Flexera Blog

By Vyshnava Bhaskarla

We all operate in a world where there is no such thing as “unlimited” resources. Everybody wants and is expected to do more with whatever limited resources they have. Two things that any organization inherently has are – data and people. Data, or in some cases even, an abundance of data, is really meaningful only when it is converted into actionable information. People that leverage information as part of a process can generate insights which result in more optimized investment decisions and cost savings. The fact is that there is a huge opportunity to do more than you think you can with what you already have in your Software Asset Management (SAM) discipline. Although SAM is certainly a journey, it is one that can deliver quick wins and positive results as you progress through the maturity levels.

A conscious and effective Software Asset Management program need not be a distant dream. The benefits of a good SAM program go beyond cost savings and informed investment decision making. It also enables you to improve security and software license compliance, reducing the risk of both breaches and software audits.

People can leverage SAM tools to transform data about the software and hardware assets that are located in your datacenter and desktop environments across departments and regions. Using these tools, the data can be turned into valuable information, putting your company on firm footing to optimize IT spend and reduce Total Cost of Ownership (TCO).

The SAM tools normalize your software asset inventory data (which often exists in disparate systems and in a form that is not easily consumable), categorize and classify it into actionable information. For example, information on unauthorized software in the environment can drive a process to remove those applications and reduce security risk. Categorization reveals redundant applications that can be consolidated to reduce internal management and support costs as well as improve contract negotiating leverage. SAM tools use the normalized inventory data along with license entitlement data to determine a license compliance position. This insight allows you to maintain compliance and reduce audit risk.

We all know about “garbage in, garbage out.” What good is your data if it is inaccurate, incomplete and inconsistent? This is where people play a critical role. Once you have a SAM tool set up, you now have the foundation and visibility to detect data discrepancies, incompleteness and inaccuracies. For example, new software title additions in your environment that are not recognized can be addressed by adding the missing titles to the Application Recognition Library in the SAM tool.

Entitlement data (purchase orders, contracts, etc.) management can be periodically assessed for accuracy and completeness. Yet another example could be when acquired software or hardware is not yet deployed and can be handled by various filters within the SAM tool to appropriately account for their status and reflect the true picture of your IT environment.

Software Asset Management tools serve as a technology enabler that allows software asset managers to generate information and insights using streamlined processes which, in turn, reduce cost and risk.

Just starting your Software Asset Management journey? Checkout the “Blog: Reaping the Benefits of a Software Asset Management Tool Implementation” and download the free whitepaper “Moving Up the Software License Optimization Maturity Curve to Drive Business Value.”

By Peter Osang

To be effective in managing and optimising software licenses, Software Asset Managers require accurate information about the state of hardware assets within their organisation.

A Software Asset Management (SAM) system brings together data from many parts of an organisation to provide a complete picture of its software license position. The cornerstone of this is hardware and software inventory data, which is typically gathered from each device by discovery and inventory tools in the organisation.

However, software licenses take into account information about a device such as asset lifecycle status, role (e.g. production versus non-production use), and ownership that cannot be determined from raw hardware and software inventory data. Often, this data is stored in a Configuration Management Database (CMDB).

Much of this information is typically managed as part of an organisation’s Hardware Asset Management (HAM) program. For this reason, to be truly effective, a SAM system needs to include information from the organisation’s HAM system. It follows that an organisation’s HAM program should ensure that all of this hardware asset data is recorded and the team has implemented effective processes to manage that data.

What hardware asset information is needed?

Some key information about hardware assets that a software license optimisation program requires to effectively optimise software licenses are:

A complete list of all computer hardware assets in the organisation

This provides the software asset manager with a reference point upon which to judge the coverage of the data that the SAM system has imported from inventory systems. A common example of something that this helps to uncover is the case where you have difficult to access datacentre servers such as those sitting in high-security network zones.

Asset serial number

This makes it possible for a SAM system to match asset records to data that it has imported from inventory tools.

Asset status—what point in the lifecycle each asset is at (e.g. Deployed, In Storage, Retired, Disposed, etc.)

This allows the software license manager to ensure that software licenses are not counted unnecessarily against assets that are no longer in use within the organisation.

Asset role—what role does each asset play within the organisation? (E.g. Production, Standby, Test, etc.)

This allows the software asset manager to appropriately license the software where licensing terms differ by the asset’s role, particularly in datacentre environments. A notable example of where this has an impact is for test and other non-production environments. Software installed on servers in a test environment may not count towards licenses at all. In other cases, it may be less costly to use a user-based rather than hardware based license in such environments.

Asset ownership—the organisational entity that owns each asset

This makes it possible for the software asset manager to charge the cost of software on the asset back to the appropriate entity in the organisation. Depending on how your organisation chooses to model chargeback, this may be a specific cost centre or a business unit within the organisation.

Asset sharing—whether a device such as a desktop or laptop is shared between multiple users (e.g. devices used for training, call centre, etc.)

This allows the software asset manager to apply the most optimal licensing model, typically a device based license, to such assets.

Recommended HAM practices

The quality of the hardware asset management data must be underpinned by good hardware asset management practices. Some useful practices for managing the asset information mentioned above are:

Choose inventory tools that include software inventory data

There’s no point in your organisation implementing an inventory tool that gathers all the data from devices needed for HAM, only to find that it falls short on the quality of software inventory data that it provides. Software data can be difficult to gather, particularly in the datacentre where application-specific knowledge and patterns are often required to gather relevant information about high-valued applications. Both SAM and HAM requirements should be taken into account whenever choosing such a tool.

Record the asset as soon as it enters the organisation

As soon as your organisation has taken delivery of an asset, it should be recorded in your hardware asset management system. Ideally, it should be recorded with its serial number so that it can be reconciled against inventory data.

Have clear asset retirement and disposal processes

These processes ensure that an asset is recorded as retired when it is no longer in use and disposed as soon as it leaves the organisation. There should also be processes to pick up devices that have been lost, damaged or stolen as well as tracking devices that are in storage. Note that devices in storage that have installed software often require a license for that software. There should be an automated SAM process to reclaim licenses allocated to devices that have been retired.

Track lifecycle decision factors

One of the key pieces of information that tells us that an asset is active is the date that it was last inventoried. This gives confidence that software licensing calculations are accurate. However, there are many reasons why an inventory date may not be current even though its software is still licensable, such as the fact the user of the device is on extended leave. To help manage this, it is good practise to keep a record of these additional factors. For example, store the reason why a device is offline and the date when the device will be back online. Accurately storing the asset role can help too (e.g. a standby server may not be expected to be online).

Identify and track SAM system metrics

Keep track of metrics that indicate the health of the SAM data and implement processes to improve those metrics. Some examples of these metrics are:

Assets with no assigned role
Assets not owned by any entity in the organisation
Assets that unexpectedly have not reported inventory within X days
Assets no longer in use that are still reporting inventory
Assets that have not reported inventory at all
Assets with no serial number

In Summary

Hardware asset managers can ensure that they take software asset management requirements into account by:

Ensuring that both SAM and HAM requirements are taken into account when choosing an inventory tool
Tracking data about hardware assets that is needed for Software Asset Management and License Optimisation
Keeping track of the health of that data by including it in their system metrics
Implementing processes to ensure that the quality of hardware asset data is maintained

To learn more, please visit our website:

FlexNet Normalized Inventory for Clients

FlexNet Normalized Inventory for Servers

FlexNet Manager Platform (HAM and SAM)

And view our on-demand webinar: Finding, Tracking and Managing Hardware Assets

By John Emmitt

The recent IDG Enterprise 2016 Cloud Computing Survey showed that the average company plans to devote 28% of its IT budget to cloud computing in the next 12 months. Enterprise organizations (those having more than 1000 employees) plan to invest an average of $3.04 million in cloud services.

According to the survey report, the average company plans to allocate 45% of its cloud budget to Software-as-a- Service (SaaS), 30% to Infrastructure-as-a-Service (IaaS), 19% to Platform-as-a-Service (PaaS), and 6% to other as-a-service models such as Backup-as-a-Service and Storage-as-a-Service.

