By John Emmitt

Better late than never, we are taking a look back at the most popular software asset management and license optimization blogs from last year. As I did last year, I am providing the list of the most read blogs for 2016, including the ones that were written in previous years, and then the top 10 list of just the ones that were published in 2016. This way you can see what has been the most popular new content.

Most popular blogs in 2016 (published any time):

1. How will Microsoft licensing for Windows Server 2016 affect you?

1. Oracle Database License Management in VMware Virtual Environments (Part 1 of 3)

3. Why a SKU is Important to Software Asset Management

1. Higher Costs for Being Out of Compliance with IBM Licensing
2. Oracle’s Magic Ratio

6. You’re Getting Warmer—License Management for Hot, Warm, and Cold Backup Servers

1. Managing Microsoft Client Access Licenses (Part 1 of 3)

8. I have an ITSM solution, why do I need a Software Asset Management solution too?

1. Oracle Database License Management in VMware Virtual Environments (Part 2 of 3)

10. Should I be using a triad license server configuration?

Most popular blogs in 2016 (published in 2016):

1. How will Microsoft licensing for Windows Server 2016 affect you?
2. I have an ITSM solution, why do I need a Software Asset Management solution too?
3. KPMG and Flexera Partner to Help Clients with Software Asset Management
4. Gartner says Software License Optimization can reduce software costs by 30%
5. Notes from SAM Summit 2016—Software Audits, License Management in the Cloud, And More
6. An alternative solution for managing IBM Sub-Capacity licensing
7. Software Asset Management and the C-level Executive- SAM becomes strategic
8. Track these Software Asset Management program metrics for success
9. Top 10 Software License Optimization blogs for 2015
10. Flexera Software acquires open source application security provider Palamida

On the top of both lists we have the blockbuster blog on Microsoft Windows Server 2016 licensing. This blog had more than 7500 pageviews last year! The switch from processor to core based licensing for Windows Server 2016 impacts many organizations, of course, and the blog provides some guidance on how to manage this transition.

Next on the list of 2016 blogs is the one on why you need a SAM solution if you already have an ITSM solution. As discussed in the blog, ITSM tools track and manage a different set of data in the Configuration Management Database (CMDB) as compared to the data that is tracked in the SAM Asset Management Database (AMDB). In addition, ITSM processes and tools are all geared to delivering IT services; they are not focused on controlling software costs or understanding and maintaining software license compliance. Read the blog to learn more.

In 10^th place on the 2016 list, we announced our acquisition of Palamida, an open source software security and compliance solution provider. Our FlexNet Code Insight product helps both software producers and enterprises mitigate security risks associated with open source software (OSS).

Thanks for following the Software License Optimization Blog!

By Eric J. Feldman

Last week in the blog “Beware of SAP Indirect Access,” we wrote about the SAP® UK v Diageo Great Britain, case, where the High Court of England and Wales ruled in favor of SAP who sought a claim of over £55 million against the beverage giant Diageo for “indirect users.”

Flexera Software has a solution that can help you discover instances of indirect access and to manage and optimize the license requirements for users SAP and non-SAP systems.

In the video “SAP Named User and Indirect Access License Optimization,” you will see a short demo of how FlexNet Manager for SAP Applications can help organizations to discover and optimize license requirements of indirect access scenarios.

For example, if any Oracle Hyperion users that indirectly access SAP data also have SAP user accounts, then the licenses assigned to those accounts also cover these user’s indirect access license requirements.

But indirect access is not the only SAP license type that can be optimized. There are many SAP named user account types, such as SAP Professional User and SAP Employee User, and their pricing differences can be dramatic. FlexNet Manager for SAP Applications can analyze every SAP users' transaction history and apply a set of business rules to determine which license type best meets that users' needs at the lowest possible cost.

After watching SAP Named User and Indirect Access License Optimization, be sure to subscribe to the Flexera Software YouTube Channel with over 550 product, education, and thought leadership videos where you can learn how Flexera is reimagining how software is bought, sold, managed and secured.

By John Emmitt

A Software Asset Manager for a large, global company told us recently that he spends 30% of his time doing internal stakeholder management. 30%! That’s a big chunk out of the work week. An IT Asset Manager at another large enterprise actually hired a person whose primary responsibility was stakeholder management for their global ITAM program. Stakeholder management is a key function for many software asset managers.

In today’s global organizations, there can be a lot of different IT / Software Asset Management program stakeholders:

• There may be a steering committee of senior executives that oversee the SAM program
• CIO and VP of IT Operations
• CFO and VPs of Finance and Procurement
• Chief Compliance Officer
• Business Unit Managers
• Etc.

What is Stakeholder Management?

Initially, stakeholder management means getting the backing you need to fund the SAM program and getting the go-ahead to get started. This could mean building a business case that addresses the needs of each of the key stakeholders.

After the SAM program is under way, stakeholder management involves providing the reports that they need to see how the program is doing—is it hitting key milestones in the project plan? What is the return on investment (ROI) of the program? Other reports are needed for procurement and vendor management, IT security, etc. At some point, stakeholder management may also involve getting funding for the next phase of the project.

What if your SAM tools could help you significantly reduce the amount of time it takes to manage key stakeholders?

SAM tools need to provide executive level reports and insights that support each stakeholder’s agenda and interests. This is similar to when you were building the initial business case, as discussed above. Here are a couple of example charts that provide the data needed by some of your key stakeholders:

Figure 2: Publishers Over Purchased – Used by IT Procurement to Negotiate Contract Renewals, Annual EA True-ups and Maintenance Cost Reductions.

Figure 3: Unauthorized Installations—could be of interest to IT Security

How much time do you spend on SAM stakeholder management in your organization? Post a comment and let me know what sorts of reports you use to support this effort.

For more information on Flexera’s Software Asset Management and License Optimization solutions, please visit our website.

By Eric J. Feldman

Last month, the publication FedTech reported on how NASA saved over $100 million in software licenses.

This is an interesting story on how, through better software asset management practices and the use of appropriate tools, the government was able to significantly reduce spending on software.

The Federal Government spends about $6 billion each year on commercial software. As a result, there have been many initiatives to better manage software licenses, vendors, and ultimately reduce costs. This is evident in recent legislation designed to help better manage the software asset lifecycle.

Over spending on software is not a just a government issue. Analyst firms have reported that as much as 30% of a software budget can be saved through employing Software License Optimization practices and tools. (You can read more about this in John Emmitt’s blog “Gartner says Software License Optimization can reduce software costs by 30%!”)

In regards to NASA, they began their initiative in 2008, when they created the Enterprise License Management Team (ELMT). Their goal was to inventory software assets and to centrally manage software purchases.

Many large organizations, such as NASA, purchase software through different departments and locations. Without centralized management of software contracts, purchases, and software inventory, it is easy to buy redundant licenses and miss out on opportunities for volume discounts.

After creating the ELMT, NASA was able to save $103 million since 2011, through negotiating agency-wide contracts and removing redundant and unused software licenses.

NASA is not alone in changing their processes and tools to save money on software. The United States Navy reportedly saved $450 million over three years by managing how the service branch purchased, managed and used technology. At the beginning of their cost savings initiative, the Navy had no idea how many of its software licenses were actually being used, when the software was purchased, and if the software was only used in a limited way.

The U.S. Citizenship and Immigration Services (USCIS) is another example of a Federal Agency improving their software asset management processes. USCIS created a strategic vendor management (SVM) branch to oversee software purchases and license renewals. With the ability to monitor actual license use, USCIS was able to reduce spending on unnecessary licenses.

