details of Windows server licensing. If you have 100 servers and a few sysadmins then it seems to me that choosing user CALs would be the way to go -- you get to choose whether to designate your CALs as device CALs or user CALs.
I don't know whether CALs accumulate between servers. My guess is that they don't, but I am not sure.