Source: IDG Enterprise 2016 Cloud Computing Survey

Join Flexera Software and Forrester for a webinar on: Making the Move to SaaS: The Commercial and Licensing Implications. Duncan Jones, Forrester VP and Principal Analyst, will be our guest speaker.

Organizations that are migrating to the Software-as-a-Service (SaaS) delivery model should very carefully assess the licensing, contractual and spend management implications. First, the deal you negotiate now will be the baseline for many future contract renewals, so you need to get it right. Second, managing ongoing costs and selecting the optimal subscription plan level for offerings such as Office 365 can be challenging. And third, this may be your last chance to take a software maintenance vacation.

In this webinar, Duncan will explain how to prepare for your transition to SaaS and subscriptions, including:

Your key decision: early migration versus taking a maintenance vacation
The implications for license management of new vendor licensing models
Assembling a sound negotiation strategy

Available Dates:

Thursday, 10th November - 10:00 am CT (US) Show in my time zone
Tuesday, 15th November - 10:00 am (Sydney, Australia) Show in my time zone
Tuesday, 15th November - 10:00 am (UK) Show in my time zone

By Chris Grinton

(Image source: Spectrum Scoreboards)

Nobody plays a sport and doesn’t keep score. But plenty of organizations implement a software asset management and license optimization program without any structured way to measure actual outcomes. This article seeks to provide some ideas on how to measure and track data, operations and outcomes from a program focused on optimizing the value and usage of software in an organization.

Business cases for a software asset management and license optimization program will present broad ideals of what ‘success’ looks like, such as:

Reduce risk of unplanned payments from using unlicensed software
Reduce risk of security breaches arising from use of unpatched software
Save money on unneeded maintenance
Avoid over-purchasing of software licenses
Reduce the time and effort required to fulfill requests for new software

Crossing the gap from high level objectives like these to identifying how to actually measure outcomes can take some thought. The key principle to apply here is to work out what is meaningful and important, and seek ways to measure those things.^[1]

Best-in-class organizations have a robust approach to monitoring and improving a range of metrics. Metrics will often be used as the basis for key performance indicators (KPIs) for teams who have responsibility for managing and influencing those metrics.

With that in mind, some sample metrics that may be useful to help with software license optimization are listed below. The metrics have been broken down into three areas:

Input data metrics
Operational metrics
Financial metrics

Input data metrics

A software license optimization program heavily relies upon comprehensive and accurate input data about IT hardware and software assets within the organization. This data is best held within a central Asset Management Database (AMDB) containing all of the data gathered from multiple sources. Input data focused metrics are useful for assessing the trustworthiness of this asset data. They can be used to highlight areas where data may not be clean, and to help identify data gaps for remediation.

Examples are:

% of active devices for which current hardware and software inventory is available.
% of devices found on the network which are not recognized as known assets.
% of devices found active on the network which have a status indicating they should not be active (for example, they are classified as being in storage or retired).
% of devices found on the network with a bad (blank, duplicate or blacklisted) serial number.
% of all IT assets in the organization that are represented in the AMDB.
Number of IT asset purchases that are not yet represented in the AMDB.
% of assets with no recorded location, business unit, etc.
% of computer records with missing processor information (autodiscovery tools which gather inventory do not always reliably collect this data).
Number of active individual-use assets with no assigned user.
Number of assets which are assigned to people who have left the organization.
% of virtual machines for which physical host information is not known.

Operational metrics

Operational metrics help to measure the operational performance of software license optimization activities. Examples are:

% of application installations that have been mapped to normalized application details.
Number of installations of commercial applications without a license.
% of application installations which have not been used within the last (say) 90 days.
Average number of different versions deployed of each application.
% of assets which are not actively deployed (for example, hardware assets on the shelf, or software licenses not used).
% of installations which are not using the latest patch level available from the software publisher.
Number of installations of applications with known security vulnerabilities.
Number of installations of applications which are unauthorized (prohibited) for use.
% of installations which are of applications that have reached their end of support life.
Average time taken to fulfill an end user’s request for new software.

Financial metrics

Financial metrics are useful for measuring the outcomes from a software asset management and license optimization program in terms of the value or cost to the organization. Examples are:

Value of software installations proactively removed.
Value of maintenance not renewed.
Value of software requests fulfilled from existing software license entitlements (i.e. without having to purchase new licenses).
Value of unlicensed deployments identified and remediated.
% of software licenses under maintenance which are currently used.
Value of contingency on the company’s balance sheet or allocated in budgets for unplanned software license liabilities (i.e. due to software audit true-up fees)
Number of software vendor audit notifications received per year.
Labor costs associated with responding to software license audits (and/or average cost per audit).
Costs paid arising from software license audit findings per year.
Number of security incidents arising from software vulnerabilities per quarter.
% of license and maintenance costs that are charged back to other parts of the business.
Ratio of the value delivered to the organization from the software license optimization program to the full time equivalent people supporting the program.

What are your favorite software asset management metrics? How do you go about measuring them?

To learn more, please visit our website, or download our whitepaper:

The Foundation of a Successful ITAM Program - In 5 Not So Easy Steps

The whitepaper covers these 5 steps to building your IT Asset Management (ITAM) program foundation:

STEP 1: Define Corporate Controls and Policy

STEP 2: Process Integration

STEP 3: Data Management

STEP 4: Define Metrics & Key Performance Indicators

STEP 5: Create a Communications Plan

------

^[1] Of course, some meaningful things in life are very hard to measure. However don’t grab defeat from the jaws of victory and let that get in the way of measuring what can be measured.

App Broker for ServiceNow™ brings the convenience and simplicity of a consumer app store shopping experience to the workplace. Employees can easily request apps from the ServiceNow Service Portal and have their requests automatically and quickly fulfilled. This consumer-style approach reduces risk by maintaining software license compliance continually and proactively to prevent unlicensed and unauthorized software installs.

App Broker for ServiceNow automatically populates and maintains a list of all authorized applications in the ServiceNow Service Catalog. It enhances the ServiceNow software delivery capability by automatically deploying apps to a wide variety of devices through out-of-the-box integration with end point management tools. It also automatically provisions a variety of cloud-based apps.

Take it up a Notch with Software License Optimization

ServiceNow Asset Management provides a solid framework for implementing a software asset management (SAM) program. However, achieving a high level of software license optimization maturity requires additional capabilities.

App Broker for ServiceNow and FlexNet Manager Suite significantly enhance ServiceNow SAM capabilities with robust software license optimization functionality. FlexNet Manager Suite provides automatic discovery of client and server hardware and software across the enterprise. It captures data on the software installed on each client and server as well as application usage data for desktop/client applications. The raw inventory is transformed into a normalized list of installed software per device with industry-standard naming conventions, using Flexera Software’s unique Application Recognition Library to recognizes more than 190,000 software titles from over 16,000 publishers. It intelligently identifies which software titles, versions and editions are installed on each device. The normalized application data is populated into the ServiceNow configuration management data base (CMDB) to complement existing data and provide a standardized and reliable list of software for use across all ITSM processes including Problem, Change, Performance and Capacity Management.

App Broker for ServiceNow also uses the Product Use Rights Library to reduce spending and understand the complex, vendor-specific software product licensing terms and conditions from vendors like Microsoft, Adobe®, IBM®, Oracle®, SAP® and Symantec. Rights include:

Right of second use
Upgrade rights
Downgrade rights
Nonproduction use rights

Examples of non-production servers include backup, test and training machines. In fulfilling requests, the app store checks whether a license is required and, if so, checks license availability before deploying the app. This ensures license compliance and minimizes the risk of significant and unplanned costs due to software audit true-ups. Moreover, the app store optimizes the use of software licenses to keep costs in check. It maintains license compliance intelligently, ensuring that app requests are fulfilled in the most cost-effective manner.

A frequently encountered use case involves the right of second use. If a user requests an app for a laptop computer that he or she already has installed on a desktop computer, the app store interrogates the Product Use Rights Library and determines that the existing license for the desktop provides the right of second use. Consequently, an additional license is not required for the laptop. The app is then deployed without allocating and incurring the cost of an additional license.