These examples of greatly improved software asset management were codified in recent legislation such as the Federal Information Technology Acquisition Reform Act (FITARA) and the MEGABYTE Act (Making Electronic Government Accountable by Yielding Tangible Efficiencies).

Jim Ryan, our CEO, wrote about FITARA last year. In his blog, he listed the FITARA guidelines:

• Appoint a Software Manager that will lead the agency-wide effort to centralize license management and implement strategies to reduce duplication and ensure adoption of software management best practices.
• Maintain an agency-wide inventory of software licenses, including licenses purchased, deployed and in use, as well as spending on subscription services (including cloud/SaaS).
• Leverage commercially available IT tools to support processes for compiling and maintaining software license inventories. (It defined commonly used IT tools, which enable best practices and reporting on software inventory, costs and usage, to include Software Asset Management/Software Licensing Optimization solutions, among others.)
• Use this technology to automate hardware and software asset discovery, IT asset inventory tracking, software inventory normalization, contract management, purchase and product use rights license reconciliation, software license optimization and SAM data sharing capabilities.
• Develop automated, repeatable processes to aggregate software license and maintenance requirements for commercial off the shelf software and software acquisition. Analyze inventory to ensure compliance, consolidate redundant applications and identify other cost savings opportunities.
• Centralize, streamline and establish best practices in software procurement and contracting.

Do you want to learn more about how to proactively gain control and manage your software estate in order to reduce waste and maintain compliance with license agreements? We have two informative webinars to share with you.

The first webinar is How ARRIS created an Engineering License Management System. You will learn how ARRIS leveraged FlexNet Manager for Engineering Applications to efficiently utilize their engineering software, improve control over their most strategic and critical software tools optimize spend on new software, and minimize ongoing maintenance fees. This webinar will be live on April 25 and April 27, and on-demand after those dates.

The next webinar is on-demand and you can view at any time. “Get Ready to Meet the Federal Mandate on Software Asset Management features guest speakers Prentice Norman from the U.S. Citizenship and Immigration Services (USCIS), and Andrew Howell, from Monument Policy Group. In this webinar, you will learn:

• About the federal regulations and mandates
• How to translate legislative requirements into an action plan for compliance
• An understanding of the software asset management processes and tools required to meet the mandates

Don't forget to subscribe to the Flexera Software YouTube Channel with over 550 product, education, and thought leadership videos where you can learn how Flexera is reimagining how software is bought, sold, managed and secured.

Whether you are in IT Asset Management, a desktop or data center manager, or an IT security professional, your role has a significant impact on your organizations ability to reduce the risk of cyber-attack.

In the recently published Vulnerability Review 2017, by Secunia Research, the number of vulnerabilities detected in 2016 was 17,147, which were discovered in over 2,000 applications from 246 different vendors.   Your organization is under constant attack by hackers targeting these vulnerabilities in the software assets you manage and your employees use to run the business.  While you may think that this is an issue for your security team, the best defense requires a holistic approach and collaboration of different teams in a concerted effort to reduce the attack surface for hackers.

In this webinar we will discuss the IT asset manager’s role in the enterprise software asset lifecycle and the impact that activities, not always associated with security, have in reducing risk.

• Understand how your role can improve your organization’s security posture
• Collaborate to achieve results and demonstrate the impact of your efforts
• Learn how a unified approach will effectively keep hackers away

To learn more about how your role can impact your organization’s security posture, register for the webinar:

Do You Manage Software? Understanding Your Role in Cybersecurity Defense

By John Emmitt

As discussed in our webinar with Carla Arend of IDC-- Digital Transformation, Cloud Adoption and the Impact on SAM and Security, cloud computing, cybersecurity, big data and mobile are the key technologies behind digital transformation. Software Asset Management (SAM) and IT Security Management technologies are therefore critical enablers to digital transformation success.

What is Digital Transformation?

IDC’s definition is:

Digital Transformation is the continuous process by which enterprises adapt to or drive disruptive changes in their customers and markets (external ecosystem) by leveraging digital competencies to innovate new business models, products, and services that seamlessly blend digital and physical and business and customer experiences while improving operational efficiencies and organizational performance.

IDC also defines their 3^rd Platform, on which Digital Transformation is built, as being comprised of Mobility, Big Data / Analytics, Cloud and Social. Clearly, the cloud is a key aspect of both the platform and the digital transformation process.

Figure 1: IDC’s 3rd Platform

But, what is the cloud? The cloud is (mostly) software! Its enterprise applications delivered via Software as a Service (SaaS). Its your own on-premises enterprise software being migrated to public, private or hybrid cloud environments. Of course, Infrastructure as a Service (IaaS) has a hardware-like component—instances of virtual servers that provide your basic compute capacity; but this is also something that must be managed by the IT Asset Management (ITAM) team.

Cloud adoption has been growing at a furious pace— a 21% annual rate (see chart below). Cloud adoption accelerates the business by providing fast access to scalable IT services that can be highly cost effective—but only if you manage them properly.

Figure 2: Software and Public Cloud Forecast (Source: IDC’s Semi-annual Software Tracker, 1H 2016)

Why are Software Asset Management and IT Security Management Technologies Key Enablers?

Let’s take SAM first. Software Asset Management has evolved to encompass not just management and optimization of your on-premises software, but also your cloud services. This includes both Infrastructure as a Service and Software as a Service. (See this blog: Moving to the Cloud? Of Course You Are!) Management of cloud costs, maximizing the utilization of cloud infrastructure instances, and control of cloud sprawl are all critical elements of today’s SAM programs.

Managing costs is critical for cloud services—IaaS, PaaS and SaaS. With public cloud services such as Amazon Web Services (AWS), it can be difficult to have visibility of costs across the whole enterprise where there can be multiple accounts for different departments or cost centers. Your SAM tools need to provide this visibility and show you where you may be overspending on unused capacity. For example, you might have unused Reserved Instances which are costing you significant sums of money, as shown in the screenshot below (Figure 3).

Figure 3: SAM Tool Financial Dashboard Showing Enterprise-wide Amazon Web Services Costs

Similarly, SaaS subscriptions also require spend management. This means monitoring SaaS subscription usage and reclaiming and reallocating licenses for users that change jobs or leave the company. It also means selecting the right subscription plan level for your users, as in the case of Microsoft Office 365.

Also, as noted in the above referenced blog, the move to cloud infrastructure services also typically means that you are moving some of your on-premises software to the cloud, in which case, you still need to manage license compliance for that software. License compliance is still your responsibility, not the cloud vendor’s, in most cases. It’s also important to understand what software you have in your on-premises environment first, and whether you have license mobility rights to move that software to the cloud. These are all software asset manager responsibilities.

Controlling cloud sprawl, otherwise known as Shadow IT, is another important function for the IT Asset Management team. This can be accomplished with the help of an enterprise app store. The app store provides fast and easy access to authorized software and cloud services, reducing the likelihood that users and business units will go around IT to get these tools for the business.

Now let’s consider IT security. Living in a digital world means that your business is exposed to hackers that try to steal your data or intellectual property and/or take over your IT systems. That’s why cybersecurity is one of the top C-level priorities for most organizations. A primary “attack vector” for cybercriminals is the presence of software vulnerabilities in your enterprise software. There were more than 17,000 published vulnerabilities in 2016. Hackers develop exploit kits to take advantage of these software vulnerabilities.

Read the 2017 Vulnerability Review to learn more about software vulnerabilities and availability of patches. You’ll find that 18% of the 2016 vulnerabilities were rated Highly Critical in Secunia Research Advisories. These are vulnerabilities that must be remediated to reduce your security risk.

