Eighty-two percent of professional software buyers never change the pre-selected radio button on a procurement screen. I sat in my small office at the library and I thought about this number.
I counted my steps to the mailbox this morning and it was forty-two steps and I thought about how many of those steps were spent thinking about things I did not choose. In the prison library, the default is everything. We have a way of shelving books and we have a way of stamping cards and if you change the way you stamp the cards the system breaks and the men get angry.
The men like the default because it is a promise. But in the world of server licensing, the default is not a promise and it is often a mistake.
The Ghost in the Procurement Screen
The buyer sits at the desk and the screen is bright. The buyer sees the options for the Remote Desktop Services. There is a box and the box is already checked. It says User CAL. It says this is what most people pick. The buyer looks at the box and he feels a small weight in his chest.
User CAL (Recommended)
Pre-selected by default to ensure “maximum compatibility” at a higher cost.
He knows he has forty computers in the warehouse and he has eighty men who work in shifts. He knows the math says he should buy Device CALs and save the company four thousand dollars but the box is already checked for User CALs. If he unchecks the box and he picks the Device CALs and something goes wrong later he will have to explain himself. He will have to stand in a room with a man in a suit and he will have to say why he thought he was smarter than the default. Most men do not want to stand in that room.
We assume that the people who run the servers are making deliberate choices but they are often just avoiding the wind. They see the pre-selected option and they see it as an endorsement. They think the company that made the software knows their business better than they do. They think the default is a safe harbor and they do not want to sail into the open water where the audits live. But the default is just a line of code written by a man who has never seen their warehouse and has never met the eighty men who work the shifts.
The Anatomy of Compliance Failure
Chose “Safe” Defaults Without Network Understanding
64%
Sixty-four percent of licensing failures in small to mid-sized businesses come from people who chose the “safe” default but did not actually understand the configuration of their own network.
The Fear of the Vendor Forms
I remember when I first started at the prison library and the old librarian told me to never change the vendor for the plastic covers. The covers were thin and they tore easily but they were the default. I spent taping covers that should have been replaced but I was afraid to be the one who changed the order form.
I was afraid of the paperwork and I was afraid of the questions. One day I changed the form and I bought the heavy-duty covers and nobody noticed. The books stayed clean and I stopped using the tape and I realized that the fear was a ghost.
The sector runs on these ghosts. The IT administrator sees the Windows Server or the options and he sees the packs of 5 or 10 or 50. He sees the prompt for the Remote Desktop Services and he feels the pressure to just finish the task. He has a list of a hundred things to do and the licensing is just one of them.
He wants to be compliant and he wants to be fast. He accepts the default because it is the path of least resistance and the path of least resistance is very rarely the path of lowest cost.
They bought the User CALs because the screen told them to but their environment was set up for Device-based access. They paid more money to be less compliant. It is like buying a life vest that is three sizes too big because it was the one on top of the pile and then wondering why you are still sinking in the water.
Making an Informed Choice
When you look at the RDS CAL Store, you see that the choices are laid out and they are clear. You see the User CALs and you see the Device CALs and you see the different versions of the Windows Server.
A man who knows his business can look at those options and he can make a choice that fits. He does not have to be a victim of the pre-selected dot. He can use the calculator and he can see the numbers and he can see that he does not have to pay for access that he does not need. The delivery is fast and the licenses are perpetual and they do not expire like the courage of a man who is afraid of his boss.
The Active Refusal
I have seen many men come through the library who lived their whole lives by the default. They took the jobs their fathers had and they lived in the towns where they were born and they followed the rules until the rules put them in a cell.
They tell me they wish they had made one active choice. They wish they had looked at the map and picked a different road even if the road was harder. Choosing a Device CAL over a User CAL is a small thing but it is an active thing. It is a refusal to be moved by the momentum of the crowd.
The industry relies on this momentum. The big vendors set the defaults to maximize their own revenue and they know that most people are too tired or too scared to change them. They count on the fact that you will pay the “ignorance tax” and you will call it “risk management.” But true risk management is knowing exactly what you own and why you own it.
Blindly following the pre-selected “User” option in a shift-work environment.
Active risk management is being able to show you made a deliberate decision based on specific server architecture.
It is having the documentation ready when the auditor knocks on the door and being able to show that you made a deliberate decision based on the architecture of your specific server environment.
The shift-work scenario is the most common place where the default fails the buyer. If you have a hospital or a factory or a call center, you have many people using a few machines. The default User CAL would require you to buy a license for every nurse and every worker and every agent.
But the machines are the constant. If you license the device, the people can change and the license remains valid. It is simple math but the default ignores the math. The default assumes you are a standard office with a standard nine-to-five schedule and a standard set of desks. Most of the world is not standard.
The Shape of Your Business
I spent today looking at the way the light hits the floor in the nonfiction section. It moves slowly and it does not ask for permission. It is not a default light; it is a specific light for a specific time of day.
Your business is the same. It has a specific shape and it has specific needs. When you buy your RDS CALs, you should look at the shape of your business and you should pick the license that fits that shape. You should not try to squeeze your business into the box that someone else checked for you.
The fear of exposure is a powerful thing. We think that if we follow the crowd we cannot be blamed if the crowd is wrong. But the crowd is not the one who has to answer for the budget overruns or the failed audits. You are the one. You are the one who has to explain why you spent ten thousand dollars on licenses when you only needed six.
You are the one who has to explain why the remote workers cannot connect because the licensing mode was configured incorrectly. Accepting the default is not a strategy. It is a surrender.
It is a way of saying that your time is too valuable to spend on a choice that will last for the life of your server. But those five minutes are the difference between a professional and a passenger.
A professional looks at the Windows Server RDS 50-User pack and he asks if he needs it. He looks at the 20-Device pack and he compares the price. He reads the setup guidance and he understands the difference between the perpetual license and the subscription. He makes a choice and he owns the choice.
I counted my steps back from the mailbox and it was still forty-two steps. The distance did not change because I was thinking about it. The reality of your server environment does not change because you ignore it.
The users are there and the devices are there and the licenses are required by the law of the software. You can choose to be the person who clicks the button because it is already blue or you can be the person who knows why the button should be blue.
Escaping the Trap
In the end, the sector will keep trusting the default because most people are tired. They are tired of the updates and they are tired of the security patches and they are tired of the meetings. They want one thing to be easy.
But the easy thing is a trap that eats your budget and leaves you vulnerable. You should go to the store and you should look at the options and you should pick the one that is right. You should be the one who decides.
The default is a cage made of the silence of the things we did not choose.