Download the white paper to read more about App Broker for ServiceNow.

Learn more about Flexera solutions for ServiceNow on the ServiceNow eStore.

By Paul Hughes

“Software innovation, like almost every other kind of innovation, requires the ability to collaborate and share ideas with other people, and to sit down and talk with customers and get their feedback and understand their needs.”
- Bill Gates

What do you think when you hear the word “innovation?” Many may consider it an over-used buzzword. Others may immediately have thoughts of VR headsets and artificial intelligence.

Whatever our reaction to the word, innovation plays a major role in creating business growth, local jobs and worldwide success. In our dynamic fast-paced world, innovation is crucial to remain competitive as a business.

So how do we ensure that our teams and businesses are truly innovative?

Firstly, it’s important to recognize that innovation starts with great ideas– the technology and the ‘what’ are just the outcomes. The real breakthrough is in the underlying idea.

Secondly, we must realize that great ideas spontaneously form inside of people, often coming at the least expected moment from the least expected source. People come up with new ideas by creatively synthesising existing ideas they have been exposed to.

This leads us to the realization that true innovation is a lot more about people than it is about technology, and that it is not something that can be forced.

Instead of focusing on how we can drive innovation, as leaders we need to focus on how we can establish the best conditions for people to synthesize new breakthrough ideas. We want to create an environment where we bring diverse and talented people together, where they are trusted and respected, and where they can work together to come up with inspiring ideas that are at the heart of true innovation.

I could stop right here with this blog post. When you connect with the idea that our job as leaders is establishing the environment for innovation, I’m sure you will translate that into dozens of specific things you can do to help nurture this atmosphere in your team and company. But to start the ball rolling, here are some specific things to consider:

A collaborative culture. So often breakthrough ideas come from different people sharing and brainstorming together. Each idea combines with the last, and we end up with a resulting idea that comes from the seeds of several people rather than a single person.
A diverse team with a wide variety of knowledge and experiences to ensure that we have the richest pool of ideas to draw from
Access to a number of sources of ideas to synthesise. For example, access to new technologies to experiment with, access to videos and training on different topics, access to the strategy of the company, key challenges of the business, etc.
An office space that facilitates collaboration. For example, the design of the office should naturally encourage collaboration – seating structures, access to whiteboards, etc.
An atmosphere of trust, respect, and genuine care because people are most free to be creative and innovative when they are treated this way.
Dedicated time and habits to spend time thinking. For example, regularly scheduled time for research, hackathons, company brainstorms, etc.

I wish you all the best in your and your team’s innovative endeavours. I’d love to hear any stories about specific ways you foster an atmosphere of innovation in your team.

To learn more about Flexera Software’s innovative and intelligent solutions for managing software, please visit our website. Flexera Software has been awarded a Top 100 Workplaces honor for the fourth time by the Chicago Tribune. The Top Workplaces lists are based solely on the results of an employee feedback survey and several aspects of workplace culture were measured – including Alignment, Execution and Connection. (Read the press release here).

Find information about our market leading Software Asset Management and License Optimization solutions here. (Paul Hughes is Vice President of Engineering for Flexera Software’s FlexNet Manager Suite for Enterprises solutions).

Readers may also be interested in reading our whitepaper: The Foundation of a Successful ITAM Program - In 5 Not So Easy Steps

By Mika Harviala

Ah! Springtime!¹ That magical time of year, when the birds sing their happiness, the flowers bloom, and the air smells of … audits? Wait, what? The publisher wants to audit our software usage? Time to scramble to figure this whole thing out. Let’s see – alright, the End User License Agreement (EULA) says they can audit us, now it’s all on to us to determine not only how much software we’re using, but also how much we are allowed to use.

Perhaps a bit dramatized, but still a scenario faced by many enterprises too many times. The part on “how much are we using” will be left to another article. We’re going to focus on the aspect of “how much software are we allowed to use” – these two sides of the equation make up the basic tenet of software asset management (SAM), after all—determining your software license compliance position.

One of the main reasons why you must collect and review all of the following sets of data related to license entitlements is simply because of the possibility for human error. All parties involved, the software vendor, the reseller and your own organization, may have inaccurate data on license entitlements that must be reconciled.

As you examine these different sets of data, you can visualize them as overlapping circles, a Venn diagram, which you’re attempting to converge into a single circle, your true and accurate license entitlement position.

Your first set of records that you need to examine should be the vendor identified license entitlements. If they are going to audit you, they must have some idea of what you are entitled to use. While they may target a subset of products for audit, you’ll want to make sure you receive a full set of entitlement data. This will typically consist of a large set of information, much of which is unneeded, but better to have more data and eliminate unnecessary pieces, then be unaware of missing data. This is your first circle.

Software License Entitlement Data Sources:

The second set of records to examine is your reseller data. Ensure that you can map between what the reseller says you have purchased and the entitlement records the vendor has provided. There may be a set of PO numbers that allow you to do a fairly simple match, or it may be a more tedious exercise of determining which items contribute to a pool of entitlements if that’s the information provided by the publisher. If a gap is revealed, where the vendor doesn’t show all of the licenses you’ve purchased, it’s time to do some detective work. Does your organization name fully match in vendor records, or is there a typo or other variation in spelling that would have kept the vendor from matching your name to your entitlements? At this point, you have two circles of data, ideally represented by a single circle.

Your third record set to examine is organizational changes. The publisher says you have the license entitlements to use this software, you have the reseller records showing it was acquired, but you know for a fact that when you spun off Spinoff Corp last year, it was agreed that they would take some of this software with them. What you have in this case is your SAM buddy at Spinoff Corp sweating because he received an audit letter too, and has no proof of entitlement to back up his software installations and usage. Most publishers have a process and set of paperwork that needs to be followed to move entitlements from one company to another, and this is another possible source of error. You’ll need to engage directly with the vendor, and the representatives of Spinoff Corp to ensure these entitlements are allocated to the right company.

The converse of the above case is when you’ve finally managed to complete the acquisition of Valuable IP Company. Any entitlements owned by Valuable IP should transfer to your organization, to account for the merger of your infrastructures. Also keep in mind that all of the steps above need to be completed for the entitlements associated with Valuable IP Company. They may have the same issues, so it’s critical to do the detective work on their licenses too.

When this activity is finally complete, you should have a set of license entitlements that represent your software estate. This admittedly could be a long road, especially if your organization doesn’t have mature software asset management processes in place. But when faced with software vendor audits, this is a crucial journey. Understanding your own entitlement position, as well as your license compliance position, allows you to work with auditors from a position of strength.

To learn more, please visit our website or read our whitepaper: What Does it Take to Achieve Software License Optimization?

----------------------------------------------------------------------------------------------------

Editor's Note: Mika is based in the U.S. where we are, of course, in the early stages of winter, but hey its Springtime (or maybe summer by now) in Melbourne, Australia! Maybe I'm even further behind with blog posts than I thought. -- John Emmitt

By Marcelo Pereira

The edition of Microsoft Patch Tuesday released yesterday brought a highly critical vulnerability found and described by Hossein Lotfi from Secunia Research at Flexera Software. The vulnerability is in a core component of all supported versions of Microsoft Windows operating systems, the so-called Unicode Scripts Processor that is enclosed in the operating system. Because of its nature, the vulnerability is typically exploited, for example, via web browsing and document exchange, where opening a specially crafted web page or document may unfold the malicious intent. For that reason, patching this vulnerability as soon as possible is the most effective way to protect machines against exploitation, and avoid the risk it represents for both private users and businesses.

A Q&A with Hossein on this vulnerability is given below:

Flexera Software: Does this vulnerability have a nickname?

Hossein: No. Feel free to call it “Dirty Font”, “Ugly USP”, or …

Flexera Software: Any t-shirt?

Hossein: Not yet!

Flexera Software: What is your opinion on the “Marketing” of vulnerabilities?