Figure 4: Criticality of Software Vulnerabilities

The criticality rating is important because it allows your Security and IT Operations teams to prioritize the patching of vulnerabilities. This prioritization is key due to the large number of vulnerabilities disclosed every month. You need to know— ‘what are the most important ones to patch first?’

Software Vulnerability Management tools enable your IT security team to assess vulnerabilities in your IT environment, prioritize those vulnerabilities, and provide an efficient process for Security to work with the IT Operations team to patch those vulnerabilities to mitigate the security risk. In 2016, 81% of all vulnerabilities had a patch available on the day of disclosure - slightly lower compared to the 84.5% in 2015.

We can see that IT / Software Asset Management and IT Security Management are key enablers for successful Digital Transformation. And, IT/Software Asset Managers and IT Security Managers are critical players in this strategic business transformation process.

By John Emmitt

As a follow-up to my recent blog on Software Asset Management and Stakeholder Management, I wanted to discuss how collaboration is a key aspect of a successful software renewal process, as well as IT Security and other strategic IT initiatives. This also ties into my other recent blog on Software Asset Management and IT Security Management Enable Digital Transformation.

Collaboration for Successful Software Renewals

Just as stakeholder management is an important, and often time consuming, function for software asset managers, software renewals are as well. But, of course, the renewals process involves many other stakeholders, too, including IT Procurement, Sourcing and Vendor Management teams.

Gartner recently published a report on this topic: Software Asset Management-Led Collaboration Is Key to a Successful Software Renewal Process. (Published: 1 February 2017 ID: G00302298)

In the Gartner report they list several challenges, including:

• … Identifying all the stakeholders and gathering all the information needed to correctly renew, cancel or modify support and maintenance can be difficult and time-consuming.
• Lack of insight as to how and where software is currently (or will be) used, and how demand and the technology strategy relating to the products concerned will change, may lead to overpayments for support and maintenance or subscriptions that are no longer needed.

And they recommend that “Sourcing and Vendor Management leaders responsible for evaluating and negotiating software contracts should … collaborate with software asset management, procurement, finance, vendor management, budget holders, project managers and any relevant business application owners to ensure that a strong, effective renewals process is in place and is applied consistently to ensure optimal renewal decisions.”

In the report, they recommend defining each stakeholder’s role in the renewal process, including business owners, vendor management, software asset managers, contract management, etc. Gartner also provides a "Toolkit: Software Asset Management; Manage the Software Support and Maintenance Renewals Process."

A key role of Software Asset Management in the contract renewals process is providing insights into software usage and usage trends. As shown in our 2016 State of the Software Estate: Waste is Running Rampant, Software Licensing and Pricing Survey Report, 30% of organizations say that 21% or more of their software is underused.

Figure 1: Underused Software Represents an Opportunity for Cost Savings

With this insight, IT Procurement teams can negotiate contract renewals that reduce maintenance or subscription costs for some software. Usage trends data from the SAM team allows IT Finance to accurately budget for future software needs.

Collaboration is Key

Collaboration is something that we at Flexera believe is critically important to the success of the business, not only as it relates to software contract renewals, but also for security risk mitigation and other strategic initiatives, such as Digital Transformation.

Figure 2: Collaboration between Teams is Essential

Collaboration for Effective SecOps

Gartner has also weighed in on the need for collaboration between IT Security and IT Operations teams, saying:

“Gartner clients find the coordination and orchestration of vulnerability remediation efforts a perennial point of operational failure for vulnerability management projects. Success requires coordination between IT security and IT operations for activities such as patch management and configuration hardening.”

Processes and tools for Software Vulnerability Management allow IT Security and IT Operations teams (SecOps) to collaborate to have a more effective security patch management process. These tools provide:

• Patch Assessment—Comprehensive and accurate discovery of unpatched applications and systems
• Prioritization—Vulnerability criticality rating based on Secunia Research data
• Remediation—Link patch assessment and remediation; deliver pre-packaged patches
• Patching of non-Microsoft Applications on Windows systems—Deploy patches using your standard Microsoft tools—Windows Server Update Service (WSUS) and System Center Configuration Manager (SCCM)

To learn more, please read our whitepaper: Corporate Software Inspector – Bridging Vulnerability Management Gaps.

By Eric J. Feldman

Are you using cloud infrastructure in your organization? If you are not using the cloud to deliver applications or IT services today, you will be soon.

Cloud services are not the future…they are the now. Enterprises of all sizes are embracing cloud services for many reasons. One key driver is the ability to immediately access computing power, storage, and database services without the need or overhead of setting up or adding to a datacenter. This could mean a faster time to value when delivering IT services. And for many companies, it is advantageous to put infrastructure services in their operational budgets rather than what previously would have been a capital expense.

Each quarter, IDC (International Data Corporation) updates their Worldwide Quarterly Cloud IT Infrastructure Tracker report. In the latest version published this month, they forecast that in just three years, spending on public and private cloud infrastructure will surpass that of traditional datacenter spending, a concept that would have been unheard of not too long ago.

Spending on cloud infrastructure is growing at a compound annual growth rate of over 11.7% per year, and will become a $47.2 Billion market by 2021. Compare that to traditional IT spending in the same survey, with a CAGR of negative 3%.

With the rapid adoption of cloud services, many make the mistake of thinking that traditional software and IT asset management practices go away. While license compliance risk may be lower than traditional on-premises software, particularly for SaaS applications, there is a different risk of costs that can spiral out of control if the cloud is not managed closely.

One important aspect of why cloud services are so attractive is their ease of purchase and setup. With many public cloud vendors, such as Amazon Web Services (AWS) and Microsoft Azure, anyone with a credit card and an email address can establish an account and quickly stand up a cloud instance. Purchasing a subscription to Microsoft Office 365 is just as easy.

This ease of purchase is a terrific benefit to agile and dynamic business units, departments and project teams. Business unit managers, engineering departments, and project managers can purchase cloud infrastructure or SaaS applications to fit their specific requirements without going through the IT organization or procurement department. This results in faster time to acquisition and deployment, and lower overhead.

But, what happens when even more of an enterprise’s business units, departments and project teams add cloud instances and capacity, precisely because of the ease of purchase?

It can result in “cloud sprawl” – the uncontrolled proliferation of cloud instances, which often occurs when an organization lacks visibility into, or control over, its cloud computing purchases and utilization. And cloud sprawl can be very expensive, negating the cost advantages of the cloud very quickly.

So what can you do about managing your cloud costs? If you are using the cloud or will be soon, be sure to watch our webinar “Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications.”

We will review some market trends about the cloud, and look at the challenges and strategies for managing cloud infrastructure and SaaS costs. Be sure to join us on April 27, May 2, or May 4, depending on your time zone for an informative session.

Be sure to join us on the following dates and times:

April 27 – 10:00 am (US Central Time)

May 2 – 2:00 pm (Australia)

May 4 – 10:00 am (United Kingdom)

Register Here

Remember, the cloud is now!

And if you cannot join us on one of the dates above, be sure to register for the on-demand webinar recording when it becomes available.

By John Lipsey

On April 28, 2017, Representatives Will Hurd (R-TX), Robin Kelly (D-IL) and Gerry Connolly (D-VA) introduced the Modernizing Government Technology Act of 2017 (the MGT Act) which provides funding for IT modernization projects aimed at efficiency and cost savings.  The MGT Act gives teeth to other cost-cutting legislation, such as the Making Electronic Government Accountable by Yielding Tangible Efficiencies law (MEGABYTE), which mandates that federal agencies develop a plan to eliminate waste in Federal software spend -- but does not fund the investment necessary to accomplish its objective.

