I'm setting up an application, and I'm looking into purchasing a license for SQL Server. My question is pretty simple (though may have a complicated answer...)

How many users accounts do I really need, for SQL Server?

The way I see it, I'd give one master administration account, maybe 2 or 3 user accounts, and then one application-based account.

My application will likely have about 30-40 users, with the rare possibility of having 4-5 people being simultaneous users. But as I see it, I'd set up a BLL with the 30-40 accounts - and the BLL would have the SQL account, that all 30 accounts would use to query the DB through...

I'm just wondering what people's take on this is. Is that the way to go, or do I have the wrong idea of architecture here?

Your case is called Multiplexing ans is covered in the special considerations Using Middleware, Transaction Servers, and Multitiered Architecture:

Sometimes organizations develop network scenarios that use various forms of hardware and/or software that reduce the number of devices or users that directly access or use the software on a particular server, often called "multiplexing" or "pooling" hardware or software. Use of such multiplexing or pooling hardware and/or software does not reduce the number of client access licenses (CALs) required to access or use SQL Server software. A CAL is required for each distinct device or user to the multiplexing or pooling software or hardware front end. This remains true no matter how many tiers of hardware or software exist between the server running SQL Server and the client devices that ultimately use its data, services, or functionality

Bottom line: you need one CAL for every user, to a toal of 35-45 licenses.

My understanding is that you need a CAL for every distinct user or device that utilises the SQL Server so 30-40 in your case. Accounts are just sets of credentials that authenticate against the server, whereas users are sacks of meat. License sacks of meat, not accounts.

It's an easily misundertood area though and I would advise contacting Microsoft Licensing to find out the real deal.

You do know that commercial use of SQL Express 2005/2008 is allowed and may be perfectly suitable for your scenario?

You can always upgrade at any time to Standard Edition should you need it.

For a comparison of the editions of MS SQL Server check here. It also includes their limitations. I am convinced that for your scenario SQL Server Express would do very nicely (provided your DB is not bigger than 4GB).

The simple answer is...

You need a CAL for every distinct user or device that connects to SQL Server, regardless of "multiplexing" or web server or proxy between end user and SQL Server install.

If you can't physically count and quantify them (eg public web site), you need processor licenses.

More...

• What if you expand the shop or userbase?
• CALs become more expensive then per-processor at some point
• You rarely license a single box.
• What about failover in production?
• Non-prod licenses (Test/dev boxes) -> get an MSDN subcription

My advice: talk to MS or whoever deals with your licenses in your shop. You'll already have an agreement with MS for the OS and Office at least.

If your application relies on a BLL which proxies many users onto the SQL Server instance, then I think you can't get a license based on number of accounts.

Microsoft will tell you that you need a per-processor license. (And that's cheaper than buying 30-40 CAL licenses)

Here's what the MS Sql Server FAQ says:

For externally focused server applications. Processor licensing is a better choice for externally focused server applications, such as Internet and extranet scenarios. It is often difficult to count devices or users in these scenarios, so hardware-based pricing is more straightforward.

For mixed-use servers. For mixed-use servers that will be accessed from both inside and outside the organization's firewall, processor licensing is generally favorable. Because the processor licenses are probably needed for external users, there would be no need to purchase access separately for internal users through CALs.

For environments inside the firewall. For environments inside the firewall where client-to-server processor ratios are relatively low, the server plus device CAL licensing model will likely be the more cost-effective choice if there are multiple users per device (for example, in a call center), while the server plus user CAL licensing model will likely be more cost-effective if there are multiple devices per user. For environments inside the firewall where client-to-server processor ratios are high, the processor licensing model will likely be more cost-effective.

Unless you do something tricky with proxy authentication & auditing you will only have a login for the application. Otherwise, I would license by processor.