Hossein: You probably guessed from my previous answers, I personally prefer to just sticking to the details of a vulnerability and to provide them to the community and not trying to create hype by giving it a nickname. The actual research, analysis, and the details are where the fun, challenging, part is. And it’s also the most useful for users of the affected systems.

Flexera Software: Can you elaborate on the vulnerability that you found?

Hossein: The vulnerability happens when processing a font file with specially crafted Unicode Variation Sequences table. An integer overflow will lead to an under-sized buffer and then a memory corruption. This affects all supported versions of Windows x64 and x86.

Flexera Software: What do customers potentially face should they fail to patch this vulnerability?

Hossein: The issue happens within a core component of Windows and not a specific application. That is to say, any application using the affected API when processing fonts can be affected and, thus, it is better to be patched as soon as possible.

Flexera Software: What does an exploitation of such a vulnerability typically look like?

Hossein: The exploitation can happen via different vectors where font processing may happen e.g. a possible affected web browser or mail client.

Flexera Software: Perhaps you can give some insights on how difficult it is to find and analyze a vulnerability like this. Is it a lengthy process?

Hossein: The analyzing is usually easy and quick. Finding the issue is a bit challenging as, in this case, it was found via reverse engineering. The code quality is improved in recent versions of Windows and it is a bit more challenging to find a vulnerability.

Flexera Software: Is it unusual to have such a vulnerability affect so many Windows versions?

Hossein: No. Although the code quality is better in recent versions of Windows, a lot of the code base is still the same.

The technical description of the vulnerability can be found on the Secunia Research blog.

You can learn more about mitigating security risks with software vulnerability management by visiting our website and by reading our SVM Blog.

Learn about the role that Software Asset Management (SAM) plays in improving security by attending our webinar:

SAM and Security Teams Must Join Forces to Enhance Security

Available Dates and Times:

Thursday, 19th January - 10:00 am CT (US) Show in my time zone
Wednesday, 25th January - 10:00 am (Sydney, Australia) Show in my time zone
Thursday, 26th January - 10:00 am (UK) Show in my time zone

By John Emmitt

A few months ago, Gartner published this report: Cut Software Spending Safely with SAM

Organizations can cut spending for software licenses by as much as 30% by implementing the three software license optimization best practices presented in this Gartner research report, including:

Optimizing software configurations to achieve compelling savings by leveraging entitlements.
Recycling software licenses by optimizing your daily IT operational activities.
Leveraging software asset management (SAM) tools to scale your software license optimizations.

Source: Gartner (March 2016)

The Gartner report provides several vendor specific examples, using IBM, Microsoft, Oracle and SAP, to illustrate how you can cut software spending.

IBM—Optimize Processor Value Unit (PVU) licenses for full capacity and sub-capacity (virtualization capacity) licensing. (See also this blog: An Alternative Solution for Managing IBM Sub-capacity Licensing).
Microsoft—Optimize by understanding Client Access Licenses (CALs), optimize profiles for different subscription plan levels—e.g. for Microsoft Office 635, leverage Product Terms (aka Product Use Rights), and more. (View our on-demand webinar: What's New in FlexNet Manager Suite 2016 to learn about managing CALs and Office 365).
Oracle—Optimize by choosing the right edition and license metric, select the right virtualization approach, etc. (See our blog series on Oracle Database Licensing in a VMware Virtual Environment, Part 2, Part 3).
SAP—Optimize SAP Named User Licenses by tracking and analyzing usage to select the optimal user type, find and eliminate idle and duplicate users, etc. (Read our whitepaper: Curing the SAP Overpayment Syndrome, or view our on-demand webinar with Martin Thompson of the ITAM Review: Meet the Challenges of Managing SAP Licensing and Reap the Rewards).

*** For a limited time, you can freely download the Gartner report from the Flexera Software website.¹

As noted in this previous Software License Optimization blog, there are a number of additional ways that organizations can reduce costs:

Software audit cost savings
Labor savings
Reductions in software maintenance costs
Hardware cost savings
And, the ability to negotiate more favorable software contracts (Read our whitepaper: Maximizing Value in Software and Cloud Services Procurement).

Labor Savings from Software Asset Management Tools

Let’s take a brief look at labor savings, as this is an area we don’t focus on as much as we should, perhaps. There are a number of ways that SAM tools can significantly reduce manual effort:

Reduce time and effort spent on SAM processes through automation. This can include:
- Reduce the time it takes to identify software in the environment through automated discovery, inventory, recognition and normalization processes. These leverage an Application Recognition Library to identify software publisher, title, version and edition for installed software.
- Reduce the time it takes to collect, manage and understand your software license entitlements—this leverages a Stock Keeping Unit (SKU) Library and Product Use Rights Library to automatically apply product use rights to reduce license consumption. For example, the tools can apply license entitlements related to production versus non-production use of the software on a server.
- Reduce software audit preparation time and effort, and reduce audit risk, by having an accurate view of your software license compliance position at all times.
Reduce helpdesk calls and time spent fulfilling software requests by implementing an enterprise app store that is integrated with your SAM solution.
- “With App Portal, I now have 320 hours that I can spend on more critical tasks. And users no longer have to wait four days to get an application. People have their applications within a couple of hours and they can be productive right away.” – Jason Andersen, Software Deployment Specialist, Providence Health & Services. See the full customer case study here.
- Note that the app store can also automate the software license reclamation process to reduce costs through license reuse (Gartner’s “Recycle software licenses” step).

Our 2016 TechValidate survey of FlexNet Manager Suite customers showed that labor savings was a key element of overall cost savings and return on investment. This chart shows the results for a few of our customers in the financial sector, for example:

Overall, 36% of the customers in the TechValidate survey said that labor savings contributed to the ROI of their SAM program after deploying FlexNet Manager Suite.

The largest percentage—53%, said that software reuse (recycling of software licenses) was a contributor to ROI.

Footnote:

The Gartner report will only be available via the Flexera Software website until the end of this year (2016).

By John Emmitt (with a big nod to Robert L. May and Johnny Marks)

You know audits and “reviews” and true-ups and EULAs

EA and SA and SaaS and renewals

But do you really have

A truly mature SAM¹ program?

Rudolph the red-eyed asset manager

Had a very scary spreadsheet

And if you ever saw it

You would be knocked right off your feet

All of the other departments

Had fancy automated tools

The company never let poor Rudolph

Get next gen asset management tools

Then one nasty software audit

The CIO came to see

If Rudolph really had optimized SAM

How much time and money they could save

Then how the C-level loved him

And they shouted out with glee

“Rudolph the red-eyed asset manager

Soon you’ll be a CIO like me!”

Happy Holidays and Best Wishes for a Happy New Year!

Notes:

SAM: Software Asset Management
You might also enjoy this older Software License Optimization blog: ‘Twas the Night Before Audit
Visit our website to learn more about our next generation Software Asset Management and License Optimization solutions

By John Emmitt

It’s a new year! Welcome to 2017. What will it bring? Here are a few thoughts on trends that will impact Software Asset Management (SAM) teams this year.

The Cloud (of course)

The cloud computing trend continues, with some new developments such as the concept of the “multi-cloud” approach, wherein enterprises can reduce costs by using multiple cloud vendors. According to this article on CIO.com, 451 Research says that “enterprises can cut direct cloud expenditure by up to 74 percent with a multi-cloud approach.”

In the same CIO.com article, hybrid cloud is also discussed and they mention the 2016 partnership between Amazon Web Services (AWS) and VMware. This partnership gives AWS access to hybrid cloud capabilities and helps them compete in this arena with Microsoft Azure. Microsoft will be coming out with its Azure Stack offering this year, too. This is “a new hybrid cloud platform product that enables you to deliver Azure services from your own datacenter.” And, Oracle has come out with their Oracle Cloud Machine. A Constellation Research blog says “Oracle in March rolled out Cloud Machine, a hardware appliance implemented behind customers' firewalls, running application workloads using the same software stack that powers Oracle's public cloud, with subscription-based pricing.”