Congress has been visionary through passage of laws like MEGABYTE in acknowledging opportunities for huge savings in Federal IT spend.  But without funds – agencies can’t comply with MEGABYTE and realize those savings.  The MGT Act does just that – it funds IT projects envisioned by MEGABYTE that will reduce waste and increase efficiency and security.  We congratulate Representatives Hurd, Connolly and Kelly for their efforts and wish them success as the bill works its way through the legislative process.

The Federal government spends $9 billion annually on software. Thirty percent¹ of that spend, or almost $3 billion, could be saved by MEGABYTE compliance.  MEGABYTE requires Federal agencies to enact common-sense software license management best practices – people, processes and technology – widely used already in the private sector.  However, because MEGABYTE doesn’t fund implementation of those best practices, many agencies are struggling to comply – which means they can’t take advantage of the savings that MEGABYTE enables.

Software is one of the most complicated IT assets to procure, manage and optimize – and therefore one of the most wasteful pools of Federal IT spend.  This is due to the complex contracts governing its usage, the difficulty in tracking contract compliance, and the complexity involved in ensuring agencies buy only the software they need and use what they have. The MGT Act, H.R. 2227, prioritizes funding modernization projects designed to fuel efficiency and cost savings, like eliminating waste and duplication. 

Implementing well-established and proven Software Asset Management best practices will empower agencies to eliminate software spend waste. However it does require up-front investment that will yield significant and ongoing ROI.  By providing a vehicle for Software Asset Management investment that MEGABYTE requires, the MGT Act will enable billions of dollars in savings annually on Federal software spend.

To learn more about Flexera’s Software Asset Management and License Optimization solutions, that help commercial enterprises and government agencies optimize software and cloud services costs, please visit our website.

See also the recent blog-- Reducing Software Overspend in the U.S. Federal Government. 

----------------------

1 Source: Gartner: Toolkit: Evaluate Software Asset Management Savings With SAM Tool Justification Calculator, Hank Marquis, Gary Spivak, May 12, 2016 “Gartner clients that improve their SAM license optimization capabilities typically report up to 30% software spending reductions within one year.”

By Eric J. Feldman

The Gartner IT Operations Strategies & Solutions Summit begins in just a few days, and Flexera will be a Silver Sponsor of the event. Visit Flexera at Booth #210.

This year’s theme is “Beyond Business as Usual: Increase Relevance, Engage Change,” and nothing exemplifies the changing landscape of enterprise IT more than software.

Think about everything needed to manage the software supply chain, and all the challenges faced by multiple roles in enterprise IT:

• IT Asset Managers – minimizing audit risk, tracking software inventory, and managing assets in a complex and evolving environment
  
  
• Data Center Manager – managing server applications throughout their lifecycle including end of service life and charting a strategy for cloud computing
• IT Service Manager – improving operational efficiency in an increasingly complex infrastructure and changing platforms and delivery models
• IT Procurement – maintaining accurate inventory data to negotiate software contracts and tracking software usage to optimize spend
• IT Security Director – ensuring that organizations’ IT systems are secure in an environment of increasing software vulnerabilities

Flexera will present an informative session of how BMC, both a customer and a partner, faced these challenges. Be sure to join us for our Solution Showcase Session in the Expo Theater, “The SAM Journey at BMC - Challenges, Solutions and Measuring Success,” Monday, May 8 at 1:15 pm

Featuring Blaine Bryant, Director of IS&T Finance and Service Management Office at BMC Software, this session will cover the challenges BMC faced, the strategy they chose, how they measure success and the lessons they learned from their software asset management journey.

Be sure to stop by booth #210 to learn how Flexera is reimagining the way software is bought, sold, managed, and secured, and enter a drawing for an Amazon Echo!

See you in Orlando!

By John Emmitt

Ransomware attacks are not uncommon; they are happening every day now. But, as reported in every major news outlet on the planet, including this article in Dark Reading, a new strain of ransomware called WannaCry (aka WanaCrypt and WCry) has spread through at least 74 countries. Tens of thousands of computers have already been infected. It appears to be able to self-propagate, making it extremely dangerous. Once it’s on your business network, it can infect many other machines. It’s a new variant of an earlier version that first came out in late March.

Ransomware typically works by encrypting your files so that you can’t access them until you pay the ransom. The ransom in this case appears to be a demand for $300 in Bitcoins that must be paid within 3 days or the amount is doubled. After seven days the files on the system are gone forever.

Ransomware is a major component of cybercrime that costs businesses millions of dollars each year.

        Figure 1: Average Cost of Cybercrime per Organization in 2016

        (Source: “2016 Cost of Cyber Crime Study: Global.” Ponemon Institute. Feb 2017).

The WannaCry ransomware leverages the EternalBlue Windows exploit that came out of the NSA tools that were leaked last month by the hacking group Shadow Brokers. There is a critical software vulnerability in the Windows Server Message Block (SMB) that has been exploited.

But here’s the thing— Microsoft released a patch for the Windows vulnerability (MS17-010) on March 14^th. It’s now May 12^th. So, almost two month have gone by and many, many organizations have not patched their Windows systems. If you have applied the patch for the Windows SMB vulnerability, then you have nothing to worry about. If you haven’t, then your organization is highly at risk, and for no good reason.

        Figure 2: Patch Availability on Day of Disclosure—More than 80% of Vulnerabilities Have Patches within 24 Hours

Software Vulnerability Management solutions enable IT Security and IT Operations teams (SecOps) to efficiently work together to significantly reduce the time from vulnerability disclosure to remediation. These tools provide vulnerability intelligence (such as that provided by Secunia Research) that allows teams to continuously track, identify and remediate vulnerable applications – before exploitation leads to costly breaches.

“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” said Kasper Lindgaard, Senior Director of Secunia Research at Flexera Software.  “This time, we even had a warning in April that this could very likely happen, so businesses need to wake up and start taking these types of threats and risks seriously. There is simply no excuse.”

To learn more, please read our whitepaper: Corporate Software Inspector – Bridging Vulnerability Management Gaps

By Phil Puddick, Solution Architect, Flexera Software

It is amazing that such a high percentage of all IT projects undertaken fail.  The reasons for this are many – too numerous to mention and discuss in great detail here, but one of the overriding factors here is poor communication. Communication across all levels and areas of the organization!

Communication is of paramount importance for all projects, including software asset management (SAM) and license optimization projects, where one of the goals is the realisation of an effective license position (ELP) across your estate.  Perhaps the biggest hurdle for projects of this nature is the differing views of what software is actually installed in your estate.  On the one hand you have your IT department. They will be unrelenting in the fact that they know the application install counts of your software titles. On the other hand you have your IT procurement teams. They will be adamant that they know exactly how much you have purchased and, thus, how much you are entitled to use. 

This is the challenge—very rarely do these numbers match up. Who should you believe?  One arm of the organization says one thing, another arm can quite often present contradictory figures. The SAM project stakeholders can be stuck in the middle not knowing who to believe.  So, how do we overcome this?  Well, it’s that “communication” word again.

The Flexera Software approach is to help you bridge that communication gap at the very outset of the project. How do we do this?   One way is through the execution and delivery of detailed design workshops where not only are the finer details of the project discussed but also where both responsibilities and dependencies are aligned. One of the fundamental aspects covered in these workshops is who in your organization should you look to engage, at what part of the project they should be engaged and why.

The Software Asset Management Planning and Design Workshop has the following delivery approach:

   The workshop will be delivered to target specific areas related to the overall SAM/ITAM program and solution, including but not limited to:

• Business Planning and Design
• SAM/ITAM Best Practices Analysis
• Initial Data Flow and Process Analysis
• Technical Planning and Design
• Software Catalog Needs Assessment and Design
• Service Desk Integration Planning and Design

Getting the right people, from the right teams, aligned as quickly as is possible provides for a successful software asset management project, which, ultimately, will allow for more quickly determining an effective license position. Getting it right from the very beginning is the best approach.  Aligning resources doesn’t have to be like herding cats.