As part of Microsoft’s licensing changes announced in 2016 (also discussed in the Constellation Research blog mentioned above), they raised the minimum threshold for Enterprise Agreements to 500 users/devices, up from 250. Companies that don’t meet that minimum are being directed to two newer, more flexible licensing programs: Microsoft Products and Services Agreement (MPSA) and Cloud Solutions Provider. Per the Constellation blog, Cloud Solutions Provider is “a partner-driven program aimed at helping Microsoft's massive reseller community sell its cloud services to SMEs while providing a local "face" for IT support.”

There are a number of different cloud services models, including Infrastructure as a Service (IaaS), platform as a service (PaaS) and software as a service (SaaS), as well as public, private and hybrid clouds as discussed above.

A recent IDG Enterprise 2016 Cloud Computing Survey showed that the average company plans to devote 28% of its IT budget to cloud computing in the next 12 months. Enterprise organizations (those having more than 1000 employees) plan to invest an average of $3.04 million in cloud services. Overall, companies anticipate having 60% of their total IT environment in public, private, and hybrid clouds by 2018, according to the IDG report.

According to the survey report, the average company plans to allocate 45% of its cloud budget to Software-as-a- Service (SaaS), 30% to Infrastructure-as-a-Service (IaaS), 19% to Platform-as-a-Service (PaaS), and 6% to other as-a-service models such as Backup-as-a-Service and Storage-as-a-Service. (See table below).

How does all of this impact Software Asset Management?

Each of the different cloud services presents its own challenges. SaaS applications reduce license compliance and audit risk but often increase the risk of overspending. SAM teams must monitor usage and have efficient processes in place to ensure that the right subscription level is in place for each user and that licenses are reclaimed and reallocated when users leave or change job functions.

Public cloud (IaaS) services such as Amazon Web Services (AWS) also require careful management to control costs and maximize utilization of your cloud instances. This is another area where SAM teams should take charge and provide this oversight. Tools that can aggregate the data across multiple AWS accounts and report cost and utilization of cloud instances can help you contain costs.

Public and hybrid cloud environments also require SAM and IT Procurement teams to understand their license mobility rights and vendor Bring Your Own Software and License (BYOSL) programs. These tell you whether you can move your existing on-premises enterprise software to the cloud.

Resources on Cloud related topics:

Read our whitepaper: Maximizing Value in Software and Cloud Services Procurement

Webinar with Duncan Jones of Forrester: Making the Move to SaaS: The Commercial and Licensing Implications

Webinar with Carla Arend of IDC: Digital Transformation, Cloud Adoption and the Impact on SAM and Security

View our on-demand webinar: What's New in FlexNet Manager Suite 2016 to learn about managing Office 365 subscriptions.

Webinar with R ‘Ray’ Wang of Constellation Research: Getting Your Arms around the Cloud

Security

Cybersecurity risk is right near the top of the list of CIO concerns, as noted by this ZDNet article: What's top of mind for the CIO as 2017 looms. The article lists: “Worries about cybersecurity, including a potentially career-ending public hack. This has become a top concern to the extent that some IT management surveys put it at the very top of the spending list.”

What role does the SAM team play in security?

For starters, the SAM team has the normalized software inventory data that is the foundation of the part of your security initiative that is focused on software vulnerabilities. These software vulnerabilities are one of the primary “attack vectors” for hackers. Thousands of software vulnerabilities are uncovered each year—there were more than 16,000 in 2015. The normalized software inventory data can be correlated with known software vulnerabilities from the Secunia Research database to uncover the vulnerabilities in your IT environment. These vulnerabilities can be prioritized to allow your organization to remediate the most critical ones first, reducing your security risk.

The Software Vulnerability Management Lifecycle:

The 2015 Verizon Data Breach Report stated that 99.9% of exploited vulnerabilities were compromised more than a year after the vulnerability (CVE) was published. Security patch management tools ensure that available patches are applied in a timely manner to improve your security posture.

Software Asset Management teams also have other means to improve security. These include having the visibility into licensed and unlicensed (aka “pirated”) software in the environment. A 2015 IDC report showed a strong correlation between unlicensed software and malware encounter rates—see figure below.

In addition, SAM teams can have visibility into authorized and unauthorized software in the IT environment and can take action to remove unauthorized software, such as games and file sharing programs. This further reduces the attack surface for hackers and cyber criminals.

The use of an enterprise app store reduces the likelihood that unauthorized software will be introduced into your IT environment by making it fast and easy to get only authorized software. Gartner predicted that by this year (2017), “25% of enterprises will have an enterprise app store for managing corporate sanctioned apps on PCs and mobile devices.”

Rationalization and consolidation projects that find and remove redundant, obsolete and unused applications improve security by reducing the software footprint, which also reduces the attack surface for hackers.

Resources for SAM and Security:

Webinar: Play Defense - Reduce Security Risk with SAM and Software Vulnerability Management

Upcoming webinar (January 19^th): SAM and Security Teams Must Join Forces to Enhance Security

Vulnerability Intelligence Manager

To learn more about Flexera Software’s enterprise solutions for Software License Optimization, cloud infrastructure management, and Software Vulnerability Management, please visit our website.

Twenty years ago if asked what percentage of Open Source Software (OSS) is used within software applications, you would have heard none, 5% or maybe even as much as 10%. Fast forward to today and Gartner says 95% of IT organizations leverage OSS in their mission critical applications.

Give Us 5 Minutes and You Could Win an Apple Watch or $250 Amazon Gift Card

Flexera Software invites you to take part in a brief 5-minute survey to share how your organization uses, tracks and manages open source software. In return, you’ll receive a free copy of the completed report and as a special thank you for your participation, you can register for a chance to win an Apple watch or a $250 Amazon Gift Card.*

Add your voice to the OSS conversation! Take the survey now!

The survey closes January 30^th.

Thank you!

*Contest participation optional, must participate in the survey to be eligible.
Winners chosen at random.

Leverage Normalized Software Inventory Data for Vulnerability Management

By John Emmitt

Figure 1: Software Asset Management & Security Teams Must Work Together

There is a critical relationship between Software Asset Management and Vulnerability Management. Many aspects of the work to manage software assets have a direct impact on the security and risk profile of organizations. If you work in Software Asset Management: “whether you realize it or not, you play an important role in Information and IT Security.” And, you also collect and manage a wealth of data that is critical to identifying software vulnerabilities and mitigating security risk.

Organizations that are able to leverage software asset inventory data combined with software vulnerability data can rapidly address the most critical cybersecurity threats and stay ahead of the game. They can more effectively reduce the attack surface for cybercriminals and hackers, keeping their business protected from threats like ransomware and out of the infamous data breach news.

Join us for a webinar to hear how these two disciplines—Software Asset Management and Security, can work together to help organizations be more efficient and more secure.

Learn about:

The important role that Software Asset Management plays in enhancing IT security
How normalized software inventory data from FlexNet Manager Suite can be used to drive the Software Vulnerability Management process in Vulnerability Intelligence Manager
How Vulnerability Intelligence Manager identifies and prioritizes vulnerabilities and helps mitigate security risk

Figure 2: FlexNet Normalized Inventory and Vulnerability Intelligence Manager Integration – Continuously Maintain the Asset List to be Monitored for Software Vulnerabilities

If you are a Software or IT Asset Manager, please invite your IT security colleagues to attend!

Available Webinar Dates:

Thursday, 19th January - 10:00 am CT (US) Show in my time zone
Wednesday, 25th January - 10:00 am (Sydney, Australia) Show in my time zone
Thursday, 26th January - 10:00 am (UK) Show in my time zone

By Trevor Holmes

An incremental investment in process modelling and asset lifecycle metrics can help organisations realise additional value from their Hardware and Software Asset Management programs.

Introduction

In a recent blog Recommended Hardware Asset Management Practices to Support SAM, Peter Osang wrote about the value of integrating information from Hardware Asset Management (HAM) programs into your Software Asset Management (SAM) processes.

Key information that can affect your SAM decision making, such as an asset’s service status, ownership, and which business functions an asset supports, needs to be recorded and accessible.

One place to start is to ensure that you have a clear understanding of how your organisation manages asset lifecycles, and which data points in a lifecycle are important to you as a SAM practitioner.

Modelling Asset Lifecycles

Most SAM systems support the tracking of a (lifecycle) status against computer assets on which software can be installed and executed. This can be as simple as recording assets as being “Purchased”, “Installed”, “In-Storage”, “Retired”, or “Disposed”; or can be more detailed to show when assets are offline for repair or maintenance, being built or rebuilt, are lost, stolen, or have been returned to the manufacturer.

An example of a simple modelling of an asset lifecycle is shown below:

In this example, an organisation has management of computer assets over five asset lifecycle phases, from Acquisition through to End-of-Life. Asset statuses are tracked in each lifecycle phase, and key items of lifecycle data are collected and recorded.

During Acquisition, orders are placed with a vendor for the purchase of assets. These orders may be Cancelled before the assets are delivered.

Stock Management: When Purchased assets are Received from a Vendor, they are inspected, and if they don’t pass on-receipt checks, they are Returned to the Vendor. Once received, assets may be placed In Storage, or may be passed to technicians who perform system builds by installing and configuring software (sometimes call Kitting).

Operations: Kitted assets must be commissioned as active systems before operational use. Typically, once software is installed, and a system goes into Active use, then Software Asset Managers need to track the use of software on that system as being licensable. (“Active” could include hot, warm and cold backup servers where license requirements depend on the particular vendor and application).

Active assets may be taken Out-of-Service, and under some licensing terms, software installed on these systems may be treated as not requiring a license.

Periodically, maintenance may need to be performed on computer assets. The expectation here is that the system will only be Under Maintenance for a short period, and that the system will be brought back online for regular use of installed software and services at the end of the maintenance period. In these cases, it is typical for installed software to be tracked as licensable over the maintenance period.

Assets may also be taken Out-of-Service as a prelude to being placed back In-Stock, or Retired.

End-of-Life: Assets that have reached the end of their service life, or otherwise no longer needed, are first Retired, and then Disposed.

Disposed assets are assets that are no longer owned, leased, or physically retained by the organisation. Retired assets are assets that are not planned to be put back into service, or kept as stock. In either case, software installed on these systems may be treated as not-licensable. Nevertheless, Retired assets should go through a set of software removal and data cleansing procedures, before they are sold off to third-parties (recipients), or otherwise Disposed.

Asset Lifecycle Data

When we have an Asset Lifecycle model that fits our organisation’s Asset Management practices, what lifecycle data points should we collect to enrich our understanding of our SAM estate?

Our recommendation is to start simple, and build on the data you collect as your Asset Lifecycle processes mature.

One obvious starting point is to capture and record the dates on which Assets transition to a new lifecycle status. In the example above, the following dates are recorded:

Purchase date
Delivered date
Kit/commission date (Build date)
Stock date
Last inventory date (i.e. last know active date)
Out-of-service date
Maintenance start date
Retired date
Disposed date
End-of-Life (EOL) date (Scheduled date when the asset should be retired)

Other important data that has been collected at points through the lifecycle include:

Serial number (unique identity of the computer)
Computer name
Last login user (name)
Out-of-service reasons
Maintenance reasons and Service ticket (id)
Retirement reason
Resale value
Written-off value
Recipient (at disposal)

Using Lifecycle Data as a Base for KPIs and Metrics

Once your Asset lifecycle has been defined, and you have started to collect some basic lifecycle data, you can start to think about realising extra value through Lifecycle data based Metrics and KPIs.

One organisation I have worked with that has a well-established IT Asset Management (ITAM) program, tracks trends in metrics that include:

Number of Active Assets - number of assets that are “Active” and have returned inventory at least once
Number of Active Assets Missing for 30 Days - number of Active assets that haven’t returned inventory in the past 30 days

A regular review of the trends in these two metrics can prompt and early investigation into “missing” assets that could be a source of License non-compliance and/or over-purchasing. Your organisation may still be liable for software installed on “missing” assets, even if you can’t get an up-to-date report on what is in use; or they may be missing an opportunity to reclaim licenses that are no longer needed.

As well as tracking missing assets, you may want to confirm that assets with the lifecycle statuses In-Storage and Retired are indeed, inactive. A quick alert to any such assets that are still active can be gained from the following two metrics:

Number of In Storage Assets Reporting Inventory - number of In-Storage assets that have reported inventory after their Stock date
Number of Retired Assets Reporting Inventory - number of Retired assets that have reported inventory after their Retired date

Your organisation may have policies that seek to ensure that critical business systems are always hosted on assets that are within support-life. If so, you should track how close each asset is to its scheduled End-of-Life

Months To EoL - months till End-of-Life

To track how well then you are managing the retirement of aging assets, you might track trends in:

Number of Assets Approaching EoL - number of assets that are within 3 months of their scheduled End-of-Life

Further confidence that you are effectively managing your asset lifecycle can be gained by tracking:

Asset Age in Months - months since Delivery date

and:

Average Asset Age in Months - average asset age in months
Maximum Asset Age in Months - maximum asset age in months

See the blog Track These Software Asset Management Program Metrics for Success for more discussion on metrics that can be used in a software asset management program.

Conclusion

As demonstrated above, some relatively simple asset lifecycle modelling and status tracking can provide key insights into how well you are managing your assets and the software license compliance risks associated with them.

For a SAM/HAM Manager, it’s about working to minimise the “unknown unknowns.”

To learn more, please visit our website:

FlexNet Normalized Inventory for Clients

FlexNet Normalized Inventory for Servers

FlexNet Manager Platform (HAM and SAM)

And view our on-demand webinar: Finding, Tracking and Managing Hardware Assets

By John Emmitt and Adrian Bideaua

As all Software Asset Managers know, software licensing can be quite complex and there are many special cases that require deep understanding of licensing models, as well as contract terms and conditions. This blog is the first in a new Flexera Software License Optimization blog series called “Licensing Expert Tips.” The goal is to tap into the software licensing expertise we have in-house, as well as external experts (guest bloggers), to share tips and insights on specific licensing questions.

Here’s the scenario for the first Licensing Expert Tips blog:

The customer has Oracle Coherence RPM (RPM Package Manager) packages on machines running the Red Hat Linux operating system. The RPM packages are not being picked up by the inventory agent because they are NOT installed on the machines, they are “just sitting there.” The customer believes that these uninstalled RPM packages require Oracle licenses. Is that true?

Licensing Expert Response:

One of our resident Oracle licensing experts, Adrian Bideaua, responded as follows—

Oracle Coherence is available in three editions: Oracle Coherence Standard Edition One, Oracle Coherence Enterprise Edition, and Oracle Coherence Grid Edition. All of these editions are listed in the Oracle Technology Price List and are available under a Processor or Named User Plus (NUP) licensing metric.

Going back to the licensing metric definition, for the Processor license model the Oracle document states:

Processor: shall be defined as all processors where the Oracle programs are installed and/or running.

Similarly, for NUP licenses, the Oracle document says “… the programs which are installed….” NUP licenses also require an understanding of the Processor quantities in the server that has the Oracle software installed.

Here is the Oracle definition for Named User Plus:

Named User Plus: is defined as an individual authorized by you to use the programs which are installed on a single server or multiple servers, regardless of whether the individual is actively using the programs at any given time. A non-human operated device will be counted as a named user plus in addition to all individuals authorized to use the programs, if such devices can access the programs. If multiplexing hardware or software (e.g., a TP monitor or a web server product) is used, this number must be measured at the multiplexing front end. Automated batching of data from computer to computer is permitted. You are responsible for ensuring that the named user plus per processor minimums are maintained for the programs contained in the user minimum table in the licensing rules section; the minimums table provides for the minimum number of named users plus required and all actual users must be licensed.

Thus, from a licensing perspective, if the software, in the RPM Package in this case, is not yet installed, there is no need to consume a license. From a practical audit perspective, because there is no software usage that could be detected that can be associated with this software, I don't see this being an issue with Oracle LMS. During my time there we only looked at installed and/or running software during the software audit process.