For more information please see the Software License Optimization Services area of our website. See also this recent blog on:

Software Asset Management and Stakeholder Management

By Eric J. Feldman

Government agencies and enterprises businesses have very different missions, purposes, and operating models. A business exists to provide a profit for its owners, while operating at maximum efficiency. A government entity exists to provide services to its constituents and citizens.

A well run business is self-correcting, as they change and adapt to the environment and market that they operate in. A well run government entity does not provide its services with a profit motive, but at the same time tries to not be wasteful with the people’s money, at least we hope.

Theory holds that a business that cannot operate effectively and profitably will eventually go bankrupt. This does not hold true for government agencies that must provide services, regardless of the economic climate they operate in, often without any incentives for efficiency and cost effectiveness.

But that does not mean that government agencies cannot be more effective in their spending. In my blog “Reducing Software Overspend in the U.S. Federal Government,” I wrote about how NASA saved $100 million on software licenses, and how cost savings were codified in recent legislation such as the Federal Information Technology Acquisition Reform Act (FITARA) and the MEGABYTE Act.

Since I wrote that blog, President Trump has signed an Executive Order entitled “A Comprehensive Plan for Reorganizing the
Executive Branch,” the purpose of which is to improve the efficiency, effectiveness, and accountability of the executive branch and other Federal Agencies.

Included in that action is the reorganization of structure, and possible elimination of many agencies, a move that could eventually lead to a downsizing of the overall workforce and changes to the basic functions and responsibilities of many agencies.

In a comment about the plan, President Trump said “We are going to do more with less, and make the government lean and accountable to the people….Every agency and department will be driven to achieve greater efficiency and to eliminate wasteful spending in carrying out their honorable service to the American people.”

Without getting into the politics of this action, doing more with less has been a key operating principle of many businesses in many industries.

When retail businesses have a downturn due to the growth of online sales, they restructure by closing stores. Oil exploration firms cut back on drilling operations when gas prices are low. Airlines cut back on flights when planes operate below a certain capacity. Baseball teams trade high priced players and invest in low cost rookies if they have no chance of making the playoffs.

So if Federal Agencies are now tasked with reorganization and reforms, what are some ways that they can meet these challenges? Software Asset Management and Vulnerability Management processes and tools can help agencies meet these challenges by:

• Providing automated solutions for Software Asset Management (SAM) and Software Vulnerability Management that allow IT Operations and IT Security teams to be more efficient and productive
• Delivering cost savings for software and cloud services that allow agencies to continue to pursue strategic initiatives, even as IT budgets are being cut
• Preventing unbudgeted expenses and downtime due to software audits and security breaches

Let’s look at these items one at a time.

1) The process of upgrading and patching software can be time consuming and labor intensive, especially for agencies spanning multiple locations. Moreover, to successfully manage software vulnerabilities in the environment, agencies need to know all about them. They need to know when a software vulnerability with an available patch is threatening their infrastructure, where it will have the most critical impact, what the right remediation strategy is and how to deploy it.

2) According to Gartner, organizations that employ Software Asset Management processes and tools can save up to 30% on their software costs. The Federal Government spends about $6 billion per year on commercial software, resulting in a potential cost savings of $1.8 billion dollars. And cloud sprawl is an issue that impacts both business and government entities. Because cloud services are easy to purchase, it is easy to overspend and potentially waste resources without effective cloud management.

3) Federal agencies are not immune to responding to software audits with their resulting true-up costs, fees, and potential legal action. For example, in 2016, a company called Bitmanagement filed a complaint that the United States Navy used $600 million worth of unlicensed software.

The question becomes, how to you get the information and insight that will help you meet the challenges of reorganization and reforms? Flexera Software has an entire library of White Papers and Webinars that will bring you the information you need to adapt to a changing environment, whether your work in business or government:

White Paper:  How to Secure a Moving Target with Limited Resources

Webinar:  Get Ready to Meet the Federal Mandate on Software Asset Management

Webinar:  Play Defense - Reduce Security Risk with SAM and Software Vulnerability Management

Webinar:  Digital Transformation, Cloud Adoption and the Impact on SAM and Security

White Paper:  Maximizing Value in Software and Cloud Services Procurement

White Paper:  Normalized Software Inventory Data-The Foundation for Software Asset Management, IT Service Management, and Security

Also, be sure to subscribe to the Flexera Software YouTube Channel with over 550 product, education, and thought leadership videos where you can learn how Flexera is reimagining how software is bought, sold, managed and secured.

And if you have any tips about doing more with less, be sure to share them in the comment section below!

By John Emmitt

Flexera helps organizations meet the challenges of a dysfunctional software supply chain where licensing is highly complex and software contains security vulnerabilities. Our software asset management, vulnerability management and composition analysis solutions allow IT Operations, IT Security, Development and Procurement teams to work together to reduce software and cloud services costs, maintain license compliance and mitigate security risks. 

To learn more about our enterprise solutions for managing the full lifecycle of software assets, read our datasheet, or visit our website.

To learn more about our solution for managing Open Source Software, including assessing the security risk associated with software vulnerabilities, please read our FlexNet Code Insight datasheet, or visit our website.

By Eric J. Feldman

There are an estimated 65,000 enterprise companies around the world that use software from SAP®. With over 80,000 employees in more than 130 regional offices, SAP is one of the largest software companies in the world with products across Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), Product Lifecycle Management (PLM), Supply Chain Management (SCM), and Supplier Relationship Management (SRM).

From the high number of mission critical SAP applications, you would expect that most enterprises have control over their SAP  relationships and licensing. There are challenges, however, that are faced by many SAP customers. Whether related to annual audits, complex license agreements, non-optimal user and package licensing, and a rapidly changing legal environment, managing and optimizing SAP licensing has become more critical than ever.

And the recent SAP v. Diageo “indirect use” legal decision provides enough cause for concern for executives to assess the state of their SAP relationship, and potential financial risk.

So, what can senior executives, IT asset managers, and procurement professionals do to manage their SAP licensing and vendor relationship to drive predictable outcomes and increase business value?

The short answer is, you can take proactive control of your SAP licensing. Proactively managing and optimizing your SAP Applications will help you reduce licensing costs, maintain license compliance, and help identify and mitigate the legal and financial implications of SAP “indirect access.”

Here are some proactive optimization steps you can do to take control of your SAP licenses:

• Identify and retire idle user accounts
• Find and resolve duplicate users – named users that have accounts on multiple SAP systems
• Identify accounts on non-SAP (indirect access) systems that are idle and can be retired
• Identify users who have accounts on both SAP systems and non-SAP systems, to avoid licensing these users multiple times
• Determine the optimal SAP license type based on all available information including their system authorizations and usage history

For more information, be sure join Flexera and UpperEdge for a webinar and panel discussion on SAP license and vendor management entitled, “Take Proactive Control of Your SAP Licensing, Indirect Usage and Vendor Management.” In this information packed session, you will learn:

• SAP’s audit process and defense techniques you can employ
• Consequences of not having a handle on your SAP relationship
• Real world customer scenarios of indirect use and how to minimize your financial risk
• Significance of the SAP v. Diageo case
• Best practice approaches for sustaining and evolving the value of your SAP relationship

And we will be taking questions from the audience on your most important SAP license management topics for our panel of experts!

Be sure to join us on the following dates and times:

June 1 – 10:00 am (US Central Time)

June 6 – 2:00 pm (Australia)

June 8 – 10:00 am (United Kingdom)

Register Here

And if you cannot join us on one of the dates above, be sure to register to receive the link to the on-demand webinar recording when it becomes available.

Take proactive control of your SAP licensing and vendor relationship!

By Eric J. Feldman

The Design Automation Conference, or DAC, is an annual event, and it is a combination of a technical conference and a trade show. First held in 1964, DAC is the premier conference devoted to electronic design automation (EDA), embedded systems and software (ESS), and electronic design intellectual property (IP).

Flexera Software is proud to be a sponsor of DAC 2017, held in Austin on June 18-22. We have supported the users and producers of engineering software for many years, so sponsoring this event was a natural fit.

Engineering, technical and industrial applications – including Electronic Design Automation (EDA), Geographic Information Systems (GIS), Exploration & Production (E&P) and Product Lifecycle Management (PLM) – are expensive and are used by highly skilled and highly paid engineering and design professionals.

These applications – used by manufacturing, engineering, energy, and technology companies – typically use concurrent licensing methods in which a fixed number of licenses for a software application are shared among a larger number of users. As many of the companies that use engineering application are large global firms, the highest efficiency is obtained when the concurrent license usage is centrally managed.

Organizations that do not centrally manage concurrent license usage often face a series of expensive problems. They routinely overspend and buy licenses they do not need, or under spend and deny end users access to critical software. When a user is denied access due to the lack of an available license, their loss of productivity can be costly to the company and their projects.

These organizations often require a number of administrators to manage concurrent license servers. Too often, other tools and methods provide reports that are isolated by license server or vendor. They lack an overall view across the enterprise, offer little insight into software usage trends, and do not link usage to contracts, organizational structure or costs. In order to make decisions, organizations are left with countless time-consuming, manual steps.

Flexera is a leader in concurrent license management with our FlexNet Manager for Engineering Applications product. This solution helps improve engineering and design professionals’ productivity, optimizes software spend, accurately forecasts usage, and helps organizations negotiate vendor contracts.

FlexNet Manager for Engineering Applications tracks license usage, simplifies and centralizes license server administration for thousands of FlexEnabled (FlexNet Publisher, FlexLM) and other concurrently licensed applications including AutoCAD®, MATLAB®, IBM® Rational®, CATIA®, and Petrel, to automatically report on software usage and license denials, and  maximize utilization of assets.

Here is what you can do with FlexNet Manager for Engineering Applications:

• Centrally monitor and report on concurrent license usage, including peak usage, to help determine the optimal number of concurrent licenses required by your teams
• Identify under-utilized licenses and provide insight to remix the license agreement or reallocate licenses to other locations or projects
• Provide Financial Transparency for Chargeback/Showback
• Efficiently perform license server administration (start, stop, restart license servers, etc.) in real time
• Minimize downtime and ensure that global teams have the licenses they need, when they need them
• Optimize the number of concurrent licenses to maintain an acceptable level of denials
• Analyze software usage and denial trends in relation to license terms, costs and organizational parameters, such as geographies, cost centers, projects, and users
• Consolidate reporting for multiple license servers

If you are going to DAC 2017 in Austin, be sure to stop by Flexera booth 2131. You can speak with one of our solution experts, see a demo of FlexNet Manager for Engineering Applications, and enter a contest to win an Amazon Echo. And don’t forget to take home some cool Flexera swag!

C-level executives are turning to digital transformation initiatives to help drive better business decisions and stay competitive.  The challenge many run into is a lack of visibility into the IT spend. Where is the money going, and is it providing the innovation needed to move the organization into the future?

According to a 2016 Gartner ITScore survey, 62% of CIOs don’t believe they have acceptable transparency into their existing cost of IT

IT Service Delivery models are rapidly evolving, and software license and subscription agreements are more and more complex. The foundation of digital transformation is the cloud, and without an understanding of the true cost and utilization of digital services, planning a digital transformation is like flying blind.    As companies transform, they need to closely manage costs and utilization for cloud services—IaaS, PaaS and SaaS, in order to efficiently introduce new technologies and tools to drive their business forward.

So how can executives learn about IT spending visibility in an era of Digital Transformation?

Register for the webinar to  hear thought leaders from BMC, Flexera, and Apptio come together to discuss how a modernized IT strategy can deliver a successful digital business transformation. This webinar will give you best practices around gaining cost transparency to drive your digital innovation, leading you to have a bigger impact on your business.

BMC is a global leader in innovative software solutions that enable businesses to transform into digital enterprises for the ultimate competitive advantage. Digital Enterprise Management solutions are designed to make digital business fast, seamless, and optimized from mainframe to mobile to cloud and beyond. BMC digital IT transforms 82 percent of the Fortune 500 and serves more than 10,000 customers worldwide.

Apptio is the leading provider of cloud-based Technology Business Management (TBM) software that helps CIOs manage the business of IT. Apptio’s suite of applications use business analytics to provide facts and insights about technology cost, value, and quality, so IT leaders can make faster, data-driven decisions. The purpose-built applications help companies align technology spend to business outcomes and automate IT processes like cost transparency, benchmarking, showback/chargeback, operational efficiency, and planning.

Flexera Software is the established global leader in Software License Optimization solutions, enabling enterprises to gain visibility and control of on-premises software as well as cloud assets to maximize utilization, reduce ongoing costs, and maintain continuous license compliance.  These capabilities are delivered as a comprehensive suite of enterprise software license management and license compliance solutions that optimize the management of software assets throughout the software lifecycle.

Register for the webinar

By Greg Misso

Microsoft SQL Server licensing can be complicated and even a little overwhelming at times. The purpose of this post is to cut through that complexity at an introductory level and then delve deeper in future posts.

What SQL Server 2016 Editions are currently available?

The previous release of SQL Server 2014 was commercially available in four editions:

• Enterprise edition – recommended for use with mission critical applications and large scale data warehousing
• Business Intelligence edition - provides premium corporate and self-service business intelligence (BI)
• Standard edition - delivers basic database, reporting and analytics capabilities
• Developer - is a full-function version of SQL Server software—including all of the features and capabilities of Enterprise Edition—licensed under the Developer Tools model, which is a “per user” model

This has been streamlined with the 2016 release and now is available in three commercial editions:

• Enterprise edition
• Standard edition
• Developer

The key difference here being that the licensing and product function of Business Intelligence edition has been absorbed into the Enterprise edition.

Note: SQL Server Express is available as a free download from Microsoft, but it must be noted there are limitations on its supported system requirements. For an overview of the available editions and supported scale of SQL Server, click here.

How are SQL Server licenses sold?

The software licensing options remains the same for SQL Server 2016 as previously available e.g. Server + CAL or Per Core. It must be noted however that the Enterprise edition is only available under the Per Core model.

 Table 1: Licensing Options for Microsoft SQL Server 2016

SQL Server – Per Core Based Licensing

The Per Core licensing option allows for unlimited users or devices to access SQL Server (both internally and externally). The major benefit of this option is that there is no requirement to try to quantify the number of users or devices accessing the SQL Server, be that direct or via indirect means (multiplexing).

Note: When running SQL Server in a physical environment, licenses must be assigned to all of the physical cores on the server. A minimum of four core licenses per physical processor are required, with licenses being sold in packs of two.