If you have a licensing question, please send it in and we will ask our experts!

For information on Flexera’s market leading Software Asset Management and License Optimization solutions, please visit our website or Contact Us.

You may also be interested in attending our webinar with R "Ray" Wang, CEO and Principal Analyst at Constellation Research: Crafting Your Oracle License, Contract and Vendor management Strategy.

Available Dates:

Tuesday, 14th February - 10:00 am CT (US) Show in my time zone
Wednesday, 15th February - 10:00 am (Sydney, Australia) Show in my time zone
Wednesday, 15th February - 10:00 am (UK) Show in my time zone

Key topics to be covered include:

Navigating the Oracle audit process
Implementing mature SAM processes for Oracle license management
Crafting Win-Win scenarios
Setting your own strategy for moving to the cloud with Oracle
Application strategy development

Chicago Public Schools (CPS) is the third largest school district in the United States. As part of its commitment to expanding technology in classrooms, the District needed to understand their application footprint and identify opportunities to consolidate vendors and save money. They wanted to make informed decisions to reduce new software purchases and negotiate more favorable software vendor contracts.

“ The speed and accuracy of transforming Microsoft system center data into actionable inventory give us the information we need to make informed business decisions, this has helped us drive consolidation and save the school district money.”
                                                                                        Paul Valente
                                                                                        Managed Services Support Lead

Paul Valente lead Managed Services Support Lead and his team thought they would identify around 5,000 software titles and versions. CPS fed the raw inventory data collected from Microsoft SCCM into the Flexera solution, including users, machines and site information from Active Directory. A secure cloud based Application Recognition Service automatically categorized and standardized the naming of over 190,000 applications from over 16,000 vendors. The result was a normalized inventory of applications and usage data for their 130,000 Microsoft Windows devices.

Surprisingly the solution had identified over 29,000 different applications and versions, many more than they had previously estimated.

The inventory highlighted the magnitude of application sprawl in the school district, and gave Paul a solid starting point to begin the second phase, meeting with application owners to decide which applications are required and which ones could be consolidated or retired. Armed with this wealth of information about the applications installed though out the district, Paul also realized that this information was crucial to improving efficiency and accuracy of many other software related business processes including security and procurement.

Listen to Paul describe working together in this 45 sec clip and register for the webinar replay

By John Emmitt

In January 2017, Oracle changed the license consumption calculations for their set of ‘authorized cloud environments’ which includes Amazon Web Services – Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service (RDS) and Microsoft Azure Platform. Under the new rules, you must now count as follows:

Amazon EC2 and RDS –
- count two vCPUs as equivalent to one Oracle Processor license if hyper-threading is enabled, and
- one vCPU as equivalent to one Oracle Processor license if hyper-threading is not enabled.
Microsoft Azure – count one Azure CPU Core as equivalent to one Oracle Processor license.

Also, the Oracle Core Factor Table no longer applies when calculating license consumption in authorized cloud environments.

What affect does this set of changes have on your costs?

As noted in this article on The Register: Oracle effectively doubles licence fees to run its stuff in AWS, it can double your costs, in some cases. The costs don’t change if you are running Oracle programs with Standard Edition One, Standard Edition 2, or Standard Edition in the product name in an AWS environment. In this case, the calculation is the same as before:

“Authorized Cloud Environment instances with four or fewer Amazon vCPUs, or two or fewer Azure CPU Cores, are counted as 1 socket, which is considered equivalent to an Oracle processor license. For Authorized Cloud Environment instances with more than four Amazon vCPUs, or more than two Azure CPU Cores, every four Amazon vCPUs used (rounded up to the nearest multiple of four), and every two Azure CPU Cores used (rounded up to the nearest multiple of two) equate to a licensing requirement of one socket.”

The costs can double in cases where you are running, for example, Oracle Database Enterprise Edition on vCPUs where hyper-threading is not enabled, since now one vCPU equates to one Oracle Processor license, instead of equating to only half a Processor license.

The costs can also increase in cases where you are running on processors that have a core factor of less than 1. For example, if the core factor was 0.5 under the old rules, it is ignored under the new rules and your costs double.

To learn more about Crafting Your Oracle License, Contract and Vendor Management Strategy, please attend our webinar with Ray Wang of Constellation Research.

Available Dates:

Tuesday, 14th February - 10:00 am CT (US) Show in my time zone
Wednesday, 15th February - 10:00 am (Sydney, Australia) Show in my time zone
Wednesday, 15th February - 10:00 am (UK) Show in my time zone

By Adam Galbreath

The responsibilities for managing a Software Asset Management (SAM) program can vary depending on the organization and there is no easy formula to determine staffing levels required. There is no “one size fits all” approach to determining the right amount of resources. The total number of resources required could be based on total software spend, number of devices (data center and desktops), number of software titles and/or software licenses to manage, along with the amount of business analysis work required to support the enterprise. Before an organization tries to determine the number of resources they need to support a SAM program, its best to understand the basic daily functions of any SAM tool and where the SAM team sits in the organization.

In some organizations, the SAM team resides within the IT organization and this allows for close alignment with core sources of information like discovery and inventory data, as well as hardware asset management, configuration management and service management processes. This also facilitates involvement in operational activities like problem/incident/change management that impact SAM processes and activities such as reclamation of licenses for unused applications, monitoring for unauthorized software installations and hardware decommission and disposal.

In other organizations, the SAM team sits in the Finance/Procurement department which allows a close working relationship with the procurement, sourcing and vendor management team. This can aid negotiation of software license agreements that best meet the needs of the business while also being manageable. And it can allow better communication of license entitlements across the organization to maintain license compliance.

There are several activities the SAM team will need to perform to ensure value is realized from the investment made in a software asset management tool. Sources for inventory and business data connected to the SAM tool must be monitored and maintained, new software licenses need to be added, unauthorized software installations must be actioned, the usage of existing applications needs to be monitored to ensure they are being used effectively, and so on. The SAM tool is the hub for everything software and license related. Your software asset management resources will have to develop expert knowledge of the tool and associated SAM processes to ensure the organization gets the most out of its SAM program.

There are 3 functional areas that your core SAM team must manage in order to sustain SAM processes and tools. These are:

Systems and Inventory Services

Systems and Inventory Services provides visibility and core monitoring of the deployed hardware and software that are supported by the SAM tool. System and Inventory Services are the technical tasks performed by the SAM tool administrator such as:

Systems monitoring and health management
System upgrades
Discovery and Inventory management, potentially including the full software stack (operating systems, virtualization, databases, middleware, and enterprise applications)
Inventory and Business import/interface maintenance—this includes the connectors that allow collection and import of license entitlements and contract information

These services provide the infrastructural foundation for the SAM tool to enable a healthy and stable environment so the other 2 functional services areas can be effective.

SAM Operations Services

Once data is imported into the SAM tool, such data needs to be processed to provide actionable insight and information to the business. The SAM Operations Services are the operational tasks performed by the tool operators such as:

Software Asset Lifecycle Management
Application Management
Processing of Purchase Orders to Sustain License Positions
Providing Reporting and Collect Metrics
Data Quality Support of Inventory and Business Data

SAM Operations Services provide operational support for the data within the SAM tool so License Compliance and Optimization Services can be completed.

License Compliance and Optimization Services

License Compliance Services deliver a ‘software purchased to software inventory’ level of reporting based on the collected entitlement data reconciled with installations. License Optimization Services ensure product use rights are applied to optimize license consumption for applications based on contractual agreements. The use rights include upgrade, downgrade, right of second use, multiple use, and roaming use, among others. The resources supporting License Compliance and Optimization Services are responsible for:

Providing subject matter expert knowledge for key publishers’ license terms and conditions
Identifying instances of material license compliance risk
Quantifying the extent of non-compliance in dollar ($) value, to drive awareness, facilitate priority setting and focus remediation efforts based on total risk.
Working with the appropriate organizations to review the license optimization recommendations and determining which are achievable.
Identifying areas where license reclamation may be possible and implementing an automated reclamation process
Identifying areas of potential cost savings as reported by the SAM tool and taking action to realize those savings

Understanding the core functions of the SAM tool and the skills needed to perform these functions are paramount to determining the resource requirements.