So how many licenses do I need? The process to determine this is relatively straight forward:

Example 1 - This SQL Server has two processors, each with six cores:

1. Ascertain how many cores there are per processor (keeping in mind the minimum requirement of four cores per processor)
2. Count the total number of cores
3. A total of twelve cores are present, therefore 6 SQL Server Per Core licenses (packs of 2) are required

Example 1

The Per Core option is often the preferred licensing option when:

• The SQL Server is external facing and an unquantified number of users or devices access the server
• Deploying SQL Server Enterprise – the Standard edition does not support the Per Core licensing option
• The cost of licensing SQL Server Standard is too high based on server access

SQL Server – Server + CAL Licensing

When licensing SQL Server Standard under the Server + CAL option, customers must assign a license to the physical server hosting any operating system environment (OSE) running SQL Server and acquire a SQL Server CAL for each user or device that accesses the server.

Note: The SQL Server license allows unlimited SQL instances to be deployed on the OSE (physical or virtual).

The Server + CAL option is often the preferred licensing option when:

• Smaller SQL Server implementations exist and SQL is the supporting database for another application or smaller Intranet; and
• The number of users or devices accessing SQL Server can be quantified and Server + CAL is more cost effective than the Per Core model

Licensing SQL Server in a Virtualised Environment

When deploying SQL Server in virtualised environments, customers have the choice to license either the individual virtual machine(s) or for maximum virtualisation by assigning SQL Server Enterprise Per Core licenses with Software Assurance (software maintenance) to the physical server.

SQL Server – Per Core Based Licensing in a Virtualised Environment

When licensing SQL Server under the Per Core model in a virtualised environment, the following will need to be identified:

Example 2 – This SQL Server has two virtual machines, VM1 has two virtual cores and VM2 has six virtual cores.

1. Ascertain how many virtual cores there are in each virtual machine (keeping in mind the minimum requirement of four cores per virtual machine)
2. Count the total number of virtual cores
   • VM1 has two virtual cores, but doesn’t meet the minimum requirement of four virtual cores. VM1 will therefore require four core licenses
   • VM2 has six virtual cores
3. A total of eight cores are present, but four are required for VM1 therefore bringing the count up to ten virtual cores, so 5 SQL Server Per Core licenses (packs of 2) are required

Example 2

Note: Licensing of SQL Server Enterprise in a virtualised environment is only supported by the Per Core license model.

SQL Server – Server + CAL Based Licensing in a Virtualised Environment

When licensing SQL Server Standard under the Server + CAL model in a virtualised environment, customers are required to purchased one server license per virtual machine running SQL Server irrespective of the number of virtual processors allocated. The following will need to be identified:

Example 3 – This server has two SQL Server virtual machines (Virtual Machine 1 and Virtual Machine 2), and two users are accessing the SQL Server virtual machines.

1. Ascertain how many virtual machines have SQL Server deployed
   • Virtual Machine 1 and Virtual Machine 2 – (2) Server licenses required
2. Count the total number of users accessing the SQL Servers
   • Two users are accessing the SQL Servers – (2) SQL Server User CALs are required

Example 3

Which licensing option is best for me?

SQL Server Standard can be licensed under the Per Core or Server + CAL license options. It is recommended that you engage your Software reseller to determine which option best suits your SQL Server requirements (factoring in server role, access, technical requirements etc.) as there will be a tipping point where the Per Core model is more cost effective and easier to manage.

Some use cases to be aware of

As we have touched on here, there are a number of different licensing models available for SQL Server depending on the scenario and use case. Some of these may be relatively straight forward, others not so and the commercial implications could be significant. I would encourage open dialogue with the Database Administrators within your organisations to ensure there is some governance and understanding as to how SQL Server is deployed within your corporate environment. I intend to delve a little deeper in future posts, but in the meantime some items to consider include:

• The role of the SQL server - is it internal or external facing
• Can the number of users or devices accessing the database be quantified?
• Is access to the SQL server enabled via multiplexing?
• Do you have active Software Assurance on your SQL estate and as such access to benefits such as passive failover licensing?
• Is SQL Server deployed as part of a clustered environment?
• Does SQL Server reside in a Production or a Non-production environment?
• Are SQL Components such SQL Reporting Services deployed as standalone installs without SQL?

To learn more about Flexera's Software Asset Management solution for Microsoft, please visit our website. Also see Flexera at Microsoft Ignite, Sept 25 to 29 in Orlando, FL.

By Nicolas Rousseau

SAP is the fourth largest software vendor in the world and is critical to many organizations.  Its robust applications support important processes such as Enterprise Resource Planning (ERP), Human Resources (HR) and Customer Relationship Management (CRM).

Being a key provider, it is also an expensive one… large organizations have yearly spending in millions on maintenance renewals and on new technologies including HANA, Business Objects and SAP Cloud for Analytics (C4A)

This is where a software license manager’s life becomes stressful.

SAP brings real value to customers that fully depend on its applications, but sometimes customers are completely in the dark on software asset management for their SAP applications:

• Operational teams make sure things work, with no focus on the SAP licensing costs. Taking the example of SAP ERP / CRM:
  • Users are created with incredibly complex profiles: they have tens of roles that include hundreds of authorized transactions
  • Accounts are created with no license type because its hard to foresee who really should be allocated what license type at account creation
• The team members managing SAP licensing are in a tricky situation:
  • They are exposed to huge liabilities:
    • By default, any user is a Professional User; having accounts created with no license types turns into millions of risks
    • Users’ accounts are not properly managed: all newcomers have a SAP account created, with no consideration as to what is really needed; there is often no process to retire accounts when people leave the company
    • I have seen a company with USD300 million liability (price list) and another with a €200 million noncompliance true-up bill as a result of this uncontrolled situation
  • The pressure from SAP is huge:
    • Like in any other software company, the sales team has yearly objectives that are growing. In a mature organization, maintenance on existing scope is not enough. Selling new technologies or finding software license compliance issues with software audits are two ways of resolving this… in the current dysfunctional software supply chain, customers get audited.
    • The customer’s SAP licensing team is not fully armed:
      • They have limited information. A list of 700,000 accounts scattered over 200 systems is not something manageable for any human being
      • They are lost in the 50 shades of grey of SAP licensing (see below)
      • They can just take the heat and be in a very, very bad position to negotiate at the time of an audit

As a result, the easy, but expensive option that many SAP customers take is an SAP Enterprise Agreement that guarantees some tranquillity: all you can eat contract - any user can be a Professional - at a “friendly” price. Everybody is released (SAP account Manager, Customer SAP Licensing team). Everybody except the customer’s CFO!

It is then very hard to take the handcuffs off… but it is still possible.  Or even better, it is possible to avoid the handcuffs in the first place!

The key to the handcuffs is in turning the 50 shades of grey of SAP licensing into black and white, and translating this controlled situation into contracts that are fair for both SAP and you, the customer.

Why is grey the preferred colour of SAP?

• There is no enforcement of users’ license types according to what they really do. You can be given an SAP developer role and be allocated an ESS user License Type at less than a tenth of the cost.
• The definition of license types is public - url:ENGLISH - SAP User Types - SAP Support
• But, the definitions are also extremely vague: the two license types below have similar rights, commonly accepted. An SAP Professional User needs SAP for his work while a limited Professional is occasional… this vague definition makes a huge per user difference!
  • “An SAP Business Suite Professional User is a Named User authorized to perform operational related and system administration / management roles supported by the licensed Software (excluding SBOP) and also includes the rights granted under the SAP Business Suite/ individual SAP solution Limited Professional User.
  • An SAP Business Suite Limited Professional User is a Named User authorized to perform limited operational roles supported by the licensed Software (excluding SBOP) and also includes the rights granted under the SAP Business Suite Business Information User. The license agreement should define in detail the limited use rights being performed by such Limited Professional User.”

The contract never gives the details that remove the ambiguity.