As the SAM program progresses, the evolution of the organization should move from strictly operational to one that supports business analysis for the effective and efficient management of IT. The resources and skill sets in the organization will need to evolve along with those capabilities.

Many companies looking for a SAM tool do not have a dedicated team in place to effectively manage their software estate with the new tool. Far too often, organizations have considerable setbacks or are slow to demonstrate the expected value after the SAM tool has been implemented and need help implementing best practice SAM processes in conjunction with the tool to meet their business goals and objectives. Companies should look to their SAM tool provider to help fill the gap from the end of the tool implementation to when the organization is prepared to fully take over the operation of the SAM program. The benefit is a sustainable solution that avoids set-backs and accelerates business value realization.

By Eric J. Feldman

Lawsuits between large software vendors and their customers often make the news. In 2015, Adobe took legal action against fashion apparel giant Forever 21 over alleged use of pirated software. And in 2016, a company called Bitmanagement filed a complaint that the United States Navy used $600 million worth of unlicensed software.

I chose these examples as they represent legal action against an organization that allegedly used unlicensed copies of software. Enterprise software licensing agreements are complex documents. Companies license software products based on many different license metrics, including a specific quantity of named users or devices, a fixed count of processors in a server, or even the number of simultaneous users, to name a few. In most cases, the use of unlicensed copies of the software by enterprise customers is unintentional, and is due to the complexity of the contracts, product use rights, and license models.

In many software licensing models, once you go above the number of licensed users/devices/processors, etc., you are out of compliance with your software license agreement.

But what if there is uncertainty over what qualifies as a “named user?”

This is a primary issue in a recent court decision. In SAP UK v Diageo Great Britain, the High Court of England and Wales ruled in favor of SAP who sought a claim of over £55 million against the beverage giant Diageo for “indirect users.” And the implications are huge for large companies that have integrated their customer facing systems with their SAP database.

In this particular case, Diageo had, since 2004, licensed the mySAP Business Suite based on a number of named users. A few years ago, Diageo created two new customer facing applications on the Salesforce.com platform. These systems access Diageo’s mySAP implementation through an SAP Process Integration (SAP PI) interface that they also license.

The dispute was whether the license fee for SAP PI allows Diageo’s sales staff and customers – about 5,800 in total – to access SAP data through their Salesforce applications, or do all these people need to be “named users.”

The High Court ruled that named user license fees also apply to Diageo’s 5,800 indirect users, exposing them to an additional license fee almost equal to the total amount they paid SAP for all services.

The judge on the case rejected the defense argument that SAP PI is a “gatekeeper” license for gaining access to the SAP suite of applications. And while she confirmed that license fees are due for “indirect access,” she did not determine the specific category of named user licenses for Diageo’s customers, despite SAP’s claim that these 5,800 indirect users should pay the full £9,400 professional user license fee, essentially one of the most expensive SAP named user license types.

So Diageo must pay to license 5,800 indirect users; however, their financial liability has yet to be determined.

According to the document “Licensing SAP® Software. A Guide for Buyers,” the terms of indirect access are defined:

“The SAP software license is based on the utilization of software functionality, which is independent of the technical interface used to access software functions and data. A customer’s software license is based on usage of the SAP software under a named user plus package license model. Under this named user plus package license model, any access which may occur due to the customers’ software architecture must be licensed.”

This case essentially affirmed the SAP indirect license model. If you are an SAP shop, you could be liable for all indirect users with a potential enormous financial impact. There are, however, several things about SAP indirect licensing you should know. As noted in a Flexera Blog entitled SAP Indirect Access and User Identity Management, if a company’s direct access named users also have access to SAP data via an indirect application, then only one license is required. Also, if your company has users with accounts for multiple indirect applications, they will only need a single SAP named user license to cover access to all the systems.

So, how can you mitigate the financial risk of SAP indirect access? You can leverage the SAP Software License Optimization solution from Flexera Software.

FlexNet Manager for SAP Applications will help you optimize your SAP named user licenses by detecting idle users, identifying duplicate users, and assigning the optimal license type for each user based on an analysis of real usage data. This will enable you to avoid buying too many high cost license types when lower cost licenses will meet user needs. And more importantly FlexNet Manager for SAP Applications will helps you to discover instances of indirect access and to manage and optimize the license requirements for users of non-SAP systems:

Identify accounts on non-SAP (indirect access) systems that have not logged in for an extended period and may be able to be retired (Idle Users)
Identify users who have accounts on both SAP systems and non-SAP systems, to avoid licensing these users multiple times (Duplicate Users across systems and across direct and indirect use)
Determine the optimal SAP license type for each non-SAP user based on all available information including their system authorizations and usage history

If you want to learn more about managing your SAP licenses, be sure to view our on-demand webinar “Pull Out All the Stops and Make the Right Decisions for SAP License Management.” Presented in conjunction with KPMG, you will learn about getting transparency on SAP indirect access licenses, optimizing named user licenses and Business Packages, and many more topics that will help you manage your SAP licenses.

Are you ready for ILMT v7.5 End of Support on April 30, 2017?

By John Emmitt

As many IT asset managers know, the IBM License Metric Tool (ILMT) helps organizations calculate the required number of IBM PVU licenses for full capacity and Sub-capacity scenarios. ILMT’s newest version— 9.2, has undergone a significant update to leverage IBM’s BigFix technology.

Support for the previous ILMT version 7.5 will be discontinued on April 30, 2017. In our webinar with Anglepoint (now part of Crayon) on March 9th, Anglepoint will discuss the risks of not upgrading to the latest release of ILMT.

Flexera Software will discuss how its Software License Optimization solutions can leverage and enhance ILMT inventory data to enable organizations to refine their asset management strategy and achieve business objectives.

Figure 1: Licensing for IBM WebSphere Application Server (WAS) in Full Capacity and Sub-Capacity scenarios shows that Sub-Cap requires fewer PVU licenses in this example.

Attend this webinar as Anglepoint and Flexera Software will discuss steps you can take to stay compliant with IBM Sub-capacity reporting terms. Attendees will come away with answers to the following questions:

What are the benefits of Sub-capacity licensing?
How will ILMT v7.5 end of support impact you?
What are the implications of not upgrading?
What are your Sub-capacity reporting options?

Featured Speakers:

Will Day, Manager, Anglepoint Group Inc.

Michael Koss, Vice President, Alliances, Flexera Software

Date: Thursday, 9th March 2017
Time: 10:00 am CT
Show in my time zone

Register here

Data and People Play a Transformational Role in Software Asset Management

Recommended Hardware Asset Management Practices to Support SAM

Making the Move to Software as a Service (SaaS)

Track These Software Asset Management Program Metrics for Success

Automating Governance and Compliance Using the ServiceNow Service Portal

Take it up a Notch with Software License Optimization

To Create the Best Environment for Innovation—Focus on Your People

Understanding Your License Entitlements for Software Audit Defense

PATCH CRITICAL: New Vulnerability on Microsoft Windows Operating Systems Found by Secunia Research

Gartner Report: Cut Software Spending Safely with Software Asset Management (SAM)

Rudolph the Red-Eyed Asset Manager

The Year Ahead for Software Asset Management (2017)

Be an Open Source Trend Setter – Take the Survey

Software Asset Management and Security Teams Must Join Forces to Enhance Security

Realising Additional Value from Asset Management with Asset Lifecycle Modelling

Oracle Licensing Requirements for Uninstalled RPM Packages

How Greater Visibility of Software Assets is Saving Chicago Public Schools Money

Oracle Changes Licensing Rules for ‘Authorized Cloud Environments’

What resources do you need to manage your Software Asset Management program?

Beware of SAP Indirect Access

How to Stay Compliant Under IBM Sub-Capacity Reporting Terms