• There are forbidden tables for given types (provided by user activity measurements), but no list of forbidden tables is clearly communicated. Table updates are not easy to track in SAP.
• Accounts are consolidated across systems.
• And there is the ‘new’ big stick: indirect usage: “any third party application, accessing SAP systems should be licensed for each user interacting with the third party application for the license type that would be required if the user was doing similar activity directly on an SAP system”. This has become an tough, potentially £55 million reality recently for Diageo-- see PCWorld: SAP license fees are due even for indirect users, UK court says - PC ...

Is SAP to blame?

• By design, it is extremely hard to create black and white rules: customers and SAP partners create hundreds of transactions that potentially can do anything: in a medium large customer (20,000+ SAP users), I often identify 130 000 distinct transactions and reports.
• Regarding indirect access, many publishers have similar rules.

Be better informed than your auditor… this will save you!

The key is to get control over the licensing situation to move to a fair discussion and a fair contract… You must become as informed or even better informed than the vendor or auditor, in case of an audit. If you have facts to discuss, even grey rules, you cannot be fooled, you can argue, even in an easier way that the rules are fuzzy. Let’s take two cases that closely represent what I have experienced multiple times:

Case1: Chaos— SAP has the power

• “Mister customer, our audit revealed you have 5000 consolidated accounts that have no license types”
• This represents a liability of 25 million, but you can pay 4 million and move to SAP HANA which we can offer you at a discount of 30%. This will be 3 million more, but you have a good deal and can start using this best-in-class technology!

Case 2: Controlled situation

• “Mister SAP, here are all the results. I have defined my license types based on actual utilization:
  • Time per week for Limited Professional users
  • Use of these 25 transactions for ESS users
  • Use of these 145 transactions for Employee users
  • Use of the developer key for developers
  • And… we have consolidated users accounts not just based on account name like you do, but removed other duplicate users
• And by the way, I didn’t tell you that I retired 2000 accounts of people who left”

The customer has the negotiating power in situation 2 and the relationship with SAP moves from intimidation (Mr Customer, you have done something bad and you don’t know exactly what that is, but I know) to rational discussion. I have witnessed a well prepared customer avoid an audit in such cases.

Moving from the guilty child position to an adult to adult relationship is what proactive license optimization allows.

Here is the ideal approach to optimize your SAP licenses:

• Deploy a powerful SAP inventory collection and software license optimization solution
• Collect data containing Account details, Transaction history, Third party system RFC connections, and User roles
• Align users’ License Types to their actual usage of SAP (perform transaction / usage profiling)
• Retire users with low usage
• Change user roles to close any discussion with SAP
  • SAP could argue potential usage provided by the user roles is what matters
  • If you can allocate simplified roles that are easy to document and discuss with SAP, that’s always better
  • If you can’t (this could turn out to be difficult), be prepared to have a factual discussion on actual usage that you can demonstrate in your software asset management (SAM) tool.

Learn more by viewing our on-demand webinar— Take Proactive Control of Your SAP Licensing, Indirect Usage and Vendor Management  with guest speakers David Blake and Len Riley from UpperEdge.

By Peter Osang 
Principal Consultant Flexera

Software licenses and maintenance are big line items in most IT budgets.  Upwards of 30% of IT budgets are dedicated to software projects.  Software is an asset that improves productivity, builds relationships with customers, and enables companies to move faster than their competition.  Applications are downloaded and installed widely across organizations, sometime for short projects, or to solve a specific problem.  But once it has served its purpose, and is no longer needed, that software often lays idle on the device consuming a license and being covered under maintenance.  For IT organizations looking to reduce spending, this unused or under used software is an easy target and can be a source of tremendous savings.

Harvesting or reclaiming software is the act of reducing the consumption of software licenses in an organisation so that they can be reused when needed.  In this blog I review the traditional approach to re-harvesting end user software licenses, its limitations and explain how this must be automated to have the biggest impact on reducing spending.

Traditional Software Re-harvesting

The traditional approach to re-harvesting software involves four basic steps, which I've listed below.  This approach is often manual and might be taken in the form of a re-harvesting project, where high value applications are targeted for re-harvesting:

Step 1: Measure license consumption

There's little point in trying to reduce license consumption without a true measure of it.  Therefore, the first step is to have an accurate software asset management inventory that tells you where the licenses are being consumed, by whom, and on what devices.   Software licensing is complex and vendors have many different ways to license it.  For end user software the most common methods are device based or user based. If it’s a device based license, it should be telling you who is the user of that device.    If it's a user based license, on top of knowing the users it should be telling you which devices they're using it on.   

Step 2: Measure Usage

Once you know the devices and users by which the license is consumed you then need to determine which are the best candidates for re-harvesting.   First, exclude users that are actively using the software.  One of the most common approaches for doing this is to exclude cases where the software was used in the last X number of days.  90 days is a typical threshold, although you might have smaller or greater thresholds depending the application to be re-harvest. 

Step 3: Refine the candidates - Ask the user

If you run an authoritarian IT department you might decide to simply uninstall applications from any devices where it’s not in active use.   The reality is that for most situations it's best to consult the end user before uninstalling any software from their device.   The simplest way to do this would be to take the list of users that aren't actively using the software and send them an email pointing out that they're not using the software and asking whether they need it any longer.

Step 4: Work with deployment administrator to uninstall the software

You should now have a list of devices or users from which you want to re-harvest the software license.   At this point you need to share the list with the administrator of your software deployment system to have them configure the applications for removal.  This will take time as your administrator will have limited time and his priority is to ensure users are productive.

Step 5: Review the results

At some time later your software asset management system will report that the software license consumption has dropped and you have thus saved your organisation lots of money. 

Limitations of the Traditional Approach

On face value, the manual approach, outlined above, is clear and effective and will provide some benefits.  However, where it falls down is in the effort required in collating information from users and coordinating with the software deployment teams to have the software removed.   It's also a very task-based approach that requires an IT technician to coordinate.  Due to the manual effort involved companies may only re-harvest software on an annual basis, leaving money on the table.

This is where a standalone software asset management system reaches its limits.  

To be truly effective in re-harvesting, software asset management cannot be used in isolation.   It needs to be part of a broader Software License Optimization program; one that integrates seamlessly with your software deployment systems, automates the interaction with end users and lets you define re-harvesting policies rather than perform re-harvesting tasks, and runs on a continuous basis rather than as a point in time project.

Automated Re-harvesting Campaigns

In essence, automated re-harvesting takes the key aspects of traditional re-harvesting and automates them into campaigns that run continuously.   It also shifts the methodology from one that is task-based to a policy based one.  Working together FlexNet Manager Suite and App Portal provide an automated solution. 

The key features of an automated re-harvesting solution are:

• Automatically lookup devices that are consuming software licenses in your software asset management system and which are not actively being used
• Automatically notify users when they stop using the software and ask them if they still require it
• Provide a simple and easy way for users to respond. Give your users the opportunity to justify why they need the software and control whether or not their software is removed.   Ideally, it should also provide them in the future with means to reapply to have that software be reinstalled.
• Automatic uninstall - Where software is to be removed, automatically connect to your software deployment systems, initiate the removal of the software and monitor the result.
• Configure reclamation policy for each application. This includes thresholds for active usage of each application and how often you want users to be reminded.

In Summary

Software asset management systems provided the foundation for software license re-harvesting.  To get the most leverage, you should consider automated software license re-harvesting campaigns as part of your overall software license optimization program.  To learn more read these customer success stories:

• Customer Realizes Millions in Savings with App Portal. Over 10,000 installations removed, reclaiming over $4.5M USD worth of unused software licenses
• Department of Foreign Affairs, Trade & Development Canada: Over 4,000 software titles have been reclaimed, saving $1.24 Million in license costs in less   than a year.